-
Notifications
You must be signed in to change notification settings - Fork 39
Open
Labels
privacy-needs-resolutionIssue the Privacy Group has raised and looks for a response on.Issue the Privacy Group has raised and looks for a response on.
Description
<
6D4D
div class="ActivityHeader-module__activityHeader--WiwzD IssueBodyHeader-module__activityHeaderWrapper--WDoKj">
opened on Feb 5, 2020
Issue body actions
Spec states that the value of the nextHopProtocol can be different depending on use of a proxy:
When a proxy is configured, if a tunnel connection is established then this attribute MUST return the ALPN Protocol ID of the tunneled protocol, otherwise it MUST return the ALPN Protocol ID of the first hop to the proxy.
This suggests that a website, having knowledge about the resources being loaded and expected nextHopProtocol values, can detect visitors using a proxy. This could be abused to enforce geo-restrictions and prosecute (in certain parts of the world) users using proxy software.
Since user agent may be unable to determine the safe value of the nextHopProtocol when connection is tunneled, we suggest that this property is dropped.
pes10k, dharb and perado42
Metadata
Metadata
Assignees
Labels
privacy-needs-resolutionIssue the Privacy Group has raised and looks for a response on.Issue the Privacy Group has raised and looks for a response on.