Information

Prompt spam and reputation attacks associated with requestStorageAccessFor
  • Past
  • Confirmed
  • Breakout Sessions

Meeting

Event details

Date:
Pacific Daylight Time
Status:
Confirmed
Location:
4 Concourse Level - Redondo
Participants:
Joel Antoci, Ari Chivukula, Balazs Engedy, Chris Fredrickson, Yi Gu, Johann Hofmann, Erica Kovac, Sandor Major, Anusha Muley, Nicolas Pena Moreno, Abrar Rahman Protyasha, Nina Satragno, Vincent Scheib, Aaron Selya, Shivani Sharma, Zachary Tan, Zacharias Törnblom, Andrew Verge, Howard Wolosky, Emma Zuehlcke
Big meeting:
TPAC 2024 (Calendar)

Discussion on how to expand the requestStorageAccessFor API to reduce the potential for it to be used as a vector for reputation attacks and prompt spam.

These are issues because embedded sites can not control who embeds them. Which means that the top level site can prompt on behalf of the embedded site. This could potentially damage the embedder’s reputation and/or spam the user with the generation of a large number of prompts.

Agenda

Chairs:
Aaron Selya, Chris Fredrickson

Description:
Discussion on how to expand the requestStorageAccessFor API to reduce the potential for it to be used as a vector for reputation attacks and prompt spam.

These are issues because embedded sites can not control who embeds them. Which means that the top level site can prompt on behalf of the embedded site. This could potentially damage the embedder’s reputation and/or spam the user with the generation of a large number of prompts.

Goal(s):
gather input from the community and gain consensus on how to address the problems

Agenda:
Introduce the problem
Review how the browsers have addressed it so far
Discuss more potential solutions

Materials:

Minutes

 Read minutes

Export options

Personal Links

Please log in to export this event with all the information you have access to.

Public Links

The following links do not contain any sensitive information and can be shared publicly.

Feedback

Report feedback and issues on GitHub.