Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Are a lat/lon/zoom triple in a URL decoration/tracking? #4

Open
jyasskin opened this issue Sep 9, 2021 · 2 comments
Open

Are a lat/lon/zoom triple in a URL decoration/tracking? #4

jyasskin opened this issue Sep 9, 2021 · 2 comments

Comments

@jyasskin
Copy link
Collaborator

jyasskin commented Sep 9, 2021

https://github.com/privacycg/nav-tracking-mitigations/pull/2/files#r703666279 questions whether the parameters in https://www.google.com/maps/@37.4220328,-122.0847584,17.12z should count as link decoration. The numbers do not encode user-identifying information, and modifying them to embed a user ID wouldn't successfully communicate a user ID to anyone (since nobody's listening within google.com/maps to decode the user ID). But it's hard for an automated system inside a browser to prove that, and even hard for humans reading the URL to be confident of it.
@jyasskin jyasskin mentioned this issue Sep 14, 2021
Merged
@jyasskin jyasskin added the agenda+ Request to add this issue to the agenda of our next telcon or F2F label Sep 20, 2021
@pes10k
Copy link
Collaborator

pes10k commented Sep 21, 2021

I agree with the above text, but I meant the issue to be more broadly about links that are decorated with privacy-harming values that are not user ids:

  1. Other values than user Id's can be used to sync storage areas. A sufficiently precise lat-lon, or an email address, etc can all be used to link storage areas
  2. its privacy harming (though maybe not navigational tracking, not sure…) to push private values across storage areas, whether or not it allows for the ongoing linking of those accounts. A script that decorates all my links with name=PeteS&address=<lat,lon> is causing similar privacy-harming outcomes as if it pushed userId=X. In either case destination site learns information i meant to have limited to / partitioned under a different eTLD+1

#2 in particular is related to, but different from how we've talked about navigational tracking so far. Curious what others think about whether that should be discussed at all in this project
@jyasskin
Copy link
Collaborator Author

My initial guess at a definition says that these are link decoration if they don't affect the page the user wanted to navigate to. So, I think adding a lat-lon that's consistent enough across navigations to link storage areas or reveal sensitive information would have to be independent of the user's choice of destination page, and so would count as link decoration. If the lat-lon does control the page the user winds up seeing, as it does in the case of mapping sites, the only scheme I can think of for linking storage areas is to embed data in extra digits that themselves don't change the page the user winds up seeing. Do you see another way?

My current understanding of navigational tracking is that it wouldn't include ?name=PeteS&address=<lat,lon> where that's only used to invade your privacy and not to track your behavior across the web, but we could check that with the CG.
@jyasskin jyasskin removed the agenda+ Request to add this issue to the agenda of our next telcon or F2F label Sep 24, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
2 participants
@pes10k @jyasskin