Open Embassy4016 opened 1 year ago
Cromite could seperate cookies of each tabs making it difficult for cross-site tracking
already today, in cromite, cookies and storage in general are linked to the website (eTLD+1, i.e. *.foo.com are considered the same). the effect is that a site embedded with an iframe, if you allow cookies to be saved, has partitioned storage and thus the same iframe on different sites has separate storage. in addition, unlike chrome, cookies are also treated by default as same-site = strict, so no top-level cookies are sent to embedded iframes.
what would you like instead?
A ui to turn this feature on or off would make it optional for users who are facing sites breaking.
this depends, that function has been active for a while and so far no one has complained. in the future we shall see, when chrome completely disables third-party cookies, I will not allow the use of shared storage anyway.
Okay. Thought cromite only partitioned process and not storage for cookies. If cookies or site data don't use shared storage then there no need for any change. Though container tabs like feature from firefox would be great. This allows login into the same website with different accounts in different tabs during a session. Though this allows linking accounts and IP addresses for the site visited, partion of this kind still holds functional value for the user.
yes, I like it, but to be done right it must also be possible to exclude the automatic deletion of storage per tab. This would allow you to have, for example, a specific tab with a user logged in, which is useful if you need to access sites where the login is not yours but that of a relative and requires a two-factor security check to gain access.
a specific tab with a user logged in
unless profile management (in windows) already allows it
Yes, but profiles are different and inconvenient compared to container tabs
but profiles are different and inconvenient compared to container tabs
in android. but in windows no.
example of storage separation by tab:
https://issuetracker.google.com/issues/335782518
see JNI_WebContentsFactory_CreateWebContentsWithSeparateStoragePartitionForExperiment
in https://chromium-review.googlesource.com/c/chromium/src/+/5462668
https://chromium-review.googlesource.com/c/chromium/src/+/5296867
Preliminary checklist
Is your feature request related to privacy?
Yes
Is there a patch available for this feature somewhere?
Don't think so, but vanadium recently tried to implement something similar but rolledbacked on it because it breaks too many sites.
Describe the solution you would like
Cromite could seperate cookies of each tabs making it difficult for cross-site tracking. It would be more heavy on the battery life and might break more sites but seems worth it. A ui to turn this feature on or off would make it optional for users who are facing sites breaking. It's not full proof but it's atleast one less data point for tracking.
Describe alternatives you have considered
Don't have any