- From: Matt Giuca <notifications@github.com>
- Date: Sun, 22 Sep 2019 19:43:24 -0700
- To: w3c/manifest <manifest@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/manifest/issues/399/533944983@github.com>
Neither of those mitigations are satisfactory or sufficient. > remove start_url entirely What would be the start page for the app? `/`? That prevents having multiple apps on an origin (so you couldn't serve a PWA on github.io, for instance, because you can't directly host content at the root directory of the origin). Even if we were willing to remove `start_url`, I believe a determined site could _still_ stuff user-identifying information into a suborigin (creating a unique origin for each user). > For example, manifest.json could be fetched on a caching proxy server to prevent stuffing a unique ID in it. This requires a huge investment in infrastructure by browser manufacturers, and adds new privacy problems with even more complex solutions required (as you touched upon previously). Even ignoring that fact, how would it help avoid fingerprinting? Instead of putting the user-identifying token in the `start_url`, you now put it in the manifest URL. Now the caching proxy is serving a unique manifest URL to each user. This also prevents legitimate server-side customization of the manifest based on the user's request. For example, some sites deliver a different manifest based on the user agent (sometimes necessary because the manifest is declarative, client-side customization can't be done). And it also creates the usual headaches associated with caching and server-side changes. If the cache has too long of an expiry time, updates to the manifest may be delayed from reaching users. The only practical solution is for the proxy to respect HTTP caching headers to expire the cache and go back to the server, but then the server is in control and can circumvent the cache by having an extremely short cache time. Basically, this is fairly infeasible as it would break basic assumptions of how requests work, and as far as I can see, it wouldn't be able to stop fingerprinting anyway. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/issues/399#issuecomment-533944983
Received on Monday, 23 September 2019 02:43:47 UTC