jyasskin
commented
4 years ago @asankah's https://github.com/asankah/ephemeral-fingerprinting goes into a lot more detail here.
Closed jyasskin closed 4 years ago
jyasskin
commented
4 years ago @asankah's https://github.com/asankah/ephemeral-fingerprinting goes into a lot more detail here.
See https://groups.google.com/a/chromium.org/g/blink-dev/c/4BUSE2aTQEc/m/a5-gBNTdCAAJ for discussion. This is kinda covered by the threat model saying that an attacker with the ability to "Read server logs on other publishers" shouldn't be able to transfer user IDs without navigation, but the implication for firing events isn't obvious from that.