I was thinking about the privacy risks of QUIC and there is one where I'm not sure what to think of it, and for which I cannot find any discussion in the archives of the WG.
Long-term QUIC connections may enable some user tracking, even when the user changes its IP address, without even needing HTTP cookies or things like that. I am not sure it is a real problem in practice because it's not new (HTTP/2 offered similar possibilities), there are many other ways to track users (HTTP cookies, browser fingerprinting, Google Analytics), and they even work cross-servers. But it can be a problem for privacy-oriented technologies (QUIC cannot currently work over Tor but may be in the future?) I do not find discussions about that. Was it considered? (If so, you are welcome to reply "Search with mailarchive yourself" but I prefer if it comes with URLs and/or approximate datetimes.) Is it, for instance, a good idea to advise privacy-oriented clients to always shut down QUIC connections when IP address changes?
