On Tue, Nov 14, 2017 at 02:51:55PM +0200, George Kadianakis wrote:
Let me know what you think :)
Section 9.4 in the Alt-Svc draft talks about abusing the header for tracking. In particular, a malicious website could give each Tor user a unique onion domain to track their activity. That's particularly problematic if the "persist" flag is used in the Alt-Svc header.
Granted, malicious websites can already do that to an extent by serving unique onion domains on each page load, but we should still keep this issue in mind.