[webkit-dev] HSTS user tracking

Michael Catanzaro mcatanzaro at igalia.com
Thu Mar 1 10:44:32 PST 2018

On Fri, Jan 5, 2018 at 3:11 PM, Brent Fulgham <bfulgham at apple.com> 
> I’m sorry we haven’t been forthcoming with details. We have 
> wanted to put together a blog post explaining our fix, but have been 
> preoccupied with a number of other security issues.
> I will make this my top priority, or at least give a rough overview 
> to the webkit-security folks if we can’t put together a blog-worthy 
> document fast enough.
> Thanks,
> -Brent


It'd still be great to get some details about your strategy for 
mitigating user tracking via HSTS.

It should be suitable for webkit-dev, rather than the private security 
list, right?


More information about the webkit-dev mailing list