LGTM1 I cannot imagine a more thorough and thoughtful approach than the one the Privacy Sandbox team has taken to tackle this significant change to the web's privacy model while minimizing breakage and providing replacement APIs. Thanks for pushing this important work through!!
On Mon, Nov 13, 2023 at 10:31 AM Johann Hofmann <johann...@chromium.org> wrote: > Contact emails > > johann...@chromium.org, wanderv...@chromium.org, dylancut...@chromium.org, > kaustub...@chromium.org, jkar...@chromium.org, johni...@chromium.org > > Explainer > > For general information on Privacy Sandbox for the Web and Google’s plans > to phase out third-party cookies, see https://privacysandbox.com/open-web/ > . > > For additional information on the planned semantics of third-party cookie > blocking and its interaction with the SameSite cookie attribute, see > https://github.com/DCtheTall/standardizing-cross-site-cookie-semantics > > Specification > > The Cookies RFC contains some language > <https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-12#name-the-cookie-header-field> > that, in theory, allows user agents to block third-party cookies, leaving a > lot of details unspecified. We are not happy with this status quo and are > collaborating with other browsers on a significant spec refactoring effort > called cookie layering > <https://github.com/httpwg/http-extensions/issues/2084> to give > Fetch/HTML more responsibility over specifying how and when cookies are > stored and attached, as well as a WebAppSec Note based on our existing > explainer > <https://github.com/DCtheTall/standardizing-cross-site-cookie-semantics> > that describes how cookie blocking interacts with SameSite cookies. > > Summary > > We intend to deprecate and remove default access to third-party (aka > cross-site) cookies as part of the Privacy Sandbox Timeline for the Web > <https://privacysandbox.com/open-web/#the-privacy-sandbox-timeline>, > starting with an initial 1% testing period in Q1 2024 > <https://developer.chrome.com/docs/privacy-sandbox/chrome-testing/>, > followed by a gradual phaseout planned to begin in Q3 2024 after consultation > with the CMA > <https://www.gov.uk/cma-cases/investigation-into-googles-privacy-sandbox-browser-changes> > (The gradual phaseout is subject to addressing any remaining competition > concerns of the UK’s Competition and Markets Authority.) > > Phasing out third-party cookies (3PCs) is a central effort to the Privacy > Sandbox initiative, which aims to responsibly reduce cross-site tracking on > the web (and beyond) while supporting key use cases through new > technologies. Our phaseout plan was developed with the UK's Competition and > Markets Authority, in line with the commitments > <https://blog.google/around-the-globe/google-europe/path-forward-privacy-sandbox/> > we offered for Privacy Sandbox for the web. > > Blink component > > Internals>Network>Cookies > <https://bugs.chromium.org/p/chromium/issues/list?q=component:Internals%3ENetwork%3ECookies> > > Motivation > > Our goal on the Privacy Sandbox is to reduce cross-site tracking while > still enabling the functionality that keeps online content and services > freely accessible by everyone. Deprecating and removing third-party cookies > encapsulates the challenge, as they enable critical functionality across > sign-in, fraud protection, advertising, and generally the ability to embed > rich, third-party content in websites—but at the same time they're also a > key enabler of cross-site tracking. > > Initial public proposal > > N/A > > TAG review > > The TAG has explicitly endorsed > <https://w3ctag.github.io/web-without-3p-cookies/#why-restrict-third-party-cookies> > (n.b. as a draft document) the deprecation of third-party cookies in the > past. Additionally, we requested feedback on our proposal to define the > 3PC security semantics > <https://github.com/w3ctag/design-reviews/issues/904> and received > generally positive feedback. > > TAG review status > > Tentatively Positive, see above > > Risks > Compatibility > > Impact on the Ads ecosystem: > > A suite of APIs for delivering relevant ads, measuring ad performance, and > preventing fraud and abuse are now generally available in Chrome to > continue to facilitate ad-supported content on the web. We continue to work > closely with the UK Competition and Markets Authority (CMA) on evaluating > the impact of this change on the ads ecosystem. > > Web Compatibility: > > Despite 3PCs already being blocked in Firefox and Safari and developer > outreach efforts to raise awareness and encourage developers to prepare for > the deprecation, we currently estimate that a non-trivial number of sites > are still relying on third-party cookies for some user-facing > functionality. To address this breakage, we have developed a two-pronged > strategy: > > > 1. > > Breakage Discovery & Outreach > > Through various efforts, such as UKM-based signal analysis, scaled manual > testing and dogfooding, we are collecting a list of impacted use cases. > These individual breakage cases inform our mitigation strategy (see next > step) and future API improvements, as well as our ongoing developer > outreach efforts. > > We also offer developers the ability to report 3PC breakage to the Chrome > team via goo.gle/report-3pc-broken or ask general questions at > https://github.com/GoogleChromeLabs/privacy-sandbox-dev-support/issues. > > > 1. > > Temporary Breakage Mitigation > > It will take time for developers to replace their usage of 3PCs with new > APIs or different approaches, and some developers may not be aware of this > deprecation until they discover breakage. In order to reduce the impact of > such breakage on the web, we have implemented a series of temporary > mitigations: > > > - > > Exemption Heuristics > > <https://github.com/amaliev/3pcd-exemption-heuristics/blob/main/explainer.md>: > We are planning to ship heuristics mirroring those that already ship in > Firefox and Safari, and are also working with both browsers on a > coordinated removal process. Additional details can be found & should be > discussed in the I2P > > <https://groups.google.com/a/chromium.org/g/blink-dev/c/Eeh2pE0DRaE/m/1BJyBlCUAAAJ> > & upcoming I2S. > > > > - > > Deprecation Trial: > > <https://developer.chrome.com/blog/cookie-countdown-2023oct/#request-additional-time-with-the-third-party-deprecation-trial-for-non-advertising-use-cases> > This will be outlined in more detail in the upcoming Request for > Deprecation Trial, but it’s important to note that a review step including > evidence of user-facing breakage will be required for participation. > Further, we do not intend to approve trials for ads-related use cases, to > avoid interference with the quantitative testing. > > > > - > > As with other launches, we will also have a set of server-side > controls to manage the rollout as a whole and minimize issues specific > sites are causing for users. > > > Despite all these efforts, we want to be clear that we are intentionally > taking some risk here in the interest of user privacy. > > Enterprise Compatibility: > > To help with the transition, we intend to allow enterprise organizations > to opt their applications out of third-party cookie blocking using the > existing BlockThirdPartyCookies > <https://chromeenterprise.google/policies/#BlockThirdPartyCookies> or > CookiesAllowedForUrls > <https://chromeenterprise.google/policies/#CookiesAllowedForUrls> > policies. Given that enterprise systems are often gated and are therefore > hard to analyze from an external perspective, these policies will provide > additional time for the enterprise ecosystem to adapt. We intend to publish > additional guidance for enterprises on https://goo.gle/3pcd-enterprise > for the period beyond the 1% testing period. > > Interoperability > > Both Firefox and Safari have removed default access to third-party cookies > already, though there are small differences > <https://github.com/DCtheTall/standardizing-cross-site-cookie-semantics> > in how browsers treat SameSite=None cookies in so called “ABA” scenarios > (site A embeds site B, which embeds site A again). Chrome ships the more > secure and more restrictive variant, and from initial conversations we are > optimistic that other browsers will adopt it as well. There are also subtle > differences in how browsers restore access to third-party cookies through > mechanisms such as heuristics or custom quirks. Where Chrome implements > similar measures (such as the heuristics > <https://github.com/amaliev/3pcd-exemption-heuristics/blob/main/explainer.md>), > we try to follow the launch and standards processes to achieve as much > interop as we can, given other requirements such as privacy and security. > > Gecko: Shipping > > WebKit: Shipping > > Web developers: Mixed Signals > > As one of the most impactful changes to the web platform in a long time, > the deprecation of 3rd party cookies and the introduction of alternative > APIs have received a lot of helpful feedback from web developers to an > extent impossible to summarize in a few sentences. As described in the > summary, the Privacy Sandbox wants to ensure that a vibrant, freely > accessible web can exist even as we roll out strong user protections and we > will continue to work with web developers to understand their use cases and > ship the right (privacy-preserving) APIs. And we’ve received feedback > <https://privacysandbox.com/news/privacy-sandbox-for-the-web-reaches-general-availability/#:~:text=The%20Benefits%20of%20Collaboration> > that gives us confidence that we’re on the right track. > > WebView application risks > > This deprecation will not affect WebView for now. > > > Debuggability > > Developers may use the command-line testing switch > --test-third-party-cookie-phaseout > (available starting Chrome 115) or enable > chrome://flags#test-third-party-cookie-phaseout (available starting Chrome > 117), to simulate browser behavior with default access to third-party > cookies removed. We also started reporting DevTools issues for cookies > impacted by the deprecation starting in Chrome 117 to help identify > potentially impacted workflows. We are continuing to improve our developer > documentation > <https://developer.chrome.com/blog/cookie-countdown-2023oct/> on > debugging third-party cookies usage, and guidance on migration to new APIs. > > > Is this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> > ? > > Yes. We have put together a set of WPTs > <https://wpt.fyi/results/cookies/third-party-cookies/third-party-cookies.tentative.https.html?label=experimental&label=master&aligned> > which cover third-party cookie blocking for subresource requests. It is not > yet comprehensive, we are working on adding additional tests to support our > standardization efforts. > > Flag name on chrome://flags > > TestThirdPartyCookiePhaseout > > Finch feature name > > Due to the nature of the Chrome-facilitated testing period > <https://developer.chrome.com/docs/privacy-sandbox/chrome-testing/>, as > well as the general complexity of managing breakage related to removing > third-party cookies, there won’t be a single Finch feature that takes us > from 0% to 100% deprecated. Instead, a collection of features, supporting > different phases and components, will be used. > > Non-finch justification > > N/A > > Requires code in //chrome? > > No, the base third-party cookie blocking functionality does not require > Chrome code. Some custom Chrome functionality (such as the aforementioned > facilitated testing, mitigations and user experience improvements) does > require it. > > Estimated milestones > > Initial phase of Deprecation (1%) is planned as part of the “Chrome > facilitated testing period” beginning in Q1 2024, as described on > https://privacysandbox.com/open-web/#the-privacy-sandbox-timeline, > further phaseout is planned to begin in Q3 2024. (The gradual phaseout of > third-party cookies is subject to addressing any remaining competition > concerns of the CMA.) > > > Link to entry on the Chrome Platform Status > > https://chromestatus.com/feature/5133113939722240 > > This intent message was generated by Chrome Platform Status > <https://chromestatus.com/>. > > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAD_OO4ikogMJZce42o-QcGUMDNiM2Lr_6BGAfP8Gzktakc5_fw%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAD_OO4ikogMJZce42o-QcGUMDNiM2Lr_6BGAfP8Gzktakc5_fw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfWhkP3Sr0EbVEC%2Bj0eGx0m8ONcY8UTXOzqniC9AHy9NqQ%40mail.gmail.com.
