Opt-in privacy protections have fallen short. […]
These efforts have not been successful. Do Not Track has seen limited adoption by sites, and many of those that initially respected that signal have stopped honoring it.
That’s because you put the freedom to opt-in privacy protections on the wrong side of the TCP connection.
It’s a bit naive to trust the autoregulation of global markets for matters that most people do not understand.
Note however that while this improve the status quo, it does not fix the problem.
For example, a CDN or a JS-based analytics service could simply serve to all users from a certain region (or a certain range of IPs) a javascript that connect a websocket and follow the users’ navigations with a good approximation among the web sites that trust them by comparing the connection IP to the Origin header. An even better approximation if they manage to have access to other informations, such as the HTTP requests of the web sites, as any cloud hosting provider or distributed caching service could have (think of CDNs controlled by Google, Amazon, Cloudflare).
We leak informations continuously!
And such informations can be stored as data.
That’s because you put the freedom to opt-in privacy protections on the wrong side of the TCP connection.
It’s a bit naive to trust the autoregulation of global markets for matters that most people do not understand.
By providing a clear set of controls to give their users more choice over what information they share with sites Mozilla does a step in the obviously correct direction. Out of curiosity, are you going to change the Cross-Origin Resource Sharing implementation or the Fetch Living Standards, first?
Note however that while this improve the status quo, it does not fix the problem.
For example, a CDN or a JS-based analytics service could simply serve to all users from a certain region (or a certain range of IPs) a javascript that connect a websocket and follow the users’ navigations with a good approximation among the web sites that trust them by comparing the connection IP to the Origin header. An even better approximation if they manage to have access to other informations, such as the HTTP requests of the web sites, as any cloud hosting provider or distributed caching service could have (think of CDNs controlled by Google, Amazon, Cloudflare).
We leak informations continuously!
And such informations can be stored as data.
Moreover, once a server is able to identify users (or even just clusters/groups of them), it can serve custom javascript to bypass their corporate firewall and proxy. Or DoS their computer by making it banned from its private network… and so on.
Despite the sandboxing, the attack surface is practically unbounded.