Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Header enrichment? #277

Closed
martinthomson opened this issue Jun 27, 2023 · 2 comments · Fixed by #340
Closed

Header enrichment? #277

martinthomson opened this issue Jun 27, 2023 · 2 comments · Fixed by #340
Labels
wide review comments that came out of wide review

Comments

@martinthomson
Copy link
Collaborator

"header enrichment" is a marketing euphemism for an attack on the security of the HTTP protocol. In other contexts this is known by the (now out of favour) "man in the middle attack" or just "modification attack".

Generally speaking, this sort of practice is no longer possible, except in cases we consider to be known bugs in the system1.

See #276 for another example of a concept that is introduced and then left unused.

Footnotes

  1. That is, the ongoing use of cleartext HTTP and the "http:" URI scheme is the bug, as opposed to HTTP over TLS and "https".

@npdoty npdoty changed the title Header enrichment, really? Header enrichment? Jun 27, 2023
@npdoty
Copy link
Collaborator

npdoty commented Jun 27, 2023

This is referring to a more specific threat to user privacy that is enabled through a modification attack; modification can be used for many security and privacy attacks. If there's an alternative, non-marketing term for network attackers introducing identifiers into traffic so that endpoints can identify the user, that would be welcome. My understanding is that researchers who have written about the attack also use the "header enrichment" phrasing, perhaps because the predominant use has been by industries that adopted the terminology.

@darobin darobin added the wide review comments that came out of wide review label Jun 28, 2023
pes10k added a commit that referenced this issue Aug 2, 2023
@pes10k
move list of recognition technique to a new doc
912cc98 
fixes issue #277

#277

Propose that this content live in https://github.com/w3cping/privacy-request instead
@pes10k pes10k mentioned this issue Aug 2, 2023
Merged
pes10k added a commit to w3cping/privacy-request that referenced this issue Aug 2, 2023
@pes10k
Create recognition-methods.md
1d12de0 
this is in response to w3ctag/privacy-principles#277
This was referenced Aug 2, 2023
Closed
Open
torgo pushed a commit that referenced this issue Aug 23, 2023
@pes10k
move list of recognition techniques to a new doc (#340)
3595da8 
* move list of recognition technique to a new doc

fixes issue #277

#277

Propose that this content live in https://github.com/w3cping/privacy-request instead

* also remove last line of removed section

* remove reference to removed section
@darobin
Copy link
Member

darobin commented Oct 25, 2023

Fixed by #340

@darobin darobin closed this as completed Oct 25, 2023
@jyasskin jyasskin linked a pull request Oct 25, 2023 that will close this issue
move list of recognition techniques to a new doc #340
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
wide review comments that came out of wide review
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

move list of recognition techniques to a new doc w3ctag/privacy-principles
3 participants
@darobin @npdoty @martinthomson