274840 – [WPE][GTK] Investigate AdvancedPrivacyProtections

Bug 274840 - [WPE][GTK] Investigate AdvancedPrivacyProtections

Summary: [WPE][GTK] Investigate AdvancedPrivacyProtections

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKitGTK (show other bugs)
Version:	Other
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2024-05-29 09:34 PDT by Michael Catanzaro
Modified:	2024-07-16 11:31 PDT (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Catanzaro 2024-05-29 09:34:04 PDT

264942@main introduced an Advanced Privacy Protections feature that's enabled in Safari private browsing mode, including (from the commit message):

    • Link decoration defenses (filtering and hiding on cross-origin navigation)
    • Tracker blocking in various forms
    • Improved fingerprinting protections (2D canvas, WebGL, web audio, screen/window geometry)
    • Opting into network-level system privacy enhancements

Unfortunately the first two bullet points appear to be Apple-specific in that they depend on the application passing data to WebKit. Presumably that data is proprietary to Safari and not reusable? (Hey Wenson, if you could confirm, that would be helpful.)

The third bullet point looks like low-hanging fruit. We probably just need a way to set the right flags to enable this. In particular, it inserts per-origin noise into API results that can be used for cross-origin tracking.

The fourth bullet point, network-level system privacy enhancements, requires investigation to figure out what that entails and how to implement for libsoup. Since Apple's network stack is proprietary, probably the only thing we can do is ask what "network-level system privacy enhancements" entails and see what they'll tell us. (Hey Weson, any info you have on this would be helpful.)

Comment 1 Michael Catanzaro 2024-05-29 11:45:56 PDT

This one line patch (for testing purposes only, not a serious patch) significantly improves our performance on https://coveryourtracks.eff.org/

diff --git a/Source/WebKit/UIProcess/API/glib/WebKitWebsitePolicies.cpp b/Source/WebKit/UIProcess/API/glib/WebKitWebsitePolicies.cpp
index fd2a94767aca..7c4b5cd3bec2 100644
--- a/Source/WebKit/UIProcess/API/glib/WebKitWebsitePolicies.cpp
+++ b/Source/WebKit/UIProcess/API/glib/WebKitWebsitePolicies.cpp
@@ -52,6 +52,7 @@ struct _WebKitWebsitePoliciesPrivate {
     _WebKitWebsitePoliciesPrivate()
         : websitePolicies(API::WebsitePolicies::create())
     {
+      websitePolicies->setAdvancedPrivacyProtections({ WebCore::AdvancedPrivacyProtections::BaselineProtections, WebCore::AdvancedPrivacyProtections::FingerprintingProtections });
     }
     RefPtr<API::WebsitePolicies> websitePolicies;
 };

We go from "Our tests indicate that you have some protection against Web tracking, but it has some gaps" to "Our tests indicate that you have strong protection against Web tracking."

The changes I see are:

 * Fake screen size
 * Canvas, WebGL, AudioContext fingerprints randomized by first-party domain

However, it all depends on API::WebsitePolicies. The GTK/WPE API website policies API probably needs to be deprecated and replaced, bug #259577.

Comment 2 Michael Catanzaro 2024-07-16 11:31:16 PDT

There is now a detailed blog post explaining things: https://webkit.org/blog/15697/private-browsing-2-0/