Session Date/Time: 25 Jul 2025 09:30

pearg

Summary

The Privacy Enhancement and Assessment Research Group (pearg) meeting at IETF 123 covered updates on safe measurement guidelines, presentations on covert web to app tracking on Android, exploiting inherited origins to bypass content blockers, and the readiness of fully homomorphic encryption (FHE) for development and standards. A short presentation on privacy-preserving computation was also given.

Key Discussion Points

Safe Measurement Guidelines: The draft on safe measurement guidelines is undergoing revisions to include more information on IP address minimization and anonymization. The authors are seeking collaboration from the academic community and are targeting Montreal for a potential working group last call, pending reviews.
Covert Web to App Tracking on Android: A presentation highlighted a side channel attack where Meta and Yandex use the local host interface to bridge web and app environments for tracking, bypassing sandboxing and user expectations. This was addressed by browser vendors with mitigations like port blocking and disabling STP munching in WebRTC.
Exploiting Inherited Origins to Bypass Content Blockers: Research showed how local frames can be used to bypass content blockers due to incorrect origin handling. Vulnerabilities were identified in several content blockers, leading to patches in Safari, Brave, AdGuard, and DuckDuckGo.
Fully Homomorphic Encryption (FHE): The presentation discussed the advancements and standardization efforts for FHE, focusing on evaluation modes, bootstrapping performance, trans-ciphering techniques for bandwidth reduction, and the development of user-friendly interfaces (FHE compilers).
Privacy-Preserving Computation: A presentation covered various use cases for privacy-preserving computation (PPC), including private set intersection (PSI), private key-value queries, private inner product, and collaborative machine learning. Concerns about the ethical implications of these technologies were raised.

Decisions and Action Items

Safe Measurement Guidelines:
- List members to review the current version of the draft and provide feedback.
- Authors to seek collaboration from an academic researcher.
Privacy-Preserving Computation:
- Discuss on the mailing list whether pearg is the appropriate forum to formalize PPC primitives.

Next Steps

Safe Measurement Guidelines draft to be updated based on received feedback.
Full presentation on privacy computation to be scheduled for the next meeting in Montreal.
Initiate discussion on the mailing list regarding the formalization of PPC primitives.