Does this enable more detection of incognito mode by sites? On Mon, Jul 14, 2025 at 1:08 PM 'Zainab Rizvi' via blink-dev < blink-dev@chromium.org> wrote:
> Hi, Alex! This will only be enabled for Chrome's Incognito mode. > > On Mon, Jul 14, 2025 at 2:19 PM Alex Russell <slightly...@chromium.org> > wrote: > >> Will this be enabled for all Chromium browsers by default? >> >> On Monday, July 14, 2025 at 8:54:57 AM UTC-7 riz...@google.com wrote: >> >>> Contact emails >>> >>> riz...@google.com, mk...@chromium.org >>> >>> Explainer >>> >>> https://github.com/explainers-by-googlers/script-blocking >>> >>> Specification >>> >>> https://github.com/whatwg/fetch/pull/1840 >>> >>> Summary >>> >>> Mitigating API Misuse for Browser Re-Identification, otherwise known as >>> Script Blocking, is a feature that will block scripts engaging in known, >>> prevalent techniques for browser re-identification in third-party contexts. >>> These techniques typically involve the misuse of existing browser APIs to >>> extract additional information about the user's browser or device >>> characteristics. >>> >>> To strike this balance between protection and usability, this proposal >>> focuses on blocking scripts in a third-party context in Incognito mode, >>> enhancing Incognito's protections against cross-site tracking when users >>> choose to browse in this mode. >>> >>> This proposal uses a list-based approach, where only domains marked as >>> “Impacted by Script Blocking” on the Masked Domain List >>> <https://github.com/GoogleChrome/ip-protection/blob/main/Masked-Domain-List.md> >>> (MDL) in a third-party context will be impacted. >>> >>> When the feature is enabled, Chrome will check network requests against >>> the blocklist. This feature will reuse Chromium's subresource_filter >>> component, which is responsible for tagging and filtering subresource >>> requests based on page-level activation signals and a ruleset used to match >>> URLs for filtering. >>> >>> 1% Experiment Summary >>> >>> Our 1% stable Incognito experiment did not show any statistically >>> significant movement for Incognito-specific Core Web Vitals. Furthermore, >>> we did not receive any breakage reports pertaining to this experiment. >>> >>> As the feature is only enabled for third party resources in Incognito >>> sessions, the sample size is smaller than we typically observe in a 1% >>> experiment. We plan to carefully ramp the experiment to evaluate >>> performance and stability impact before launching to Incognito 100%. >>> >>> Blink component >>> >>> Blink>Network>FetchAPI >>> >>> TAG review >>> >>> https://github.com/w3ctag/design-reviews/issues/1114 >>> >>> TAG review status >>> >>> Closed (resolution: decline) >>> >>> >>> Risks >>> >>> Interoperability and Compatibility >>> >>> There shouldn’t be any interop concerns. >>> >>> In terms of compatibility, this feature is anticipated to have an impact >>> on websites that rely on scripts from domains identified as serving >>> fingerprinting techniques. Sites that integrate third-party scripts from >>> identified domains may experience functional breakage or render incorrectly >>> when accessed in Incognito mode. We are attempting to mitigate this risk by >>> applying temporary exceptions if we determine that the intervention on a >>> particular domain may cause significant user experience impact. >>> >>> Gecko: No signal >>> >>> WebKit: Shipped/Shipping Safari has a similar feature as part of >>> "Intelligent Tracking Prevention" (ITP) >>> >>> Firefox: Shipped/Shipping Firefox has a similar feature as part of >>> "Enhanced Tracking Protection" >>> >>> Web developers: <will fill out after explainer publication> >>> >>> WebView application risks >>> >>> Does this intent deprecate or change behavior of existing APIs, such >>> that it has potentially high risk for Android WebView-based applications? >>> >>> No, we are not proposing to ship this on WebView. >>> >>> Debuggability >>> >>> We have added support in DevTools Issues to indicate which requests are >>> being blocked by this feature. >>> >>> We also have >>> chrome://flags/#enable-fingerprinting-protection-blocklist-incognito which >>> developers and users can use for testing suspected breakage even before we >>> ship. >>> >>> Will this feature be supported on all six Blink platforms (Windows, Mac, >>> Linux, ChromeOS, Android, and Android WebView)? >>> >>> No. We plan to launch this on all Blink platforms except WebView. >>> >>> Is this feature fully tested by web-platform-tests >>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>> ? >>> >>> We are exploring ways to test this feature via WPT. This isn’t possible >>> today given the implementation-defined nature of blocked resources. Some >>> explorations are discussed here >>> <https://explainers-by-googlers.github.io/script-blocking/#testing>. >>> >>> Flag name on about://flags >>> >>> chrome://flags/#enable-fingerprinting-protection-blocklist-incognito >>> >>> Finch feature name >>> >>> EnableFingerprintingProtectionInIncognito >>> >>> Rollout plan >>> >>> (RARE) Experiment users ramp up over time >>> >>> Requires code in //chrome? >>> >>> False >>> >>> Tracking bug >>> >>> https://issues.chromium.org/issues/431761692 >>> <https://issues.chromium.org/issues/370696608> >>> >>> >>> Launch bug >>> >>> https://launch.corp.google.com/launch/4367306 >>> >>> Estimated milestones >>> >>> Shipping on Desktop >>> >>> 140 >>> >>> Shipping on Android >>> >>> 140 >>> >>> Anticipated spec changes >>> >>> Open questions about a feature may be a source of future web compat or >>> interop issues. Please list open issues (e.g. links to known github issues >>> in the project for the feature specification) whose resolution may >>> introduce web compat/interop risk (e.g., changing to naming or structure of >>> the API in a non-backward-compatible way). >>> >>> None >>> >>> Link to entry on the Chrome Platform Status >>> >>> https://chromestatus.com/feature/5188989497376768 >>> >>> Links to previous Intent discussions >>> >>> Intent to Experiment: >>> https://groups.google.com/a/chromium.org/g/blink-dev/c/NJvGkSvLk8I?e=48417069 >>> >>> >> -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFhOYsjkJMw5aXR6T%3DQiiajtqAC0s9uqaWEZYgM6J4hUj5W7fA%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFhOYsjkJMw5aXR6T%3DQiiajtqAC0s9uqaWEZYgM6J4hUj5W7fA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAKZ%2BBNpOBJQKcFU8QU3N6j9wMvZMwNMQqrLn_RJm_bpchnP3vA%40mail.gmail.com.
