Describe more privacy mitigations #167
Description
https://wicg.github.io/BackgroundSync/spec/PeriodicBackgroundSync-index.html#privacy should describe how browsers might protect users from the privacy risks. The current location tracking section suggests limiting the number of data points the site gets, but it doesn't suggest any ways to get the number down to 0. Possible ways to eliminate IP-based geolocation might include:
- Use Tor.
- Use a trusted VPN. A browser could pick a default like https://fpn.firefox.com/ and then let the user override it.
- Require the site to opt into something like https://github.com/bslassey/ip-blindness/.
History leaks to the network the user happens to be on when a background sync happens are also blocked by either Tor or a VPN. The VPN still learns about the traffic, which might be an issue and should be mentioned in the Privacy Considerations section. We're also making some progress eliminating the DNS and SNI leaks: maybe background syncs should only happen when DoT/DoH and eSNI are enabled, and the DoT/DoH server is one of the ones used when the user intentionally visited the site? This still leaves information leaked by the target site's IP address, which can be identifying for sites not behind CDNs.