Open ehsan opened 5 years ago
Indeed, so this is an example of joining that a browser should try to prevent. All three of the linked related works speak to various ways to try to cut down on "navigational tracking" / "link decoration". Some action against this threat would need to be a part of "Browsers impose limits [...] with the goal of preventing the joinability of these per-1p identities."
Let's consider the following attack scenario:
location.search
to obtain the user's PII.[1] pseudo-code