Hey all, Another update. We decided to roll out CHIPS to 10% of stable instead of 50% to get a better picture on whether CHIPS is having impacts on any of our guiding metrics before rolling out to 50%. Our plan is to let the experiment gather data for 7 days at 10% before checking metrics again and rolling out to 50%.
Thanks, Dylan On Thu, Mar 2, 2023 at 4:15 PM Dylan Cutler <dylancut...@google.com> wrote: > Hey all, > > We were planning to ramp up CHIPS to 50% of stable this week, but upon > doing metrics analysis we see some guardrail metrics have variations > between our control/experiment groups. We are delaying the ramp-up a couple > days to do additional analysis to make sure the variations are legitimate > and/or are actually caused by partitioned cookies. > > Thanks, > Dylan > > On Wed, Feb 22, 2023 at 6:40 PM Dylan Cutler <dylancut...@google.com> > wrote: > >> Hey all, >> >> Another update for CHIPS, we will be rolling out to 5% stable starting >> tomorrow. Canary/beta/dev will remain enabled at 50%. >> >> Thanks, >> Dylan >> >> On Thu, Feb 9, 2023 at 11:36 AM Dylan Cutler <dylancut...@google.com> >> wrote: >> >>> Hey all, >>> >>> We have enabled the PartitionedCookies feature on 1% of stable. We will >>> continue to keep the feature enabled on 50% of canary/dev/beta. >>> >>> Thanks, >>> Dylan >>> >>> On Wednesday, February 1, 2023 at 1:46:10 PM UTC-5 Dylan Cutler wrote: >>> >>>> Hey all, >>>> >>>> Another quick update. Due to a partitioned cookies privacy bug >>>> <https://bugs.chromium.org/p/chromium/issues/detail?id=1405772> that >>>> was discovered, we have to delay the launch of CHIPS to M110, which is the >>>> most recent release with the patch. >>>> >>>> Since M110 has been released to beta, we have enabled the >>>> PartitionedCookies feature on 50% of dev/beta/canary. We will begin rolling >>>> out to 1% stable next week. >>>> >>>> Thanks, >>>> Dylan >>>> >>>> On Fri, Jan 6, 2023 at 1:07 PM Dylan Cutler <dylan...@google.com> >>>> wrote: >>>> >>>>> Hey all, quick update. >>>>> >>>>> We intend to roll out the feature in gradual increments starting >>>>> January 10, 2023; and expect to reach 5% of Chrome instances on January >>>>> 24, >>>>> 2023 and stay there for a couple of weeks. Once we are satisfied that >>>>> there >>>>> is no regression in metrics/behavior, we will proceed with the rollout. >>>>> >>>>> On Thu, Nov 24, 2022 at 10:55 AM Rick Byers <rby...@chromium.org> >>>>> wrote: >>>>> >>>>>> LGTM3 >>>>>> >>>>>> On Thu, Nov 24, 2022 at 5:24 AM Yoav Weiss <yoav...@chromium.org> >>>>>> wrote: >>>>>> >>>>>>> LGTM2 >>>>>>> >>>>>>> On Thu, Nov 24, 2022 at 10:43 AM Johann Hofmann <joha...@google.com> >>>>>>> wrote: >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Wed, Nov 23, 2022 at 5:37 PM Chris Harrelson < >>>>>>>> chri...@chromium.org> wrote: >>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Wed, Nov 23, 2022 at 10:34 AM 'Johann Hofmann' via blink-dev < >>>>>>>>> blin...@chromium.org> wrote: >>>>>>>>> >>>>>>>>>> Hi Yoav, >>>>>>>>>> >>>>>>>>>> On Wed, Nov 23, 2022 at 5:28 AM Yoav Weiss <yoav...@chromium.org> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Thu, Oct 20, 2022 at 10:57 PM 'Dylan Cutler' via blink-dev < >>>>>>>>>>> blin...@chromium.org> wrote: >>>>>>>>>>> >>>>>>>>>>>> Contact emails: >>>>>>>>>>>> >>>>>>>>>>>> dylan...@google.com, kaust...@google.com >>>>>>>>>>>> >>>>>>>>>>>> Proposal repository: >>>>>>>>>>>> >>>>>>>>>>>> https://github.com/privacycg/CHIPS >>>>>>>>>>>> >>>>>>>>>>>> Design doc: >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> https://docs.google.com/document/d/1wL2lCXpaVOi0cWOn_ehfLFIZQxT3t0SH-ANnZYPEB0I/edit?usp=sharing >>>>>>>>>>>> >>>>>>>>>>>> Specification: >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> https://datatracker.ietf.org/doc/draft-cutler-httpbis-partitioned-cookies/ >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Can you expand on the plans for this I-D? Have y'all talked to >>>>>>>>>>> the HTTPWG? >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Yes, this is being discussed in HTTPWG. Dylan presented CHIPS at >>>>>>>>>> IETF 115, minutes are here: >>>>>>>>>> https://httpwg.org/wg-materials/ietf115/minutes.html#cookies >>>>>>>>>> >>>>>>>>> >>>>>>>>> Great. Were there any concerns raised there that might create a >>>>>>>>> risk for CHIPS? >>>>>>>>> >>>>>>>> >>>>>>>> Not as far as I'm aware of. I couldn't attend the meeting in >>>>>>>> person, but revisited it with the team. From what I was told the main >>>>>>>> discussion point was whether we shouldn't just partition all 3P >>>>>>>> cookies by >>>>>>>> default instead of giving developers the ability to decide. It's a >>>>>>>> valid >>>>>>>> question, but one that has been extensively discussed between browser >>>>>>>> vendors in Privacy CG, and both Safari and Chrome have made it clear >>>>>>>> that >>>>>>>> they strongly prefer blocking 3P cookies by default (with Firefox not >>>>>>>> being >>>>>>>> opposed to that). We'll of course keep on engaging with these concerns >>>>>>>> and >>>>>>>> questions in HTTPWG, but it seems like a decision that ultimately >>>>>>>> browsers >>>>>>>> should have the most authority on. >>>>>>>> >>>>>>>> In any case, I don't think that this discussion presents any compat >>>>>>>> risk for CHIPS, as the Partitioned attribute would be compatible with a >>>>>>>> hypothetical partition-by-default future (i.e. by being a no-op). >>>>>>>> >>>>>>> >>>>>>> Thanks for the details! :) >>>>>>> >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>>> One important thing to note is that the HTML/Fetch <-> Cookies >>>>>>>>>> spec interfaces aren't well defined at the moment, which also >>>>>>>>>> affects other >>>>>>>>>> specs that deal with cookie changes such as the Storage Access API. >>>>>>>>>> We're >>>>>>>>>> working on fixing this in a larger effort called "cookie >>>>>>>>>> layering" <https://github.com/httpwg/http-extensions/issues/2084>, >>>>>>>>>> which is intended to give Fetch some more responsibility in >>>>>>>>>> providing the >>>>>>>>>> information that is used to select cookies from the cookie store. >>>>>>>>>> This way >>>>>>>>>> we can actually access concepts like "top-level site" at the right >>>>>>>>>> implementation layer. So, in the mid-term, parts of CHIPS will >>>>>>>>>> likely end >>>>>>>>>> up back in HTML and Fetch. >>>>>>>>>> >>>>>>>>>> In the meantime, like for SameSite, the RFC will hand-wave some >>>>>>>>>> of the browser bits. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> Summary: >>>>>>>>>>>> >>>>>>>>>>>> Given that Chrome plans to deprecate unpartitioned third-party >>>>>>>>>>>> cookies, we want to give developers the ability to use cookies in >>>>>>>>>>>> cross-site contexts that are partitioned by top-level site to meet >>>>>>>>>>>> use >>>>>>>>>>>> cases >>>>>>>>>>>> <https://developer.chrome.com/en/docs/privacy-sandbox/chips/#use-cases> >>>>>>>>>>>> that don't track users cross-site (e.g. SaaS embeds, headless CMS, >>>>>>>>>>>> sandbox >>>>>>>>>>>> domains, etc.). Chrome will introduce a mechanism to opt into >>>>>>>>>>>> having >>>>>>>>>>>> third-party cookies partitioned by top-level site using a new >>>>>>>>>>>> cookie >>>>>>>>>>>> attribute, Partitioned. >>>>>>>>>>>> >>>>>>>>>>>> Since we announced our Intent to Experiment >>>>>>>>>>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/_dJFNJpf91U/m/OXzFi_6wAwAJ?utm_medium=email&utm_source=footer> >>>>>>>>>>>> with CHIPS, there have been some changes to the API: >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> - >>>>>>>>>>>> >>>>>>>>>>>> The Partitioned attribute no longer requires >>>>>>>>>>>> <https://github.com/privacycg/CHIPS/pull/46> the __Host- >>>>>>>>>>>> prefix or its required attributes. The Secure requirement >>>>>>>>>>>> remains. >>>>>>>>>>>> - >>>>>>>>>>>> >>>>>>>>>>>> We are changing the per-partition-per-domain limit to be >>>>>>>>>>>> based on the total size (in bytes) of the cookies set by a >>>>>>>>>>>> domain in a >>>>>>>>>>>> particular partition in addition to the number of cookies. We >>>>>>>>>>>> intend >>>>>>>>>>>> >>>>>>>>>>>> <https://github.com/privacycg/CHIPS/issues/48#issuecomment-1264126065> >>>>>>>>>>>> to impose a limit of 10 KB per-embedded-site, >>>>>>>>>>>> per-top-level-site and >>>>>>>>>>>> increase the numeric limit from 10 to 180. >>>>>>>>>>>> - >>>>>>>>>>>> >>>>>>>>>>>> For sites embedded in top-level domains that are in a >>>>>>>>>>>> First-Party >>>>>>>>>>>> Set <https://github.com/WICG/first-party-sets>, their >>>>>>>>>>>> cookies' partition key will no longer be the owner domain of >>>>>>>>>>>> that set. >>>>>>>>>>>> Rather, the partition key will always be the top-level domain >>>>>>>>>>>> that the >>>>>>>>>>>> cookie was created on. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Blink component: >>>>>>>>>>>> >>>>>>>>>>>> Internals>Network>Cookies >>>>>>>>>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Internals%3ENetwork%3ECookies> >>>>>>>>>>>> >>>>>>>>>>>> TAG review: >>>>>>>>>>>> >>>>>>>>>>>> https://github.com/w3ctag/design-reviews/issues/654 >>>>>>>>>>>> (Supportive early review) >>>>>>>>>>>> >>>>>>>>>>>> https://github.com/w3ctag/design-reviews/issues/779 (Oct 19 >>>>>>>>>>>> specification review) >>>>>>>>>>>> >>>>>>>>>>>> Risks >>>>>>>>>>>> >>>>>>>>>>>> Interoperability and Compatibility >>>>>>>>>>>> >>>>>>>>>>>> Firefox: Positive >>>>>>>>>>>> <https://mozilla.github.io/standards-positions/#chips> >>>>>>>>>>>> >>>>>>>>>>>> WebKit: Supported incubation >>>>>>>>>>>> <https://github.com/privacycg/proposals/issues/30#issuecomment-1113257336>, >>>>>>>>>>>> Official position pending >>>>>>>>>>>> <https://github.com/WebKit/standards-positions/issues/50> >>>>>>>>>>>> >>>>>>>>>>>> Web developers: Developers have indicated that CHIPS does >>>>>>>>>>>> solve for many use cases that depend on access to cookies in >>>>>>>>>>>> cross-site >>>>>>>>>>>> contexts (1 <https://github.com/privacycg/CHIPS/issues/8>, 2 >>>>>>>>>>>> <https://github.com/privacycg/CHIPS/issues/30#issuecomment-1104225686>, >>>>>>>>>>>> 3 >>>>>>>>>>>> <https://triplelift.com/privacy-hub/w3c-proposals-explained-privacy-with-a-side-of-chips/>). >>>>>>>>>>>> Through incubation, and the Origin Trial, we received feedback to >>>>>>>>>>>> improve >>>>>>>>>>>> ease-of-use, particularly to allow for easier migration of >>>>>>>>>>>> existing systems >>>>>>>>>>>> to use CHIPS. We believe we have satisfactorily resolved these >>>>>>>>>>>> concerns >>>>>>>>>>>> (see changes made listed under Summary section). >>>>>>>>>>>> >>>>>>>>>>>> Other signals: >>>>>>>>>>>> >>>>>>>>>>>> Ergonomics >>>>>>>>>>>> >>>>>>>>>>>> N/A >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Activation >>>>>>>>>>>> >>>>>>>>>>>> This feature introduces a new cookie attribute, Partitioned, >>>>>>>>>>>> which is opt-in only. Sites which do not set their cookies with >>>>>>>>>>>> Partitioned >>>>>>>>>>>> should not see any change in the browser's behavior when we ship. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Security >>>>>>>>>>>> >>>>>>>>>>>> See S&P questionnaire for TAG >>>>>>>>>>>> <https://github.com/privacycg/CHIPS/blob/main/TAG-S%26P-questionnaire.md> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> WebView application risks >>>>>>>>>>>> >>>>>>>>>>>> Does this intent deprecate or change behavior of existing APIs, >>>>>>>>>>>> such that it has potentially high risk for Android WebView-based >>>>>>>>>>>> applications? >>>>>>>>>>>> >>>>>>>>>>>> This feature does not deprecate or change behavior of existing >>>>>>>>>>>> APIs. This feature is behind a killswitch. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Will this feature be supported on all six Blink platforms >>>>>>>>>>>> (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)? >>>>>>>>>>>> >>>>>>>>>>>> Yes >>>>>>>>>>>> >>>>>>>>>>>> Is this feature covered by web platform tests? >>>>>>>>>>>> >>>>>>>>>>>> Yes >>>>>>>>>>>> <https://github.com/web-platform-tests/wpt/tree/master/cookies/partitioned-cookies> >>>>>>>>>>>> >>>>>>>>>>>> Flag name >>>>>>>>>>>> >>>>>>>>>>>> partitioned-cookies >>>>>>>>>>>> >>>>>>>>>>>> Requires code in //chrome? >>>>>>>>>>>> >>>>>>>>>>>> No >>>>>>>>>>>> >>>>>>>>>>>> Tracking bug: >>>>>>>>>>>> >>>>>>>>>>>> https://crbug.com/1225444 >>>>>>>>>>>> >>>>>>>>>>>> Non-OSS dependencies >>>>>>>>>>>> >>>>>>>>>>>> Does the feature depend on any code or APIs outside the >>>>>>>>>>>> Chromium open source repository and its open-source dependencies to >>>>>>>>>>>> function? >>>>>>>>>>>> >>>>>>>>>>>> Not anymore than cookies already do now. >>>>>>>>>>>> >>>>>>>>>>>> Estimated milestones >>>>>>>>>>>> >>>>>>>>>>>> OriginTrial desktop last >>>>>>>>>>>> >>>>>>>>>>>> 106 >>>>>>>>>>>> >>>>>>>>>>>> OriginTrial desktop first >>>>>>>>>>>> >>>>>>>>>>>> 100 >>>>>>>>>>>> >>>>>>>>>>>> OriginTrial Android last >>>>>>>>>>>> >>>>>>>>>>>> 106 >>>>>>>>>>>> >>>>>>>>>>>> OriginTrial Android first >>>>>>>>>>>> >>>>>>>>>>>> 100 >>>>>>>>>>>> >>>>>>>>>>>> Anticipated spec changes >>>>>>>>>>>> >>>>>>>>>>>> Open questions about a feature may be a source of future web >>>>>>>>>>>> compat or interop issues. Please list open issues (e.g. links to >>>>>>>>>>>> known >>>>>>>>>>>> github issues in the project for the feature specification) whose >>>>>>>>>>>> resolution may introduce web compat/interop risk (e.g., changing >>>>>>>>>>>> to naming >>>>>>>>>>>> or structure of the API in a non-backward-compatible way). >>>>>>>>>>>> >>>>>>>>>>>> List of open issues: https://github.com/privacycg/CHIPS/issues >>>>>>>>>>>> >>>>>>>>>>>> Chrome Platform Status page: >>>>>>>>>>>> >>>>>>>>>>>> https://chromestatus.com/feature/5179189105786880 >>>>>>>>>>>> >>>>>>>>>>>> Links to previous Intent discussions >>>>>>>>>>>> >>>>>>>>>>>> Intent to Prototype: >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/hvMJ33kqHRo/ >>>>>>>>>>>> >>>>>>>>>>>> Intent to Experiment: >>>>>>>>>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/_dJFNJpf91U/m/YqP09XbbAgAJ >>>>>>>>>>>> >>>>>>>>>>>> Intent to Extend Experiment: >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/kZRtetS8jsY/m/ppK4kDbqAwAJ >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/MKQODOL0Fso/m/nZXI2dqwAQAJ >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>>> Google Groups "blink-dev" group. >>>>>>>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>>>>>>> it, send an email to blink-dev+...@chromium.org. >>>>>>>>>>>> To view this discussion on the web visit >>>>>>>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMCNMFTt9hEnH1%2BBzB6c0qQijbBEJwvUKPKSO2gu7E-A%2BY_v8w%40mail.gmail.com >>>>>>>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMCNMFTt9hEnH1%2BBzB6c0qQijbBEJwvUKPKSO2gu7E-A%2BY_v8w%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>>>>>>> . >>>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>> Google Groups "blink-dev" group. >>>>>>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>>>>>> it, send an email to blink-dev+...@chromium.org. >>>>>>>>>>> To view this discussion on the web visit >>>>>>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfUDzq6pUpw_%2BGMBxzrsb23qtw5Vnv-QG6yZQ35G_j%2BZfQ%40mail.gmail.com >>>>>>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfUDzq6pUpw_%2BGMBxzrsb23qtw5Vnv-QG6yZQ35G_j%2BZfQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>>>>>> . >>>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>> Google Groups "blink-dev" group. >>>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>>> send an email to blink-dev+...@chromium.org. >>>>>>>>>> To view this discussion on the web visit >>>>>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAD_OO4gVfT1aAHE4%3D3Cs6KoCA54q14bGaPepuqofdTEKJVkkgw%40mail.gmail.com >>>>>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAD_OO4gVfT1aAHE4%3D3Cs6KoCA54q14bGaPepuqofdTEKJVkkgw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>>>>> . >>>>>>>>>> >>>>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "blink-dev" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to blink-dev+...@chromium.org. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfXOZKtBQPewkukz85JZdT6OXSqLTz8%2BvUZQ6rBaY4hQ3g%40mail.gmail.com >>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfXOZKtBQPewkukz85JZdT6OXSqLTz8%2BvUZQ6rBaY4hQ3g%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMCNMFSUbM1sk8s_hddXfBbZJBqwWJEYnxFV0sz12gEeVoo%3DbQ%40mail.gmail.com.
