Sorry, it seems I left off the signals section of the template: Firefox: No signal ( https://github.com/mozilla/standards-positions/issues/835) Webkit: No signal (https://github.com/WebKit/standards-positions/issues/214) Web developers: No signals
On Thu, Aug 17, 2023 at 10:22 AM Ben Kelly <wanderv...@chromium.org> wrote: > Contact emails > > wanderv...@chromium.org, b...@chromium.org, rtarp...@chromium.org, > j...@chromium.org > > Explainer > > > https://github.com/privacycg/nav-tracking-mitigations/blob/main/bounce-tracking-explainer.md > > Specification > > > https://privacycg.github.io/nav-tracking-mitigations/#bounce-tracking-mitigations > > Summary > > This feature mitigates bounce tracking on the web. It works by deleting > state from sites that access storage during a redirect that the user has > never directly interacted with. See the specification for more details. > > Blink component > > Privacy>NavTracking > <https://bugs.chromium.org/p/chromium/issues/list?q=component:Privacy%3ENavTracking> > > TAG review > > https://github.com/w3ctag/design-reviews/issues/862 > > TAG review status > > Issues addressed > > Risks > > Interoperability and Compatibility > > The main risk is that we will incorrectly delete state for a site that the > user needs to continue functioning. Our approach attempts to address this > with a number of signals: > > > - > > If a user has interacted with the site within the last 45 days, we > will not delete its state. > - > > We are adding successful webauthn key assertions as another > "interaction" source in M117 to address SSO use cases that only require > security taps to stay logged in. > - > > We only delete state if the potential tracking site is not permitted > as a 3P cookie. This allows users and enterprises to grant permission to > maintain state on these sites through existing mechanisms. > > > We have documented some known use cases at-risk > <https://github.com/privacycg/nav-tracking-mitigations/issues?q=is%3Aopen+is%3Aissue+label%3Abounce-tracking+label%3Aat-risk-use-case> > . > > In particular, since 3P cookies are default allowed today, this feature > will only have an immediate impact on users that have opted into 3P cookie > blocking or incognito where 3P cookies are blocked by default. > > Ergonomics > > Minimal ergonomic risk. There are no direct APIs to call here. We are > deleting state for sites behind the scenes. We do not delete state for > sites that are currently open. We have devtools enhancements to help > developers understand the process. > > Activation > > No activation risk. There is nothing to polyfill. > > Security > > This feature does incrementally worsen existing XS-Leaks in the browser by > exposing an additional bit of information. Attackers can learn if a user > has interacted with a site within the last 45 days if they are able to > trigger a stateful bounce on the target site and execute a XS-Leak attack > to detect the existence of cookies or state on the site. Since bounce > tracking mitigations are only enforced when 3P cookies are blocked, > however, the XS-Leak must use navigations and not subresource attacks. > > We feel the best solution to this problem is to invest in fixing > navigation-based XS-Leaks. The additional bit of interaction information > leaked in the meantime is not ideal, but it has limited utility if an > attacker can already tell if there is state on the target site. We are > interested in collaborating with the security team to help address the > underlying XS-Leak. > > WebView application risks > > We are purposely excluding WebView from this launch so we can evaluate > impact to that platform separately. > > Debuggability > > We issue devtool "issues" when a site may potentially be deleted as a > bounce tracking. In addition, we have a devtools application panel to > force the bounce tracking algorithm to run immediately. See the > screenshots in this blog post > <https://developer.chrome.com/blog/bounce-tracking-mitigations-dev-trial/> > . > > Will this feature be supported on all six Blink platforms (Windows, Mac, > Linux, Chrome OS, Android, and Android WebView)? > > All except WebView. We would like to evaluate the impact to WebView in a > separate launch. > > Is this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> > ? > > No, unfortunately. Since this feature runs off of a long duration timer > we cannot construct a WPT test case. We need wpt#17489 > <https://github.com/web-platform-tests/wpt/issues/17489> to be fixed in > order to correct this. > > Flag name > > DIPS > > Requires code in //chrome? > > Yes. We must integrate with features like the chrome sign-in manager, > TabHelper, etc. We are, however, actively working to move other code into > the content// layer. > > Tracking bug > > https://bugs.chromium.org/p/chromium/issues/detail?id=1360489 > > Measurement > > We are measuring UKM for sites that have state deleted by bounce tracking > mitigations. > > Availability expectation > > Our initial MVP implementation is launching to all platforms with the > exception of WebView. In addition, bounce tracking mitigations are only > enforced in situations where the tracking domain is not permitted as a 3P > cookie. > > Adoption expectation > > There is no specific API to adopt for this effort, but we only enforce the > bounce tracking mitigations when 3P cookies are blocked. Therefore we > expect it to have a greater impact as 3P cookie blocking becomes more > common in the future. > > Adoption plan > > N/A > > Non-OSS dependencies > > None > > Sample links > > https://bounce-tracking-demo.glitch.me/ > > Estimated milestones > > Gradual rollout during M116. Webauthn interaction support will take > effect in M117. > > Anticipated spec changes > > We have written a monkey-patch spec here: > > > https://privacycg.github.io/nav-tracking-mitigations/#bounce-tracking-mitigations > > Link to entry on the Chrome Platform Status > > https://chromestatus.com/feature/5705149616488448 > > Links to previous Intent discussions > > > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAK7rkMi_7z0-yeTbBiE43V5SD1ri4jSVxrkR8Gs%3DD0NRoRKivA%40mail.gmail.com > > > https://groups.google.com/a/chromium.org/g/blink-dev/c/vyXWn1W1daA/m/tL3f1_WbAwAJ > > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAK7rkMi2xOMKfZsV5q9jgBuaFvRC3b67fsw%3DYF%2BLNDRgp%2BjdrA%40mail.gmail.com.
