Open NDevTK opened 2 years ago
AFAIK the tabId -1 is related to workers. Can you explain why we should protect the requests made by workers?
Because there attacker controlled and allow for timing attacks.
I am not convinced yet that this will yield to a targeted deanonymization attack. Within the attack page, the trigger is important. Can a worker open a new tab/window by user click? Besides, tab relations are recorded by tab ids. Multiple -1 ids for different workers in relations?
The tabId is -1