I wanted to understand why I was getting these inconsistent results, to make sure the published results are correct going forward. Chromium-based browsers were passing these privacy tests, but, surprisingly, running the same tests manually or via a different testing framework resulted in failures. Over the past week, I investigated puzzling behavior in four partitioning tests: CSS cache, font cache, image cache, and prefetch cache. Investigation of inconsistency in four cache partitioning tests New versionsĪfter a brief pause to investigate an inconsistency in test results, we are back with Issue 15: I have expanded general cookie testing to examine both cross-site tracking via HTTP cookies and cross-site tracking via JavaScript cookies (aka okie). The MITM proxy is again used to test whether it can read back the same cookies that were set for those tracking domains in step 1. A second web page from test site B is loaded, with the same set of tracking subresources.A mitm proxy is used to inject a "Set-Cookie" header for each tracker. A web page from test site A is loaded with third-party tracking subresources, one from each tracking domain. In these tests, we check whether the browser allows cookies from 19 of the top tracking domains to be shared across websites. Today I am publishing a set of new "tracking cookie protection" tests for desktop browsers. Issue 17: New "tracking cookie protection" category of tests In this issue, we have added Firefox Focus to the set of Android browsers. Thanks to Aleksey Khoroshilov and Pete Snyder for alerting me to the issue. Apologies for the bug I have corrected the issue. The Brave team reported a bug that resulted in incorrect results for the Alt-Svc test on the Brave browser. I am investigating how to test this new protection, so no "pass" or "fail" decision has yet been made. It works by randomizing the user-installed fonts that are exposed to a web page. System font fingerprinting in Braveīrave 1.39 (currently Nightly) has introduced a new protection against system font fingerprinting. In this issue I have added Mull to the set of Android browsers. Thanks to Steven Englehardt for creating this test! Updated browsers This issue includes a new test for whether the Cookie Store API can be used to track users across sites in each browser. Thanks to Peter Dolanjski for informing me of this problem. I have now enhanced the test so it detects the presence of this surrogate and reports a "pass" for DuckDuckGo. The original design of my test did not take into account this kind of surrogate, and so was incorrectly concluding that the original tracking script had been loaded into the page. DuckDuckGo browser blocks third-party Chartbeat tracking scripts, but then provides the host page with a surrogate script to prevent breakage of the page's functionality. It was brought to my attention that the "Tracker content blocking" test for Chartbeat was incorrectly reporting a "fail" for the DuckDuckGo Android browser. Congratulations to the Firefox team! I am informed that existing profiles will also receive Total Cookie Protection in the next few months. Congratulations to the team at Brave who worked on this! New browser versionsįor the first time, fresh profiles of Firefox are now passing (nearly) all State Partitioning tests, thanks to the worldwide rollout of Total Cookie Protection. Today, for the first time, Brave is now passing all State Partitioning tests.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |