Comments (2)
This issues speaks of a specific scenario when user browsing the app, which has a JS code that will inject specially-formed headers, that will be stored by "downstream" components and lately will be used to de-anonymize user that was using the incognito browsing.
I think this scenario is not any different from that JS code forming cookies that will contain the same information, and "downstream" application can store this information the same way. Even though, cookies will not be preserved between sessions, "downstream" components has already collected enough information to de-anonimize the user.
This specification doesn't make it easier or harder to implement this de-anonymization behavior. we may need to revisit this and have special treatment for incognito mode when/if this functionality will ever be built-in into the browser itself
from baggage.
Closing this as this has been covered as part of the discussion at w3ctag/design-reviews#650.
from baggage.
Related Issues (20)
- RFC 8941 HOT 2
- Clarify in text the relationship to Trace Context HOT 1
- Relationship to other HTTP Header encoding proposals HOT 8
- Make trust/privacy boundary explicit (at least in browsers)
- Need to update the limits section in rationale to be in sync with the new lower limits HOT 1
- Clarification on how baggage should be propagated when using websockets HOT 2
- Acknowledgements HOT 5
- Precent character in value must be precent-encoded
- When multiple baggage headers are used, clarify that minimum limits apply to the cumulative total HOT 3
- Baggage: Mention about minimum limits approach first before describing the conditions HOT 1
- We need to document the reasoning for the supported character range
- Test harness to show handling of invalid inputs
- Extend parse tests with more use cases
- Clarification regarding baggage list-member value
- Clarify how compliant implementations should handle invalid baggage entries HOT 2
- Java: Audit the Otel implementation of Baggage using Baggage Test Suite
- .NET: Audit the OpenTelemetry implementation of Baggage using Baggage test suite
- Python: Audit the Otel implementation of Baggage
- GoLang: Audit the Otel implementation of Baggage
- Audit a sample of Otel's baggage test suites
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from baggage.