A Work Item of the Privacy Community Group.

• GitHub privacycg/storage-partitioning (new issue, open issues)
• GitHub privacycg/storage-partitioning/commits

User agent state that is keyed by a single origin or site is an acknowledged privacy and security bug. Through side-channels or more directly, this allows:

1. A top-level site https://site-a.example A to infer that a user is also visiting top-level site https://site-b.example B, by embedding resources or documents from B in A. Beyond visiting, it can also allow A to infer specific state from B that depends on the user, thereby revealing many aspects of the user. Timing Attacks on Web Privacy, XS-Leaks, and COSI discuss this in more detail.
2. Conversely, it allows a site https://tracker.example whose resources might be embedded on many different sites, to track the end user across these sites.

To solve a key aspect of this, any such user agent state needs to be keyed by more than a single origin or site.

There are many standards that together make up a user agent and many of these standards define “problematic” state. This repository’s issue tracker is where we're coordinating the effort to address these issues in a holistic manner. The actual changes will happen in each impacted standard and are collated here for visibility.

whatwg/html #4966 defined the top-level origin concept for an environment and HTML also defines site and obtain a site. Together these allow for a definition of top-level site, which most user agents are targeting as additional key. When this additional key is cross-site from the “normal” key, the relevant state can be considered to be partitioned.

For some user agent state it might be beneficial to add even more keys, e.g., to prevent attacks between framed documents. shivanigithub/http-cache-partitioning #2 has some relevant discussion.

For some user agent state (Cookies and Storage below in particular are under discussion) the additional keying might be relaxable. This is tracked by The Storage Access API though also necessarily has to inform the work noted below as it might impact architecture decisions.

Aside from using additional keying, outright blocking of the user agent state is also considered at times, e.g., for cross-site cookies or as happens today for storage in opaque origins. This is not likely to be web compatible nor even desirable for all user agent state, but could well be a valid solution for some.

This section contains a likely inexhaustive enumeration of user agent state and ongoing standards activity. If there is state or standards activity missing please file an issue or provide a pull request.

The tentative overall plan is to block cross-site cookies and add support for partitioned cookies via opt-in. The details are still under discussion though it seems likely to be eventually standardized across the IETF and WHATWG. Relevant discussions:

• Cookie layering (a start of a discussion with the IETF how to best structure the HTTP State Management Mechanism specification to account for these changes to cookies).
• For opt-in partitioned cookies CHIPS is the most likely candidate, though a few favor an approach using requestStorageAccess(). These two approaches are not necessarily conflicting and some browsers have expressed interest in supporting both.
• Meetings:
  • Cross-site cookies standardization (minutes).
  • Cross-site cookies standardization, part 2 (minutes).

• Network state:
  • HTTP cache (standardized in Fetch)
  • HTTP connections (standardized in Fetch)
    • Also consider speculative connections (unclear where these are created in standards, but if done through Fetch it would be correct)
  • WebSocket connections (whatwg/fetch #1243)
  • WebRTC connections (w3c/webrtc-pc #2613)
  • WebTransport connections (w3c/webtransport #128)
  • DNS
  • HTTP authentication
  • Alt-Svc
  • Fonts
  • HSTS
  • TLS client certificates
  • TLS session identifiers
  • HPKP
  • OCSP
  • Intermediate CA cache
  • Prefetch
  • Preconnect
  • CORS-preflight cache (standardized in Fetch)
• Storage (whatwg/storage #88, whatwg/storage #90):
  • Indexed DB
  • Cache API
  • localStorage
  • sessionStorage
  • BroadcastChannel (whatwg/html #5803)
  • Shared workers
  • Service workers
  • Web Locks
• Web Authentication
• WebRTC’s deviceId (w3c/mediacapture-main #675)
• Blob URL store (w3c/FileAPI #153)
• HTML Standard’s list of available images
• window.name (standardized in HTML)
• Browsing context group's agent cluster map (only observable with popups)
• Permissions (Permissions Policy largely allows these to be disabled by default when the top-level site is not equal to the current site and require explicit delegation in such cases)
  • Persistent storage (whatwg/storage #87)
  • Notifications (whatwg/notifications #177)
• WebGL and WebGPU's cache of compiled shaders and pipelines (standardized by highlighting the risk in the security/privacy consideration section as the caches are only observable through timing)
• Non-standardized features:
  • Credentials (username and password storage)
  • Form autofill data storage
  • Per-site user preferences
  • Favicon cache
  • Page info media previews
  • Save Page As

The author of this document gave a short presentation in early 2022 about the state of this effort: State of state partitioning.

The author of this document was inspired by Chromium’s Network Isolation Key, Firefox and Tor Browser’s First-Party Isolation, Safari’s Intelligent Tracking Prevention, XS-Leaks, and the many people wanting to improve these aspects of the web.