Thanks for sharing Josh! While the only real security boundary on the page can be the frame boundary, I'm personally a fan of this work to provide some defense-in-depth and help reinforce that powerful permissions are for use or delegation by the 1P shown in the address bar, not 3P scripts which aren't specifically coordinating with the 1P for that powerful access under the 1P's reputation. Of course the devil will be in the details in ensuring we avoid hurting legitimate use-cases, but I know you are a world expert <https://blog.chromium.org/2017/06/improving-advertising-on-web.html> in doing this responsibly so I'm confident and looking forward to the public discussion of the data here at I2S time!
Cheers, Rick On Mon, Jul 28, 2025 at 9:11 AM Josh Karlin <jkar...@chromium.org> wrote: > Contact emailsjkar...@google.com > > Explainer > https://github.com/explainers-by-googlers/selective-permissions-intervention > > SpecificationNone > > Summary > > A web platform intervention designed to better align API permissions with > user intent by preventing ad scripts from accessing certain > privacy-sensitive APIs. > > > Blink componentBlink>PermissionsAPI > <https://issues.chromium.org/issues?q=customfield1222907:%22Blink%3EPermissionsAPI%22> > > Motivation > > When a user grants a website permission to access a powerful API like > their precise geolocation, microphone, camera, screen, or clipboard > contents, their consent is intended for the site, not necessarily to every > third-party script running on the page. In particular, embedded ad scripts > can currently leverage the page's permission to opportunistically access > this sensitive data. The user may not be aware that an advertisement is > accessing their information. This intervention aims to better align a > granted permission with user intent by preventing ad script in a context > with API permission from using it, reinforcing user trust and control over > their data. > > > Initial public proposal > https://github.com/explainers-by-googlers/selective-permissions-intervention > > TAG reviewNone > > TAG review statusPending > > Risks > > > Interoperability and Compatibility > > None > > > *Gecko*: No signal > > *WebKit*: No signal > > *Web developers*: No signals > > *Other signals*: > > WebView application risks > > Does this intent deprecate or change behavior of existing APIs, such that > it has potentially high risk for Android WebView-based applications? > > None > > > Debuggability > > None > > > Is this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> > ?No > > Flag name on about://flagsNone > > Finch feature nameNone > > Non-finch justificationNone > > Requires code in //chrome?False > > Estimated milestones > > No milestones specified > > > Link to entry on the Chrome Platform Status > https://chromestatus.com/feature/4811835974615040?gate=5415705121652736 > > This intent message was generated by Chrome Platform Status > <https://chromestatus.com/>. > > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAANMuaPvKk3qSGk%2BH1ExKZEB4nSfg69x_yLDaT_73GOqUa4NWQ%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAANMuaPvKk3qSGk%2BH1ExKZEB4nSfg69x_yLDaT_73GOqUa4NWQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFUtAY8Wh%3DkT9dd73F5VFTuEJMHTYxizw-E07bW2z1Ppn4zXrQ%40mail.gmail.com.
