Hi Chris! We will have a few UI indicators when a resource is blocked: 1. The "eye" icon will show up in the Omnibox that will allow users to disable the feature on a particular top-level site. 2. There is a toggle in settings for users to disable the feature entirely. 3. For developers, a dedicated issue will pop up in the "Issues" tab. 4. For developers, there is a dedicated network error <https://source.chromium.org/chromium/chromium/src/+/main:net/base/net_error_list.h;l=136?q=BLOCKED_BY_FINGER&sq=&ss=chromium> in the "Network" tab.
On Wed, Jul 16, 2025 at 11:32 AM Chris Harrelson <chris...@chromium.org> wrote: > In case of something breaking: When a script is blocked, is the user able > to find that out in a site settings dialog? > > On Tue, Jul 15, 2025 at 7:59 AM 'Zainab Rizvi' via blink-dev < > blink-dev@chromium.org> wrote: > >> Yes, though Script Blocking in Incognito would have the same observable >> effect as extensions that block resources, such as ad blockers. The team is >> also adding monitoring to see if incognito detectability is on the rise due >> to these features. >> >> On Mon, Jul 14, 2025 at 7:23 PM Gregg Tavares <g...@chromium.org> wrote: >> >>> Does this enable more detection of incognito mode by sites? >>> >>> On Mon, Jul 14, 2025 at 1:08 PM 'Zainab Rizvi' via blink-dev < >>> blink-dev@chromium.org> wrote: >>> >>>> Hi, Alex! This will only be enabled for Chrome's Incognito mode. >>>> >>>> On Mon, Jul 14, 2025 at 2:19 PM Alex Russell <slightly...@chromium.org> >>>> wrote: >>>> >>>>> Will this be enabled for all Chromium browsers by default? >>>>> >>>>> On Monday, July 14, 2025 at 8:54:57 AM UTC-7 riz...@google.com wrote: >>>>> >>>>>> Contact emails >>>>>> >>>>>> riz...@google.com, mk...@chromium.org >>>>>> >>>>>> Explainer >>>>>> >>>>>> https://github.com/explainers-by-googlers/script-blocking >>>>>> >>>>>> Specification >>>>>> >>>>>> https://github.com/whatwg/fetch/pull/1840 >>>>>> >>>>>> Summary >>>>>> >>>>>> Mitigating API Misuse for Browser Re-Identification, otherwise known >>>>>> as Script Blocking, is a feature that will block scripts engaging in >>>>>> known, >>>>>> prevalent techniques for browser re-identification in third-party >>>>>> contexts. >>>>>> These techniques typically involve the misuse of existing browser APIs to >>>>>> extract additional information about the user's browser or device >>>>>> characteristics. >>>>>> >>>>>> To strike this balance between protection and usability, this >>>>>> proposal focuses on blocking scripts in a third-party context in >>>>>> Incognito >>>>>> mode, enhancing Incognito's protections against cross-site tracking when >>>>>> users choose to browse in this mode. >>>>>> >>>>>> This proposal uses a list-based approach, where only domains marked >>>>>> as “Impacted by Script Blocking” on the Masked Domain List >>>>>> <https://github.com/GoogleChrome/ip-protection/blob/main/Masked-Domain-List.md> >>>>>> (MDL) in a third-party context will be impacted. >>>>>> >>>>>> When the feature is enabled, Chrome will check network requests >>>>>> against the blocklist. This feature will reuse Chromium's >>>>>> subresource_filter component, which is responsible for tagging and >>>>>> filtering subresource requests based on page-level activation signals >>>>>> and a >>>>>> ruleset used to match URLs for filtering. >>>>>> >>>>>> 1% Experiment Summary >>>>>> >>>>>> Our 1% stable Incognito experiment did not show any statistically >>>>>> significant movement for Incognito-specific Core Web Vitals. Furthermore, >>>>>> we did not receive any breakage reports pertaining to this experiment. >>>>>> >>>>>> As the feature is only enabled for third party resources in Incognito >>>>>> sessions, the sample size is smaller than we typically observe in a 1% >>>>>> experiment. We plan to carefully ramp the experiment to evaluate >>>>>> performance and stability impact before launching to Incognito 100%. >>>>>> >>>>>> Blink component >>>>>> >>>>>> Blink>Network>FetchAPI >>>>>> >>>>>> TAG review >>>>>> >>>>>> https://github.com/w3ctag/design-reviews/issues/1114 >>>>>> >>>>>> TAG review status >>>>>> >>>>>> Closed (resolution: decline) >>>>>> >>>>>> >>>>>> Risks >>>>>> >>>>>> Interoperability and Compatibility >>>>>> >>>>>> There shouldn’t be any interop concerns. >>>>>> >>>>>> In terms of compatibility, this feature is anticipated to have an >>>>>> impact on websites that rely on scripts from domains identified as >>>>>> serving >>>>>> fingerprinting techniques. Sites that integrate third-party scripts from >>>>>> identified domains may experience functional breakage or render >>>>>> incorrectly >>>>>> when accessed in Incognito mode. We are attempting to mitigate this risk >>>>>> by >>>>>> applying temporary exceptions if we determine that the intervention on a >>>>>> particular domain may cause significant user experience impact. >>>>>> >>>>>> Gecko: No signal >>>>>> >>>>>> WebKit: Shipped/Shipping Safari has a similar feature as part of >>>>>> "Intelligent Tracking Prevention" (ITP) >>>>>> >>>>>> Firefox: Shipped/Shipping Firefox has a similar feature as part of >>>>>> "Enhanced Tracking Protection" >>>>>> >>>>>> Web developers: <will fill out after explainer publication> >>>>>> >>>>>> WebView application risks >>>>>> >>>>>> Does this intent deprecate or change behavior of existing APIs, such >>>>>> that it has potentially high risk for Android WebView-based applications? >>>>>> >>>>>> No, we are not proposing to ship this on WebView. >>>>>> >>>>>> Debuggability >>>>>> >>>>>> We have added support in DevTools Issues to indicate which requests >>>>>> are being blocked by this feature. >>>>>> >>>>>> We also have >>>>>> chrome://flags/#enable-fingerprinting-protection-blocklist-incognito >>>>>> which >>>>>> developers and users can use for testing suspected breakage even before >>>>>> we >>>>>> ship. >>>>>> >>>>>> Will this feature be supported on all six Blink platforms (Windows, >>>>>> Mac, Linux, ChromeOS, Android, and Android WebView)? >>>>>> >>>>>> No. We plan to launch this on all Blink platforms except WebView. >>>>>> >>>>>> Is this feature fully tested by web-platform-tests >>>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>>>> ? >>>>>> >>>>>> We are exploring ways to test this feature via WPT. This isn’t >>>>>> possible today given the implementation-defined nature of blocked >>>>>> resources. Some explorations are discussed here >>>>>> <https://explainers-by-googlers.github.io/script-blocking/#testing>. >>>>>> >>>>>> Flag name on about://flags >>>>>> >>>>>> chrome://flags/#enable-fingerprinting-protection-blocklist-incognito >>>>>> >>>>>> Finch feature name >>>>>> >>>>>> EnableFingerprintingProtectionInIncognito >>>>>> >>>>>> Rollout plan >>>>>> >>>>>> (RARE) Experiment users ramp up over time >>>>>> >>>>>> Requires code in //chrome? >>>>>> >>>>>> False >>>>>> >>>>>> Tracking bug >>>>>> >>>>>> https://issues.chromium.org/issues/431761692 >>>>>> <https://issues.chromium.org/issues/370696608> >>>>>> >>>>>> >>>>>> Launch bug >>>>>> >>>>>> https://launch.corp.google.com/launch/4367306 >>>>>> >>>>>> Estimated milestones >>>>>> >>>>>> Shipping on Desktop >>>>>> >>>>>> 140 >>>>>> >>>>>> Shipping on Android >>>>>> >>>>>> 140 >>>>>> >>>>>> Anticipated spec changes >>>>>> >>>>>> Open questions about a feature may be a source of future web compat >>>>>> or interop issues. Please list open issues (e.g. links to known github >>>>>> issues in the project for the feature specification) whose resolution may >>>>>> introduce web compat/interop risk (e.g., changing to naming or structure >>>>>> of >>>>>> the API in a non-backward-compatible way). >>>>>> >>>>>> None >>>>>> >>>>>> Link to entry on the Chrome Platform Status >>>>>> >>>>>> https://chromestatus.com/feature/5188989497376768 >>>>>> >>>>>> Links to previous Intent discussions >>>>>> >>>>>> Intent to Experiment: >>>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/NJvGkSvLk8I?e=48417069 >>>>>> >>>>>> >>>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "blink-dev" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to blink-dev+unsubscr...@chromium.org. >>>> To view this discussion visit >>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFhOYsjkJMw5aXR6T%3DQiiajtqAC0s9uqaWEZYgM6J4hUj5W7fA%40mail.gmail.com >>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFhOYsjkJMw5aXR6T%3DQiiajtqAC0s9uqaWEZYgM6J4hUj5W7fA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+unsubscr...@chromium.org. >> To view this discussion visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFhOYsjGDTA_6ONhuHAxhg7yi-n9kC2y9JdL5nXtUzjb3FXd2Q%40mail.gmail.com >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFhOYsjGDTA_6ONhuHAxhg7yi-n9kC2y9JdL5nXtUzjb3FXd2Q%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFhOYsieQ5z%3DKQEOQ_ELRSXHW1-agGASiD0aaVpkCku_BR%2BL%2Bg%40mail.gmail.com.
