Opened 8 months ago

#32714 new task

Investigate fingerprinting/fpi risks for Feature Policy

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff78-esr, tbb-fingerprinting
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Feature Policy got implemented in Firefox 64ff.

Feature Policy allows websites by different means (e.g. via the Feature-Policy header) to enable/disable plethora of features providing website owners a very fine-grained control over them. We should make sure that our first-party isolation and fingerprinting resistance is not impacted by that.

This feature is only available on nightly by default as of Firefox 73 but that might change soon.

It can be controlled by two preferences, dom.security.featurePolicy.header.enabled and dom.security.featurePolicy.webidl.enabled.

Child Tickets

Change History (0)

Note: See TracTickets for help on using tickets.