Support Firefox's Tracking Protection
englehardt opened this issue · comments
Tracking Protection was added in Firefox 42, so we should be able to turn on support for it.
The pref is currently disabled: https://github.com/citp/OpenWPM/blob/master/automation/DeployBrowsers/configure_firefox.py#L30-L35
However, enabling the pref still won't work correctly as we remove the update URL to prevent stray HTTP requests to mozilla's servers during a crawl (see: https://github.com/citp/OpenWPM/blob/master/automation/DeployBrowsers/configure_firefox.py#L137). It should be pretty easy to figure out the API to query and manually download the list at the start of a crawl.
The two update urls are:
https://tracking-protection.cdn.mozilla.net/mozstd-track-digest256/1471874828https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1478554625
So we can just make these requests manually with the requests library and update the timestamp at the end of the url. In order to have Firefox consume these lists we probably need to set browser.safebrowsing.provider.mozilla.lists to mozstd-track-digest256,mozstd-trackwhite-digest256, but we'll need to be sure that auto-updates are not enabled.
The basic way to reenable tracking protection is to have a browser_params["tp_cookies"].lower() == "etp" check in here
https://github.com/mozilla/OpenWPM/blob/65337e0c19dc857f63bbca1b3aa3773a2c49fd42/automation/DeployBrowsers/configure_firefox.py#L17-L23
and set cookie_behaviour to 5 if that's the case.
The only other modification required is to wrap this code block in an if to check the same thing.
https://github.com/mozilla/OpenWPM/blob/65337e0c19dc857f63bbca1b3aa3773a2c49fd42/automation/DeployBrowsers/configure_firefox.py#L98-L115
The basic way to reenable tracking protection is to have a
browser_params["tp_cookies"].lower() == "etp"check in here https://github.com/mozilla/OpenWPM/blob/65337e0c19dc857f63bbca1b3aa3773a2c49fd42/automation/DeployBrowsers/configure_firefox.py#L17-L23 and setcookie_behaviourto 5 if that's the case. The only other modification required is to wrap this code block in an if to check the same thing. https://github.com/mozilla/OpenWPM/blob/65337e0c19dc857f63bbca1b3aa3773a2c49fd42/automation/DeployBrowsers/configure_firefox.py#L98-L115
Hi -- this seems to work for me, but what is the rationale behind doing the following? From what I understand, two things need to be done:
# Sets the third party cookie setting
if browser_params.tp_cookies.lower() == "never":
fo.set_preference("network.cookie.cookieBehavior", 1)
elif browser_params.tp_cookies.lower() == "from_visited":
fo.set_preference("network.cookie.cookieBehavior", 3)
elif browser_params.tp_cookies.lower() == "etp":
fo.set_preference("network.cookie.cookieBehavior", 5)
else: # always allow third party cookies
fo.set_preference("network.cookie.cookieBehavior", 0)
if browser_params.tp_cookies.lower() == "etp":
fo.set_preference("browser.safebrowsing.phishing.enabled", False)
fo.set_preference("browser.safebrowsing.malware.enabled", False)
fo.set_preference("browser.safebrowsing.downloads.enabled", False)
fo.set_preference("browser.safebrowsing.downloads.remote.enabled", False)
fo.set_preference("browser.safebrowsing.blockedURIs.enabled", False)
fo.set_preference("browser.safebrowsing.provider.mozilla.gethashURL", "")
fo.set_preference("browser.safebrowsing.provider.google.gethashURL", "")
fo.set_preference("browser.safebrowsing.provider.google4.gethashURL", "")
fo.set_preference("browser.safebrowsing.provider.mozilla.updateURL", "")
fo.set_preference("browser.safebrowsing.provider.google.updateURL", "")
fo.set_preference("browser.safebrowsing.provider.google4.updateURL", "")
fo.set_preference("browser.safebrowsing.provider.mozilla.lists", "") # TP
fo.set_preference("browser.safebrowsing.provider.google.lists", "") # TP
fo.set_preference("browser.safebrowsing.provider.google4.lists", "") # TP
fo.set_preference("extensions.blocklist.enabled", False) # extensions
fo.set_preference("security.OCSP.enabled", 0)