-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Header enrichment? #277
Comments
This is referring to a more specific threat to user privacy that is enabled through a modification attack; modification can be used for many security and privacy attacks. If there's an alternative, non-marketing term for network attackers introducing identifiers into traffic so that endpoints can identify the user, that would be welcome. My understanding is that researchers who have written about the attack also use the "header enrichment" phrasing, perhaps because the predominant use has been by industries that adopted the terminology. |
fixes issue #277 #277 Propose that this content live in https://github.com/w3cping/privacy-request instead
this is in response to w3ctag/privacy-principles#277
* move list of recognition technique to a new doc fixes issue #277 #277 Propose that this content live in https://github.com/w3cping/privacy-request instead * also remove last line of removed section * remove reference to removed section
Fixed by #340 |
"header enrichment" is a marketing euphemism for an attack on the security of the HTTP protocol. In other contexts this is known by the (now out of favour) "man in the middle attack" or just "modification attack".
Generally speaking, this sort of practice is no longer possible, except in cases we consider to be known bugs in the system1.
See #276 for another example of a concept that is introduced and then left unused.
Footnotes
That is, the ongoing use of cleartext HTTP and the "http:" URI scheme is the bug, as opposed to HTTP over TLS and "https". ↩
The text was updated successfully, but these errors were encountered: