Storage limits are inconsistent with Clear-Site-Data integration #1270
Comments
|
In reference to (1), the desired behavior is Clear-Site-Data would delete all source and triggers that were registered on that site? I think that's reasonable, although I think it'd be interesting to compare the behavior to CHIPs and 3PC and see how this would differ/align. (2) also seems reasonable, and also prevents some of the Denial-of-service style attacks that the cross-reporting origin limits introduce. I think a difference here would be that in order for someone to blow up the size attributions datastore, they would just need to continue to embed third parties which register sources; which I believe we don't have any limits on. Whereas with the current behavior, the user would need to at least navigate to multiple different top-level sites. I think trying to solve this eventually reintroduces some kind of DoS vector, but I think anything scoped to reporting origin is probably more aligned with the other limits we have. |
Per https://wicg.github.io/attribution-reporting-api/#clear-site-data-integration, the effective owner of a source or a report (event-level or aggregatable) is the reporting origin that registered it, as only the reporting origin can clear it.
But we have privacy-agnostic storage limits for sources, event-level reports, and aggregatable reports that are keyed on the source origin or destination site.
This seems like an inconsistency. I would expect one of the following instead:
Clear-Site-Data.The text was updated successfully, but these errors were encountered: