ETag cache tracking

[stoically]

As reported on reddit, containers are susceptible to ETag cache tracking, even though they shouldn't. Easily reproducible here. Not sure if an Bugzilla ticket already exists - might be worth filing one if not.

To mitigate right now using an Add-on, @claustromaniac's ETag Stoppa works well for that.

[crssi]

Are you sure? I do not have the same results as you. I might use something else to mitigate, but I am 99% sure that I rely just on TC for that... before TC I was using ETag Stoppa.

Will double check on a plain vanilla profile with TC only and report back today,

Cheers

[crssi]

Done testing. You are right, but AFAIK this was not the case in the past. I am sure I had done same tests before ditching ETag Stoppa, which was in this case duplicate.

Thank you for warning, getting ETag Stoppa back into profile right now. 😄

Cheer

[stoically]

Yeah, it's weird that containers don't cover that, must be a bug. I guess I could add the ETag Stoppa functionality as advanced preference into TC as well :thinking:

[stoically]

ClearURLs filters ETag headers by default as well.

[stoically]

Should be fixed by Firefox 85+

[crssi]

Hmm... FF ver 85. If I open https://lucb1e.com/rp/cookielesscookies/ in one container and set some value. Then I open the same link in another container, reload twice and I get the value entered in the first container.

But using ETag Stoppa extension everything is OK.

[stoically]

Hm, true. So they missed Etag in their attempt to fix the supercookie problem (https://blog.mozilla.org/security/2021/01/26/supercookie-protections/)? oof