Re: [w3ctag/design-reviews] systemEntropy addition to PerformanceNavigationTiming (Issue #878) from Peter Linss on 2023-10-23 (public-webapps-github@w3.org from October 2023)

From: Peter Linss <notifications@github.com>
Date: Mon, 23 Oct 2023 09:37:43 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/878/1775586784@github.com>

> Is the concern that a third-party script is included on siteA and siteB, that the script might be able to create a short-term identifier to track the user across the two sites?

Possibly, but also that a site may be able to fingerprint a user and tell it's the same user on multiple visits.

We also have concerns about other information leakage, for example there's work being done to hide usage of local cache. E.g. loading a resource from a cache but pretending that it's coming from the network (and adding an artificial delay), being able to measure the entropy may reveal this is happening.


-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/878#issuecomment-1775586784
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/878/1775586784@github.com>

Received on Monday, 23 October 2023 16:37:47 UTC