- From: Martin Thomson via GitHub <sysbot+gh@w3.org>
- Date: Thu, 28 Apr 2022 01:05:13 +0000
- To: public-patcg@w3.org
This is an attack we've discussed (though we might not have captured it in documentation). You need two controls: 1. The user agent cannot act on a change to a match key until the start of a new epoch. (Other rate limiting is possible, but this is easiest.) This prevents the identifier from being swapped out on a per-request basis. 2. Sites need to commit to a set of match key providers so that sites can't switch out providers in the same way (to your second point). It might be acceptable here for each user agent to independently enforce this, though this means that you really end up with (user+device/agent) x site as your grain. Ideally, some sort of consistency system would be used to get back a true user+site grain; it's possible the helpers can play some role in guaranteeing that. -- GitHub Notification of comment by martinthomson Please view or discuss this issue at https://github.com/patcg/private-measurement/issues/9#issuecomment-1111626738 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 28 April 2022 01:05:14 UTC