miketaylr
commented
1 year ago Closing and locking in favor of https://github.com/GoogleChrome/ip-protection/issues/5
Closed spanicker closed 1 year ago
miketaylr
commented
1 year ago Closing and locking in favor of https://github.com/GoogleChrome/ip-protection/issues/5
At some point, a service may have confidence that a given request is associated with an abusive client. Perhaps the request is willfully causing quality of service issues, demonstrates intent to harm another user, or otherwise violates a site’s terms of use.
Historically, services would ban a user by their IP address. This has become less common with the rise of the mobile internet, but IP is still a surprisingly common tool in scaled abuse scenarios.
We would like to provide websites with the ability to request that the proxy no longer send traffic from the user of the proxy that issued the given request. We need to do this without re-introducing the cross-site tracking risk that the proxy is designed to counter.
Are there existing protocols or limitations relevant to your service that we should be mindful of? Would it be acceptable if embedded services would have to ban a user once for each top-level context (e.g. a.com on example1.com and a.com on example2.com would need to ban the user separately