You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the example with fenced frames and permissions, it appears that before user interaction the IDP frame has some mechanism to communicate 1 bit of information indicating whether the frame should be shown or not (presumably the IDP popup needs to be hidden by the RP if no account is available).
Since these frames have access to first-party cookies, it seems that the RP in cooperation with a tracking "IDP" could do this:
and then use the show/hide signal on each to extract 1 bit of information, extended in this way to an arbitrarily large identifier without user interaction.
Even if this is limited to one per origin, using same-site origins (which can share site cookies) or a sufficient set of coordinating domains could potentially create a unique trackable identifier.
The text was updated successfully, but these errors were encountered:
In the example with fenced frames and permissions, it appears that before user interaction the IDP frame has some mechanism to communicate 1 bit of information indicating whether the frame should be shown or not (presumably the IDP popup needs to be hidden by the RP if no account is available).
Since these frames have access to first-party cookies, it seems that the RP in cooperation with a tracking "IDP" could do this:
and then use the show/hide signal on each to extract 1 bit of information, extended in this way to an arbitrarily large identifier without user interaction.
Even if this is limited to one per origin, using same-site origins (which can share site cookies) or a sufficient set of coordinating domains could potentially create a unique trackable identifier.
The text was updated successfully, but these errors were encountered: