I did some digging. To me it was rather unclear about the impact of this. Furthermore, it definitely just feels like a recategorization/relabelling on Brave's part to get some brownie points. Not that it's not interesting, but I feel it's just a new name but old concept.<p>This [0] is a 1 year old referenced wiki page in the article, which itself is a reference to a 3 year old Chromium bug [1].<p>The issue is, as some commenters mentioned, one process in another tab hogging all the sockets can make determine the timing on a new socket that is requested.<p>If the socket's timing is data dependent, then you can infer what the data is.<p>That's basically XS-search attacks [2]. [1] uses the example of '<a href="https://mail.yahoo.com/d/search/keyword=" rel="nofollow">https://mail.yahoo.com/d/search/keyword=</a>', where the keyword "Amazon Purchase" consumes a socket and takes a longer amount of time due to our socket hogging vs. if we didn't hog it. This timing dependency lets us know across tabs that the victim buys stuff off Amazon.<p>In some cases, you can deterministically force the victim to execute this search query, and thus, the side channel.<p>[0]: <a href="https://xsleaks.dev/docs/attacks/timing-attacks/connection-pool/" rel="nofollow">https://xsleaks.dev/docs/attacks/timing-attacks/connection-p...</a><p>[1]: <a href="https://bugs.chromium.org/p/chromium/issues/detail?id=843157" rel="nofollow">https://bugs.chromium.org/p/chromium/issues/detail?id=843157</a><p>[2]: <a href="https://xsleaks.dev/" rel="nofollow">https://xsleaks.dev/</a>
The linked <a href="https://privacytests.org/" rel="nofollow">https://privacytests.org/</a> looks like a really useful aggregation/rundown/testing of privacy protecting features across browsers.
It's unclear- do these attacks require you to have the hostile site(s) open simultaneously in both private and non-private tabs?<p>Seems like it would, for the resources to stay allocated. If that's the case, it's kind of a "hm, neat, fix the partitioning" to me rather than something that needs its own name and hoopla.
I’m trying to understand the problem here. If the website you’re on has some javascript that’s executing side channel attacks to uniquely identify you, why couldn’t they just use other fingerprinting techniques?
Is it bad that I thought at first from the title it was referring to the reports a few years ago of gangs attacking rival gang members at the local pool? (sense its a location they are presumably off guard and wouldnt have access to weapons to defend themself)