#1766 Implement 3rd party cookie isolation per 1st party site

Open
opened 7 months ago by Moonchild · 0 comments

To protect users from cross-site cookie tracking, there are several mitigating methods that have been developed by various browsers. Tor browser has “First-Party-Isolation”, Firefox adopted a variation of that as “Total Cookie Isolation”.

I’m not sure if either is portable, but it should be simple enough to implement something ourselves from scratch too, since all it will really need is storing an extra field per cookie to indicate which 1st party eTLD+1 it was set as part of, and checking that field when extracting cookies from the cookie jar again. That doesn’t have to be particularly difficult nor does it need to touch many parts of the browser/platform code.

To protect users from cross-site cookie tracking, there are several mitigating methods that have been developed by various browsers. Tor browser has "First-Party-Isolation", Firefox adopted a variation of that as "Total Cookie Isolation". I'm not sure if either is portable, but it should be simple enough to implement something ourselves from scratch too, since all it will really need is storing an extra field per cookie to indicate which 1st party eTLD+1 it was set as part of, and checking that field when extracting cookies from the cookie jar again. That doesn't have to be particularly difficult nor does it need to touch many parts of the browser/platform code.
Moonchild added the
App: Toolkit
label 7 months ago
Moonchild added the
C: Networking
label 7 months ago
Moonchild added the
Enhancement
label 7 months ago
Moonchild added the
Privacy
label 7 months ago
This repo is archived. You cannot comment on issues.
No Milestone
No Assignees
1 Participants
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.