Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can FPS help with bounce tracking? #61

Open
martinthomson opened this issue Sep 1, 2021 · 1 comment
Open

Can FPS help with bounce tracking? #61

martinthomson opened this issue Sep 1, 2021 · 1 comment

Comments

@martinthomson
Copy link
Contributor

On #53, @johnwilander identifies one potential use for FPS:

[...] the idea is to consider a bounce/redirect that isn't between two domains in the same first party set as a candidate for being flagged as bounce tracking. From there, the browser can take various protective measures. One way is to count the "fan out" of redirects from that candidate and at some threshold stop the redirects and start asking the user what their preference is.

It seems like this is just one potential use, but it seems to be the main or only use case that he is considering for FPS.

Maybe I'm just not keeping with the navigational/bounce tracking work well enough to understand the pressure to use FPS. FPS is an awfully large lift, but this is a pretty marginal advantage. I'm not even sure that it provides any advantage at all.

On the surface, this seems reasonable. When you have a redirect chain, all of the sites involved can potentially pass arbitrary information to each other. Redirects allow the sites to bind that information to any browser-provided information, like cookies. Limiting the scope of that information sharing seems like a good goal.

This is all built on an assumption, however. That is, an assumption that reducing the number of intermediate redirects - or the total number of "parties" involved - contributes to limiting the spread of tracking information. It would be good to see some analysis that described how this sort of limit could be helpful, along with carefully stated preconditions.

(I've some ideas regarding how to approach the problem; I'm going to chase those, but I don't want to replicate work that has already been done or has already been planned. )

(Separately, if this issue might be filed on the navigational tracking work, I'm happy to take the discussion there.)
@krgovind
Copy link
Collaborator

krgovind commented Sep 2, 2021

I think the title of this issue is asking a different question from the description. The description appears to be asking the questions "Why is bounce/redirect tracking a problem we need to solve?" and "Should FPS be used to solve aforementioned problem?"

I will attempt to answer the headline question, but I think the core questions posed in the description should either be discussed on privacycg/proposals/issues/6, or on the navigational tracking mitigations repo.

My short answer to "Can FPS help with bounce tracking?" is "yes", because using FPS to solve that tracking prevention problem would be consistent with the use of FPS as a "privacy boundary" for websites.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
2 participants
@martinthomson @krgovind