Changes between Initial Version and Version 1 of org/meetings/2018MexicoCity/Notes/FPI


Ignore:
Timestamp:
Oct 2, 2018, 4:38:51 AM (10 months ago)
Author:
sysrqb
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • org/meetings/2018MexicoCity/Notes/FPI

    v1 v1  
     1FPI
     2
     3    - Breakage
     4
     5    - 3rd part login flows
     6
     7    - Redirects
     8
     9    Ex. gmail.com -> youtube.com -> mail.google.com
     10
     11    Third parties have access to cookies
     12
     13    Investigate Apple's Tracking protection
     14
     15
     16Look at the time spent on intermediate sites, and if it is a short time, then delete cookies associated with that site
     17
     18    - This doesn't work if the site is used as a final destination and within a redirect chain
     19
     20
     21- Should we expire cookies after some amount of time?
     22- `window.open()`:
     23    - Tor Browser blocks communication between tabs using opener
     24    - Post messaging is still an option for communication.
     25    - Do we know how post messaging is used across the web?
     26    - Maybe show a permissions prompt when a child tab tries using post messaging for communicating with the parent tab
     27
     28SharedWorkers should be FPI already - and there should be a test for it (but what about ServiceWorkers) - 1264593
     29
     30Shield study showed breakage during login (but not specific details) - 1315205
     31
     32Login-flow using third-party cookies:
     33
     34    - Apple disable third-party cookies in Safari ("Prevent Cross-Site Tracking")
     35
     36    - https://support.apple.com/guide/safari/prevent-websites-from-tracking-you-sfri40732/mac
     37
     38    - TB does not currently allow third-party cookies