Eric Rescorla, CTO of Mozilla, expressed some concerns about Google’s “Privacy Budget” proposal to limit user trails.
Access to user information via browser is an online tracking technique that involves collecting various data points that users submit to web servers via their browsers and network connections. These data points – other details such as HTTP header attributes, software and hardware attributes available via JavaScript, and installed plugins – enable the creation of unique identifiers that can be used to track people across different websites.
As part of a more comprehensive security and platform overhaul, Google announced the Privacy Sandbox initiative in 2019, which includes a proposed defense against browser tracking (or fingerprint tracking) called Privacy Budget. The Privacy Budget aims to improve the privacy of web users by reducing the browser fingerprint surface (the number of data points available), along with privacy improvements such as IP address protection.
But there are a few key issues that threaten Google’s Privacy Budget, according to Rescola.
The first of these is that the calculations are difficult and likely to vary. Because it is claimed that all measured values do not have the same information content. For example, knowing someone is using Chrome doesn’t have much value because so many people use Chrome, but knowing someone uses Tor (or Firefox) puts them in a much smaller group of people.
“The idea of the Privacy Budget is intended to prevent this type of cross-site tracking, but it can be used for cross-site tracking since the occurrence itself is a state that can be both manipulated and read,” says Rescorla.