Amazing work that we should've done long ago. Thanks for taking this on!! On Tue, Jun 27, 2023 at 10:46 PM Kyra Seevers <kyraseev...@chromium.org> wrote:
> Contact emails > > kyraseev...@chromium.org > > Explainer > > https://github.com/kyraseevers/Partitioning-visited-links-history > > Specification > > TBD > > Summary > > To eliminate user browsing history leaks, anchor elements will be styled > as :visited if and only if they have been visited from the same top-level > site and frame origin before. On the browser-side, this means that the > VisitedLinks hashtable will now be partitioned via "triple-keying", or by > storing the following for each visited link: <link URL, top-level site, > frame origin>. By only styling links that have been visited from this site > and frame before, the many side-channel attacks that have been developed to > obtain :visited links styling information will be obsolete, as they no > longer provide sites with new information about users. > > Blink component > > Blink>History>VisitedLinks > <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EHistory%3EVisitedLinks> > > Motivation > > Since 2010, the number of side-channel attacks to leak the user’s browsing > history by abusing :visited links styling has grown, including user > interaction attacks, timing attacks, pixel color attacks, and process-level > attacks > <https://github.com/kyraseevers/Partitioning-visited-links-history#citations>. > While these attack vectors are slowed down by the 2010 mitigations > <https://developer.mozilla.org/en-US/docs/Web/CSS/Privacy_and_the_:visited_selector>, > they are not eliminated; browsers are still actively leaking user browsing > history today. > > Triple-keyed history partitioning only styles links have been visited from > the same top-level site and frame origin before. As a result, the many > side-channel attacks that have been developed to obtain the global :visited > links state will now be obsolete, as they will no longer provide sites with > new information about users. > > This feature will improve user privacy and security. The resulting > implementation will be relevant to users who will see slight changes to > which links appear styled on their screens, and to bad actors who will no > longer be able to use side-channel attacks to reveal user browsing history. > > Initial public proposal > > https://github.com/WICG/proposals/issues/100 > > Search tags > > visited links <https://chromestatus.com/features#tags:visited%20links>, > :visited > selector <https://chromestatus.com/features#tags::visited%20selector>, > partitioning > history <https://chromestatus.com/features#tags:partitioning%20history> > > TAG review > > TBD > > TAG review status > > Not Started > > Risks > > Interoperability and Compatibility > > Gecko: Positive initial signals from presentation at WebAppSec > <https://github.com/w3c/webappsec/blob/main/meetings/2023/2023-06-21-minutes.md> > > WebKit: Positive initial signals from presentation at WebAppSec > <https://github.com/w3c/webappsec/blob/main/meetings/2023/2023-06-21-minutes.md> > > Web developers: Feedback from UX that CSS extensibility is in-demand from > developers right now, and this work would pave the way for less restricted > CSS on anchor elements. In addition, support from various developers who > believe that taking care of this long-standing privacy leak will allow > their own security and privacy solutions to advance once history sniffing > is no longer an issue. > > Other signals: N/a > > WebView application risks > > No - this feature deals with platform-specific code, and Android WebView > does style :visited links based on user browsing history, but we do not > expect significant challenges for WebView users. > > > Debuggability > Is this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> > ? > > No > > Flag name > > (Tentatively) base::features::PartitionVisitedLinks > > Requires code in //chrome? > > False > > Tracking bug > > https://bugs.chromium.org/p/chromium/issues/detail?id=1448609 > > Launch bug > > https://launch.corp.google.com/launch/4259382 > > Estimated milestones > > No milestones specified yet > > Link to entry on the Chrome Platform Status > > https://chromestatus.com/feature/5101991698628608 > > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CA%2BmmbXbbLWwmRYH5SWx0%2BMWkfB2UY2miOAq4r0MZc34i_sWqBw%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CA%2BmmbXbbLWwmRYH5SWx0%2BMWkfB2UY2miOAq4r0MZc34i_sWqBw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfUc0KFyXgQ0LMWQnj3AT363td0k1LJSgsZp8pXvCxPZ7A%40mail.gmail.com.
