From 0a093d8c8e115633245d8c668f809476a7c0ee6f Mon Sep 17 00:00:00 2001 From: Jeremy Roman Date: Tue, 14 Dec 2021 11:02:04 -0500 Subject: [PATCH] Explain client IP anonymization and how it relates to nav speculation. (#99) Explain client IP anonymization and how it relates to nav speculation. --- anonymous-client-ip.md | 21 +++++++++++++++++++++ triggers.md | 2 +- 2 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 anonymous-client-ip.md diff --git a/anonymous-client-ip.md b/anonymous-client-ip.md new file mode 100644 index 0000000..6bb22c4 --- /dev/null +++ b/anonymous-client-ip.md @@ -0,0 +1,21 @@ +# Anonymous Client IP + +## Why anonymize the client IP when prefetching for navigation? + +The [role of the client IP address in Internet privacy][ietf-ip-privacy] has been discussed elsewhere, and many software vendors and service providers have started offering features which obscure it, e.g., using a proxy or virtual private network. + +Outgoing prefetch traffic may imply information about the content the user is currently viewing before they have clicked a link. Accordingly, some sites (e.g., search engines, email providers, and social media networks) may be happy to enhance the performance of outbound navigations to other sites only if client IP anonymity is possible. For navigations from such sites, users with IP privacy may actually experience better performance than possible without it. + +## Is IP-anonymized prefetching feasible for browsers? + +Yes. Many major browser vendors already offer an HTTP proxy or VPN service to protect IP privacy, such as Google Chrome's [private prefetch proxy][chrome-ppp], Safari's [iCloud Private Relay][safari-ipr], [Mozilla VPN][mozilla-vpn] and [Opera VPN][opera-vpn]. This technology can be leveraged to enable private prefetch for eligible users. + +## How can browsers know which prefetches require anonymous client IP? + +The Speculation Rules syntax allows authors to [expressly mark](triggers.md#extension-requirements) that particular cross-origin prefetches should only occur when the browser can anonymize the client IP. Browsers must not execute such rules otherwise. + +[ietf-ip-privacy]: https://datatracker.ietf.org/doc/draft-ip-address-privacy-considerations/ +[chrome-ppp]: https://blog.chromium.org/2020/12/continuing-our-journey-to-bring-instant.html#:~:text=to%20the%20user.-,Private%20prefetch%20proxy,between%20Chrome%20and%20that%20website. +[safari-ipr]: https://support.apple.com/en-ca/HT212614 +[mozilla-vpn]: https://www.mozilla.org/products/vpn/ +[opera-vpn]: https://www.opera.com/features/free-vpn \ No newline at end of file diff --git a/triggers.md b/triggers.md index 4fbef41..a2bc4ec 100644 --- a/triggers.md +++ b/triggers.md @@ -122,7 +122,7 @@ The link element itself can also be [matched][selector-match] using [CSS selecto This feature is designed to allow future extension, such as a notion of requirements: assertions in rules about the capabilities of the user agent while executing them. Since user agents disregard rules they do not understand, this can be safely added later on without violating the requirements listed. -For example, an "anonymous-client-ip-when-cross-origin" requirement might mean that the rule matches only if the user agent can prevent the client IP address from being visible to the origin server if a cross-origin request is issued. +For example, an "anonymous-client-ip-when-cross-origin" requirement might mean that the rule matches only if the user agent can [prevent the client IP address from being visible to the origin server](anonymous-client-ip.md) if a cross-origin request is issued. ```json {"prerender": [