Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore client-side deanonymization attacks that can compromise user privacy within Google's Privacy Sandbox initiative in this 26-minute DEF CON 33 conference talk. Examine how new web APIs designed as privacy-preserving alternatives to third-party cookies contain exploitable vulnerabilities and misconfigurations that can be leveraged to breach user anonymity. Learn about the Attribution Reporting API and discover how debugging reports can bypass privacy mechanisms like Referrer-Policy to potentially expose sensitive user information. Understand destination hijacking techniques combined with side-channel attacks using storage limit oracles to reconstruct browsing history, demonstrating sophisticated deanonymization methods. Investigate vulnerabilities in the Shared Storage API and see how insecure cross-site worklet code can leak data stored within Shared Storage, despite the API's deliberate design to prevent direct data access. Gain insights through real-world examples and potential attack scenarios that highlight the practical implications of these security vulnerabilities in privacy-focused web technologies.
