On 3/11/25 9:52 AM, Andrew Liu wrote:
On Monday, March 10, 2025 at 5:16:00 PM UTC-4 Mike Taylor wrote:
On 3/3/25 10:32 AM, Andrew Liu wrote:
Done, requested reviews.
On Sunday, March 2, 2025 at 9:35:30 PM UTC-5 Domenic Denicola wrote:
Can you request Privacy, WP Security, Enterprise,
Debuggability, and Testing review gates in ChromeStatus?
On Friday, February 28, 2025 at 7:45:44 AM UTC+9 Andrew Liu
wrote:
Fixed the link in chromestatus, thanks.
On Thursday, February 27, 2025 at 5:02:41 PM UTC-5 Mike
Taylor wrote:
On 2/27/25 3:46 PM, Chromestatus wrote:
Contact emails l...@chromium.org,
ort...@chromium.org, sv...@chromium.org,
rtarp...@chromium.org
Explainer
https://github.com/privacycg/nav-tracking-mitigations/issues/41#issuecomment-2504329542
<https://github.com/privacycg/nav-tracking-mitigations/issues/41#issuecomment-2504329542>
Specification
https://privacycg.github.io/nav-tracking-mitigations/#bounce-tracking-mitigations
<https://privacycg.github.io/nav-tracking-mitigations/#bounce-tracking-mitigations>
Can you point out which section covers the stateless bounce
tracking? It's not obvious to me.
The stateless modifications are in this pull request:
https://github.com/privacycg/nav-tracking-mitigations/pull/95.
ChromeStatus mentioned I should prefer the published spec link over
unmerged PRs; would you recommend I use the PR link instead in this case?
Thank you. My personal opinion is that an unmerged PR is more useful in
the chromestatus entry than a link to a spec that is missing the
relevant proposed changes. But, even better is merging the PR and
linking to the spec. So, what is preventing us from doing that in this case?
Summary
Bounce tracking mitigations for the HTTP cache is an
extension to existing anti-bounce-tracking behavior.
It removes the requirement that a suspected tracking
site must have performed storage access in order to
activate bounce tracking mitigations. Chrome's
initially proposed bounce tracking mitigation
solution triggers when a site accesses browser
storage (e.g. cookies) during a redirect flow.
However, bounce trackers can systematically
circumvent such mitigations by using the HTTP cache
to preserve data. By relaxing the triggering
conditions for bounce tracking mitigations, the
browser should be able to catch bounce trackers
using the HTTP cache.
Blink component Privacy>NavTracking
<https://issues.chromium.org/issues?q=customfield1222907:%22Privacy%3ENavTracking%22>
TAG review
https://github.com/w3ctag/design-reviews/issues/862
<https://github.com/w3ctag/design-reviews/issues/862>
It looks like
https://github.com/w3ctag/design-reviews/issues/1062
<https://github.com/w3ctag/design-reviews/issues/1062>
is the correct link.
TAG review status Not applicable
Risks
Interoperability and Compatibility
None
/Gecko/: Positive
(https://github.com/mozilla/standards-positions/issues/835
<https://github.com/mozilla/standards-positions/issues/835>)
What is the difference between 835 and
https://github.com/mozilla/standards-positions/issues/1186
<https://github.com/mozilla/standards-positions/issues/1186>? Is
1186 supposed to cover this particular change (not requiring
storage access / considering the HTTP cache)? If so, could it be
edited to reflect that?
Yeah, 1186 was opened to highlight the stateless changes. Edited the
ChromeStatus entry.
/WebKit/: No signal
(https://github.com/WebKit/standards-positions/issues/214
<https://github.com/WebKit/standards-positions/issues/214>)
Could we add a comment to this old issue informing them of this
proposed change?
Done.
/Web developers/: No signals
/Other signals/:
WebView application risks
Does this intent deprecate or change behavior of
existing APIs, such that it has potentially high
risk for Android WebView-based applications?
None
Debuggability
There exists a section in Chrome devtools to try out
bounce tracking mitigations (see link for context).
It currently checks for the current (stateful)
behavior and will be updated after the fact.
Progress for devtools parity is tracked in
https://crbug.com/399681359.
https://developer.chrome.com/blog/bounce-tracking-mitigations-dev-trial#how_can_i_tell_if_my_site_is_impacted
<https://developer.chrome.com/blog/bounce-tracking-mitigations-dev-trial#how_can_i_tell_if_my_site_is_impacted>
Will this feature be supported on all six Blink
platforms (Windows, Mac, Linux, ChromeOS, Android,
and Android WebView)? No
This feature is supported on all platforms except
WebView.
Is this feature fully tested by web-platform-tests
<https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?
Yes
https://wpt.fyi/results/nav-tracking-mitigations?label=master&label=experimental&aligned&q=nav-tracking-mitigations
<https://wpt.fyi/results/nav-tracking-mitigations?label=master&label=experimental&aligned&q=nav-tracking-mitigations>
Flag name on about://flags None
Finch feature name DIPS
Requires code in //chrome? False
Tracking bug https://crbug.com/40264244
Launch bug
https://launch.corp.google.com/launch/4354304
<https://launch.corp.google.com/launch/4354304>
Estimated milestones Shipping on desktop 134
Anticipated spec changes
Open questions about a feature may be a source of
future web compat or interop issues. Please list
open issues (e.g. links to known github issues in
the project for the feature specification) whose
resolution may introduce web compat/interop risk
(e.g., changing to naming or structure of the API in
a non-backward-compatible way).
https://github.com/privacycg/nav-tracking-mitigations/pull/95
<https://github.com/privacycg/nav-tracking-mitigations/pull/95>
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/6299570819301376?gate=5206396818423808
<https://chromestatus.com/feature/6299570819301376?gate=5206396818423808>
Links to previous Intent discussions Intent to
Prototype:
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/67644489.2b0a0220.30ecd.0256.GAE%40google.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/67644489.2b0a0220.30ecd.0256.GAE%40google.com>
This intent message was generated by Chrome Platform
Status <https://chromestatus.com>.
--
You received this message because you are subscribed
to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving
emails from it, send an email to
blink-dev+unsubscr...@chromium.org
<mailto:blink-dev+unsubscr...@chromium.org>.
To view this discussion visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/67c0cf33.2b0a0220.2c86e9.0223.GAE%40google.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/67c0cf33.2b0a0220.2c86e9.0223.GAE%40google.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to blink-dev+unsubscr...@chromium.org.
To view this discussion visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/1b113120-f010-4e52-b70f-bb6fe8505496%40chromium.org.
