Implement Intelligent Tracking Prevention, or similar Web-friendly privacy protection
Reported by
robin.be...@nytimes.com,
Mar 27 2018
|
||||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:55.0) Gecko/20100101 Firefox/55.0 Steps to reproduce the problem: 1. Access any site that has embedded third-party tracking of any type. 2. See that third-party cookies are being shared by default. What is the expected behavior? The expectation is that third-party cookies be shared only in specific, justifiably more privacy-friendly cases. What went wrong? The question of third-party cookies has traditionally been cast in a yes-or-no frame, with the overriding concern that disabling them entirely breaks the Web. Now that WebKit has demonstrated it to be possible to prevent data leakage without breaking the Web there is a path forward. Chrome and Chromium-based browsers have long been stalwarts of data protection by default, to deviate from that preference here strikes me as being a bug. Did this work before? No Chrome version: Any Channel: n/a OS Version: OS X 10.12 Flash Version: * https://webkit.org/blog/7675/intelligent-tracking-prevention/ * https://webkit.org/blog/8124/introducing-storage-access-api/ * https://github.com/whatwg/html/issues/3338
,
Mar 28 2018
,
Mar 28 2018
Users should be able to specify that their data should not be shared across multiple sites through the use of ubiquitous embedded subresources. This means that cookies should not be automatically sent in requests to embedded subresources on other sites unless the use has agreed. 1st party sites have the primary responsibility to offer this choice to users so they should have the ability, say by using a response header such as FP or CSP, to force 3rd party cookies to be siloed, as they are for example in Apple's ITP. The cookie siloing function, and its control mechanism, should be standardised.
,
Mar 28 2018
,
Mar 28 2018
Speaking from experience as a developer who writes and maintains single sign-on infrastructure, I'd highly recommend that any privacy controls take into account domain ownership as party of determining "party". For example, looking at Google's TLS certificate, I see several dozen TLD+1 sites that are operated by Google such as goo.gl, g.co, youtube.com, etc. Using "domain" or "TLD+1" for identifying a "party" makes it difficult for organizations that operate multiple "brands" from sewing together a cohesive, unobtrusive security experience.
,
Mar 31 2018
Yes, this is important. Users also should be able to immediately see what companies are responsible for any embedded resources on a site. One possible way is for the third-party to signal this in a .well-known located resource, e.g. the DNT Status Resource at https://example.com/.well-known/dnt/ which is a JSON representation containing information such as the company's identity, privacy policy etc.
,
Apr 9 2018
Thanks for filing the issue! As per comment#0 by the reporter this seems to be a feature request hence marking it as Untriaged.
,
Apr 11 2018
Moving to available - outside the scope of network bug triage.
,
Apr 11 2018
|
||||||
►
Sign in to add a comment |
||||||
Comment 1 by lassey@google.com
, Mar 27 2018