Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ClientHints and fingerprints #158

Open
chris-wood opened this issue Feb 3, 2022 · 2 comments
Open

ClientHints and fingerprints #158

chris-wood opened this issue Feb 3, 2022 · 2 comments
Labels
Geo Hint

Comments

@chris-wood
Copy link
Collaborator

The privacy posture of the GeoHash CH is interesting. If it's always sent, then it leaks information about the user's rough location. If it's not always sent, perhaps because it's gated by user consent, then its presence (or lack thereof) contributes to the fingerprint surface of said client. It's probably worth touching on this tradeoff in the draft.
@npdoty
Copy link

npdoty commented Apr 27, 2022

At a minimum, it's not clear to me from the draft if the Client Hint will only be sent if there was already a response header from the origin indicating that it accepts this particular hint. RFC 8942 describes some of the fingerprinting issues, but it's also a little wishy-washy on whether server-side opt-in is actually required.

@eeeps
Copy link

eeeps commented Sep 20, 2022
edited
Loading

In web contexts, at least, server-side opt-in is governed by https://wicg.github.io/client-hints-infrastructure/; if Client Hints aren't defined as low-entropy, they do require opt-ins.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Geo Hint
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@npdoty @tfpauly @chris-wood @eeeps