search

buettner / private-prefetch-proxy

Proposal to use a CONNECT proxy to obfuscate the user IP address for privacy-enhanced prefetching.
32 stars 6 forks source link

How are URL parameters handled? #19

Closed robrwo closed 2 years ago

robrwo commented 3 years ago

It seems that URL parameters can be used to de-anonymize requests. How is that addressed?

buettner commented 3 years ago

The proxy does not see the URL, it only sees the destination domain to open the connection to. It also cannot see inside the TLS connection between Chrome and the destination site, or modify bytes inside that connection so it cannot modify the URL to add parameters.

Is your concern that the referring website adds URL parameters to links on its page that encode user PII that is then shared with the destination site? The proxy is not intended as a mechanism to stop malicious actors from sharing PII across sites. If that is their goal, there is no reason to use the private prefetching mode.

The proxy is a tool that gives well-meaning sites the ability to leverage cross-origin prefetching when they do not wish to share PII (e.g., the IP address of the user) with the destination site.