[tor-bugs] #3246 [Tor Browser]: Isolate HTTP cookies according to first and third party domain contexts (was: Apply third party cookie patch)

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jan 5 22:16:15 UTC 2015 

#3246: Isolate HTTP cookies according to first and third party domain contexts
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  michael
  mikeperry              |     Status:  assigned
         Type:           |  Milestone:
  enhancement            |    Version:
     Priority:  major    |   Keywords:  backport-to-mozilla, tbb-
    Component:  Tor      |  linkability, tbb-usability-website, tbb-bounty,
  Browser                |  tbb-firefox-patch, TorBrowserTeam201503
   Resolution:           |  Parent ID:
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------
Description changed by michael:

Old description:

> Right now, we've set Tor Browser to block third party cookies. This will
> probably break some sites. There is a less intrusive option described at
> https://wiki.mozilla.org/Thirdparty that we should use.
>
> In fact, an implementation has already been coded up by Dan Witte:
> https://bugzilla.mozilla.org/show_bug.cgi?id=565965
>
> We should play with it and see how it behaves for us.

New description:

 Right now, we've set Tor Browser to block third party cookies. This will
 probably break some sites. There is a less intrusive option described at
 https://wiki.mozilla.org/Thirdparty that we should use.

 '''Rebase''' and test existing patches (originating from
 https://bugzilla.mozilla.org/show_bug.cgi?id=565965)

 '''Revise requirements''' according to preliminary tests and devise a
 broad test plan.

 '''Reimplement and retest''' to guarantee proper isolation without
 severely impeding cookie dependent applications.

 '''Document''' the implementation and optionally a contrast of browser
 cookie handling.

 Pave the way towards a '''improved privacy panel''' including a new cookie
 inspector and API supporting such UI.
 ----
 '''Note:''' This is a metaticket composed of work items in child tickets.

--

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3246#comment:39>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list