Contact emails l...@chromium.org
Explainer https://github.com/privacycg/nav-tracking-mitigations/issues/41#issuecomment-2504329542 Specification https://privacycg.github.io/nav-tracking-mitigations/#bounce-tracking-mitigations Summary Bounce tracking mitigations for the HTTP cache is an extension to existing anti-bounce-tracking behavior. It removes the requirement that a suspected tracking site must have performed storage access in order to activate bounce tracking mitigations. Chrome's initially proposed bounce tracking mitigation solution triggers when a site accesses browser storage (eg cookies) during a redirect flow. However, bounce trackers can systematically circumvent such mitigations by using the HTTP cache to preserve data. By relaxing the triggering conditions for bounce tracking mitigations, the browser should be able to catch bounce trackers using the HTTP cache. Blink component Privacy>NavTracking Motivation It's possible to craft a bounce tracker that does not require cookie access and instead uses only the HTTP cache. As a result, there exists a class of bounce trackers that can systematically evade the initially-proposed bounce tracking mitigations. In the scenario where a redirect chain bounces to a stateless tracker that leverages the HTTP cache, the tracker can be caught after the proposed change of dropping the storage access triggering condition. Initial public proposal https://github.com/privacycg/nav-tracking-mitigations/issues/41 TAG review None TAG review status Pending Risks Interoperability and Compatibility None Gecko: No signal WebKit: No signal Web developers: No signals Other signals: WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? None Debuggability None Is this feature fully tested by web-platform-tests? No Flag name on about://flags None Finch feature name DIPS Requires code in //chrome? False Tracking bug https://crbug.com/40264244 Estimated milestones No milestones specified Link to entry on the Chrome Platform Status https://chromestatus.com/feature/6299570819301376?gate=6301177648775168 This intent message was generated by Chrome Platform Status. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/67644489.2b0a0220.30ecd.0256.GAE%40google.com.
