Contact emails l...@chromium.org, ort...@chromium.org, sv...@chromium.org, rtarp...@chromium.org
Explainer https://github.com/privacycg/nav-tracking-mitigations/issues/41#issuecomment-2504329542 Specification https://privacycg.github.io/nav-tracking-mitigations/#bounce-tracking-mitigations Summary Bounce tracking mitigations for the HTTP cache is an extension to existing anti-bounce-tracking behavior. It removes the requirement that a suspected tracking site must have performed storage access in order to activate bounce tracking mitigations. Chrome's initially proposed bounce tracking mitigation solution triggers when a site accesses browser storage (eg cookies) during a redirect flow. However, bounce trackers can systematically circumvent such mitigations by using the HTTP cache to preserve data. By relaxing the triggering conditions for bounce tracking mitigations, the browser should be able to catch bounce trackers using the HTTP cache. Blink component Privacy>NavTracking TAG review https://github.com/w3ctag/design-reviews/issues/862 TAG review status Not applicable Risks Interoperability and Compatibility None Gecko: Positive (https://github.com/mozilla/standards-positions/issues/835) WebKit: No signal (https://github.com/WebKit/standards-positions/issues/214) Web developers: No signals Other signals: WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? None Debuggability There exists a section in Chrome devtools to try out bounce tracking mitigations (see link for context). It currently checks for the current (stateful) behavior and will be updated after the fact. Progress for devtools parity is tracked in https://crbug.com/399681359. https://developer.chrome.com/blog/bounce-tracking-mitigations-dev-trial#how_can_i_tell_if_my_site_is_impacted Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)? No This feature is supported on all platforms except WebView. Is this feature fully tested by web-platform-tests? Yes https://wpt.fyi/results/nav-tracking-mitigations?label=master&label=experimental&aligned&q=nav-tracking-mitigations Flag name on about://flags None Finch feature name DIPS Requires code in //chrome? False Tracking bug https://crbug.com/40264244 Launch bug https://launch.corp.google.com/launch/4354304 Estimated milestones Shipping on desktop 134 Anticipated spec changes Open questions about a feature may be a source of future web compat or interop issues. Please list open issues (eg links to known github issues in the project for the feature specification) whose resolution may introduce web compat/interop risk (eg, changing to naming or structure of the API in a non-backward-compatible way). https://github.com/privacycg/nav-tracking-mitigations/pull/95 Link to entry on the Chrome Platform Status https://chromestatus.com/feature/6299570819301376?gate=5206396818423808 Links to previous Intent discussions Intent to Prototype: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/67644489.2b0a0220.30ecd.0256.GAE%40google.com This intent message was generated by Chrome Platform Status. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/67c0cf33.2b0a0220.2c86e9.0223.GAE%40google.com.
