On Tue, May 28, 2024 at 10:59 AM Vladimir Levin <vmp...@chromium.org> wrote:
> Hey Anton, > > Can you please request reviews for the various chips > [image: chips.png] > Done. Thanks. > > Thanks! > Vlad > > On Mon, May 27, 2024 at 3:09 AM Yoav Weiss (@Shopify) < > yoavwe...@chromium.org> wrote: > >> LGTM2 >> >> On Fri, May 24, 2024 at 5:53 PM Anton Maliev <amal...@chromium.org> >> wrote: >> >>> I see the concern. The 3P can use document.hasStorageAccess() >>> <https://developer.mozilla.org/en-US/docs/Web/API/Document/hasStorageAccess> >>> to >>> check for cookie support, which accounts for the grace period and opt-out. >>> (It would return true if there is an active grace period on the 1P or 3P >>> that affects the current frame, or false if the current client is opted >>> out.) Per the linked I2S, we recommend document.hasStorageAccess() instead >>> of navigator.cookieEnabled moving forward for validation relating to >>> Chrome's 3PCD rollout - the latter doesn't return the correct value for >>> this case. >> >> >> Thanks! That makes sense. >> >> >>> >>> This also depends if the 3P in question is also on the grace period. If >>> it is not, we would expect them to notice any breakage on other 1Ps as well. >>> >>> On Thursday, May 23, 2024 at 4:17:14 PM UTC-4 Yoav Weiss wrote: >>> >>>> On Thu, May 16, 2024 at 4:15 PM Anton Maliev <amal...@chromium.org> >>>> wrote: >>>> >>>>> > Will developers have a way of knowing if the current site (where >>>>> they may see breakage metrics) is opted-out of the grace period? >>>>> >>>>> Google is planning to build a site dashboard where developers can >>>>> check on the status of their grace period and opt-out values. In the >>>>> interim, Chrome DevTools shows an Issue for third-party cookies which are >>>>> allowed due to the grace period - this can be used to validate whether the >>>>> grace period is active for that particular client. >>>>> >>>>> >>>> While that's potentially useful, that's not what I had in mind. >>>> If a site opt-outs of the grace period, that may impact 3Ps that the >>>> site embeds. >>>> Those 3Ps (if they are not ready for it) are likely to notice some drop >>>> in their functionality or conversion, but they'd need a way of attributing >>>> that to the lack of 3P cookies. >>>> >>>> At the same time, while writing this, I was reminded of >>>> navigator.cookieEnabled >>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/xU3gTW4aTfg/m/LaUu7IN2BAAJ?utm_medium=email&utm_source=footer>. >>>> Do I understand correctly that it would indicate the lack of 3P cookie >>>> support in these cases? >>>> >>>> >>>> >>>>> > Do you have a rough estimate on the length of the grace period? (I'm >>>>> guessing this will not be relevant after it) >>>>> >>>>> That's correct, a site will no longer need an opt-out file after it is >>>>> removed from the grace period. Each grace period entry has its own >>>>> expiration date, depending on when the site applied for the deprecation >>>>> trial. We will need to assess the demand for new sites onboarding to the >>>>> trial before we can give an estimate on how long we will continue to >>>>> support grace periods overall. >>>>> >>>>> On Thursday, May 16, 2024 at 3:56:15 AM UTC-4 Yoav Weiss wrote: >>>>> >>>>>> This is an odd one, but I agree that it's a web exposed feature and >>>>>> hence should go through the blink process. Thanks for sending this! >>>>>> >>>>>> >>>>>> On Tue, May 14, 2024 at 11:15 PM Anton Maliev <amal...@chromium.org> >>>>>> wrote: >>>>>> >>>>>>> Contact emails >>>>>>> >>>>>>> amal...@chromium.org >>>>>>> >>>>>>> njeu...@chromium.org >>>>>>> >>>>>>> wanderv...@chromium.org >>>>>>> >>>>>>> Explainer >>>>>>> >>>>>>> https://github.com/explainers-by-googlers/3pcd-grace-period-opt-out >>>>>>> >>>>>>> Specification >>>>>>> >>>>>>> Well-known resource specification: >>>>>>> https://github.com/explainers-by-googlers/3pcd-grace-period-opt-out/blob/main/well-known-specification.md >>>>>>> >>>>>>> Summary >>>>>>> >>>>>>> This proposal details a new mechanism for site developers to conduct >>>>>>> a self-service staged opt-out of their third-party cookie phaseout grace >>>>>>> period. This is intended primarily for Chrome’s active trials for >>>>>>> third-party cookie deprecation - one for top-level sites >>>>>>> <https://developers.google.com/privacy-sandbox/3pcd/temporary-exceptions/first-party-deprecation-trial> >>>>>>> and one for embedded sites >>>>>>> <https://developers.google.com/privacy-sandbox/3pcd/temporary-exceptions/third-party-deprecation-trial>. >>>>>>> When a site is approved for one of these trials, they are added to a >>>>>>> short-term grace period which mitigates breakage until the token is >>>>>>> launched. Sites may also use this opt-out to test long term solutions. >>>>>>> >>>>>>> Each site on the trial will specify their desired opt-out percentage >>>>>>> in a new resource in their .well-known directory >>>>>>> <https://datatracker.ietf.org/doc/html/rfc8615>, specified here >>>>>>> <https://github.com/explainers-by-googlers/3pcd-deprecation-trial-staged-rollout/blob/main/well-known-specification.md>. >>>>>>> Google will implement server infrastructure to fetch and update these >>>>>>> values on a schedule, and assign clients randomly to cohorts matching >>>>>>> this >>>>>>> percentage. These cohorts persist for a client up until clearing site >>>>>>> storage or reinstalling the browser. >>>>>>> >>>>>> >>>>>> >>>>>> Will developers have a way of knowing if the current site (where they >>>>>> may see breakage metrics) is opted-out of the grace period? >>>>>> >>>>>> >>>>>> >>>>>>> >>>>>>> Blink component >>>>>>> >>>>>>> Privacy <https://b.corp.google.com/components/1457231> >>>>>>> >>>>>>> TAG review >>>>>>> >>>>>>> N/A >>>>>>> >>>>>>> TAG review status >>>>>>> >>>>>>> N/A >>>>>>> >>>>>>> Risks >>>>>>> >>>>>>> There aren’t inherent security implications for fetching external >>>>>>> resources using server-side infrastructure, but there is a risk of >>>>>>> fetching >>>>>>> bad data, which our implementation addresses. >>>>>>> >>>>>>> There are also privacy implications for randomly assigning clients >>>>>>> to cohorts, which we mitigate by clearing cohorts on site data deletion. >>>>>>> There is also a risk that the fetching system fails or that a site loses >>>>>>> access to its .well-known resource, both cases which we have planned >>>>>>> mitigations for. >>>>>>> >>>>>>> Interoperability and Compatibility >>>>>>> >>>>>>> The third-party cookie deprecation trials are a Chrome feature, so >>>>>>> these new well-known resources will only be fetched by the Chrome >>>>>>> browser. >>>>>>> The new resource will be distinct and will not interfere with any >>>>>>> existing >>>>>>> resources used by other browsers or features. >>>>>>> >>>>>> >>>>>> Beyond that, I think that the fact that this is a short-lived >>>>>> capability also significantly reduces risk. >>>>>> Do you have a rough estimate on the length of the grace period? (I'm >>>>>> guessing this will not be relevant after it) >>>>>> >>>>>> >>>>>>> WebView application risks >>>>>>> >>>>>>> Does this intent deprecate or change behavior of existing APIs, such >>>>>>> that it has potentially high risk for Android WebView-based >>>>>>> applications? >>>>>>> >>>>>>> No >>>>>>> >>>>>>> Debuggability >>>>>>> >>>>>>> N/A >>>>>>> >>>>>>> Will this feature be supported on all six Blink platforms (Windows, >>>>>>> Mac, Linux, Chrome OS, Android, and Android WebView)? >>>>>>> >>>>>>> All except WebView. (Third-party cookie deprecation launches don’t >>>>>>> include WebView.) >>>>>>> >>>>>>> Is this feature fully tested by web-platform-tests >>>>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>>>>> ? >>>>>>> >>>>>>> No >>>>>>> >>>>>>> Flag name on chrome://flags >>>>>>> >>>>>>> N/A >>>>>>> >>>>>>> Finch feature name >>>>>>> >>>>>>> base::features::TpcdMetadataStageControl >>>>>>> >>>>>>> Non-finch justification >>>>>>> >>>>>>> N/A >>>>>>> >>>>>>> Requires code in //chrome? >>>>>>> >>>>>>> No. All code for the grace period and new staged opt-out handling is >>>>>>> in //components/tpcd/metadata >>>>>>> <https://source.chromium.org/chromium/chromium/src/+/main:components/tpcd/metadata/> >>>>>>> . >>>>>>> >>>>>>> Estimated milestones >>>>>>> >>>>>>> Client support is shipping to M125 on May 14. Server-side file >>>>>>> processing will begin some time after that date. A separate notice >>>>>>> will be >>>>>>> sent when that process begins. >>>>>>> >>>>>>> Anticipated spec changes >>>>>>> >>>>>>> None >>>>>>> >>>>>>> Link to entry on the Chrome Platform Status >>>>>>> >>>>>>> https://chromestatus.com/feature/5205350707101696 >>>>>>> >>>>>>> Links to previous Intent discussions >>>>>>> >>>>>>> Intent to prototype: >>>>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/O9mh5XvbqqE/m/IyK22zHkAAAJ >>>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "blink-dev" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to blink-dev+unsubscr...@chromium.org. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAODhGg7m2ARTr5%3DxE0Jex1bcmQ2ySUZRa%3DJSWpW6UuX56sD5Yg%40mail.gmail.com >>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAODhGg7m2ARTr5%3DxE0Jex1bcmQ2ySUZRa%3DJSWpW6UuX56sD5Yg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "blink-dev" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to blink-dev+unsubscr...@chromium.org. >>>>> >>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/25be1203-c642-426a-bfeb-27592e50e113n%40chromium.org >>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/25be1203-c642-426a-bfeb-27592e50e113n%40chromium.org?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+unsubscr...@chromium.org. >> To view this discussion on the web visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOmohSJif6nxD4S5hcwoO%3DB1vSzHBphr0E%3DxuzLxRHBfVsbk9g%40mail.gmail.com >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOmohSJif6nxD4S5hcwoO%3DB1vSzHBphr0E%3DxuzLxRHBfVsbk9g%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADsXd2M2d%2Byw2hPYBGAhiQ5Hwj5C27VdgYcaYuj_Uq4DUJwPoA%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADsXd2M2d%2Byw2hPYBGAhiQ5Hwj5C27VdgYcaYuj_Uq4DUJwPoA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAK7rkMhBom03OwAvRWrS2UPmRmLqWqOQPWCb97K6P%2Bx0e1S%3D7Q%40mail.gmail.com.