LGTM3 On Tue, May 28, 2024 at 12:55 PM Ben Kelly <wanderv...@chromium.org> wrote:
> > On Tue, May 28, 2024 at 10:59 AM Vladimir Levin <vmp...@chromium.org> > wrote: > >> Hey Anton, >> >> Can you please request reviews for the various chips >> [image: chips.png] >> > > Done. Thanks. > > > >> >> Thanks! >> Vlad >> >> On Mon, May 27, 2024 at 3:09 AM Yoav Weiss (@Shopify) < >> yoavwe...@chromium.org> wrote: >> >>> LGTM2 >>> >>> On Fri, May 24, 2024 at 5:53 PM Anton Maliev <amal...@chromium.org> >>> wrote: >>> >>>> I see the concern. The 3P can use document.hasStorageAccess() >>>> <https://developer.mozilla.org/en-US/docs/Web/API/Document/hasStorageAccess> >>>> to >>>> check for cookie support, which accounts for the grace period and opt-out. >>>> (It would return true if there is an active grace period on the 1P or 3P >>>> that affects the current frame, or false if the current client is opted >>>> out.) Per the linked I2S, we recommend document.hasStorageAccess() instead >>>> of navigator.cookieEnabled moving forward for validation relating to >>>> Chrome's 3PCD rollout - the latter doesn't return the correct value for >>>> this case. >>> >>> >>> Thanks! That makes sense. >>> >>> >>>> >>>> This also depends if the 3P in question is also on the grace period. If >>>> it is not, we would expect them to notice any breakage on other 1Ps as >>>> well. >>>> >>>> On Thursday, May 23, 2024 at 4:17:14 PM UTC-4 Yoav Weiss wrote: >>>> >>>>> On Thu, May 16, 2024 at 4:15 PM Anton Maliev <amal...@chromium.org> >>>>> wrote: >>>>> >>>>>> > Will developers have a way of knowing if the current site (where >>>>>> they may see breakage metrics) is opted-out of the grace period? >>>>>> >>>>>> Google is planning to build a site dashboard where developers can >>>>>> check on the status of their grace period and opt-out values. In the >>>>>> interim, Chrome DevTools shows an Issue for third-party cookies which are >>>>>> allowed due to the grace period - this can be used to validate whether >>>>>> the >>>>>> grace period is active for that particular client. >>>>>> >>>>>> >>>>> While that's potentially useful, that's not what I had in mind. >>>>> If a site opt-outs of the grace period, that may impact 3Ps that the >>>>> site embeds. >>>>> Those 3Ps (if they are not ready for it) are likely to notice some >>>>> drop in their functionality or conversion, but they'd need a way of >>>>> attributing that to the lack of 3P cookies. >>>>> >>>>> At the same time, while writing this, I was reminded of >>>>> navigator.cookieEnabled >>>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/xU3gTW4aTfg/m/LaUu7IN2BAAJ?utm_medium=email&utm_source=footer>. >>>>> Do I understand correctly that it would indicate the lack of 3P cookie >>>>> support in these cases? >>>>> >>>>> >>>>> >>>>>> > Do you have a rough estimate on the length of the grace period? >>>>>> (I'm guessing this will not be relevant after it) >>>>>> >>>>>> That's correct, a site will no longer need an opt-out file after it >>>>>> is removed from the grace period. Each grace period entry has its own >>>>>> expiration date, depending on when the site applied for the deprecation >>>>>> trial. We will need to assess the demand for new sites onboarding to the >>>>>> trial before we can give an estimate on how long we will continue to >>>>>> support grace periods overall. >>>>>> >>>>>> On Thursday, May 16, 2024 at 3:56:15 AM UTC-4 Yoav Weiss wrote: >>>>>> >>>>>>> This is an odd one, but I agree that it's a web exposed feature and >>>>>>> hence should go through the blink process. Thanks for sending this! >>>>>>> >>>>>>> >>>>>>> On Tue, May 14, 2024 at 11:15 PM Anton Maliev <amal...@chromium.org> >>>>>>> wrote: >>>>>>> >>>>>>>> Contact emails >>>>>>>> >>>>>>>> amal...@chromium.org >>>>>>>> >>>>>>>> njeu...@chromium.org >>>>>>>> >>>>>>>> wanderv...@chromium.org >>>>>>>> >>>>>>>> Explainer >>>>>>>> >>>>>>>> https://github.com/explainers-by-googlers/3pcd-grace-period-opt-out >>>>>>>> >>>>>>>> Specification >>>>>>>> >>>>>>>> Well-known resource specification: >>>>>>>> https://github.com/explainers-by-googlers/3pcd-grace-period-opt-out/blob/main/well-known-specification.md >>>>>>>> >>>>>>>> Summary >>>>>>>> >>>>>>>> This proposal details a new mechanism for site developers to >>>>>>>> conduct a self-service staged opt-out of their third-party cookie >>>>>>>> phaseout >>>>>>>> grace period. This is intended primarily for Chrome’s active trials for >>>>>>>> third-party cookie deprecation - one for top-level sites >>>>>>>> <https://developers.google.com/privacy-sandbox/3pcd/temporary-exceptions/first-party-deprecation-trial> >>>>>>>> and one for embedded sites >>>>>>>> <https://developers.google.com/privacy-sandbox/3pcd/temporary-exceptions/third-party-deprecation-trial>. >>>>>>>> When a site is approved for one of these trials, they are added to a >>>>>>>> short-term grace period which mitigates breakage until the token is >>>>>>>> launched. Sites may also use this opt-out to test long term solutions. >>>>>>>> >>>>>>>> Each site on the trial will specify their desired opt-out >>>>>>>> percentage in a new resource in their .well-known directory >>>>>>>> <https://datatracker.ietf.org/doc/html/rfc8615>, specified here >>>>>>>> <https://github.com/explainers-by-googlers/3pcd-deprecation-trial-staged-rollout/blob/main/well-known-specification.md>. >>>>>>>> Google will implement server infrastructure to fetch and update these >>>>>>>> values on a schedule, and assign clients randomly to cohorts matching >>>>>>>> this >>>>>>>> percentage. These cohorts persist for a client up until clearing site >>>>>>>> storage or reinstalling the browser. >>>>>>>> >>>>>>> >>>>>>> >>>>>>> Will developers have a way of knowing if the current site (where >>>>>>> they may see breakage metrics) is opted-out of the grace period? >>>>>>> >>>>>>> >>>>>>> >>>>>>>> >>>>>>>> Blink component >>>>>>>> >>>>>>>> Privacy <https://b.corp.google.com/components/1457231> >>>>>>>> >>>>>>>> TAG review >>>>>>>> >>>>>>>> N/A >>>>>>>> >>>>>>>> TAG review status >>>>>>>> >>>>>>>> N/A >>>>>>>> >>>>>>>> Risks >>>>>>>> >>>>>>>> There aren’t inherent security implications for fetching external >>>>>>>> resources using server-side infrastructure, but there is a risk of >>>>>>>> fetching >>>>>>>> bad data, which our implementation addresses. >>>>>>>> >>>>>>>> There are also privacy implications for randomly assigning clients >>>>>>>> to cohorts, which we mitigate by clearing cohorts on site data >>>>>>>> deletion. >>>>>>>> There is also a risk that the fetching system fails or that a site >>>>>>>> loses >>>>>>>> access to its .well-known resource, both cases which we have planned >>>>>>>> mitigations for. >>>>>>>> >>>>>>>> Interoperability and Compatibility >>>>>>>> >>>>>>>> The third-party cookie deprecation trials are a Chrome feature, so >>>>>>>> these new well-known resources will only be fetched by the Chrome >>>>>>>> browser. >>>>>>>> The new resource will be distinct and will not interfere with any >>>>>>>> existing >>>>>>>> resources used by other browsers or features. >>>>>>>> >>>>>>> >>>>>>> Beyond that, I think that the fact that this is a short-lived >>>>>>> capability also significantly reduces risk. >>>>>>> Do you have a rough estimate on the length of the grace period? (I'm >>>>>>> guessing this will not be relevant after it) >>>>>>> >>>>>>> >>>>>>>> WebView application risks >>>>>>>> >>>>>>>> Does this intent deprecate or change behavior of existing APIs, >>>>>>>> such that it has potentially high risk for Android WebView-based >>>>>>>> applications? >>>>>>>> >>>>>>>> No >>>>>>>> >>>>>>>> Debuggability >>>>>>>> >>>>>>>> N/A >>>>>>>> >>>>>>>> Will this feature be supported on all six Blink platforms (Windows, >>>>>>>> Mac, Linux, Chrome OS, Android, and Android WebView)? >>>>>>>> >>>>>>>> All except WebView. (Third-party cookie deprecation launches don’t >>>>>>>> include WebView.) >>>>>>>> >>>>>>>> Is this feature fully tested by web-platform-tests >>>>>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>>>>>> ? >>>>>>>> >>>>>>>> No >>>>>>>> >>>>>>>> Flag name on chrome://flags >>>>>>>> >>>>>>>> N/A >>>>>>>> >>>>>>>> Finch feature name >>>>>>>> >>>>>>>> base::features::TpcdMetadataStageControl >>>>>>>> >>>>>>>> Non-finch justification >>>>>>>> >>>>>>>> N/A >>>>>>>> >>>>>>>> Requires code in //chrome? >>>>>>>> >>>>>>>> No. All code for the grace period and new staged opt-out handling >>>>>>>> is in //components/tpcd/metadata >>>>>>>> <https://source.chromium.org/chromium/chromium/src/+/main:components/tpcd/metadata/> >>>>>>>> . >>>>>>>> >>>>>>>> Estimated milestones >>>>>>>> >>>>>>>> Client support is shipping to M125 on May 14. Server-side file >>>>>>>> processing will begin some time after that date. A separate notice >>>>>>>> will be >>>>>>>> sent when that process begins. >>>>>>>> >>>>>>>> Anticipated spec changes >>>>>>>> >>>>>>>> None >>>>>>>> >>>>>>>> Link to entry on the Chrome Platform Status >>>>>>>> >>>>>>>> https://chromestatus.com/feature/5205350707101696 >>>>>>>> >>>>>>>> Links to previous Intent discussions >>>>>>>> >>>>>>>> Intent to prototype: >>>>>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/O9mh5XvbqqE/m/IyK22zHkAAAJ >>>>>>>> >>>>>>>> -- >>>>>>>> You received this message because you are subscribed to the Google >>>>>>>> Groups "blink-dev" group. >>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>> send an email to blink-dev+unsubscr...@chromium.org. >>>>>>>> To view this discussion on the web visit >>>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAODhGg7m2ARTr5%3DxE0Jex1bcmQ2ySUZRa%3DJSWpW6UuX56sD5Yg%40mail.gmail.com >>>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAODhGg7m2ARTr5%3DxE0Jex1bcmQ2ySUZRa%3DJSWpW6UuX56sD5Yg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>>> . >>>>>>>> >>>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "blink-dev" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to blink-dev+unsubscr...@chromium.org. >>>>>> >>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/25be1203-c642-426a-bfeb-27592e50e113n%40chromium.org >>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/25be1203-c642-426a-bfeb-27592e50e113n%40chromium.org?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to blink-dev+unsubscr...@chromium.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOmohSJif6nxD4S5hcwoO%3DB1vSzHBphr0E%3DxuzLxRHBfVsbk9g%40mail.gmail.com >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOmohSJif6nxD4S5hcwoO%3DB1vSzHBphr0E%3DxuzLxRHBfVsbk9g%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+unsubscr...@chromium.org. >> To view this discussion on the web visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADsXd2M2d%2Byw2hPYBGAhiQ5Hwj5C27VdgYcaYuj_Uq4DUJwPoA%40mail.gmail.com >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADsXd2M2d%2Byw2hPYBGAhiQ5Hwj5C27VdgYcaYuj_Uq4DUJwPoA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAK7rkMhBom03OwAvRWrS2UPmRmLqWqOQPWCb97K6P%2Bx0e1S%3D7Q%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAK7rkMhBom03OwAvRWrS2UPmRmLqWqOQPWCb97K6P%2Bx0e1S%3D7Q%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADsXd2NTSj%2BfH8ft-U-S1ZTVcFwuK_OwsboNR6bQmKymjOj4bA%40mail.gmail.com.
