Reply to post: PII leak

Is Chrome really secretly stalking you across Google sites using per-install ID numbers? We reveal the truth

cdrcat

PII leak

> According to Granal, this identifier is sent to youtube.com, google.com, doubleclick.net, googleadservices.com...

The code[1] shows the X-CLIENT-DATA is sent for any google.X domain where google owns the TLD, but if there were any youtube.X domain owned by a squatter then the PII would be leaked to that squatter. I haven’t looked if there are youtube domain squatters that match that restriction...

[1] https://cs.chromium.org/chromium/src/components/google/core/common/google_util.cc?q=IsGoogleAssociatedDomainUrl

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon