Hi -- just had some questions about this (I'm the Potassium open web platform security / privacy reviewer this week), as I was a bit confused...
I'm trying to understand how the tokens work for origin trials. IIUC, the origin trial "enabled" behavior only happens if you serve the deprecation trial token on pages you want to be opted into the deprecation trial [0]. But, (perhaps this is a naive question) doesn't that mean that a server could just only serve those tokens for some percentage of requests, thereby achieving a "self-service system that gives sites the ability to opt-out of the grace period for a certain percentage of clients."? My other question is around considered alternative <https://github.com/explainers-by-googlers/3pcd-grace-period-opt-out?tab=readme-ov-file#considered-alternatives> #3, where the client fetches the .well-known file. That section says that one issue with this approach is that it "[...] accentuates the privacy/security risks of the network fetches." What is the exact nature of these privacy/security risks? I didn't see these privacy explained anywhere? The privacy issues in the security / privacy section don't seem relevant to the way the .well-known data is fetched, AFAICT. Thanks, -Caleb [0] https://developer.chrome.com/docs/web-platform/origin-trials/#take_part_in_an_origin_trial On Tuesday, May 28, 2024 at 2:42:26 PM UTC-4 Vladimir Levin wrote: > LGTM3 > > On Tue, May 28, 2024 at 12:55 PM Ben Kelly <wanderv...@chromium.org> > wrote: > >> >> On Tue, May 28, 2024 at 10:59 AM Vladimir Levin <vmp...@chromium.org> >> wrote: >> >>> Hey Anton, >>> >>> Can you please request reviews for the various chips >>> [image: chips.png] >>> >> >> Done. Thanks. >> >> >> >>> >>> Thanks! >>> Vlad >>> >>> On Mon, May 27, 2024 at 3:09 AM Yoav Weiss (@Shopify) < >>> yoavwe...@chromium.org> wrote: >>> >>>> LGTM2 >>>> >>>> On Fri, May 24, 2024 at 5:53 PM Anton Maliev <amal...@chromium.org> >>>> wrote: >>>> >>>>> I see the concern. The 3P can use document.hasStorageAccess() >>>>> <https://developer.mozilla.org/en-US/docs/Web/API/Document/hasStorageAccess> >>>>> to >>>>> check for cookie support, which accounts for the grace period and >>>>> opt-out. >>>>> (It would return true if there is an active grace period on the 1P or 3P >>>>> that affects the current frame, or false if the current client is opted >>>>> out.) Per the linked I2S, we recommend document.hasStorageAccess() >>>>> instead >>>>> of navigator.cookieEnabled moving forward for validation relating to >>>>> Chrome's 3PCD rollout - the latter doesn't return the correct value for >>>>> this case. >>>> >>>> >>>> Thanks! That makes sense. >>>> >>>> >>>>> >>>>> This also depends if the 3P in question is also on the grace period. >>>>> If it is not, we would expect them to notice any breakage on other 1Ps as >>>>> well. >>>>> >>>>> On Thursday, May 23, 2024 at 4:17:14 PM UTC-4 Yoav Weiss wrote: >>>>> >>>>>> On Thu, May 16, 2024 at 4:15 PM Anton Maliev <amal...@chromium.org> >>>>>> wrote: >>>>>> >>>>>>> > Will developers have a way of knowing if the current site (where >>>>>>> they may see breakage metrics) is opted-out of the grace period? >>>>>>> >>>>>>> Google is planning to build a site dashboard where developers can >>>>>>> check on the status of their grace period and opt-out values. In the >>>>>>> interim, Chrome DevTools shows an Issue for third-party cookies which >>>>>>> are >>>>>>> allowed due to the grace period - this can be used to validate whether >>>>>>> the >>>>>>> grace period is active for that particular client. >>>>>>> >>>>>>> >>>>>> While that's potentially useful, that's not what I had in mind. >>>>>> If a site opt-outs of the grace period, that may impact 3Ps that the >>>>>> site embeds. >>>>>> Those 3Ps (if they are not ready for it) are likely to notice some >>>>>> drop in their functionality or conversion, but they'd need a way of >>>>>> attributing that to the lack of 3P cookies. >>>>>> >>>>>> At the same time, while writing this, I was reminded of >>>>>> navigator.cookieEnabled >>>>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/xU3gTW4aTfg/m/LaUu7IN2BAAJ?utm_medium=email&utm_source=footer>. >>>>>> >>>>>> Do I understand correctly that it would indicate the lack of 3P cookie >>>>>> support in these cases? >>>>>> >>>>>> >>>>>> >>>>>>> > Do you have a rough estimate on the length of the grace period? >>>>>>> (I'm guessing this will not be relevant after it) >>>>>>> >>>>>>> That's correct, a site will no longer need an opt-out file after it >>>>>>> is removed from the grace period. Each grace period entry has its own >>>>>>> expiration date, depending on when the site applied for the deprecation >>>>>>> trial. We will need to assess the demand for new sites onboarding to >>>>>>> the >>>>>>> trial before we can give an estimate on how long we will continue to >>>>>>> support grace periods overall. >>>>>>> >>>>>>> On Thursday, May 16, 2024 at 3:56:15 AM UTC-4 Yoav Weiss wrote: >>>>>>> >>>>>>>> This is an odd one, but I agree that it's a web exposed feature and >>>>>>>> hence should go through the blink process. Thanks for sending this! >>>>>>>> >>>>>>>> >>>>>>>> On Tue, May 14, 2024 at 11:15 PM Anton Maliev <amal...@chromium.org> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Contact emails >>>>>>>>> >>>>>>>>> amal...@chromium.org >>>>>>>>> >>>>>>>>> njeu...@chromium.org >>>>>>>>> >>>>>>>>> wanderv...@chromium.org >>>>>>>>> >>>>>>>>> Explainer >>>>>>>>> >>>>>>>>> https://github.com/explainers-by-googlers/3pcd-grace-period-opt-out >>>>>>>>> >>>>>>>>> Specification >>>>>>>>> >>>>>>>>> Well-known resource specification: >>>>>>>>> https://github.com/explainers-by-googlers/3pcd-grace-period-opt-out/blob/main/well-known-specification.md >>>>>>>>> >>>>>>>>> Summary >>>>>>>>> >>>>>>>>> This proposal details a new mechanism for site developers to >>>>>>>>> conduct a self-service staged opt-out of their third-party cookie >>>>>>>>> phaseout >>>>>>>>> grace period. This is intended primarily for Chrome’s active trials >>>>>>>>> for >>>>>>>>> third-party cookie deprecation - one for top-level sites >>>>>>>>> <https://developers.google.com/privacy-sandbox/3pcd/temporary-exceptions/first-party-deprecation-trial> >>>>>>>>> >>>>>>>>> and one for embedded sites >>>>>>>>> <https://developers.google.com/privacy-sandbox/3pcd/temporary-exceptions/third-party-deprecation-trial>. >>>>>>>>> >>>>>>>>> When a site is approved for one of these trials, they are added to a >>>>>>>>> short-term grace period which mitigates breakage until the token is >>>>>>>>> launched. Sites may also use this opt-out to test long term >>>>>>>>> solutions. >>>>>>>>> >>>>>>>>> Each site on the trial will specify their desired opt-out >>>>>>>>> percentage in a new resource in their .well-known directory >>>>>>>>> <https://datatracker.ietf.org/doc/html/rfc8615>, specified here >>>>>>>>> <https://github.com/explainers-by-googlers/3pcd-deprecation-trial-staged-rollout/blob/main/well-known-specification.md>. >>>>>>>>> >>>>>>>>> Google will implement server infrastructure to fetch and update these >>>>>>>>> values on a schedule, and assign clients randomly to cohorts matching >>>>>>>>> this >>>>>>>>> percentage. These cohorts persist for a client up until clearing site >>>>>>>>> storage or reinstalling the browser. >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Will developers have a way of knowing if the current site (where >>>>>>>> they may see breakage metrics) is opted-out of the grace period? >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>> Blink component >>>>>>>>> >>>>>>>>> Privacy <https://b.corp.google.com/components/1457231> >>>>>>>>> >>>>>>>>> TAG review >>>>>>>>> >>>>>>>>> N/A >>>>>>>>> >>>>>>>>> TAG review status >>>>>>>>> >>>>>>>>> N/A >>>>>>>>> >>>>>>>>> Risks >>>>>>>>> >>>>>>>>> There aren’t inherent security implications for fetching external >>>>>>>>> resources using server-side infrastructure, but there is a risk of >>>>>>>>> fetching >>>>>>>>> bad data, which our implementation addresses. >>>>>>>>> >>>>>>>>> There are also privacy implications for randomly assigning clients >>>>>>>>> to cohorts, which we mitigate by clearing cohorts on site data >>>>>>>>> deletion. >>>>>>>>> There is also a risk that the fetching system fails or that a site >>>>>>>>> loses >>>>>>>>> access to its .well-known resource, both cases which we have planned >>>>>>>>> mitigations for. >>>>>>>>> >>>>>>>>> Interoperability and Compatibility >>>>>>>>> >>>>>>>>> The third-party cookie deprecation trials are a Chrome feature, so >>>>>>>>> these new well-known resources will only be fetched by the Chrome >>>>>>>>> browser. >>>>>>>>> The new resource will be distinct and will not interfere with any >>>>>>>>> existing >>>>>>>>> resources used by other browsers or features. >>>>>>>>> >>>>>>>> >>>>>>>> Beyond that, I think that the fact that this is a short-lived >>>>>>>> capability also significantly reduces risk. >>>>>>>> Do you have a rough estimate on the length of the grace period? >>>>>>>> (I'm guessing this will not be relevant after it) >>>>>>>> >>>>>>>> >>>>>>>>> WebView application risks >>>>>>>>> >>>>>>>>> Does this intent deprecate or change behavior of existing APIs, >>>>>>>>> such that it has potentially high risk for Android WebView-based >>>>>>>>> applications? >>>>>>>>> >>>>>>>>> No >>>>>>>>> >>>>>>>>> Debuggability >>>>>>>>> >>>>>>>>> N/A >>>>>>>>> >>>>>>>>> Will this feature be supported on all six Blink platforms >>>>>>>>> (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)? >>>>>>>>> >>>>>>>>> All except WebView. (Third-party cookie deprecation launches don’t >>>>>>>>> include WebView.) >>>>>>>>> >>>>>>>>> Is this feature fully tested by web-platform-tests >>>>>>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>>>>>>> ? >>>>>>>>> >>>>>>>>> No >>>>>>>>> >>>>>>>>> Flag name on chrome://flags >>>>>>>>> >>>>>>>>> N/A >>>>>>>>> >>>>>>>>> Finch feature name >>>>>>>>> >>>>>>>>> base::features::TpcdMetadataStageControl >>>>>>>>> >>>>>>>>> Non-finch justification >>>>>>>>> >>>>>>>>> N/A >>>>>>>>> >>>>>>>>> Requires code in //chrome? >>>>>>>>> >>>>>>>>> No. All code for the grace period and new staged opt-out handling >>>>>>>>> is in //components/tpcd/metadata >>>>>>>>> <https://source.chromium.org/chromium/chromium/src/+/main:components/tpcd/metadata/> >>>>>>>>> . >>>>>>>>> >>>>>>>>> Estimated milestones >>>>>>>>> >>>>>>>>> Client support is shipping to M125 on May 14. Server-side file >>>>>>>>> processing will begin some time after that date. A separate notice >>>>>>>>> will be >>>>>>>>> sent when that process begins. >>>>>>>>> >>>>>>>>> Anticipated spec changes >>>>>>>>> >>>>>>>>> None >>>>>>>>> >>>>>>>>> Link to entry on the Chrome Platform Status >>>>>>>>> >>>>>>>>> https://chromestatus.com/feature/5205350707101696 >>>>>>>>> >>>>>>>>> Links to previous Intent discussions >>>>>>>>> >>>>>>>>> Intent to prototype: >>>>>>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/O9mh5XvbqqE/m/IyK22zHkAAAJ >>>>>>>>> >>>>>>>>> -- >>>>>>>>> You received this message because you are subscribed to the Google >>>>>>>>> Groups "blink-dev" group. >>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>> send an email to blink-dev+unsubscr...@chromium.org. >>>>>>>>> To view this discussion on the web visit >>>>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAODhGg7m2ARTr5%3DxE0Jex1bcmQ2ySUZRa%3DJSWpW6UuX56sD5Yg%40mail.gmail.com >>>>>>>>> >>>>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAODhGg7m2ARTr5%3DxE0Jex1bcmQ2ySUZRa%3DJSWpW6UuX56sD5Yg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>>>> . >>>>>>>>> >>>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "blink-dev" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to blink-dev+unsubscr...@chromium.org. >>>>>>> >>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/25be1203-c642-426a-bfeb-27592e50e113n%40chromium.org >>>>>>> >>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/25be1203-c642-426a-bfeb-27592e50e113n%40chromium.org?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "blink-dev" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to blink-dev+unsubscr...@chromium.org. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOmohSJif6nxD4S5hcwoO%3DB1vSzHBphr0E%3DxuzLxRHBfVsbk9g%40mail.gmail.com >>>> >>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOmohSJif6nxD4S5hcwoO%3DB1vSzHBphr0E%3DxuzLxRHBfVsbk9g%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to blink-dev+unsubscr...@chromium.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADsXd2M2d%2Byw2hPYBGAhiQ5Hwj5C27VdgYcaYuj_Uq4DUJwPoA%40mail.gmail.com >>> >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADsXd2M2d%2Byw2hPYBGAhiQ5Hwj5C27VdgYcaYuj_Uq4DUJwPoA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+unsubscr...@chromium.org. >> > To view this discussion on the web visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAK7rkMhBom03OwAvRWrS2UPmRmLqWqOQPWCb97K6P%2Bx0e1S%3D7Q%40mail.gmail.com >> >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAK7rkMhBom03OwAvRWrS2UPmRmLqWqOQPWCb97K6P%2Bx0e1S%3D7Q%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/8f96071a-e286-45cc-9f0e-23ea0d481a4en%40chromium.org.
