privacy.restrict3rdpartystorage.heuristic.*

[rusty-snake]

https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning

Disable Web Compatibility Features

Setting privacy.antitracking.enableWebcompat to false will disable all ETP and State Partitioning web-compatibility features. Disabling these features can be useful when testing, to ensure your website is fully compatible with the State Partitioning mechanism in Firefox and it does not rely on temporary heuristics.

Features disabled by the pref include:

• Storage access heuristics: Unpartitioned storage access can only be acquired via the Storage Access API.
• Automatic storage access grants: document.requestStorageAccess will always prompt the user.
• SmartBlock’s "unblock on opt-in" feature, which will allow certain trackers when users interact with them.
• Any temporary anti-tracking exceptions granted to websites via the skip-listing mechanism.

Disable Heuristics

The following prefs can be used to disable individual storage access heuristics via the config editor:

• Enable / disable the redirect heuristics:
  • privacy.restrict3rdpartystorage.heuristic.recently_visited
  • privacy.restrict3rdpartystorage.heuristic.redirect
• Enable / disable the window open heuristics:
  • privacy.restrict3rdpartystorage.heuristic.window_open
  • privacy.restrict3rdpartystorage.heuristic.opened_window_after_interaction

Do we want to add privacy.restrict3rdpartystorage.heuristic.* to 2702?

user.js/user.js

Lines 767 to 771 in 89bee0e

	/* 2702: disable ETP web compat features [FF93+]
	* [SETUP-HARDEN] Includes skip lists, heuristics (SmartBlock) and automatic grants
	* [1] https://blog.mozilla.org/security/2021/07/13/smartblock-v2/
	* [2] https://hg.mozilla.org/mozilla-central/rev/e5483fd469ab#l4.12 ***/
	// user_pref("privacy.antitracking.enableWebcompat", false);

This would allow to disable opener heuristic (for example) while keeping other useful SmartBlock features.

---

/* 2702: disable all ETP web compat features [FF93+]
 * [SETUP-HARDEN] Includes skip lists, heuristics (SmartBlock) and automatic grants
 * [1] https://blog.mozilla.org/security/2021/07/13/smartblock-v2/
 * [2] https://hg.mozilla.org/mozilla-central/rev/e5483fd469ab#l4.12 ***/
   // user_pref("privacy.antitracking.enableWebcompat", false);
/* 2703: disable storage access heuristics [FF??+]
 * [SETUP-HARDEN] frog frog frog
 * [1] https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning#disable_heuristics ***/
   // user_pref("privacy.restrict3rdpartystorage.heuristic.recently_visited", false);
   // user_pref("privacy.restrict3rdpartystorage.heuristic.redirect", false);
   // user_pref("privacy.restrict3rdpartystorage.heuristic.window_open", false);
   // user_pref("privacy.restrict3rdpartystorage.heuristic.opened_window_after_interaction", false);

[Thorin-Oakenpants]

WHAT does this achieve? SmartBlock heuristics are already behind a user gesture (clicking a login button no less). If you use a SSO to login, what do you gain besides possible breakage?

This would just becomes more stuff for me to maintain, test, answer questions about etc. No thank you. Make a real use case, or close, thanks

[Thorin-Oakenpants]

invalid: these are Test Preferences as per MDN