Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable Reporting API #7956

Closed
pes10k opened this issue Jan 28, 2020 · 1 comment · Fixed by brave/brave-core#4578
Closed

Disable Reporting API #7956

pes10k opened this issue Jan 28, 2020 · 1 comment · Fixed by brave/brave-core#4578
Labels
priority/P3 The next thing for us to work on. It'll ride the trains. privacy/chromium-redqueen Work to remove or improve privacy-harming "features" added in Chromium. privacy/tracking Preventing sites from tracking users across the web privacy QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-Plan-Specified QA/Yes release-notes/include
Milestone
1.7.x - Release

Comments

@pes10k
Copy link
Contributor

pes10k commented Jan 28, 2020
edited by jumde
Loading

Chromium includes a system called Reporting API. Its a broad API that is currently used to allow sites to instruct the browser to send at least the following types of information (possibly others) to arbitrary parties (i.e. first or 3p):

  • CSP errors
  • Network errors
  • Interventions (e.g. webRequest blocked something)
  • Crash reports

Most of the functionality is all defined though HTTP headers, though there is a JS API that allows the site to see and edit reports as they go out).

There is a compile time flag to disable Reporting API. We should do this. Of the functionality that goes through Reporting API, two have possible use cases (CSP and crash reports, though Brave opinions differ on whether they're user-respecting to have on by default), and two are clearly privacy harming (network error reporting, that is a clear tracking vector, and intervention reporting, which is obviously horrible).

Regardless of whether we decide to enable CSP and crash reports, there won't be resources to do so for a while. There is an "easy" way to disable the entire "parent" API (reporting API). We should do so ASAP, until there are resources to possibly re-enable the non-privacy harming parts.

Information about Reporting API

Test Plan

Specified here: brave/brave-core#4578
@pes10k pes10k added privacy privacy/tracking Preventing sites from tracking users across the web labels Jan 28, 2020
@jumde jumde mentioned this issue Feb 1, 2020
Closed
29 tasks
@jumde jumde mentioned this issue Feb 10, 2020
Merged
32 tasks
@tildelowengrimm tildelowengrimm added the privacy/chromium-redqueen Work to remove or improve privacy-harming "features" added in Chromium. label Feb 12, 2020
@tildelowengrimm tildelowengrimm added the priority/P3 The next thing for us to work on. It'll ride the trains. label Feb 19, 2020
@tildelowengrimm tildelowengrimm mentioned this issue Feb 19, 2020
Closed
@jumde jumde added this to the 1.7.x - Nightly milestone Mar 3, 2020
@LaurenWags
Copy link
Member

LaurenWags commented Mar 19, 2020
edited by btlechowski
Loading

Verified passed with

Brave 1.7.66 Chromium: 80.0.3987.149 (Official Build) dev (64-bit)
Revision 5f4eb224680e5d7dca88504586e9fd951840cac6-refs/branch-heads/3987_137@{#16}
OS macOS Version 10.14.6 (Build 18G3020)

Screen Shot 2020-03-19 at 2 32 05 PM

Screen Shot 2020-03-19 at 2 35 25 PM

Verification passed on

Brave 1.7.67 Chromium: 80.0.3987.149 (Official Build) beta (64-bit)
Revision 5f4eb224680e5d7dca88504586e9fd951840cac6-refs/branch-heads/3987_137@{#16}
OS Windows 10 OS Version 1803 (Build 17134.1006)

Verification passed on

Brave 1.7.70 Chromium: 80.0.3987.149 (Official Build) dev (64-bit)
Revision 5f4eb224680e5d7dca88504586e9fd951840cac6-refs/branch-heads/3987_137@{#16}
OS Ubuntu 18.04 LTS

image

@kjozwiak kjozwiak mentioned this issue Apr 9, 2020
Closed
@tspearconquest tspearconquest mentioned this issue Jul 19, 2021
Open
@ekzyis ekzyis mentioned this issue Feb 13, 2024
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
priority/P3 The next thing for us to work on. It'll ride the trains. privacy/chromium-redqueen Work to remove or improve privacy-harming "features" added in Chromium. privacy/tracking Preventing sites from tracking users across the web privacy QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-Plan-Specified QA/Yes release-notes/include
Projects
None yet
Milestone
1.7.x - Release
6 participants
@pes10k @tildelowengrimm @jumde @LaurenWags @btlechowski @GeetaSarvadnya