If you explain the mechanism of Firefox's tracking prevention measure ``State Partitioning'' in an easy-to-understand manner, it will be like this
Firefox 86 '' released in February 2021, and has introduced a new tracking prevention function called `` State Partitioning ''. Mozilla engineer Johann Hoffman explains how this State Partitioning works.
Firefox has strengthened its privacy protection function with ``
Introducing State Partitioning - Mozilla Hacks - the Web developer blog
Websites that embed third-party cookies can also track the behavior of users after they leave the website, and through behavioral analysis, it is possible to identify user interests and display highly effective advertisements. On the other hand, such tracking (tracking) collects excessive personal information, and in recent years, it is moving toward regulation and abolition from the viewpoint of privacy.
Mozilla, which develops Firefox, has long devised a mechanism to prevent user tracking, and Firefox 85, released in January 2021, also introduced a mechanism to prevent tracking using a new method called super cookies .
Regarding the newly introduced anti-tracking measure `` State Partitioning '' in `` Firefox 86 '', Mr. Hoffman explained, `` First you need to understand how the stateful Web API works '' as a preliminary step. ``Stateful'' means communication that causes login, and Mozilla positions stateful Web API as ``API that saves data such as cookies, sessions, and caches on the device''.
Originally, stateful web APIs were not created for tracking, but for sharing some state among multiple web services, whether first-party or third-party.
In the case of tracking using third-party cookies, by embedding the cookie of the website 'www.tracker.com' as a third-party cookie in the websites 'foo.com' and 'bar.com', 'www.tracker. com' can use the cookie as an identifier to connect your activity on both sites.
Enhanced Tracking Protection (ETP) ' blocks access to share State, but ETP blocks based on a list of commonly used trackers, so the list is always up-to-date. And if it's not perfect, you'll end up with an unblockable tracker. Another limitation is that trackers can circumvent the ETP by registering a new domain name, which inevitably results in a cat-and-mouse game.
Firefox's tracking prevention function '
State Partitioning was developed by Mozilla to address this problem. State Partitioning is a mechanism to prevent sharing of State by third parties without completely blocking cookie access. Shared state such as cookies and localStorage are separated and available only to the website that issued each cookie.
Among them, Firefox uses a mechanism called 'Double Keying' and adds information to the cookie 'when you are looking at which page' and 'where it was given'. As a result, even if the user is viewing a website with the same 'www.tracker.com' third-party cookie embedded, it will be judged as a different cookie and information will not be tracked.
Firefox with Double Keying saves the cookie key for foo.com as 'www.tracker.com^www.foo.com' and the cookie key for bar.com as 'www.tracker.com^bar.com'. As a result, the third-party cookie will lose its function as a tracker that identifies individuals.
single sign-on (SSO) will be interrupted.
On the other hand, using State Partitioning causes the problem that services using third-party cookies such as
For this reason, Firefox's State Partitioning can not separate States only in specific cases, and the Double Keying function will stop when non-separation is enabled. There are two possible cases for Firefox to enable non-isolation:
1. When the embedded iframe calls the Storage Access API
2. Automated heuristic decisions
in Software, Posted by darkhorse_log