Awesome post. The evidence presented should be enough to motivate other browsers to at least start investigating doing the same. It would be great to see more evidence, confirming or refuting, how much sharing a cache between sites actually matters.https://twitter.com/jaffathecake/status/1037741010871353344 …
-
-
Replying to @BRIAN_____
I'm not sure how valuable this is (privacy wise) unless you close all the holes (like resumption). In Firefox that's possible with containers or the (experimental) pref for first party isolation. In Tor Browser, it's on by default.
1 reply 0 retweets 0 likes -
-
Replying to @sleevi_ @BRIAN_____
If you find a bypass in h2, you'll get a bounty from Tor :) Socket pools maybe not though; since they don't use that code.
1 reply 0 retweets 0 likes -
Replying to @TomRittervg @BRIAN_____
You're saying that H/2 coalescing is disabled, and distinct socket pools per keyed origin are used? Any pointers to the source?
1 reply 0 retweets 0 likes -
Replying to @sleevi_ @BRIAN_____
They should be! I'll go look tomorrow. :)
1 reply 0 retweets 1 like -
H2 Coalescing is here: https://searchfox.org/mozilla-central/source/netwerk/protocol/http/Http2Session.cpp#2702 … which flows to https://searchfox.org/mozilla-central/source/netwerk/protocol/http/nsHttpConnectionMgr.cpp#762 …. OriginAttributes always contains a Container ID (if you don't have containers it's 0) and if you have FPI enabled, the first party origin. cc
@mcmanusducksong1 reply 0 retweets 1 like
Socket Pools is governed the same way, in https://searchfox.org/mozilla-central/source/netwerk/protocol/http/nsHttpConnectionMgr.cpp#1893 … I did find some scary things about setting the socket reuse: https://searchfox.org/mozilla-central/search?q=symbol:F_%3CT_7d320e23007bb462%3E_4&redirect=false … but comments and discussions indicate this is used safely, only for ICE TCP or local net stuff.
-
-
Replying to @TomRittervg @sleevi_ and
So that part isn't very robust and might have some lurking issues but hopefully if present, they're limited. Bypasses welcome =)
0 replies 0 retweets 1 likeThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.