-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disable Reporting API #7956
Comments
Verified passed with
Verification passed on
Verification passed on
|
Chromium includes a system called Reporting API. Its a broad API that is currently used to allow sites to instruct the browser to send at least the following types of information (possibly others) to arbitrary parties (i.e. first or 3p):
Most of the functionality is all defined though HTTP headers, though there is a JS API that allows the site to see and edit reports as they go out).
There is a compile time flag to disable Reporting API. We should do this. Of the functionality that goes through Reporting API, two have possible use cases (CSP and crash reports, though Brave opinions differ on whether they're user-respecting to have on by default), and two are clearly privacy harming (network error reporting, that is a clear tracking vector, and intervention reporting, which is obviously horrible).
Regardless of whether we decide to enable CSP and crash reports, there won't be resources to do so for a while. There is an "easy" way to disable the entire "parent" API (reporting API). We should do so ASAP, until there are resources to possibly re-enable the non-privacy harming parts.
Information about Reporting API
Test Plan
Specified here: brave/brave-core#4578
The text was updated successfully, but these errors were encountered: