Information

Private Cross-Origin/Site Prefetch
  • Past
  • Confirmed
  • Breakout Sessions

Meeting

Event details

Date:
Japan Standard Time
Status:
Confirmed
Location:
Floor 4 - 404
Participants:
Ari Chivukula, Zahra Ebadi Ansaroudi, Luis Flores, Tatsuya HAYASHI, Hiroshige Hayashizaki, Johann Hofmann, Victor Huang, Jasper Hugo, Dave Hunt, Nidhi Jaju, Nic Jansma, Robert Liu, Hiroki Nakagawa, Mayur patil, Simon Pieters, Barry Pollard, Thomas Prieur, Samuel Richard, Noam Rosenthal, Hiroyuki Sano, Antonio Sartori, Shunya Shishido, Keita Suzuki, Nicola Tommasi, Takashi Toyoshima, Kouhei Ueno, Tom Van Goethem, Tara Whalen, Ling Zhong
Big meeting:
TPAC 2025 (Calendar)

Prefetching can significantly improve web performance by loading resources before a user navigates to them, but doing so across different origins or sites can harm user privacy. Directly prefetching from a third-party server can leak a user's IP address and browsing context.

The Prefetch spec states a need for IP anonymization and handwaves over how it’s achieved, leaving it implementation-defined [1]. Let’s look at a couple proposals of how this works in the browser, with a browser-provided proxy [2] and a proposal for website-provided proxies [3].

Finally, we will discuss the path to enable private cross-origin/site prefetch across browsers. Open discussion of privacy and security goals, threat models, and future work in implementation and standardization.

Slides for this meeting are available at: https://docs.google.com/presentation/d/1fBEJXtRe7qoJA5ISNYzAEE6gRYiJ9lOhDu9hdRYlCxM/edit?usp=sharing

Minutes for this meeting are available at: https://docs.google.com/document/d/1ldeQe351vqxMM3IFijEM5Myc9CJ8_EnFGB1EOgSyeys/edit?tab=t.0

Agenda

Chairs:
Robert Liu

Description:
Prefetching can significantly improve web performance by loading resources before a user navigates to them, but doing so across different origins or sites can harm user privacy. Directly prefetching from a third-party server can leak a user's IP address and browsing context.

The Prefetch spec states a need for IP anonymization and handwaves over how it’s achieved, leaving it implementation-defined [1]. Let’s look at a couple proposals of how this works in the browser, with a browser-provided proxy [2] and a proposal for website-provided proxies [3].

Finally, we will discuss the path to enable private cross-origin/site prefetch across browsers. Open discussion of privacy and security goals, threat models, and future work in implementation and standardization.

Slides for this meeting are available at: https://docs.google.com/presentation/d/1fBEJXtRe7qoJA5ISNYzAEE6gRYiJ9lOhDu9hdRYlCxM/edit?usp=sharing

Minutes for this meeting are available at: https://docs.google.com/document/d/1ldeQe351vqxMM3IFijEM5Myc9CJ8_EnFGB1EOgSyeys/edit?tab=t.0

Goal(s):
Discussion

Agenda:

  1. Introduction
  2. Cross-origin/site prefetch
  3. Privacy-preserving prefetch
  4. Future directions
  5. Discussion

Materials:

Export options

Personal Links

Please log in to export this event with all the information you have access to.

Public Links

The following links do not contain any sensitive information and can be shared publicly.

Feedback

Report feedback and issues on GitHub.