- From: Yajing Tang <notifications@github.com>
- Date: Thu, 19 Aug 2021 12:18:03 -0700
- To: w3c/manifest <manifest@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 19 August 2021 19:18:16 UTC
So I am trying to clarify how the attack can happen to make sure we are talking about the same scenario: 1. User visits appA. 2. appA assigns user_id_1 to this user, and also dynamically sets `id` to `user_id_1` in the manifest and also use this id in appB origin association file. 3. User installs appA. 4. User clears the browser session. 5. User visits appA again. 6. appA guesses to set id to `user_id_x` in manifest and sees if a manifest update happens or if a user can click to follow link capturing to appB, if the detection was successful, the app successfully tracked the user between sessions. 7. If appA failed to guess the user, it sets a new user_id_2 and consider it a new user. Both manifest update and link capturing scenarios are limited by the manifest update throttling. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/pull/988#issuecomment-902175457
Received on Thursday, 19 August 2021 19:18:16 UTC