Changes between Version 1 and Version 2 of Ticket #20317


Ignore:
Timestamp:
Oct 7, 2016, 7:13:23 PM (3 years ago)
Author:
arthuredelstein
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #20317 – Description

    v1 v2  
    77[[Image(permission.png)]]
    88
    9 Now the UI says "this site", which is, to my ear, synonymous with "first party domain". But now on other sites, any third-party object from www.google.com" (such as a Google Analytics script or a Google+ button) can know our location. And, further, it can expose a function call that any other script on the same page could call to obtain our location. So in practice, we have given permission for numerous domains to obtain our location. And the very existence of the unusual permission setting, or any other, helps to track us.
     9Now the UI says "this site", which is, to my ear, synonymous with "first party domain". But now on other sites, any third-party iframe from www.google.com (such as created by a Google Analytics script or a Google+ button) can know our location. And, further, it can expose a function call (using iframe postMessage tricks) that any other script on the same page could call to obtain our location. So in practice, we have given permission for numerous domains to obtain our location. And the very existence of the unusual permission setting, or any other, helps to track us.
    1010
    1111So I would like to propose that we key every permission by first-party domain instead of origin domain. That means that the Permissions UI doesn't need to change much at all. We are still assigning each permission to a single domain. But this way, granting a permission to google.com would not leak to every other site.