facebook discover production engineering

If the script waits too long or gets a reply from an unexpected origin, we’ll navigate the frame to an error screen with no third-party content (our “Oops” page), because it’s possible the outer frame is either not there or is different than the inner frame expects. Production Engineers at Facebook are hybrid software/systems engineers who ensure that Facebook's services run smoothly and have the capacity for future growth. Today. Even fewer devices supported IPv6, especially older OS versions. We believe we have developed a design that is robust enough to resist the types of web application attacks we see in the wild and securely deliver connectivity that is sustainable for mobile operators. Even if it is circumvented, potential attackers would be able to fixate only on an origin they can achieve code execution on, making cookie fixation vectors redundant. Today, Facebook Connectivity and our partners at Bitel, Claro, Entel, and Movistar are launching a trial of Discover in Peru. Sites needed to opt in to this scheme, incurring extra engineering costs for site owners. Log into Facebook to start sharing and connecting with your friends, family, and people you know. A cooperative solution where websites can allocate a subdomain (e.g.. Production Engineer, Discover Production Engineering Facebook Seattle, WA 2 weeks ago Be among the first 25 applicants. If we issue even just one cookie per site under our proxy domain, we could be limited to setting just tens of cookies. Engineering Discoveries has 1,375,179 members. It allowed for direct end-to-end communication between client and server. A place for engineers and engineering students to talk about their education, career and anything engineering related. This same logic helps ensure that even HTTP-only sites are delivered securely over HTTPS on Free Basics between the client and the proxy. Even on modern browsers, there are some concerns with web-based proxy architectures. If Free Basics were to set client-side cookies for each site under, The domain namespace constraints that we needed to implement also precluded the use of sibling and hierarchical cookies. They are embedded in every one of Facebook's product and infrastructure teams and are core participants in every significant engineering effort underway in the company. We require POSTs to carry a query parameter with the, For anonymous requests, we require them to have the, The “address bar” we provide in the secure frame is used to expose the topmost inner frame origin to the user. A production engineer wants to … The outer frame can be escaped only by directly navigating to another site. The Production Engineering team works within Facebook’s product and infrastructure teams to … A product manager wants to see country-based usage trends over the past quarter. To accommodate the limited functionality of many mobile operator gateways, we considered alternative architectures, including: Neither of these was a viable solution. From there, we would fetch webpages on behalf of the user and deliver them to their device. Production Engineers work with all of Facebook's other product and infrastructure teams, sometimes embedded in those teams. Neither of these was a viable solution. We make sure that the outer frame is always the top frame with JavaScript and. We prevent malicious links from navigating away from Discover by preventing top navigation using, When a request is received, the proxy will enumerate all the cookies that are visible to that origin. We prevent user interaction with the page until this process completes. From there, we would fetch webpages on behalf of the user and deliver them to their device. There is extensive server-side logic in place to make sure links and hrefs are correctly transformed. Below, we walk through the model we built, the unique architecture choices we made along the way, and the steps we’ve taken to mitigate risks. Production Engineers at Facebook are hybrid software/systems engineers who ensure that Facebook's services run smoothly and have the capacity for future growth. If the outer frame does not receive a message for a few seconds or the subframe is not the topmost inner frame, we remove the location from the secure frame’s address bar. When a site sends X-Frame-Options: DENY, it will not load in an inner frame. As we’ve continued working on Free Basics, we’ve listened to feedback and recommendations from civil society and other stakeholders. The latter has become more of an issue over time as many websites, including mobile sites, have started to rely on JavaScript for critical functionality, including content rendering. To help personalize content, tailor and measure ads, and provide a safer experience, we use cookies. Password. https://www.facebook.com/careers/facebook-life/discover-pe. . Now, we need to bootstrap two origins, in separate requests, without opening ick fixation vectors. Providing this service while keeping people safe from potential security risks was a tough technical challenge. IPv4-in-IPv6 encapsulation, where we can encapsulate the entire IPv4 space within a single free data IPv6 subnet. That new approach required us to first build a web-based proxy service where the operator could make the service available free to a single domain: freebasics.com. The Production Engineering team works within Facebook’s product and infrastructure teams to make sure our services are reliable and scalable. This header is used by websites to prevent exposure to certain types of attacks, such as clickjacking. References to the domain at this point will change to our new domain, a similarly origin-collapsed, On signup, we generate a new, secure random, When the page loads, we compare the embedded. However, it can be copied by phishing sites that impersonate Discover. I've been in Production Engineering @FB for almost 2.5 years now, so I will attempt to add some details, but Joe Gasperetti already did an amazing job with his answer. The following section shows in detail how we mitigate session fixation and other attacks, such as phishing and clickjacking. 2,124 talking about this. Back to Jobs. This includes our work on technologies like, , our collaboration with mobile operators on efforts to expand. Since the origins are now separate, our bootstrap process becomes a two-step process. We have developed Discover specifically to address and incorporate those recommendations into a new product that supports connectivity. See who Facebook has hired for this role. If the script gets an acknowledgement from the secure origin, we let the user interact with the page. It required minimal intervention on the proxy side. We also inject the ickt value calculated from the ick seen in the request along with it. The process also synchronizes datr between the origins. Facebook's Discover Production Engineering Program. This means we have to use a different protocol: We decided to separate the rewrite origin from the secure origin so that they do not share the same host suffix as per the Public Suffix List. By choosing to go with this solution, we then had to solve for other possible outcomes, specifically: Up to this point, the protections we have implemented have accounted for synchronous fixations, but they can also occur asynchronously. We use an outer frame that we trust to attest that the inner frame, which presents third-party content, is not being tampered with. , a browser identifier used for site integrity purposes. We prevent malicious links from navigating away from Discover by preventing top navigation using