Use Tor network to send P3A metrics #7341
Labels
feature/tor
features/P3A
priority/P5
Not scheduled. Don't anticipate work on this any time soon.
suggestion
Projects
In the privacy-preserving product analytics document, it is stated that:
"This combined information — the answer and the version information — is finally sent to Brave’s content delivery network (CDN), operated by Fastly. When an answer reaches the edge of the Fastly CDN, it’s stripped of the IP address and precise timing information."
In particular, this implies that the server at the edge of the Fastly CDN is able to see the IP address of the submitting user. It remains to their capacity to strip the IP address information, as promised in the document, but it also remains in their technical capacity to break the promise of the document and keep a record of the IP address. The promise is not technically ensured.
I recommend that, since Brave already has Tor transport support, the P3A data is sent over the Tor network to Fastly, such that the IP address of the user never reaches the edge of the Fastly CDN and we do not rely on Fastly's or Brave's veracity to ensure the IP address is stripped; instead, through these means we ensure that the technical capacity to record IP addresses is removed completely.
The text was updated successfully, but these errors were encountered: