35

State Partitioning

For background, see Brave blog post or Mozilla post

These are about preventing the sharing of any kind of state between two sites, which can provide a conduit between them for tracking or correlation of a user.

Test is to attempt to do a set from one first-party domain, then do a read from a different first party domain - there should be no sharing of state between the domains in these tests. The obvious trade-off is you lose benefits from caching on first visit to a site, and likely use more storage space on-disk with caches of the same content per-site (unless you build a smart overlay that then has a shared cache, but denies knowledge of an entry until it's cached... Which would be a bit complex to build I suspect).

Clicking the titles of tests on https://privacytests.org/ gives a small description of each, and clicking on a tick/cross shows the JS code used to do a test (generally).

In a loose priority order:

Delta against Safari

(These should be reasonably feasible, and are implemented in other browsers)
[ ] localStorage
[ ] XHR cache
[ ] CSS cache
[ ] Fetch cache
[ ] Font cache
[ ] iframe cache
[ ] image cache

Delta against the "ideal"

[ ] Favicon cache
[ ] prefetch cache

Navigation Tests

Delta against the "ideal"

[ ] sessionStorage (basically a per-tab session storage API that persists if you visit another site in the same tab) - this should be easy enough, as it should just be like visiting a site in a fresh tab.

HTTPS upgrading

(Trade-offs being that it attempts to load everything over HTTPS, which could result in a lot of failed requests, most likely)

There's an HTTPS mode in Orion, it didn't seem to pass this test for some reason, and I had it enabled for the test.

Delta against ideal world

[ ] Plain HTTP site
[ ] Auto-upgrade the URL bar entry to HTTPS where possible
[ ] Auto-upgrade clicked hyperlinks where possible
[ ] Auto-upgrade images in pages where possible

Other

There appears to be some standard called GPC that they look for implementation of.

A couple of other misc ones that maybe don't make sense to implement:

[ ] Blob URL (this seems a bit excessive to not permit them to be used at all, if that's what is being suggested... It's not clear)
[ ] document.referer (cross-domain, only the main domain is passed as referer, but I assume the test looks for an empty referer to be sent. Would this break sites?)

Most of the rest of the "gaps" look to be quite subjective, and would be for avoiding fingerprinting, while trading off compatibility with websites, so are probably worth revisiting separately.

    Phenomenal contribution 🙏 We will do our best!

      @Vlad You should pin such important issues, so that more suggestions will lead to better results.

      5 months later

      Patch to get script to run:

      diff --git a/test/config/desktop.yaml b/test/config/desktop.yaml
      index a892abb..f272d5f 100644
      --- a/test/config/desktop.yaml
      +++ b/test/config/desktop.yaml
      @@ -9,5 +9,6 @@ browsers:
        - vivaldi
        - librewolf
        - ungoogled
      + - orion
       filename: index
       repeat: 5
      diff --git a/test/desktop.js b/test/desktop.js
      index b5a02b7..d6e8393 100644
      --- a/test/desktop.js
      +++ b/test/desktop.js
      @@ -15,6 +15,14 @@ open -a Safari "https://example.com"
      
       // macOS parts of the browser launch command
       const macOSdefaultBrowserSettings = {
      +  orion: {
      +    name: "Orion",
      +    nightlyName: "Orion RC",
      +    useOpen: true,
      +    incognitoCommand: "osascript safariPBM.applescript",
      +    postLaunchDelay: 6000,
      +    basedOn: "safari",
      +  },
         brave: {
           name: "Brave Browser",
           nightlyName: "Brave Browser Nightly",

      Notes on running a test:

      $ git clone https://github.com/arthuredelstein/privacytests.org.git

      Edit test/desktop.js to support "Orion" (and Orion RC) as a browser, leaving everything else as default.

      e.g.

      const macOSdefaultBrowserSettings = {
      +  orion: {
      +    name: "Orion",
      +    nightlyName: "Orion RC",
      +    useOpen: true,
      +    incognitoCommand: "osascript safariPBM.applescript",
      +    postLaunchDelay: 6000,
      +    basedOn: "safari",
      +  },
         brave: {

      Add "orion" to the main list in test/config/desktop.yaml

        - ungoogled
      + - orion
       filename: index

      Put a logo for Orion at test/icons/orion.png

      $ cd test
      $ brew install mkcert
      $ TRUST_STORES=system mkcert -install

      (Do regular mkcert -install if you want to install the local CA into every browser you use)

      (Note that this will create a file at ~/Library/Application Support/mkcert/rootCA-key.pem which you should be aware of when purging and cleaning everything afterwards. You should also remove the mkcert certificate from Keychain Access when not testing)

      $ node test config/desktop.yaml --only orion
        No one is typing