privacycg / nav-tracking-mitigations

Navigation-based Tracking Mitigations
https://privacycg.github.io/nav-tracking-mitigations/
35 stars 16 forks source link

Consider how bounce tracking mitigations should interact with private ads API storage #72

Open wanderview opened 10 months ago

wanderview commented 10 months ago

Bounce tracking mitigations as originally proposed and implemented has mainly been focused on mitigating the usage of cookies and other typical non-cookie storage such as indexedDB. We have an open issue to investigate mitigating http cache.

This issue is to discuss possible mitigations for private advertising API storage. For example, shared storage, attribution reporting API, etc.

The initial bounce tracking mitigations explainer did not anticipate taking action against storage associated with these APIs because in general they limit access through a variety of control gates. Those control gates, however, are designed in such a way as to reduce the risk of cross-site tracking. We should perform analysis on these APIs and gates to determine if they can be used to generate effective first-party cookies that could be used in bounce tracking.

Any mitigation of these APIs should also analyze potential adoption risks for the new privacy-preserving APIs. For example, site might need to turn down legacy bounce tracking flows in order to make use of the new privacy-preserving APIs.