Network Error Logging helps web server operators detect operational problems in real-time to provide fast and reliable services. This paper analyses Network Error Logging from two angles. Firstly, this paper overviews Network Error Logging from the data protection view. The ePrivacy Directive requires consent for non-essential access to the end devices. Nevertheless, the Network Error Logging design does not allow limiting the tracking to consenting users. Other issues lay in GDPR requirements for transparency and the obligations in the contract between controllers and processors of personal data. Secondly, this paper explains Network Error Logging exploitations to deploy long-time trackers to the victim devices. Even though users should be able to disable Network Error Logging, it is not clear how to do so. Web server operators can mitigate the attack by configuring servers to preventively remove policies that adversaries might have added.

翻译：网络错误日志可帮助Web服务器运营者实时检测运行问题，从而提供快速可靠的服务。本文从两个角度分析网络错误日志。首先，本文从数据保护视角概述网络错误日志。根据《电子隐私指令》（ePrivacy Directive），对终端设备的非必要访问需获得用户同意。然而，网络错误日志的设计无法将追踪行为限制在已同意的用户范围内。其他问题涉及《通用数据保护条例》（GDPR）对透明性的要求，以及个人数据控制者与处理者之间合同中的义务。其次，本文阐释了利用网络错误日志在受害者设备上部署长期追踪器的攻击手段。尽管用户应能禁用网络错误日志，但具体操作方式尚不明确。Web服务器运营者可通过配置服务器，主动移除攻击者可能添加的防护策略来缓解此类攻击。