Correlate a visit from the same user over time

w3cping / privacy-threat-model

A target privacy threat model for the Web

https://w3cping.github.io/privacy-threat-model

Apache License 2.0

23 stars 7 forks source link

Correlate a visit from the same user over time #1

Open martinthomson opened 5 years ago

martinthomson commented 5 years ago

For 6.1, the attacker might want to take a visit from a particular user and correlate that with another visit from the same user at a different time. Sites do this all the time to measure the number of unique visitors in a given time period.

Now, like with click tracking, we might decide that this is worth keeping, but it can be in the threat model.

jyasskin commented 5 years ago

I think this ties into anti-fingerprinting: the site should be able to reidentify a user until that user clears its storage, and then the site shouldn't be able to tell that it's the same user. +1 that it should be added to the document.