Open ruihildt opened 1 year ago
some answers/info
1
). I'm not sure on the logic for that, since site data is already partitioned to 1st party, but I also don't think it breaks much as cookies are phased out and we don't allow any relaxation in FPI. Some other values don't make sense, since we don't ship (AFAIK) with tracker lists (value 4
), and we can't block all cookies (value 2
) as this would break too many sites. And value 3
seems like a waste of time IMO since we sanitizeFYI: and ETP standard/strict controls this
// 0 = Accept cookies and site data
// 1 = (Block) All third-party cookies
// 2 = (Block) All cookies
// 3 = (Block) Cookies from unvisited websites
// 4 = (Block) Cross-site tracking cookies (default)
// 5 = (Isolate All) Cross-site cookies (TCP: Total Cookie Protection / dFPI: dynamic FPI) [1] (FF86+)
user_pref("network.cookie.cookieBehavior", 1);
updated value above (sorry, I pasted an older description that was missing value 5)
Value 5
uses dFPI. TB/MB do not use dFPI, it uses FPI which is completely different engineering (i.e it's not even dFPI minus the d part). And we set user_pref("privacy.firstparty.isolate", true);
which in code disables dFPI.
No one has bothered to check out the ramifications of all this, since it's not supported and not envisaged that users would do it (we hid the UI for a reason)
tl;dr: don't play with prefs in about:config
Originally posted by @felschr in https://github.com/mullvad/browser-extension/issues/23#issuecomment-1510451811