Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bypassing IP protection through first-party cooperation #32

Closed
Mickael-van-der-Beek opened this issue Nov 22, 2023 · 4 comments
Closed

Bypassing IP protection through first-party cooperation #32

Mickael-van-der-Beek opened this issue Nov 22, 2023 · 4 comments

Comments

@Mickael-van-der-Beek
Copy link

Hello everyone,

As a follow-up to the following thread that clarified the behaviour of the allowlist logic: #31, I would like to ask how the IP Protection project will protect users from cooperating first-party origins.

For example, if a user browses to publisher.com, the site will have access to the real IP address of the user, as expected.
It could then pass said IP address to tracker.com as a query string parameter or HTTP header of the request to the tracking origin.

This would defeat the IP Protection mechanism in a relatively simple way if I'm not mistaken?

Thank you in advance four your answers and insights.
@dvorak42
Copy link

dvorak42 commented Dec 6, 2023

We're initially focusing on third parties as we see that as having the most impact. If first-parties start engaging in this kind of behavior, there are other web privacy efforts such as requiring the use of Fenced Frames and Navigation Tracking Mitigations that should help mitigate the ability for first parties to freely share information with embedded parties. We will continue to monitor the ecosystem to determine whether these kinds of mitigations will be suitable to avoid this kind of problem and will continue to evolve our approach to prevent scaled abuse.

@Mickael-van-der-Beek
Copy link
Author

@dvorak42 Thank you for your answer!

I'm guessing that IP Protection, like DIPS (the bounce tracking blocking system in Chromium), will use an eTLD+1 scope to determine if a traffic destination is or is not considered tracking?

If so, will these systems eventually also (or might already) have CNAME cloaking detection in place to prevent tracking traffic from being considered as "first party"?

Thanks a lot in advance for your clarifications!

@dvorak42
Copy link

The exact scope will be dependent on the shape of the tracker list we end up using, but something like DIPS/eTLD+1 is probably a good starting point for what we'd likely want to do.

Regarding CNAME cloaking, we are investigating potential defenses such as the HTTP Proxy-Status Parameter for Next-Hop Alias proposal.

@Mickael-van-der-Beek
Copy link
Author

@dvorak42 Thank you for the clarifications! I'm closing this issue for now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dvorak42 @Mickael-van-der-Beek