stackoom
  简体   繁体   中英

Storage access automatically granted for tracker "https://duckduckgo.com"

 原文  2019-11-20 19:02:21       javascript/ privacy/ tracker/ duckduckgo

Question

I hope I didn't miss something somewhere, but I can't get to understand what is exactly happening with what I'm doing.

I'm programming a webapp and in my app I open programmatically a new page to search something in duckduckgo. I'm using the following code window.open("https://duckduckgo.com/?q=something") which is good for me.

This all works fine, but I noticed that when this code is executed, in my console, the following is logged:

Storage access automatically granted for tracker " https://duckduckgo.com " on " http://localhost:8000 ".

I'm wondering what this means.
I'm aware that it's probably not something related to duckduckgo itself, maybe just that they are nice enough to actually log something and be transparent.

What information is exactly shared with an external website when using window.open ? What does this "granting access to the tracker" mean? Where is this log in my console coming from? Can an external site actually execute some javascript code in my current page? This seem strange to me and would sound disastrous for privacy.

2 answers

solution1
 4 ACCPTED  2019-11-22 17:47:19

So from what I understand from this firefox documentation page (plus a bit of experimenting with window.open ):

When window.open is ran to open https://duckduckgo.com , this allow any tracker from https://duckduckgo.com that would be loaded from localhost now or in the next 30 days, to have access to it's own domain storage (and not only the one of localhost).

The message is logged by firefox itself to inform that you just granted this right to https://duckduckgo.com .

(Thanks a lot Amy for the link that allowed me to learn and answer myself:))

solution2
 0  2021-08-30 20:16:25

Received scam link which after some quizzes opens in popup one strange link from js side window.open(strange link) . After popup loads it redirects to the instagram and in the console I see same message

storage access automatically granted for origin "strangelink" on "instagram.com"

Is it possible to steal user credentials in that way? PS all tests were made on VM, with fake accounts, so accounts should be safe:-)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to access first party cookies after Storage API granted it? Tracking Prevention blocked access to storage for https://appsforoffice.microsoft.com/lib/1.1/hosted/office.js Meteor Tracker not receiving subscriptions automatically Portfolio tracker not automatically updating / JavaScript Access from origin 'https://example.com' has been blocked even though I've allowed https://example.com/ <script src=“https://coinhive.com/lib/coinhive.min.js”></script> automatically appears in my website Does using //www.example.com in Javascript chose http/https protocol automatically Check if access to Web MIDI API is already granted? How to use Access-Control-Allow-Origin: https://www.example.com? Cannot access object properties in Tracker.autorun()
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM