In case of something breaking: When a script is blocked, is the user able to find that out in a site settings dialog?
On Tue, Jul 15, 2025 at 7:59 AM 'Zainab Rizvi' via blink-dev < blink-dev@chromium.org> wrote: > Yes, though Script Blocking in Incognito would have the same observable > effect as extensions that block resources, such as ad blockers. The team is > also adding monitoring to see if incognito detectability is on the rise due > to these features. > > On Mon, Jul 14, 2025 at 7:23 PM Gregg Tavares <g...@chromium.org> wrote: > >> Does this enable more detection of incognito mode by sites? >> >> On Mon, Jul 14, 2025 at 1:08 PM 'Zainab Rizvi' via blink-dev < >> blink-dev@chromium.org> wrote: >> >>> Hi, Alex! This will only be enabled for Chrome's Incognito mode. >>> >>> On Mon, Jul 14, 2025 at 2:19 PM Alex Russell <slightly...@chromium.org> >>> wrote: >>> >>>> Will this be enabled for all Chromium browsers by default? >>>> >>>> On Monday, July 14, 2025 at 8:54:57 AM UTC-7 riz...@google.com wrote: >>>> >>>>> Contact emails >>>>> >>>>> riz...@google.com, mk...@chromium.org >>>>> >>>>> Explainer >>>>> >>>>> https://github.com/explainers-by-googlers/script-blocking >>>>> >>>>> Specification >>>>> >>>>> https://github.com/whatwg/fetch/pull/1840 >>>>> >>>>> Summary >>>>> >>>>> Mitigating API Misuse for Browser Re-Identification, otherwise known >>>>> as Script Blocking, is a feature that will block scripts engaging in >>>>> known, >>>>> prevalent techniques for browser re-identification in third-party >>>>> contexts. >>>>> These techniques typically involve the misuse of existing browser APIs to >>>>> extract additional information about the user's browser or device >>>>> characteristics. >>>>> >>>>> To strike this balance between protection and usability, this proposal >>>>> focuses on blocking scripts in a third-party context in Incognito mode, >>>>> enhancing Incognito's protections against cross-site tracking when users >>>>> choose to browse in this mode. >>>>> >>>>> This proposal uses a list-based approach, where only domains marked as >>>>> “Impacted by Script Blocking” on the Masked Domain List >>>>> <https://github.com/GoogleChrome/ip-protection/blob/main/Masked-Domain-List.md> >>>>> (MDL) in a third-party context will be impacted. >>>>> >>>>> When the feature is enabled, Chrome will check network requests >>>>> against the blocklist. This feature will reuse Chromium's >>>>> subresource_filter component, which is responsible for tagging and >>>>> filtering subresource requests based on page-level activation signals and >>>>> a >>>>> ruleset used to match URLs for filtering. >>>>> >>>>> 1% Experiment Summary >>>>> >>>>> Our 1% stable Incognito experiment did not show any statistically >>>>> significant movement for Incognito-specific Core Web Vitals. Furthermore, >>>>> we did not receive any breakage reports pertaining to this experiment. >>>>> >>>>> As the feature is only enabled for third party resources in Incognito >>>>> sessions, the sample size is smaller than we typically observe in a 1% >>>>> experiment. We plan to carefully ramp the experiment to evaluate >>>>> performance and stability impact before launching to Incognito 100%. >>>>> >>>>> Blink component >>>>> >>>>> Blink>Network>FetchAPI >>>>> >>>>> TAG review >>>>> >>>>> https://github.com/w3ctag/design-reviews/issues/1114 >>>>> >>>>> TAG review status >>>>> >>>>> Closed (resolution: decline) >>>>> >>>>> >>>>> Risks >>>>> >>>>> Interoperability and Compatibility >>>>> >>>>> There shouldn’t be any interop concerns. >>>>> >>>>> In terms of compatibility, this feature is anticipated to have an >>>>> impact on websites that rely on scripts from domains identified as serving >>>>> fingerprinting techniques. Sites that integrate third-party scripts from >>>>> identified domains may experience functional breakage or render >>>>> incorrectly >>>>> when accessed in Incognito mode. We are attempting to mitigate this risk >>>>> by >>>>> applying temporary exceptions if we determine that the intervention on a >>>>> particular domain may cause significant user experience impact. >>>>> >>>>> Gecko: No signal >>>>> >>>>> WebKit: Shipped/Shipping Safari has a similar feature as part of >>>>> "Intelligent Tracking Prevention" (ITP) >>>>> >>>>> Firefox: Shipped/Shipping Firefox has a similar feature as part of >>>>> "Enhanced Tracking Protection" >>>>> >>>>> Web developers: <will fill out after explainer publication> >>>>> >>>>> WebView application risks >>>>> >>>>> Does this intent deprecate or change behavior of existing APIs, such >>>>> that it has potentially high risk for Android WebView-based applications? >>>>> >>>>> No, we are not proposing to ship this on WebView. >>>>> >>>>> Debuggability >>>>> >>>>> We have added support in DevTools Issues to indicate which requests >>>>> are being blocked by this feature. >>>>> >>>>> We also have >>>>> chrome://flags/#enable-fingerprinting-protection-blocklist-incognito which >>>>> developers and users can use for testing suspected breakage even before we >>>>> ship. >>>>> >>>>> Will this feature be supported on all six Blink platforms (Windows, >>>>> Mac, Linux, ChromeOS, Android, and Android WebView)? >>>>> >>>>> No. We plan to launch this on all Blink platforms except WebView. >>>>> >>>>> Is this feature fully tested by web-platform-tests >>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>>> ? >>>>> >>>>> We are exploring ways to test this feature via WPT. This isn’t >>>>> possible today given the implementation-defined nature of blocked >>>>> resources. Some explorations are discussed here >>>>> <https://explainers-by-googlers.github.io/script-blocking/#testing>. >>>>> >>>>> Flag name on about://flags >>>>> >>>>> chrome://flags/#enable-fingerprinting-protection-blocklist-incognito >>>>> >>>>> Finch feature name >>>>> >>>>> EnableFingerprintingProtectionInIncognito >>>>> >>>>> Rollout plan >>>>> >>>>> (RARE) Experiment users ramp up over time >>>>> >>>>> Requires code in //chrome? >>>>> >>>>> False >>>>> >>>>> Tracking bug >>>>> >>>>> https://issues.chromium.org/issues/431761692 >>>>> <https://issues.chromium.org/issues/370696608> >>>>> >>>>> >>>>> Launch bug >>>>> >>>>> https://launch.corp.google.com/launch/4367306 >>>>> >>>>> Estimated milestones >>>>> >>>>> Shipping on Desktop >>>>> >>>>> 140 >>>>> >>>>> Shipping on Android >>>>> >>>>> 140 >>>>> >>>>> Anticipated spec changes >>>>> >>>>> Open questions about a feature may be a source of future web compat or >>>>> interop issues. Please list open issues (e.g. links to known github issues >>>>> in the project for the feature specification) whose resolution may >>>>> introduce web compat/interop risk (e.g., changing to naming or structure >>>>> of >>>>> the API in a non-backward-compatible way). >>>>> >>>>> None >>>>> >>>>> Link to entry on the Chrome Platform Status >>>>> >>>>> https://chromestatus.com/feature/5188989497376768 >>>>> >>>>> Links to previous Intent discussions >>>>> >>>>> Intent to Experiment: >>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/NJvGkSvLk8I?e=48417069 >>>>> >>>>> >>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to blink-dev+unsubscr...@chromium.org. >>> To view this discussion visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFhOYsjkJMw5aXR6T%3DQiiajtqAC0s9uqaWEZYgM6J4hUj5W7fA%40mail.gmail.com >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFhOYsjkJMw5aXR6T%3DQiiajtqAC0s9uqaWEZYgM6J4hUj5W7fA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFhOYsjGDTA_6ONhuHAxhg7yi-n9kC2y9JdL5nXtUzjb3FXd2Q%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFhOYsjGDTA_6ONhuHAxhg7yi-n9kC2y9JdL5nXtUzjb3FXd2Q%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw9nScr-8MPsoW-v4UiHGHsOZRD4i2qAhOVGEyWSUe6sng%40mail.gmail.com.
