Centralization risks of noise as a mitigation tool

[dmarti]

(This is based on an issue from "Improving the web without third-party cookies" w3ctag/web-without-3p-cookies#2)

We should cover the need to avoid centralization risks that can result from adding noise to user data. In some cases, centralization effects may be a equal or greater problem for proposed alternatives than for third-party cookies.

Where a user agent or party adds noise in order to create deniability or limit cross-site identification of an individual, then third parties that can see more traffic are more likely to be able to pick a signal out of the noise. Adding just the right amount of noise to tracking data could make it effectively usable for unwanted cross-site identification, or other risky practices, but only by one or a few large third parties.

Adding noise on the client side might be an effective way to limit cross-site identification, so should not be ruled out entirely, but centralization risks need to be addressed. For example, it might be appropriate to increase the noise added when sending user data to often-seen third parties, in order to make cookie alternatives equally usable for all sizes of third party, and limit incentives to increase risky centralization.

[npdoty]

Definitely relevant to patcg, and if we can at some point draw out something more general on considerations for adding noise, that could become a generally useful consideration (in privacy principles, questionnaire, design principles, etc.).

[npdoty]

"farbling" (or "fuzzing") is increasingly being explored by user agents. the implications of that may vary depending on the type of noise added or implementation experience with those approaches.

[darobin]

Moved to w3ctag/societal-impact-questionnaire#11.