jyasskin
commented
4 years ago @martinthomson, does https://pr-preview.s3.amazonaws.com/jyasskin/privacy-threat-model/pull/6.html#hl-recognition-same-site capture the high-level parts of your #1? (There's still more to flesh out in section 6 on this topic, so just focus on the high-level problem here. :)
npdoty
I framed the threats that came out of the TPAC discussion as the web's interpretation of the general threats in RFC 6973.
This explicitly describes same-site visit correlation as requested by https://github.com/w3cping/privacy-threat-model/issues/1, although it doesn't do so in the low-level goals section.
Preview | Diff