Add a section about cross-site vs same site linkage risks

closes IRTF-PEARG#8
bslassey · Jul 28, 2023 · 17e5845 · 17e5845
1 parent 08f34a5
commit 17e5845
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/draft-irtf-pearg-ip-address-privacy-considerations.md b/draft-irtf-pearg-ip-address-privacy-considerations.md
@@ -90,6 +90,18 @@ informative:
   CCPA:
     title: "California Consumer Privacy Act (CCPA)"
     target: https://oag.ca.gov/privacy/ccpa
+  MOZ_NET_PART:
+    title: "State Partitioning"
+    target: https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning#network_partitioning
+  BRAVE_NET_PART:
+    title: "Partitioning network-state for privacy"
+    target: https://brave.com/privacy-updates/14-partitioning-network-state/
+  CHROME_NET_PART:
+    title: "Network State Partitioning"
+    target: https://chromestatus.com/feature/6713488334389248
+  PRIVACY_TEST_3P_COOKIES:
+    title: "Tracking cookie protection tests"
+    target: https://privacytests.org/nightly-private.html#:~:text=Tracking%20cookie%20protection%20tests
 
 --- abstract
 
@@ -202,6 +214,11 @@ As such, any observer along the path can pick it up and use it for various track
 - Search the Internet using the IP address or computer names. The results of these searches might reveal peer-to-peer (P2P) activities (e.g., file sharing), records in web server log files, or glimpses of the individual's web activities (e.g., Wikipedia edits). These bits of individuals' online history may reveal their political inclinations, state of health, sexuality, religious sentiments and a range of other personal characteristics, preoccupations and individual interests;
 - Seek information on any e-mail addresses used from a particular IP address which, in turn, could be the subject of further requests for subscriber information.
 
+### Cross-site vs Same-site
+In a web context, IP Addresses can be used to link a user's activity both within a single site and across multiple sites. Users may want to have a single site recognize them withing a browsing session or across browsing sessions and in fact cookies are a mechanism to do exactly that. If IP Addresses are only stable within the context a first-party cookie, they don't represent any additional privacy threat. However, since clients are currently in control of their first cookies, abusive clients can delete their cookies in an effort to evade detection. IP Addresses currently allow counter-abuse detection to track many such abusive clients across cookie deletions.
+However, IP Addresses, along with other fingerprinting techniques, also allow the linking of client identity across sites in the web context. Third-party cookies can also allow such a capability, but in a more limited manner as practically speaking no one third party cookie is present across all websites. Also, browsers are increasingly putting limits on the ability to use third party cookies in order to combat these threats {{PRIVACY_TEST_3P_COOKIES}}. Other network related information can also be used to link client identity across sites, but that is increasingly being seen as a bug to be addressed by browsers through network state partitioning (e.g. {{MOZ_NET_PART}}, {{BRAVE_NET_PART}}, {{CHROME_NET_PART}}). 
+Finally, the above discussion uses the web and browsers as a concrete example, but this generalizes to other contexts such as linking user identity across VoIP solutions, DNS resolvers, video streaming platforms etc.
+
 ## IP Privacy Protection and Law
 
 Various countries, in the last decade, have adopted, or updated, laws that aim at protecting citizens privacy, which includes IP addresses.