On Tuesday, March 11, 2025 at 12:08:50 PM UTC-4 Mike Taylor wrote:
On 3/11/25 9:52 AM, Andrew Liu wrote: On Monday, March 10, 2025 at 5:16:00 PM UTC-4 Mike Taylor wrote: On 3/3/25 10:32 AM, Andrew Liu wrote: Done, requested reviews. On Sunday, March 2, 2025 at 9:35:30 PM UTC-5 Domenic Denicola wrote: Can you request Privacy, WP Security, Enterprise, Debuggability, and Testing review gates in ChromeStatus? On Friday, February 28, 2025 at 7:45:44 AM UTC+9 Andrew Liu wrote: Fixed the link in chromestatus, thanks. On Thursday, February 27, 2025 at 5:02:41 PM UTC-5 Mike Taylor wrote: On 2/27/25 3:46 PM, Chromestatus wrote: Contact emails l...@chromium.org, ort...@chromium.org, sv...@chromium.org, rtarp...@chromium.org Explainer https://github.com/privacycg/nav-tracking-mitigations/issues /41#issuecomment-2504329542 Specification https://privacycg.github.io/nav-tracking-mitigations/#bounce -tracking-mitigations Can you point out which section covers the stateless bounce tracking? It's not obvious to me. The stateless modifications are in this pull request: https://github.com/ privacycg/nav-tracking-mitigations/pull/95. ChromeStatus mentioned I should prefer the published spec link over unmerged PRs; would you recommend I use the PR link instead in this case? Thank you. My personal opinion is that an unmerged PR is more useful in the chromestatus entry than a link to a spec that is missing the relevant proposed changes. But, even better is merging the PR and linking to the spec. So, what is preventing us from doing that in this case? I don't have permissions in the repo to merge the PR. I formally became a spec editor a week ago, but GH permission changes have to go through the PrivacyCG chairs. The previous editors have requested that new editors (e.g. me) merge any future PRs. So at this point I'm blocked (until their next meeting, which is on Thursday, I suspect). I've switched the ChromeStatus field to point to the PR in the meantime. I'll switch it back once the PR is merged. Summary Bounce tracking mitigations for the HTTP cache is an extension to existing anti-bounce-tracking behavior. It removes the requirement that a suspected tracking site must have performed storage access in order to activate bounce tracking mitigations. Chrome's initially proposed bounce tracking mitigation solution triggers when a site accesses browser storage (e.g. cookies) during a redirect flow. However, bounce trackers can systematically circumvent such mitigations by using the HTTP cache to preserve data. By relaxing the triggering conditions for bounce tracking mitigations, the browser should be able to catch bounce trackers using the HTTP cache. Blink component Privacy>NavTracking <https://issues.chromium.org/issues?q=customfield1222907:%22Privacy%3ENavTracking%22> TAG review https://github.com/w3ctag/design-reviews/issues/862 It looks like https://github.com/w3ctag/design-reviews/issues/1062 is the correct link. TAG review status Not applicable Risks Interoperability and Compatibility None *Gecko*: Positive (https://github.com/mozilla/standards-positions/issues/835) What is the difference between 835 and https://github.com/mozilla/sta ndards-positions/issues/1186? Is 1186 supposed to cover this particular change (not requiring storage access / considering the HTTP cache)? If so, could it be edited to reflect that? Yeah, 1186 was opened to highlight the stateless changes. Edited the ChromeStatus entry. *WebKit*: No signal (https://github.com/WebKit/sta ndards-positions/issues/214) Could we add a comment to this old issue informing them of this proposed change? Done. *Web developers*: No signals *Other signals*: WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? None Debuggability There exists a section in Chrome devtools to try out bounce tracking mitigations (see link for context). It currently checks for the current (stateful) behavior and will be updated after the fact. Progress for devtools parity is tracked in https://crbug.com/399681359. https://developer.chrome.com/blog/bounce-tracking-mitigation s-dev-trial#how_can_i_tell_if_my_site_is_impacted Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)? No This feature is supported on all platforms except WebView. Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ? Yes https://wpt.fyi/results/nav-tracking-mitigations?label=maste r&label=experimental&aligned&q=nav-tracking-mitigations Flag name on about://flags None Finch feature name DIPS Requires code in //chrome? False Tracking bug https://crbug.com/40264244 Launch bug https://launch.corp.google.com/launch/4354304 Estimated milestones Shipping on desktop 134 Anticipated spec changes Open questions about a feature may be a source of future web compat or interop issues. Please list open issues (e.g. links to known github issues in the project for the feature specification) whose resolution may introduce web compat/interop risk (e.g., changing to naming or structure of the API in a non-backward-compatible way). https://github.com/privacycg/nav-tracking-mitigations/pull/95 Link to entry on the Chrome Platform Status https://chromestatus.com/featu re/6299570819301376?gate=5206396818423808 Links to previous Intent discussions Intent to Prototype: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/6 7644489.2b0a0220.30ecd.0256.GAE%40google.com This intent message was generated by Chrome Platform Status <https://chromestatus.com>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/ch romium.org/d/msgid/blink-dev/67c0cf33.2b0a0220.2c86e9.0223.GAE%40google.com <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/67c0cf33.2b0a0220.2c86e9.0223.GAE%40google.com?utm_medium=email&utm_source=footer> . -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/b63448ff-e66b-4986-826c-e8168cfd70ccn%40chromium.org.
