[jefftk]

The network layer can already be used for tracking in multiple ways, including HTTPS sessions, ETags, and cached files with identifiers. When browsers partition the network layer they need to partition connection state as well, which includes QUIC/HTTP3 state. Safari already does this, and it looks to me like Chrome and Firefox are doing it too: https://www.jefftk.com/p/shared-cache-is-going-away

(Disclosure: I work on ads at Google, speaking only for myself)

[ivanblagdan]

Yes, theres other ways to be tracked at the network level, sure. I don't see how that changes the discourse? Beyond the straight technical implications, isn't it concerning that a single company can roll out its own protocol across the server and browser stacks, implicating 7% of web traffic? Would it be more concerning if the same company has certain interest in improving its tracking and data collection capabilities?

Also, I was expecting to find details around browsers implementing some form of network level partitioning at that link you posted, but failed. Care to spell it out for me?

[jasonhansel]

The issue of using the browser cache to perform timing attacks, which you mentioned in the post above, has been known for two decades: https://sip.cs.princeton.edu/pub/webtiming.pdf

The fix you mentioned (getting rid of shared caching) is discussed in the above article from 2000.

Genuinely surprised this hasn't been fixed earlier.