Open martinthomson opened 5 years ago
I think this ties into anti-fingerprinting: the site should be able to reidentify a user until that user clears its storage, and then the site shouldn't be able to tell that it's the same user. +1 that it should be added to the document.
For 6.1, the attacker might want to take a visit from a particular user and correlate that with another visit from the same user at a different time. Sites do this all the time to measure the number of unique visitors in a given time period.
Now, like with click tracking, we might decide that this is worth keeping, but it can be in the threat model.