wiki:org/meetings/2018MexicoCity/Notes/FPI

FPI

  • Breakage
  • 3rd part login flows
  • Redirects

Ex. gmail.com -> youtube.com -> mail.google.com

Third parties have access to cookies

Investigate Apple's Tracking protection

Look at the time spent on intermediate sites, and if it is a short time, then delete cookies associated with that site

  • This doesn't work if the site is used as a final destination and within a redirect chain
  • Should we expire cookies after some amount of time?
  • window.open():
    • Tor Browser blocks communication between tabs using opener
    • Post messaging is still an option for communication.
    • Do we know how post messaging is used across the web?
    • Maybe show a permissions prompt when a child tab tries using post messaging for communicating with the parent tab

SharedWorkers should be FPI already - and there should be a test for it (but what about ServiceWorkers) - 1264593

Shield study showed breakage during login (but not specific details) - 1315205

Login-flow using third-party cookies:

  • Apple disable third-party cookies in Safari ("Prevent Cross-Site Tracking")
  • TB does not currently allow third-party cookies
Last modified 2 months ago Last modified on Oct 2, 2018, 4:38:51 AM