Re: A question about user tracking with QUIC

Töma Gavrichenkov <ximaera@gmail.com> Mon, 07 June 2021 19:13 UTC

Return-Path: <ximaera@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DF493A4224 for <quic@ietfa.amsl.com>; Mon, 7 Jun 2021 12:13:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c_IzMmQPUa2F for <quic@ietfa.amsl.com>; Mon, 7 Jun 2021 12:13:00 -0700 (PDT)
Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com [IPv6:2a00:1450:4864:20::629]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABF993A4222 for <quic@ietf.org>; Mon, 7 Jun 2021 12:13:00 -0700 (PDT)
Received: by mail-ej1-x629.google.com with SMTP id ce15so28477906ejb.4 for <quic@ietf.org>; Mon, 07 Jun 2021 12:13:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3gSId0U2kyuwhscrJzIBluywK1QQUzw1QX+hZzR7b7A=; b=nznvEP5UurlBnfR4niODnqh9T5bl/C2OCxAnwEvA3IdkExVEGdNBImO8N+tcdTnEmy AYKLG1gifVZH4cZQhP9lJjwHtUftKw7z3Bdo6enU4Z8yr53aacEhJTxWEhJlpSCiYiLE UPTNeerAoUOE1taQ6WUGSUYD+Az0jhvPsAUXNvNaHPR/0fPJrjEknOJfm9QpNfmzNDgH /yRxFAryznu/1YGU8iPr7m8Oi/9WDPsr7MNBzgiJv/LA4m0vfn7FoUfnFRKkD/7PE8zg DbvBwNjFi5ebMOxnkXKi3usDY8KxvpQHw2YHG9uRZ4Lq+5uLi2GcuW4GGuiPmw/4FOG3 Mrzg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3gSId0U2kyuwhscrJzIBluywK1QQUzw1QX+hZzR7b7A=; b=W19cvXZlSrRkKoFHPOpv8ih4z+4r5cg874tNwq148cfUf/cR/xl81OaINUvBodQDKs AazPSGl2I1/8GqqSc+4sgEtNKFFx5OltgLqT71WqsgdRRt90WxphPVvJQqpD9lH73FBu 0tg4Mm7QOSgzIvjJ3GXHeKMS2jrqRopde6FkvfVcQjETGGlk0KDg50vbBRqhsRNiAr4d wls26IVlhMHVMBENvpr90wV215+CBHu4fcrpNEjLIY4seibZhPjYkxL4KBfVIvaU2/Bf vrL5FIp687LqXJF2lELLiW/Gtc2jh+vaq6GRvjIqFGDAmGAqGorgCRNkB5jpN8fu0Jo9 tEtQ==
X-Gm-Message-State: AOAM532PXLjsMv0V6gUQNZj5DL8BBf7Y6vnA+GeZX7Ly2ex+gDRdoIBi ekExa68mXrrmYvA/M+4FHBWbPwLxpTjgeDCieA0=
X-Google-Smtp-Source: ABdhPJyvtSfcKleh28s5gzDXwl04reyogHBeGIBufP+KQNTGqS0npm9yYgGc/NHJoCsI0iseu1eCYZS8IpsWh738r8M=
X-Received: by 2002:a17:906:7842:: with SMTP id p2mr18855146ejm.487.1623093178580; Mon, 07 Jun 2021 12:12:58 -0700 (PDT)
MIME-Version: 1.0
References: <20210607123854.GA16312@nic.fr> <CAC7UV9bkqOeCgDsCH+Hdq0v=zmRKNNDtpfiq6Ap_vzm5zUzGVg@mail.gmail.com> <CALGR9oZiUe5TyY3Tv432__GH=v+Lpv2EZah0G4ZD+g3E2FkaMg@mail.gmail.com> <20210607130422.GA27971@sources.org> <EE723B6D-7B6B-4B68-A4A1-F1809CF68F1B@gmail.com> <20210607142015.GA31240@sources.org> <7801F15A-BB23-4EDB-A1BC-DF4DDCF8D204@gmail.com> <20210607185858.GB5394@sources.org>
In-Reply-To: <20210607185858.GB5394@sources.org>
From: Töma Gavrichenkov <ximaera@gmail.com>
Date: Mon, 07 Jun 2021 22:12:45 +0300
Message-ID: <CALZ3u+Y0pqef98pOLBSXb0djdLZPjJak4vZPZjczeAeA+X8DmQ@mail.gmail.com>
Subject: Re: A question about user tracking with QUIC
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Cc: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>, IETF QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000058c2b205c431d45d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/0EEnBXAcg0-_DUBorf1EHgshguY>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jun 2021 19:13:06 -0000

Peace,

On Mon, Jun 7, 2021, 10:04 PM Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:

> > QUIC has a 0 connection ID that disallows migration, so you can do
> > this if you want.
>
> I must confess that I was not aware of this possibility. (Anyway, the
> client can always, unilaterally, tear down the connection and start a
> new one.)
>

I believe this is something NoScript (and Brave) developers should strongly
consider enforcing at all the sites where JS isn't turned on explicitly by
the user.  IDK if they're aware of the implications of HTTP/3 deployment,
though.

--
Töma

>