Disable "Conversion Measurement API" #1531
Comments
|
I apologize if I'm clogging up the repo with my requests, but I'm checking this and a few things come up to check |
|
There is no way to disable everything about reporting? |
csagan5
changed the title
|
I checked the code, there are two different types of reports, those related to navigation and those related to the "Conversion Measurement API" currently under origin trials. |
uazo
changed the title
|
Conversion measurement is perhaps related to RLZ? That is something disabled long ago (since first version of Bromite) |
no, it seems worse to me. |
|
so, here the situation is a bit more complicated and I hope my bad English is not in the way. first of all the "Conversion Measurement API" is part of the developments linked to the same series of the privacy-sandbox features source, the next will be Fledge. deactivation is possible although I am undecided on the correct point where to insert it.
in the latter case we have the advantage that the function is detectable by javascript (then looking like chrome, resuming this), but no report will ever be sent. and considering there is no constraint (see https://github.com/WICG/conversion-measurement-api/ issue 244) on when to send, they may never notice the difference.
I'm noticing more and more that actually all the parts that communicate with the outside are marked by a
no, that's not quite the case. the code eliminates the redirect only for calls to the special url |
ah, the bad thing is that not even the subresource filter would have been able to block it, because the check is placed at the end (which is another thing to check, makes me think there are urls that cannot be never blocked) |
|
AttributionReportingProvider must also be disabled (via |
We should disable the flag/switch/enabled_feature; there is no intent in Bromite to look like Chrome/Chromium anyways. It is a separate browser, and frankly those are no more browsers but something else.
See my reply there:
It is a good idea to study the existing traffic annotations and trace them back to the feature or code that causes them, but blocking undesired functionality should be based on disabled features and code changes not just on filtering at the network annotation level.
Thank you for digging this out; are all these "features" something which has been added recently? As for the subresource filter: that is only for ads. As mentioned earlier we should block the undesired functionality at code level, possibly by not even compiling it.
Yes, it should be disabled as well. |
the only doubt I ask is about the future.
and to think that I am using it in windows, I feel bad...
certainly, any deactivation must be verified
it all seems related to the privacy sandbox, see https://github.com/google/ads-privacy
in my opinion it must be considered as a blocking method decided by the user, among other things also the only one existing in bromite, regardless of how it was born.
Sure, although I think, being a nominal intent, it should be called explicitly. among other things I also found this https://github.com/WICG/floc/blob/main/README.md#qualifying-users-for-whom-a-cohort-will-be-logged-with-their-sync-data |
You can, but I don't really get why you need to do that since you already have patching ability. The reason we use ASM is avoiding patching as much as possible. |
Perfect
to track them and automatically report new ones.
yes, I saw, nice idea, even if it seems dirty too much then the code (but I have no experience in this regard). |
From a software engineering point of view, I think if you want to use asm for that it is better done as some kind of unit test, rather than doing it directly because the latter is more error prone. But that requires you have a running test first, so yeah, you need to trade off here. |
you mean inside a c.i.? yes I mean just that.
I'm sorry, I don't understand. it would only to report it, it shouldn't change anything.
yes, the problem here is that there are some patches that break the build of their tests, although they would be of little interest to me, because they have to run mine, not theirs. here an example of result of same tests i write. |
Let them do that and we will find another strategy; no point implementing something now for that future scenario, you are trying to optimise just for the time window needed to find a new strategy.
The browser should not initiate connections without user consent; we will block those with patches, not with the subresource filter.
We just need to remove/not compile the code that Bromite does not use anyways. You can create a testsuite to "sample" the outgoing traffic but personally I prefer reading the CHANGELOGs and feature development history directly. |
okay, let's try this.
I don't completely agree, but the goal is the same. Would you help me understand if there is any justification for this? that is, is it normal that some headers do not pass through the cors filter? in the code is everything that is placed in cors_exempt_header_list
sure, bromite doesn't care, but substantially the floc data of the users, sent via sync, will be used by google to produce an aggregate report that will be granted to the websites, if I have not misunderstood |
just to correct myself, it seems like they are introducing it for java too |
I think domain-specific exceptions are covered by Any proof that Bromite is currently sending any special header to Google domains? (It is not, as far as I know)
Without a list of the headers it is impossible to make a guess, and it is a bit difficult to extract it from the Gerrit code review. The headers seem related to Google Apps integrations ( |
It cares, otherwise it would not exist; but other than existing I do not think much else can be done for this further privacy land-grab; what do you suggest Bromite should do other than not running FLoC?
Feel free to use and peruse the network annotations to discover about new privacy violations. |
I try to retrieve the list
I don't know, I was thinking about it too among other things, reading the code, I came up with ways to understand if you are browsing incognito, even if it seems strange to me that they have not already been exploited (so I'm probably wrong). I'll try this too.
Yes I will. |
That's the right approach IMO. I had a quick look at your workflow file and I think it is pretty neat. You shall try polish it a little more and I may also use something similar in the future. Making tests is on my TODO list after I finish refurbishing the whole building process. |
yes I know... there is also a vulnerability that I already know but I don't know how to fix ...
ok, I'm keeping an eye on you! :)
yes, but I apply the principle to my code, that is to the parts that I modify, but I don't know how the chromium team modifies its code, so my -unit- tests could be successful, but together with theirs eventually instead no. |
@uazo can the upstream servers receive anything, considering that there are no API keys in Bromite? |
the recipient of the reports is not upstream, but the url which is defined by the javascript call (or by attributes in |
And in this case no key-signing would happen? |
if the question is if there is any signature in the sent payload (a simple json), no, no signature. |
|
Sounds like a wet dream for advertisers. |
|
there is a nice public report that declares a net loss of earnings without third party cookies, and so they transform the browser to remedy. |
|
Sounds like a desperate move; I have read the summary of all these techs you listed here but it was quite some time ago, they were not fully detailed/formed. |
|
Fixed in |
Is your feature request related to privacy?
Yes
Is there a patch available for this feature somewhere?
No
Describe the solution you would like
I think that patch is incomplete: there are other types of reports not covered by that patch like QueueAccessReport or QueueNavigationReport
Describe alternatives you have considered
Fix directly this or the other side of the mojo call
The text was updated successfully, but these errors were encountered: