Can't Be Evil Sandbox v1

[larrysalibra]

As many of you know, we introduced the Can’t Be Evil Sandbox late last month at the 2019 Blockstack Summit in San Francisco. Two weeks ago, we shipped the developer preview of our New Internet Extension which implements v1 of the Can’t Be Evil Sandbox. It prohibits two types of app behavior that have been problematic for user privacy: cookies and automatically loading 3rd party assets such as images and scripts from other people's servers. You can read more about it here.

We propose the following scoring:

Cookies

• Uses cookies: 0 points
• Does not use cookies: 1 point

Use of cookies is defined as either a server trying to set cookies in the user’s browser or code running in the user’s browser trying to send cookies with a request. We will erase cookies. Cookies that existed prior to each round of testing will be erased from browsers used in testing.

3rd party resources

• Uses 3rd party resources: 0 points
• Does not use 3rd party resources: 1 point

3rd party resources are defined as any requests to app origins that are not self origin as defined by Content Security Policy (CSP) specifications. Requests that fall under the CSP policy connect-src are allowed for all origins and explicitly exempt from this run under v1 of the Can’t Be Evil Sandbox.

Opts-in to Can’t Be Evil Sandbox

• No: 0 points
• Yes: 1 point

Apps opt-in to the latest version of the Can’t Be Evil Sandbox by setting the can't-be-evil header to true. Opting in means that the New Internet Extension and other user agents that support the Can’t Be Evil Sandbox will enforce the rules instead of merely reporting violations.

A dry run of this new criteria will be conducted during the app review period that begins on December 1, 2019 (November 2019 cohort).

See the following forum issue for other proposed scoring and policy changes: https://forum.blockstack.org/t/november-2019-nil-scoring-proposals/9494?u=larry

[qqnoname]

About 3rd party resources - apps that are using Sentry, Bugsnag, Instabug, or any similar tool to get info about bugs will get a lower score than apps that do not care about bugs? Maybe we need to create a list of 3rd party resources that are allowed?

[wilsonbright]

@larrysalibra would like to hear your thoughts on the timing of open-sourcing the apps. I'm working towards making BlockSurvey a SaaS platform, would making the product open at an early stage a risk for doing business?

[larrysalibra]

About 3rd party resources - apps that are using Sentry, Bugsnag, Instabug, or any similar tool to get info about bugs will get a lower score than apps that do not care about bugs? Maybe we need to create a list of 3rd party resources that are allowed?

v1 of the Can't Be Evil sandbox doesn't prohibit programmatically sending information - ie bug reports - to 3rd parties. Package any code your app needs with the app and you shouldn't have any issues.

[hdriqi]

@larrysalibra loading image from blockstack gaia is also a 3rd party use. so do we need to proxy every request?

[larrysalibra]

loading image from blockstack gaia is also a 3rd party use. so do we need to proxy every request?

if you need to load images cross origin, you can use the fetch api.

[sdsantos]

We had the Dry Run. Results look good. Is this going forward for next month?

[apuyou]

Regarding Opts-in to Can’t Be Evil Sandbox, are apps evaluated based on the presence of the header or based on the New Internet Extension turning purple?

I have this issue https://github.com/newinternetlabs/new-internet-extension/issues/3 on my app too and the extension will only turn on sandbox mode on the first load, although the header is always here and there are no 3rd party ressources.