michaelkleber / privacy-model

A Potential Privacy Model for the Web: Sharding Web Identity
Other
188 stars 31 forks source link

Identity sharding and URL parameter tracking #12

Open ehsan opened 5 years ago

ehsan commented 5 years ago

Let's consider the following attack scenario:

[1] pseudo-code

  for (each link in document) {
    link.href = injectPII(link.href);
  }
michaelkleber commented 5 years ago

Indeed, so this is an example of joining that a browser should try to prevent. All three of the linked related works speak to various ways to try to cut down on "navigational tracking" / "link decoration". Some action against this threat would need to be a part of "Browsers impose limits [...] with the goal of preventing the joinability of these per-1p identities."