privacytests.org icon indicating copy to clipboard operation
privacytests.org copied to clipboard
verified publisher icon privacytests

some state partitioning results are ambiguous

Open Thorin-Oakenpants opened this issue 3 years ago • 4 comments

LW, for example, uses session cookies (cookie lifetime pref), and SWers will fail, so it's not enough to check navigator keys

Thorin-Oakenpants avatar Jan 24 '22 00:01 Thorin-Oakenpants

Thanks! Could you provide more details? I don't fully understand. :) Do you think it should be a fail for LibreWolf, or just a "not supported" or something?

arthuredelstein avatar Jan 24 '22 02:01 arthuredelstein

At least in FF, cookie permission controls access to most/all "site data": localStorage, sessionStorage, IDB, sharedWorkers, serviceWorkers (and thus SW cache). For example if you block the cookies, all the above will fail

Firefox has a UI setting > about:preferences#privacy > Cookies and site data > Delete .. when closed

  • this is the network.cookie.lifetimePolicy pref and in effect it makes all cookies session cookies, so they are auto-sanitized

In at least FF91+ (in earlier versions sharedWorkers also had this issue, but I'm not going to track down the change), this breaks serviceWorkers. i.e SWers are in navigator, but they will throw a SecurityError. In other words, you can have SWers enabled, but you still need to trap when they fail, otherwise you're not really testing that they are partitioned

clicking on LW's SW test you can see you return Error: The operation is insecure. So in this case I would trap errors and return = no such feature

Thorin-Oakenpants avatar Jan 24 '22 02:01 Thorin-Oakenpants

FYI:

  • 1552376 - shared + service workers throw a SecurityError when cookie lifetime policy = 2
  • 1681493 - Deprecate and remove network.cookie.lifetimePolicy
    • which means the default value will ultimately be solved for your tests (at least in FF)

Thorin-Oakenpants avatar Jan 24 '22 02:01 Thorin-Oakenpants

renamed the issue, and I will expand on this. What does a green check mark mean? Currently the legend says "passed privacy check". For many tests, the result is not a successful "partitioning", but rather 3rd party contexts being denied. So while technically this is true (privacy was preserved), it also fails to show a difference between those that actually partition, and those who limit.

The State Partitioning blurb says (emphasis mine)

A common vulnerability of web browsers is that they allow tracking companies to 'tag' your browser with some data ('state') that identifies you. When third-party trackers are embedded in websites, they can see this identifying data as you browse to different websites. Fortunately, it is possible for this category of leaks to be fixed by partitioning all data stored in the browser such that no data can be shared between websites.

Interpreting the results will depend on how each test is done, but I believe it is important to differentiate here between those that actually partition and para-quoting "fix this category" vs those that do not

Thorin-Oakenpants avatar Apr 23 '22 07:04 Thorin-Oakenpants