Pool-Party: Exploiting Browser Resource Pools as Side-Channels for Web Tracking

LImited to "popular browsers". Were the authors unable to find side channels in unpopular browsers.

This is an issue only the state can prevent. This should be treated like robbing a bank, wire fraud, or any other such crime.<p>A browser add on won’t end this, jail time might.

Question: would introducing jitter into browser network requests help mitigate these attacks in any way?

I was interested in an overview of how the attack works, here&#x27;s a copy &#x2F; paste summary of a simplified example from the PDF:<p>&gt; For this toy example, assume a browser vendor wants to improve performance by only allowing one video element to be loaded at a time, across all sites. If a video is currently playing on any page, the site will receive an error if it tries to play a new video. Algorithm 1 presents a toy algorithm where by two colluding sites can trivially transform this optimization choice into a cross-site tracking mechanism.<p>And later some examples of actual methods:<p>&gt; We were able to use the relatively large WebSockets connection pool in Chromium- and Gecko-based browsers to conduct “poolparty” attacks. Safari’s WebSockets implementation was not exploitable, since WebKit does not restrict how many WebSocket connections can be opened simultaneously. Safari’s implementation of the SSE API, though, was previously exploitable before they fixed it. (Gecko’s implementation of the SSE API was not exploitable). Firefox alone was vulnerable to the Web Workers form of the attack (a surprising finding given that Tor Browser uses the same Gecko engine).

Thanks for this, just giving a name for the attack is a major contribution but I appreciate the level of detail you went into on this.