Misleading statement about cookies

[martinthomson]

This means an origin has 50 x 4096 x 2^8 unique identifiers at its disposal.

This is unlikely to be a true statement. That's a count of bits. The origin has a total of 200 kilobytes of storage available.

How many unique identifiers that might produce depends on what is being identified and how the information is encoded. A single bit (or less) can be sufficiently unique to identify anything given a narrow enough context and knowledge of coding theory. If we are identifying people and consider 34 bits to be necessary for the moment, then without coding tricks, you have a lot fewer identifiers available than claimed. Of course, most sites won't need to distinguish between all people, just those people that visit their site, so far fewer bits might be needed.

This line of argumentation is somewhat unhelpful though. I'd suggest that it is misleading even. This statement is a setup for a comparison with the design in this document, which passes information across sites. That's not a fair comparison. Yes, there are far fewer bits involved, but it's not apples-to-apples.

The information flow here might be is limited, but we know that supplementary signals, like fingerprinting and timing, can be combined to provide surprisingly strong correlation. Even a single bit, passed at the wrong time, is enough to completely undo efforts that seek to maintain contextual integrity.

[aykutbulut]

Thanks for creating the issue. I will create a PR that fixes this.