Closed gtanzer closed 1 year ago
It seems that this attack will only work if the caller knows that url3
will be k
-anonymous. Otherwise they are not guaranteed that their joined data from the default URL will be correct.
Whether URLs are k-anonymous is effectively public information, since you can query the server at a public endpoint (the same way Chrome client does). At worst, you could use a URL that you know to have reached the threshold by other means, e.g. that it is used in a very popular experiment.
Closing since we decided not to use k-anon for now.
The explainer says:
"""
selectURL()
returns a promise that resolves into an opaque URL for the URL selected from urls.urls
is a list of dictionaries, each containing a candidate URLurl
and optional reporting metadata (a dictionary, with the key being the event type and the value being the reporting URL; identical to FLEDGE's registerAdBeacon() parameter), with a max length of 8.url
of the first dictionary in the list is the default URL. This is selected if there is a script error, or if there is not enough budget remaining, or if the selected URL is not yet k-anonymous.default URL
will be returned.window.fence.reportEvent()
as described in the FLEDGE explainer."""
This design has the following flaw: The default URL is not necessarily k-anonymous and may be used to join first/third-party information. For example:
Let
selectURL([url1, url2, url3]);
pickurl2
if some third party bit = 0 andurl3
if the third party bit is 1. Leturl3
be above the k-anonymity threshold, but noturl1
orurl2
.If the third party bit is 0 (or repeat with a different selection algorithm for 1),
url1
will be loaded even though it isn't k-anonymous and joins a bit of cross-site data (e.g. the URL could be "https://evil.com?first_party_id=unique_id&third_party_bit=0"). You can repeat this process to extract arbitrarily many bits of cross-site data to the server (if the server is untrusted; otherwise you just get a single k-anonymity violation + 1-bit leak locally).We want to ensure the following property:
We can achieve this with an additional check at the start, as follows: