Privacy/Anti-Tracking/Interventions

Getting access to the Remote Settings admin interface

Since we already have a Remote Settings collection, getting access boils down to the following steps:

• Setup the Mozilla VPN
• Request access to the url-classifier-skip-urls collection using this Bugzilla template

For a more comprehensive guide, including how to create your own collection, see https://remote-settings.readthedocs.io/en/latest/getting-started.html.

Admin Interface

Remote Settings provides a stage environment as well as a production environment:

• Stage: https://settings-writer.stage.mozaws.net/v1/admin/
• Production: https://settings-writer.prod.mozaws.net/v1/admin/

Please test interventions on stage before pushing to production. You can use the Remote Settings DevTools to switch between them in your browser (see also the Remote Settings documentation).

Note that since Bug 1598562, changing to the Stage server on Firefox Release clients requires the environment variable XPCSHELL_TEST_PROFILE_DIR=1 to be set for the change to be taken into account. Interventions that are filtered only to Release users will have to test on the Prod server by adding an additional filter restricting the skiplist record to a custom preference that you've manually added to your test browser.

Tracking Interventions

We have set up bug 1537702 to track active interventions. All interventions must have a corresponding bug that blocks this meta-bug.

Steps to create a new Intervention

• Turn on the Mozilla VPN
• Visit the stage or production admin interface (see above)
• Find the url-classifier-skip-urls or partitioning-exempt-urls collection. url-classifier-skip-urls is used to allowlist resources blocked by tracking protection, while partitioning-exempt-urls excludes specific origin combinations from dFPI/TCP.
• For url-classifier-skip-urls: If you are skiplisting a resource blocking feature you need to skiplist the corresponding annotation feature so the blocked resource isn't shown as blocked in the UI (see Bug 1590591). For example, if you are skiplisting the fingerprinting-protection feature you should also skiplist the same pattern under the fingerprinting-annotation feature. The same is true for tracking-protection and tracking-annotation, socialtracking-protection and socialtracking-annotation, and cryptomining-protection and cryptomining-annotation.
• File a bug describing your intervention, using this template. Be sure to substitute [feature-name] and [site-name] in the bug title, and provide information for all items in the template's description.

You can also see an overview of interacting with remote settings collections in this screencast.

Removing your intervention

You should aim to fix the breakage that led to an intervention within your specified timeline. Once the fix lands you should wait until the fix ships to all channels (Nightly, Beta, and Release) before you remove the intervention. Be sure to consider whether the breakage impacts ESR users. If it does and you don't want the intervention to stick around for Nightly/Beta/Release users for the entire ESR cycle, you can issue an intervention that is scoped only to ESR users through Remote Settings filters.