Fenix: [Bug] www.google-analytics.com not blocked even with strict ETP on apkmirror.com
from https://www.reddit.com/r/firefox/comments/ieh6ad/so_tracking_protection_now_allowing_google/
Steps to reproduce
open apkmirror.com
set etp to strict mode
Expected behavior
www.google-analytics.com is blocked
Actual behavior
it is not
Device information
- Android device: Asus Zenfone
- Fenix version: Nightly 200822 06:01 (Build #2015759411)
AC: 56.0.20200821184145, 96a8a14dc
GV: 81.0a1-20200820093209
AS: 61.0.12
s-ankur
All 22 comments
s-ankur
on 22 Aug 2020
Another thing Ive noticed:
connect.facebook.com is blocked with Strict Mode ETP but not with Custom ETP.
s-ankur
on 22 Aug 2020
@Amejia481 - do you think it is possible to implement a test either in A-C or Fenix (or both) to make sure we don't regress ETP?
@liuche this seeems to work in 79 and 80 but not on Nightly - probably a 81 release blocker.
st3fan
on 23 Aug 2020
@Amejia481 - do you think it is possible to implement a test either in A-C or Fenix (or both) to make sure we don't regress ETP?
@liuche this seeems to work in 79 and 80 but not on Nightly - probably a 81 release blocker.
We have some UI tests on Fenix, completely agree, we have to detect regressions early.
This is related to the latest update on theWebCompat extension https://github.com/mozilla-mobile/android-components/commit/5e9e03a5f9ece1c7b7150a625234e6784f5e4385, we added some rules to reduce tracking protection breakage. If I prevent the extension for being installed the issue disappears (Be aware, the web extension installation API is persistent, that means if you had previously installed the extension you need to uninstall and re-install the app without installing the extension to see the results). cc: @wisniewskit
Some logs from the js console:
Ads by Google is being shimmed by Firefox. See https://bugzilla.mozilla.org/show_bug.cgi?id=1629644 for details. sandbox eval code:1:9
Google Analytics is being shimmed by Firefox. See https://bugzilla.mozilla.org/show_bug.cgi?id=1493602 for details. sandbox eval code:1:9
Ads by Google is being shimmed by Firefox. See https://bugzilla.mozilla.org/show_bug.cgi?id=1629644 for details. sandbox eval code:1:9
Facebook SDK is being shimmed by Firefox. See https://bugzilla.mozilla.org/show_bug.cgi?id=1226498 for details. shim_messaging_helper.js:23:15
Some cookies are misusing the “SameSite“ attribute, so it won’t work as expected 3
Cookie “__cfduid” has been rejected because it is in a cross-site context and its “SameSite” is “Lax” or “Strict”
Amejia481
on 23 Aug 2020
I think the rules are only active on nightly as we want to get a bigger audience for testing
Amejia481
on 23 Aug 2020
A workaround in the meantime is to go to about:config and search for extensions.webcompat.enable_shims and toggle the preference to false.
Amejia481
on 23 Aug 2020
Actually, the requests are still being blocked, but the "tracking content" summary is unaware of that fact. The way it works is that the webcompat addon needs to be able to bypass regular tracking protection to replace those requests with a shim (more info here). We'll need to find a way to update the summary to indicate this.
@Amejia481, who would be best to talk to in order to figure out how to update the summary UI so it's aware that the requests are being shimmed instead of just being blocked?
wisniewskit
on 24 Aug 2020
It depends in which layer of the stack we want to make the update, Fenix,AC,GV, or Gecko, lets chat about it and see the pros and cons. Right now the UI gets populated from ContentBlocking:RequestLog.
Amejia481
on 24 Aug 2020
I tested locally with different variants beta and release, and the issue is not reproducible. It could a good idea, if the QA team adds this to their test plan to avoid leaking the bug to other variants.
Amejia481
on 24 Aug 2020
This issue is reproducible on Nightly 200826 GV 81, from 8/26 with Pixel 2 (Android 9).
The workaround from https://github.com/mozilla-mobile/fenix/issues/14071#issuecomment-678708955 solves the issue.
Not reproducible on RC 80.1.0 GV 80, from 8/25 and Beta 80.0.1-beta.2 GV 80 from 8/18.
I have added a test to our smoke test suite. I will remove the qa:needed label for now.
ebalazs-sv
on 26 Aug 2020
Thanks @ebalazs-sv!
Amejia481
on 26 Aug 2020
How can workaround from #14071 (comment) solve the issue if the stable version has no about:config ?
clientenq
on 29 Aug 2020
This feature is only activate on nightly, as we are testing it and on nightly about:config is accessible :)
Amejia481
on 29 Aug 2020
We are tracking the update of the extension on this Bugzilla bug https://bugzilla.mozilla.org/show_bug.cgi?id=1661330
Amejia481
on 8 Sep 2020
This issue still reproduces on 10/8 Nightly build on HTC 10 (Android 8):
softvision-miralobontiu
on 8 Oct 2020
We landed a patch for exposing the right category, but we still need to add the category in the ui this will be covered on https://github.com/mozilla-mobile/fenix/issues/15783
Amejia481
on 8 Oct 2020
This should be fixed in nightly :)
Amejia481
on 27 Oct 2020
@s-ankur could you verify if it's working for you? :)
Amejia481
on 27 Oct 2020
seems to work properly, sorry for closing this accidentally
s-ankur
on 27 Oct 2020
Thanks for verifying, the QA team will take a look as they have a wider range of devices where they can test :)
Amejia481
on 27 Oct 2020
Verified as fixed on Nightly 201029 05:01 (Build #2015772457) GV 84.0a1 from 10/29 with the following devices:
- Google Pixel 2 (Android 9),
- Motorola Moto G6 (Android 8),
- Huawei P9 Lite (Android 7),
- Nexus 5 (Android 6.0.1).
I will remove the qa:needed label and close this issue.
ebalazs-sv
on 29 Oct 2020
Thanks @ebalazs-sv!
Amejia481
on 29 Oct 2020
Related issues
andreicristianpetcu
·
3Comments
csadilek
·
3Comments
andreicristianpetcu
·
3Comments
lindongbin
·
3Comments
AndiAJ
·
3Comments