Contact emails amal...@chromium.org
njeu...@chromium.org wanderv...@chromium.org Explainer https://github.com/explainers-by-googlers/3pcd-grace-period-opt-out Specification Well-known resource specification: https://github.com/explainers-by-googlers/3pcd-grace-period-opt-out/blob/main/well-known-specification.md Summary This proposal details a new mechanism for site developers to conduct a self-service staged opt-out of their third-party cookie phaseout grace period. This is intended primarily for Chrome’s active trials for third-party cookie deprecation - one for top-level sites <https://developers.google.com/privacy-sandbox/3pcd/temporary-exceptions/first-party-deprecation-trial> and one for embedded sites <https://developers.google.com/privacy-sandbox/3pcd/temporary-exceptions/third-party-deprecation-trial>. When a site is approved for one of these trials, they are added to a short-term grace period which mitigates breakage until the token is launched. Sites may also use this opt-out to test long term solutions. Each site on the trial will specify their desired opt-out percentage in a new resource in their .well-known directory <https://datatracker.ietf.org/doc/html/rfc8615>, specified here <https://github.com/explainers-by-googlers/3pcd-deprecation-trial-staged-rollout/blob/main/well-known-specification.md>. Google will implement server infrastructure to fetch and update these values on a schedule, and assign clients randomly to cohorts matching this percentage. These cohorts persist for a client up until clearing site storage or reinstalling the browser. Blink component Privacy <https://b.corp.google.com/components/1457231> TAG review N/A TAG review status N/A Risks There aren’t inherent security implications for fetching external resources using server-side infrastructure, but there is a risk of fetching bad data, which our implementation addresses. There are also privacy implications for randomly assigning clients to cohorts, which we mitigate by clearing cohorts on site data deletion. There is also a risk that the fetching system fails or that a site loses access to its .well-known resource, both cases which we have planned mitigations for. Interoperability and Compatibility The third-party cookie deprecation trials are a Chrome feature, so these new well-known resources will only be fetched by the Chrome browser. The new resource will be distinct and will not interfere with any existing resources used by other browsers or features. WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? No Debuggability N/A Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)? All except WebView. (Third-party cookie deprecation launches don’t include WebView.) Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ? No Flag name on chrome://flags N/A Finch feature name base::features::TpcdMetadataStageControl Non-finch justification N/A Requires code in //chrome? No. All code for the grace period and new staged opt-out handling is in //components/tpcd/metadata <https://source.chromium.org/chromium/chromium/src/+/main:components/tpcd/metadata/> . Estimated milestones Client support is shipping to M125 on May 14. Server-side file processing will begin some time after that date. A separate notice will be sent when that process begins. Anticipated spec changes None Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5205350707101696 Links to previous Intent discussions Intent to prototype: https://groups.google.com/a/chromium.org/g/blink-dev/c/O9mh5XvbqqE/m/IyK22zHkAAAJ -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAODhGg7m2ARTr5%3DxE0Jex1bcmQ2ySUZRa%3DJSWpW6UuX56sD5Yg%40mail.gmail.com.
