- From: Matt Menke <notifications@github.com>
- Date: Tue, 26 Jan 2021 16:36:51 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/596/767925581@github.com>
Thanks for taking the time to think about this! I assume the question is about using the subframe site as an additional key, as using the main frame site as a key is primarily aimed at addressing cases where sites are collaborating to track the user across sites, which is not a concern that delaying requests could address, and all browsers seem to be in agreement about keying on main frame site (or potentially origin). We were thinking that while we were adding the main frame site as a key to address privacy concerns, we could add iframe site as well to provide some degree of mitigation against security concerns while we were at it, with minimal additional investment or complexity. As a result, we have not investigated other mitigations for frames in the same tab spying on each other, hence the empty alternatives considered section. We are in agreement that endlessly adding keys isn't great, as it increases site load and reduces resource reuse, though we've also considered using the ordered set of sites up to the main frame as a key (and are not convinced that's not something worth considering, long term, though I suspect there'd be a difference of opinion there among some interested members of the Chrome team). That having been said, my team in particular is solely focused on tracking users across top-frame navigations, so the choice we were looking at was between using the subframe as a key and not doing anything for the moment to address cross-frame spying. We've run into other cases where adding delays seems the only way to solve cross-site spying, short of not reusing sockets. I think that looking general logic to delay requests in a way that preserves privacy may well be worth looking into, though that, of course, does have performance implications to consider, particularly when an existing socket may be available for reuse. Unfortunately, I can't share a bug about the particular case I'm thinking of, since it's not yet public. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/596#issuecomment-767925581
Received on Wednesday, 27 January 2021 00:37:03 UTC