Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable the prefetch-privacy-changes flag by default #8319

Closed
Peacock365 opened this issue Feb 19, 2020 · 7 comments · Fixed by brave/brave-core#5731
Closed

Enable the prefetch-privacy-changes flag by default #8319

Peacock365 opened this issue Feb 19, 2020 · 7 comments · Fixed by brave/brave-core#5731
Assignees
@fmarier
Labels
OS/Android Fixes related to Android browser functionality OS/Desktop priority/P3 The next thing for us to work on. It'll ride the trains. privacy QA Pass - Android ARM QA Pass - Android Tab QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Yes release-notes/include
Milestone
1.12.x - Release #1

Comments

@Peacock365
Copy link

Peacock365 commented Feb 19, 2020
edited
Loading

Description

The Brave flags "Reduce default 'referer' header granularity." and "Prefetch request properties are updated to be privacy-preserving" should be enabled by default, in order to improve the default privacy of Brave users. No website breakage is expected here, no performance degradation is expected here. I have visited several major websites so far with both of these settings enabled (Facebook, Google, YouTube, eBay, Twitter, Amazon, Instagram - you name it), and the websites do behave normally. Please consider enabling these settings by default.

Steps to Reproduce

1. Go to chrome://flags/#reduced-referrer-granularity
2. Go to chrome://flags/#prefetch-privacy-changes

Actual result:

The settings are disabled by default.

Expected result:

The settings should be enabled by default.

Reproduces how often:

Easily reproduced.

Brave version (brave://version info)

Brave | 1.3.115 Chromium: 80.0.3987.87 (Official Build) (64-bit)
Revision | 449cb163497b70dbf98d389f54e38e85d4c59b43-refs/branch-heads/3987@{#801}
OS | macOS Version 10.15.3 (Build 19D76)

(Reproducible on other OSes as well, though.)

Version/Channel Information:

Does this issue happen on any other channels? Or is it specific to a certain channel?

I use the release channel, but it can be reproduced on all channels.

Other Additional Information:

Is the issue reproducible on the latest version of Chrome?

Yes.

Miscellaneous Information:

Is there any good reason why those settings are disabled by default as it stands? Anything I am unaware of?
@bsclifton
Copy link
Member

cc: @snyderp @tomlowenthal

@pes10k
Copy link
Contributor

pes10k commented Feb 19, 2020

I think we already do this, but just w/o using the code paths Chrome uses. We aught to just remove the flags.

@tildelowengrimm
Copy link
Contributor

Removing the flags is another thing that we need to maintain on rebases, so if they're redundant, ley's just ignore them. I'm personally not sure what either of the flags do. François says that the referer one is less protective than our Shields default, and Chrome is going to enable it by default if their tests pan out, so that one's easy to ignore. Looks like #prefetch-privacy-changes is pretty good. No reason not to enable it IMO? Is it redundant with some other protection?

@tildelowengrimm tildelowengrimm added the priority/P3 The next thing for us to work on. It'll ride the trains. label Feb 19, 2020
@Peacock365 Peacock365 changed the title Same Brave flags related to privacy could / should be changed. Some Brave flags related to privacy could / should be changed. Feb 19, 2020
@tildelowengrimm tildelowengrimm added the needs-more-info The report requires more detail before we can decide what to do with this issue. label Feb 24, 2020
@mengesb mengesb mentioned this issue Apr 26, 2020
Closed
@fmarier
Copy link
Member

fmarier commented Jun 2, 2020
edited
Loading

The referrer flag will be enabled as part of fixing #8696. Let's keep this issue open for the prefetch flag:
Capture d’écran du 2020-06-01 21-20-46

@fmarier fmarier removed the needs-more-info The report requires more detail before we can decide what to do with this issue. label Jun 2, 2020
@fmarier fmarier self-assigned this Jun 2, 2020
@fmarier fmarier changed the title Some Brave flags related to privacy could / should be changed. Enable the prefetch-privacy-changes flag by default Jun 2, 2020
@fmarier
Copy link
Member

fmarier commented Jun 3, 2020

Here is more information about this flag:

and the risks identified by the Chromium team:

The compatibility risk is mostly low, but not completely clear. Changing the credentials mode for prefetch requests may cause more cache-misses and therefore double-downloads, however could also introduce a correctness problem if prefetch responses do not have the Vary: Cookie header attached when their content actually relies on credentials. In this case, it is possible that a user can navigate (with credentials) to a resource, and the user will be served the uncredentialed response from the HTTP cache. We don’t expect the changes to service-workers mode, referrer policy, and redirect mode to break existing content. It is likely they will cause more cache-misses and double-downloads though.

@fmarier fmarier mentioned this issue Jun 3, 2020
Merged
32 tasks
fmarier added a commit to fmarier/brave-testing that referenced this issue Jun 4, 2020
@fmarier
Add test page for brave/brave-browser#8319
730e37a
fmarier added a commit to fmarier/brave-testing that referenced this issue Jun 4, 2020
@fmarier
Add test page for brave/brave-browser#8319
8d722b7
@fmarier fmarier added the QA/Yes label Jun 4, 2020
fmarier added a commit to brave/brave-core that referenced this issue Jun 4, 2020
@fmarier
Enable prefetch-privacy-changes flag by default (fixes brave/brave-br…
77c337d 
…owser#8319)
@fmarier fmarier added this to the 1.12.x - Nightly milestone Jun 4, 2020
@LaurenWags
Copy link
Member

LaurenWags commented Jul 17, 2020
edited by btlechowski
Loading

Verified passed with

Brave | 1.12.92 Chromium: 84.0.4147.89 (Official Build) dev (64-bit)
-- | --
Revision | 19abfe7bcba9318a0b2a6bc6634a67fc834aa592-refs/branch-heads/4147@{#852}
OS | macOS Version 10.14.6 (Build 18G3020)

Screen Shot 2020-07-17 at 2 15 45 PM

Screen Shot 2020-07-17 at 2 16 05 PM

Verification passed on


Brave | 1.12.94 Chromium: 84.0.4147.89 (Official Build) dev (64-bit)
-- | --
Revision | 19abfe7bcba9318a0b2a6bc6634a67fc834aa592-refs/branch-heads/4147@{#852}
OS | Windows 10 OS Version 1903 (Build 18362.959)

image

Verification passed on

Brave 1.12.99 Chromium: 84.0.4147.89 (Official Build) dev (64-bit)
Revision 19abfe7bcba9318a0b2a6bc6634a67fc834aa592-refs/branch-heads/4147@{#852}
OS Ubuntu 18.04 LTS

@Peacock365 Peacock365 mentioned this issue Jul 23, 2020
Closed
This was referenced Jul 29, 2020
Closed
Closed
@bbondy bbondy added OS/Android Fixes related to Android browser functionality OS/Desktop labels Aug 7, 2020
@srirambv
Copy link
Contributor

Verification passed on OnePlus 6T with Android 10 running 1.12.111 x64 build

Verification passed on OnePlus 6T with Android 10 running 1.12.111 x64 build

@LaurenWags LaurenWags mentioned this issue Aug 11, 2020
Closed
@srirambv srirambv mentioned this issue Aug 18, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fmarier fmarier

Labels
OS/Android Fixes related to Android browser functionality OS/Desktop priority/P3 The next thing for us to work on. It'll ride the trains. privacy QA Pass - Android ARM QA Pass - Android Tab QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Yes release-notes/include
Projects
None yet
Milestone
1.12.x - Release #1
Development

Successfully merging a pull request may close this issue.

Enable prefetch-privacy-changes flag by default brave/brave-core
10 participants
@pes10k @fmarier @tildelowengrimm @bbondy @bsclifton @srirambv @LaurenWags @btlechowski @Peacock365 @GeetaSarvadnya