Hey all, We have enabled the PartitionedCookies feature on 1% of stable. We will continue to keep the feature enabled on 50% of canary/dev/beta.
Thanks, Dylan On Wednesday, February 1, 2023 at 1:46:10 PM UTC-5 Dylan Cutler wrote: > Hey all, > > Another quick update. Due to a partitioned cookies privacy bug > <https://bugs.chromium.org/p/chromium/issues/detail?id=1405772> that was > discovered, we have to delay the launch of CHIPS to M110, which is the most > recent release with the patch. > > Since M110 has been released to beta, we have enabled the > PartitionedCookies feature on 50% of dev/beta/canary. We will begin rolling > out to 1% stable next week. > > Thanks, > Dylan > > On Fri, Jan 6, 2023 at 1:07 PM Dylan Cutler <dylan...@google.com> wrote: > >> Hey all, quick update. >> >> We intend to roll out the feature in gradual increments starting January >> 10, 2023; and expect to reach 5% of Chrome instances on January 24, 2023 >> and stay there for a couple of weeks. Once we are satisfied that there is >> no regression in metrics/behavior, we will proceed with the rollout. >> >> On Thu, Nov 24, 2022 at 10:55 AM Rick Byers <rby...@chromium.org> wrote: >> >>> LGTM3 >>> >>> On Thu, Nov 24, 2022 at 5:24 AM Yoav Weiss <yoav...@chromium.org> wrote: >>> >>>> LGTM2 >>>> >>>> On Thu, Nov 24, 2022 at 10:43 AM Johann Hofmann <joha...@google.com> >>>> wrote: >>>> >>>>> >>>>> >>>>> On Wed, Nov 23, 2022 at 5:37 PM Chris Harrelson <chri...@chromium.org> >>>>> wrote: >>>>> >>>>>> >>>>>> >>>>>> On Wed, Nov 23, 2022 at 10:34 AM 'Johann Hofmann' via blink-dev < >>>>>> blin...@chromium.org> wrote: >>>>>> >>>>>>> Hi Yoav, >>>>>>> >>>>>>> On Wed, Nov 23, 2022 at 5:28 AM Yoav Weiss <yoav...@chromium.org> >>>>>>> wrote: >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Thu, Oct 20, 2022 at 10:57 PM 'Dylan Cutler' via blink-dev < >>>>>>>> blin...@chromium.org> wrote: >>>>>>>> >>>>>>>>> Contact emails: >>>>>>>>> >>>>>>>>> dylan...@google.com, kaust...@google.com >>>>>>>>> >>>>>>>>> Proposal repository: >>>>>>>>> >>>>>>>>> https://github.com/privacycg/CHIPS >>>>>>>>> >>>>>>>>> Design doc: >>>>>>>>> >>>>>>>>> >>>>>>>>> https://docs.google.com/document/d/1wL2lCXpaVOi0cWOn_ehfLFIZQxT3t0SH-ANnZYPEB0I/edit?usp=sharing >>>>>>>>> >>>>>>>>> Specification: >>>>>>>>> >>>>>>>>> >>>>>>>>> https://datatracker.ietf.org/doc/draft-cutler-httpbis-partitioned-cookies/ >>>>>>>>> >>>>>>>> >>>>>>>> Can you expand on the plans for this I-D? Have y'all talked to the >>>>>>>> HTTPWG? >>>>>>>> >>>>>>> >>>>>>> Yes, this is being discussed in HTTPWG. Dylan presented CHIPS at >>>>>>> IETF 115, minutes are here: >>>>>>> https://httpwg.org/wg-materials/ietf115/minutes.html#cookies >>>>>>> >>>>>> >>>>>> Great. Were there any concerns raised there that might create a risk >>>>>> for CHIPS? >>>>>> >>>>> >>>>> Not as far as I'm aware of. I couldn't attend the meeting in person, >>>>> but revisited it with the team. From what I was told the main discussion >>>>> point was whether we shouldn't just partition all 3P cookies by default >>>>> instead of giving developers the ability to decide. It's a valid >>>>> question, >>>>> but one that has been extensively discussed between browser vendors in >>>>> Privacy CG, and both Safari and Chrome have made it clear that they >>>>> strongly prefer blocking 3P cookies by default (with Firefox not being >>>>> opposed to that). We'll of course keep on engaging with these concerns >>>>> and >>>>> questions in HTTPWG, but it seems like a decision that ultimately >>>>> browsers >>>>> should have the most authority on. >>>>> >>>>> In any case, I don't think that this discussion presents any compat >>>>> risk for CHIPS, as the Partitioned attribute would be compatible with a >>>>> hypothetical partition-by-default future (i.e. by being a no-op). >>>>> >>>> >>>> Thanks for the details! :) >>>> >>>> >>>>> >>>>> >>>>>> >>>>>>> One important thing to note is that the HTML/Fetch <-> Cookies spec >>>>>>> interfaces aren't well defined at the moment, which also affects other >>>>>>> specs that deal with cookie changes such as the Storage Access API. >>>>>>> We're >>>>>>> working on fixing this in a larger effort called "cookie layering" >>>>>>> <https://github.com/httpwg/http-extensions/issues/2084>, which is >>>>>>> intended to give Fetch some more responsibility in providing the >>>>>>> information that is used to select cookies from the cookie store. This >>>>>>> way >>>>>>> we can actually access concepts like "top-level site" at the right >>>>>>> implementation layer. So, in the mid-term, parts of CHIPS will likely >>>>>>> end >>>>>>> up back in HTML and Fetch. >>>>>>> >>>>>>> In the meantime, like for SameSite, the RFC will hand-wave some of >>>>>>> the browser bits. >>>>>>> >>>>>>> >>>>>>>> >>>>>>>>> Summary: >>>>>>>>> >>>>>>>>> Given that Chrome plans to deprecate unpartitioned third-party >>>>>>>>> cookies, we want to give developers the ability to use cookies in >>>>>>>>> cross-site contexts that are partitioned by top-level site to meet >>>>>>>>> use >>>>>>>>> cases >>>>>>>>> <https://developer.chrome.com/en/docs/privacy-sandbox/chips/#use-cases> >>>>>>>>> >>>>>>>>> that don't track users cross-site (e.g. SaaS embeds, headless CMS, >>>>>>>>> sandbox >>>>>>>>> domains, etc.). Chrome will introduce a mechanism to opt into having >>>>>>>>> third-party cookies partitioned by top-level site using a new cookie >>>>>>>>> attribute, Partitioned. >>>>>>>>> >>>>>>>>> Since we announced our Intent to Experiment >>>>>>>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/_dJFNJpf91U/m/OXzFi_6wAwAJ?utm_medium=email&utm_source=footer> >>>>>>>>> >>>>>>>>> with CHIPS, there have been some changes to the API: >>>>>>>>> >>>>>>>>> >>>>>>>>> - >>>>>>>>> >>>>>>>>> The Partitioned attribute no longer requires >>>>>>>>> <https://github.com/privacycg/CHIPS/pull/46> the __Host- >>>>>>>>> prefix or its required attributes. The Secure requirement remains. >>>>>>>>> - >>>>>>>>> >>>>>>>>> We are changing the per-partition-per-domain limit to be based >>>>>>>>> on the total size (in bytes) of the cookies set by a domain in a >>>>>>>>> particular >>>>>>>>> partition in addition to the number of cookies. We intend >>>>>>>>> >>>>>>>>> <https://github.com/privacycg/CHIPS/issues/48#issuecomment-1264126065> >>>>>>>>> >>>>>>>>> to impose a limit of 10 KB per-embedded-site, per-top-level-site >>>>>>>>> and >>>>>>>>> increase the numeric limit from 10 to 180. >>>>>>>>> - >>>>>>>>> >>>>>>>>> For sites embedded in top-level domains that are in a First-Party >>>>>>>>> Set <https://github.com/WICG/first-party-sets>, their cookies' >>>>>>>>> partition key will no longer be the owner domain of that set. >>>>>>>>> Rather, the >>>>>>>>> partition key will always be the top-level domain that the cookie >>>>>>>>> was >>>>>>>>> created on. >>>>>>>>> >>>>>>>>> >>>>>>>>> Blink component: >>>>>>>>> >>>>>>>>> Internals>Network>Cookies >>>>>>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Internals%3ENetwork%3ECookies> >>>>>>>>> >>>>>>>>> TAG review: >>>>>>>>> >>>>>>>>> https://github.com/w3ctag/design-reviews/issues/654 (Supportive >>>>>>>>> early review) >>>>>>>>> >>>>>>>>> https://github.com/w3ctag/design-reviews/issues/779 (Oct 19 >>>>>>>>> specification review) >>>>>>>>> >>>>>>>>> Risks >>>>>>>>> >>>>>>>>> Interoperability and Compatibility >>>>>>>>> >>>>>>>>> Firefox: Positive >>>>>>>>> <https://mozilla.github.io/standards-positions/#chips> >>>>>>>>> >>>>>>>>> WebKit: Supported incubation >>>>>>>>> <https://github.com/privacycg/proposals/issues/30#issuecomment-1113257336>, >>>>>>>>> >>>>>>>>> Official position pending >>>>>>>>> <https://github.com/WebKit/standards-positions/issues/50> >>>>>>>>> >>>>>>>>> Web developers: Developers have indicated that CHIPS does solve >>>>>>>>> for many use cases that depend on access to cookies in cross-site >>>>>>>>> contexts ( >>>>>>>>> 1 <https://github.com/privacycg/CHIPS/issues/8>, 2 >>>>>>>>> <https://github.com/privacycg/CHIPS/issues/30#issuecomment-1104225686>, >>>>>>>>> >>>>>>>>> 3 >>>>>>>>> <https://triplelift.com/privacy-hub/w3c-proposals-explained-privacy-with-a-side-of-chips/>). >>>>>>>>> >>>>>>>>> Through incubation, and the Origin Trial, we received feedback to >>>>>>>>> improve >>>>>>>>> ease-of-use, particularly to allow for easier migration of existing >>>>>>>>> systems >>>>>>>>> to use CHIPS. We believe we have satisfactorily resolved these >>>>>>>>> concerns >>>>>>>>> (see changes made listed under Summary section). >>>>>>>>> >>>>>>>>> Other signals: >>>>>>>>> >>>>>>>>> Ergonomics >>>>>>>>> >>>>>>>>> N/A >>>>>>>>> >>>>>>>>> >>>>>>>>> Activation >>>>>>>>> >>>>>>>>> This feature introduces a new cookie attribute, Partitioned, which >>>>>>>>> is opt-in only. Sites which do not set their cookies with Partitioned >>>>>>>>> should not see any change in the browser's behavior when we ship. >>>>>>>>> >>>>>>>>> >>>>>>>>> Security >>>>>>>>> >>>>>>>>> See S&P questionnaire for TAG >>>>>>>>> <https://github.com/privacycg/CHIPS/blob/main/TAG-S%26P-questionnaire.md> >>>>>>>>> >>>>>>>>> >>>>>>>>> WebView application risks >>>>>>>>> >>>>>>>>> Does this intent deprecate or change behavior of existing APIs, >>>>>>>>> such that it has potentially high risk for Android WebView-based >>>>>>>>> applications? >>>>>>>>> >>>>>>>>> This feature does not deprecate or change behavior of existing >>>>>>>>> APIs. This feature is behind a killswitch. >>>>>>>>> >>>>>>>>> >>>>>>>>> Will this feature be supported on all six Blink platforms >>>>>>>>> (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)? >>>>>>>>> >>>>>>>>> Yes >>>>>>>>> >>>>>>>>> Is this feature covered by web platform tests? >>>>>>>>> >>>>>>>>> Yes >>>>>>>>> <https://github.com/web-platform-tests/wpt/tree/master/cookies/partitioned-cookies> >>>>>>>>> >>>>>>>>> Flag name >>>>>>>>> >>>>>>>>> partitioned-cookies >>>>>>>>> >>>>>>>>> Requires code in //chrome? >>>>>>>>> >>>>>>>>> No >>>>>>>>> >>>>>>>>> Tracking bug: >>>>>>>>> >>>>>>>>> https://crbug.com/1225444 >>>>>>>>> >>>>>>>>> Non-OSS dependencies >>>>>>>>> >>>>>>>>> Does the feature depend on any code or APIs outside the Chromium >>>>>>>>> open source repository and its open-source dependencies to function? >>>>>>>>> >>>>>>>>> Not anymore than cookies already do now. >>>>>>>>> >>>>>>>>> Estimated milestones >>>>>>>>> >>>>>>>>> OriginTrial desktop last >>>>>>>>> >>>>>>>>> 106 >>>>>>>>> >>>>>>>>> OriginTrial desktop first >>>>>>>>> >>>>>>>>> 100 >>>>>>>>> >>>>>>>>> OriginTrial Android last >>>>>>>>> >>>>>>>>> 106 >>>>>>>>> >>>>>>>>> OriginTrial Android first >>>>>>>>> >>>>>>>>> 100 >>>>>>>>> >>>>>>>>> Anticipated spec changes >>>>>>>>> >>>>>>>>> Open questions about a feature may be a source of future web >>>>>>>>> compat or interop issues. Please list open issues (e.g. links to >>>>>>>>> known >>>>>>>>> github issues in the project for the feature specification) whose >>>>>>>>> resolution may introduce web compat/interop risk (e.g., changing to >>>>>>>>> naming >>>>>>>>> or structure of the API in a non-backward-compatible way). >>>>>>>>> >>>>>>>>> List of open issues: https://github.com/privacycg/CHIPS/issues >>>>>>>>> >>>>>>>>> Chrome Platform Status page: >>>>>>>>> >>>>>>>>> https://chromestatus.com/feature/5179189105786880 >>>>>>>>> >>>>>>>>> Links to previous Intent discussions >>>>>>>>> >>>>>>>>> Intent to Prototype: >>>>>>>>> >>>>>>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/hvMJ33kqHRo/ >>>>>>>>> >>>>>>>>> Intent to Experiment: >>>>>>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/_dJFNJpf91U/m/YqP09XbbAgAJ >>>>>>>>> >>>>>>>>> Intent to Extend Experiment: >>>>>>>>> >>>>>>>>> >>>>>>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/kZRtetS8jsY/m/ppK4kDbqAwAJ >>>>>>>>> >>>>>>>>> >>>>>>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/MKQODOL0Fso/m/nZXI2dqwAQAJ >>>>>>>>> >>>>>>>>> -- >>>>>>>>> You received this message because you are subscribed to the Google >>>>>>>>> Groups "blink-dev" group. >>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>> send an email to blink-dev+...@chromium.org. >>>>>>>>> To view this discussion on the web visit >>>>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMCNMFTt9hEnH1%2BBzB6c0qQijbBEJwvUKPKSO2gu7E-A%2BY_v8w%40mail.gmail.com >>>>>>>>> >>>>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMCNMFTt9hEnH1%2BBzB6c0qQijbBEJwvUKPKSO2gu7E-A%2BY_v8w%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>>>> . >>>>>>>>> >>>>>>>> -- >>>>>>>> You received this message because you are subscribed to the Google >>>>>>>> Groups "blink-dev" group. >>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>> send an email to blink-dev+...@chromium.org. >>>>>>>> To view this discussion on the web visit >>>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfUDzq6pUpw_%2BGMBxzrsb23qtw5Vnv-QG6yZQ35G_j%2BZfQ%40mail.gmail.com >>>>>>>> >>>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfUDzq6pUpw_%2BGMBxzrsb23qtw5Vnv-QG6yZQ35G_j%2BZfQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>>> . >>>>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "blink-dev" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to blink-dev+...@chromium.org. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAD_OO4gVfT1aAHE4%3D3Cs6KoCA54q14bGaPepuqofdTEKJVkkgw%40mail.gmail.com >>>>>>> >>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAD_OO4gVfT1aAHE4%3D3Cs6KoCA54q14bGaPepuqofdTEKJVkkgw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "blink-dev" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to blink-dev+...@chromium.org. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfXOZKtBQPewkukz85JZdT6OXSqLTz8%2BvUZQ6rBaY4hQ3g%40mail.gmail.com >>>> >>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfXOZKtBQPewkukz85JZdT6OXSqLTz8%2BvUZQ6rBaY4hQ3g%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/3a92ee27-1764-4cb0-9a9c-21c5f8ebb778n%40chromium.org.
