Ok, thanks for clarifying.

LGTM1

On Wed, Jul 16, 2025 at 8:51 AM 'Zainab Rizvi' via blink-dev <
blink-dev@chromium.org> wrote:

> Hi Chris! We will have a few UI indicators when a resource is blocked:
>
> 1. The "eye" icon will show up in the Omnibox that will allow users to
> disable the feature on a particular top-level site.
> 2. There is a toggle in settings for users to disable the feature entirely.
> 3. For developers, a dedicated issue will pop up in the "Issues" tab.
> 4. For developers, there is a dedicated network error
> <https://source.chromium.org/chromium/chromium/src/+/main:net/base/net_error_list.h;l=136?q=BLOCKED_BY_FINGER&sq=&ss=chromium>
>  in
> the "Network" tab.
>
> On Wed, Jul 16, 2025 at 11:32 AM Chris Harrelson <chris...@chromium.org>
> wrote:
>
>> In case of something breaking: When a script is blocked, is the user able
>> to find that out in a site settings dialog?
>>
>> On Tue, Jul 15, 2025 at 7:59 AM 'Zainab Rizvi' via blink-dev <
>> blink-dev@chromium.org> wrote:
>>
>>> Yes, though Script Blocking in Incognito would have the same observable
>>> effect as extensions that block resources, such as ad blockers. The team is
>>> also adding monitoring to see if incognito detectability is on the rise due
>>> to these features.
>>>
>>> On Mon, Jul 14, 2025 at 7:23 PM Gregg Tavares <g...@chromium.org> wrote:
>>>
>>>> Does this enable more detection of incognito mode by sites?
>>>>
>>>> On Mon, Jul 14, 2025 at 1:08 PM 'Zainab Rizvi' via blink-dev <
>>>> blink-dev@chromium.org> wrote:
>>>>
>>>>> Hi, Alex! This will only be enabled for Chrome's Incognito mode.
>>>>>
>>>>> On Mon, Jul 14, 2025 at 2:19 PM Alex Russell <slightly...@chromium.org>
>>>>> wrote:
>>>>>
>>>>>> Will this be enabled for all Chromium browsers by default?
>>>>>>
>>>>>> On Monday, July 14, 2025 at 8:54:57 AM UTC-7 riz...@google.com wrote:
>>>>>>
>>>>>>> Contact emails
>>>>>>>
>>>>>>> riz...@google.com, mk...@chromium.org
>>>>>>>
>>>>>>> Explainer
>>>>>>>
>>>>>>> https://github.com/explainers-by-googlers/script-blocking
>>>>>>>
>>>>>>> Specification
>>>>>>>
>>>>>>> https://github.com/whatwg/fetch/pull/1840
>>>>>>>
>>>>>>> Summary
>>>>>>>
>>>>>>> Mitigating API Misuse for Browser Re-Identification, otherwise known
>>>>>>> as Script Blocking, is a feature that will block scripts engaging in 
>>>>>>> known,
>>>>>>> prevalent techniques for browser re-identification in third-party 
>>>>>>> contexts.
>>>>>>> These techniques typically involve the misuse of existing browser APIs 
>>>>>>> to
>>>>>>> extract additional information about the user's browser or device
>>>>>>> characteristics.
>>>>>>>
>>>>>>> To strike this balance between protection and usability, this
>>>>>>> proposal focuses on blocking scripts in a third-party context in 
>>>>>>> Incognito
>>>>>>> mode, enhancing Incognito's protections against cross-site tracking when
>>>>>>> users choose to browse in this mode.
>>>>>>>
>>>>>>> This proposal uses a list-based approach, where only domains marked
>>>>>>> as “Impacted by Script Blocking” on the Masked Domain List
>>>>>>> <https://github.com/GoogleChrome/ip-protection/blob/main/Masked-Domain-List.md>
>>>>>>> (MDL) in a third-party context will be impacted.
>>>>>>>
>>>>>>> When the feature is enabled, Chrome will check network requests
>>>>>>> against the blocklist.  This feature will reuse Chromium's
>>>>>>> subresource_filter component, which is responsible for tagging and
>>>>>>> filtering subresource requests based on page-level activation signals 
>>>>>>> and a
>>>>>>> ruleset used to match URLs for filtering.
>>>>>>>
>>>>>>> 1% Experiment Summary
>>>>>>>
>>>>>>> Our 1% stable Incognito experiment did not show any statistically
>>>>>>> significant movement for Incognito-specific Core Web Vitals. 
>>>>>>> Furthermore,
>>>>>>> we did not receive any breakage reports pertaining to this experiment.
>>>>>>>
>>>>>>> As the feature is only enabled for third party resources in
>>>>>>> Incognito sessions, the sample size is smaller than we typically 
>>>>>>> observe in
>>>>>>> a 1% experiment. We plan to carefully ramp the experiment to evaluate
>>>>>>> performance and stability impact before launching to Incognito 100%.
>>>>>>>
>>>>>>> Blink component
>>>>>>>
>>>>>>> Blink>Network>FetchAPI
>>>>>>>
>>>>>>> TAG review
>>>>>>>
>>>>>>> https://github.com/w3ctag/design-reviews/issues/1114
>>>>>>>
>>>>>>> TAG review status
>>>>>>>
>>>>>>> Closed (resolution: decline)
>>>>>>>
>>>>>>>
>>>>>>> Risks
>>>>>>>
>>>>>>> Interoperability and Compatibility
>>>>>>>
>>>>>>> There shouldn’t be any interop concerns.
>>>>>>>
>>>>>>> In terms of compatibility, this feature is anticipated to have an
>>>>>>> impact on websites that rely on scripts from domains identified as 
>>>>>>> serving
>>>>>>> fingerprinting techniques. Sites that integrate third-party scripts from
>>>>>>> identified domains may experience functional breakage or render 
>>>>>>> incorrectly
>>>>>>> when accessed in Incognito mode. We are attempting to mitigate this 
>>>>>>> risk by
>>>>>>> applying temporary exceptions if we determine that the intervention on a
>>>>>>> particular domain may cause significant user experience impact.
>>>>>>>
>>>>>>> Gecko: No signal
>>>>>>>
>>>>>>> WebKit: Shipped/Shipping Safari has a similar feature as part of
>>>>>>> "Intelligent Tracking Prevention" (ITP)
>>>>>>>
>>>>>>> Firefox: Shipped/Shipping Firefox has a similar feature as part of
>>>>>>> "Enhanced Tracking Protection"
>>>>>>>
>>>>>>> Web developers: <will fill out after explainer publication>
>>>>>>>
>>>>>>> WebView application risks
>>>>>>>
>>>>>>> Does this intent deprecate or change behavior of existing APIs, such
>>>>>>> that it has potentially high risk for Android WebView-based 
>>>>>>> applications?
>>>>>>>
>>>>>>> No, we are not proposing to ship this on WebView.
>>>>>>>
>>>>>>> Debuggability
>>>>>>>
>>>>>>> We have added support in DevTools Issues to indicate which requests
>>>>>>> are being blocked by this feature.
>>>>>>>
>>>>>>> We also have
>>>>>>> chrome://flags/#enable-fingerprinting-protection-blocklist-incognito 
>>>>>>> which
>>>>>>> developers and users can use for testing suspected breakage even before 
>>>>>>> we
>>>>>>> ship.
>>>>>>>
>>>>>>> Will this feature be supported on all six Blink platforms (Windows,
>>>>>>> Mac, Linux, ChromeOS, Android, and Android WebView)?
>>>>>>>
>>>>>>> No. We plan to launch this on all Blink platforms except WebView.
>>>>>>>
>>>>>>> Is this feature fully tested by web-platform-tests
>>>>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>
>>>>>>> ?
>>>>>>>
>>>>>>> We are exploring ways to test this feature via WPT. This isn’t
>>>>>>> possible today given the implementation-defined nature of blocked
>>>>>>> resources. Some explorations are discussed here
>>>>>>> <https://explainers-by-googlers.github.io/script-blocking/#testing>.
>>>>>>>
>>>>>>> Flag name on about://flags
>>>>>>>
>>>>>>> chrome://flags/#enable-fingerprinting-protection-blocklist-incognito
>>>>>>>
>>>>>>> Finch feature name
>>>>>>>
>>>>>>> EnableFingerprintingProtectionInIncognito
>>>>>>>
>>>>>>> Rollout plan
>>>>>>>
>>>>>>> (RARE) Experiment users ramp up over time
>>>>>>>
>>>>>>> Requires code in //chrome?
>>>>>>>
>>>>>>> False
>>>>>>>
>>>>>>> Tracking bug
>>>>>>>
>>>>>>> https://issues.chromium.org/issues/431761692
>>>>>>> <https://issues.chromium.org/issues/370696608>
>>>>>>>
>>>>>>>
>>>>>>> Launch bug
>>>>>>>
>>>>>>> https://launch.corp.google.com/launch/4367306
>>>>>>>
>>>>>>> Estimated milestones
>>>>>>>
>>>>>>> Shipping on Desktop
>>>>>>>
>>>>>>> 140
>>>>>>>
>>>>>>> Shipping on Android
>>>>>>>
>>>>>>> 140
>>>>>>>
>>>>>>> Anticipated spec changes
>>>>>>>
>>>>>>> Open questions about a feature may be a source of future web compat
>>>>>>> or interop issues. Please list open issues (e.g. links to known github
>>>>>>> issues in the project for the feature specification) whose resolution 
>>>>>>> may
>>>>>>> introduce web compat/interop risk (e.g., changing to naming or 
>>>>>>> structure of
>>>>>>> the API in a non-backward-compatible way).
>>>>>>>
>>>>>>> None
>>>>>>>
>>>>>>> Link to entry on the Chrome Platform Status
>>>>>>>
>>>>>>> https://chromestatus.com/feature/5188989497376768
>>>>>>>
>>>>>>> Links to previous Intent discussions
>>>>>>>
>>>>>>> Intent to Experiment:
>>>>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/NJvGkSvLk8I?e=48417069
>>>>>>>
>>>>>>>
>>>>>> --
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "blink-dev" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to blink-dev+unsubscr...@chromium.org.
>>>>> To view this discussion visit
>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFhOYsjkJMw5aXR6T%3DQiiajtqAC0s9uqaWEZYgM6J4hUj5W7fA%40mail.gmail.com
>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFhOYsjkJMw5aXR6T%3DQiiajtqAC0s9uqaWEZYgM6J4hUj5W7fA%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>>> .
>>>>>
>>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "blink-dev" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to blink-dev+unsubscr...@chromium.org.
>>> To view this discussion visit
>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFhOYsjGDTA_6ONhuHAxhg7yi-n9kC2y9JdL5nXtUzjb3FXd2Q%40mail.gmail.com
>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFhOYsjGDTA_6ONhuHAxhg7yi-n9kC2y9JdL5nXtUzjb3FXd2Q%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>> --
> You received this message because you are subscribed to the Google Groups
> "blink-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to blink-dev+unsubscr...@chromium.org.
> To view this discussion visit
> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFhOYsieQ5z%3DKQEOQ_ELRSXHW1-agGASiD0aaVpkCku_BR%2BL%2Bg%40mail.gmail.com
> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFhOYsieQ5z%3DKQEOQ_ELRSXHW1-agGASiD0aaVpkCku_BR%2BL%2Bg%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to blink-dev+unsubscr...@chromium.org.
To view this discussion visit 
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw-WO%3DLD3JeHnD3Bz%2BfO2YACZfFaaCAv2VzERBNP23fmNw%40mail.gmail.com.

Reply via email to