What about authenticated traffic and Sec-CH-Flock, isn't there a privacy issue?

[sukria]

I am wondering if there is a privacy issue with combining authenticated traffic and the Flock header/Client Hint.

Let's take a concrete example: site example.com provides some content web users are consuming. Let's say some of them are subscribers of example.com (authenticated users). In this scenario, example.com can store an email (or login ID) alongside a Flock-ID, and start populating a database of email addresses/PII information attached to Flock IDs.

I have the feeling this creates a serious Privacy issue. I may miss something, so feel free to correct me if I do.

Thanks.

[sukria]

This issue did not get any feedback so far, maybe because it's not a simple one.

Though the recent addition of IsLoggedIn could be a start: https://github.com/WebKit/explainers/tree/master/IsLoggedIn

What about restricting Flock IDs to environments where IsLoggedIn is explicitly set to false by the server?

Sounds to me a possible way to go to ensure one cannot link flocks to individuals.

Happy to discuss this.

[jkarlin]

Hi sukria. This is certainly a concern, and there is discussion on it (knowing both PII and Flock ID) in the privacy section.

I think, in the end, there is no way to guarantee that flock and PII are kept apart. We touch on this in the explainer's privacy section. And you're right, such a database could be created. It's not ideal, but it's a far cry better than where we are today with third-party cookies, where such a database could be compiled with much more specific and personal information. And ideally in the future, we could constrain the Flock to some sort of in-browser auction so that it's not released publicly.