Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The privacy promises of the spec are not, in fact, promised. #191

Open
chrisvls opened this issue Jun 7, 2023 · 1 comment
Open

The privacy promises of the spec are not, in fact, promised. #191

chrisvls opened this issue Jun 7, 2023 · 1 comment

Comments

@chrisvls
Copy link

chrisvls commented Jun 7, 2023
edited

In several sections and in all of the summaries of the spec, the promise is made that the API preserves privacy because it reveals less information than cookies or fingerprinting. The primary mechanism for delivering on the promise is that the taxonomy is "coarse-grained". Most of the marketing and summaries of the API also describe that the input is also not detailed, e.g., just hostname.

However, the spec places no limit on the depth or detail of the taxonomy used. A browser could use a taxonomy of any size or level of detail. The proposed taxonomy is in the 10^2 items, but there is nothing in the spec that limits this. It could be 10^6. A browser that converts the first n characters of the URL into very large integer would also be allowed.

Similarly, the spec explicitly allows input of the descendent text content, including all of the text on the page.

So while the first section of the spec states that the API provides interest information "without exposing their [the user's] exact browsing history", a browser that exposed the user's exact browsing history would be allowed under the spec.

Or, in a more likely scenario, after the feature is launched, the depth of the taxonomy could grow every year until it was extremely granular.

The spec should either 1) add the privacy promises to the spec by both defining an explicit limit on the input data and defining an explicit limit on the depth of the taxonomy or 2) remove the associated privacy promises from the introduction, privacy section, summaries, and marketing of the spec.
@chrisvls
Copy link
Author

chrisvls commented Jun 8, 2023
edited

My math on text to integer conversion was completely wrong-headed, but you get the idea. If this thing hangs on the taxonomy being coarse-grained, the spec needs to say that the taxonomy must be coarse grained. If we can't agree on what that means, then maybe there's problem with this approach.

It's a lease that says it is affordable because the rent is low. But the contract says that the landlord may set the rent to any amount at a later date.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@chrisvls