On Fri, Sep 8, 2023 at 2:51 PM Tom Jones <[email protected]> wrote:
> This statement is under non goals. So I think you need to change that or > remove the claim of transparency. > This is specifically about whether the end user can see the result of attestation of a given site "in the browser", which at this time is not supported. > > thx ..Tom (mobile) > > On Fri, Sep 8, 2023, 11:06 AM Shivani Sharma <[email protected]> > wrote: > >> >> >> On Fri, Sep 8, 2023 at 12:55 PM Tom Jones <[email protected]> >> wrote: >> >>> I cannot understand how it is possible to claim transparency with the >>> following explanation. It seems completely misleading. >>> >>> Today, the attestation model does not seek to provide information to >>> users within the browser or device in real-time about a developer's >>> attestations >>> >> >> Thanks for the question! The transparency for attestations is something >> that would be added in a future iteration and as mentioned in the earlier >> response, that will likely also include a public list of enrolled and >> attested sites. >> >>> >>> >>> thx ..Tom (mobile) >>> >>> On Wed, Aug 30, 2023, 6:16 AM Shivani Sharma <[email protected]> >>> wrote: >>> >>>> Contact emails >>>> >>>> [email protected], [email protected] >>>> >>>> >>>> Explainer >>>> >>>> https://github.com/privacysandbox/attestation/blob/main/README.md >>>> >>>> Design document >>>> >>>> >>>> https://docs.google.com/document/d/16PYa6wBBGBbV4YMujkFzBab8s4a7N4PcvpY0Js1qN1k/edit?usp=sharing >>>> >>>> Specification >>>> >>>> While the enrollment process itself is not intended to be standardized, >>>> the impacted API specifications allow for a user agent defined gating >>>> mechanism such as enrollment and attestation. The spec changes for the >>>> gated APIs are linked below: >>>> >>>> Private aggregation (section with note on enrollment >>>> <https://patcg-individual-drafts.github.io/private-aggregation-api/#scheduling-reports> >>>> ) >>>> >>>> Shared Storage (pull request >>>> <https://github.com/WICG/shared-storage/pull/105>) >>>> >>>> Topics (pull request >>>> <https://github.com/patcg-individual-drafts/topics/pull/238/files>) >>>> >>>> Attribution reporting API (pull request >>>> <https://github.com/WICG/attribution-reporting-api/pull/968>) >>>> >>>> Protected Audience (pull requests: 1 >>>> <https://github.com/WICG/fenced-frame/pull/114/files>, 2 >>>> <https://github.com/WICG/turtledove/pull/766/files>) >>>> >>>> >>>> Summary and Motivation >>>> >>>> As the Privacy Sandbox relevance and measurement APIs start ramping up >>>> for general availability, we want to make sure these technologies are used >>>> as intended and with transparency. The APIs include Attribution Reporting, >>>> the Protected Audience API, Topics, Private Aggregation and Shared Storage. >>>> As announced in a blog post >>>> <https://developer.chrome.com/blog/announce-enrollment-privacy-sandbox/>, >>>> a new Developer Enrollment process for Privacy Sandbox relevance and >>>> measurement APIs is being introduced across Chrome and Android. This I2S >>>> refers to Chrome’s implementation of fetching the enrolled-sites list from >>>> the enrollment server (via component updater >>>> <https://chromium.googlesource.com/chromium/src/+/lkgr/components/component_updater/README.md>) >>>> and using it to gate access to the Privacy Sandbox APIs. >>>> >>>> Blink component >>>> >>>> Blink>PrivateAggregation >>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EPrivateAggregation> >>>> >>>> Blink>Storage>SharedStorage >>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component%3ABlink%3EStorage%3ESharedStorage&can=2> >>>> >>>> Blink>TopicsAPI >>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ETopicsAPI> >>>> >>>> Internals > AttributionReporting >>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Internals%3EAttributionReporting> >>>> >>>> Blink>InterestGroups >>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component%3ABlink%3EInterestGroups&can=2> >>>> >>>> Is this feature supported on all six Blink platforms (Windows, Mac, >>>> Linux, Chrome OS, Android, and Android WebView)? >>>> >>>> Supported on all the above platforms except Android WebView. >>>> >>>> In the initial version, no gated APIs are supported on WebView , with >>>> the caveat that the Attribution Reporting API delegates from WebView to >>>> Android and would be gated as part of Android’s attestation based gating. >>>> >>>> Debuggability >>>> Console errors: The API surfaces gated on enrollment and attestation >>>> will output relevant console error messages if a given site is not allowed >>>> to participate/invoke those API surfaces. (Private Aggregation API-related >>>> console messages are output during its consumer API enrollment checks e.g. >>>> Shared Storage, but could be made more specific in the future). >>>> >>>> Local override: For local testing, we are providing developer overrides >>>> with a Chrome flag and CLI switch: >>>> >>>> Flag: chrome://flags/#privacy-sandbox-enrollment-overrides >>>> >>>> CLI: --privacy-sandbox-enrollment-overrides=https://example.com, >>>> https://example.co.uk,... >>>> >>>> Initial public proposal >>>> >>>> https://github.com/privacysandbox/attestation/blob/main/README.md >>>> >>>> TAG review >>>> >>>> Private Aggregation (comment >>>> <https://github.com/w3ctag/design-reviews/issues/846#issuecomment-1690139513> >>>> ) >>>> >>>> Shared Storage (comment >>>> <https://github.com/w3ctag/design-reviews/issues/747#issuecomment-1690156498> >>>> ) >>>> >>>> Topics (comment >>>> <https://github.com/w3ctag/design-reviews/issues/726#issuecomment-1690087586> >>>> ) >>>> >>>> Attribution reporting API (comment >>>> <https://github.com/w3ctag/design-reviews/issues/724#issuecomment-1690076332> >>>> ) >>>> >>>> Protected Audience (comment >>>> <https://github.com/w3ctag/design-reviews/issues/723#issuecomment-1690413217> >>>> ) >>>> >>>> RisksInteroperability >>>> >>>> Initially the enrolled and attested sites list will only be available >>>> to Chrome browsers. The list is publicly available in the sense that it's >>>> shipped to Chrome browsers, but we don't have an official site currently >>>> where we post it. However, we could potentially do so in the future and >>>> that would enable other browsers to have a consistent gating mechanism. >>>> >>>> Compatibility >>>> >>>> No compatibility concerns. The existing APIs either return promises, >>>> and will reject for callers that are not enrolled (and they can already >>>> reject for other reasons today), or they don’t return anything and the >>>> script will not break. >>>> >>>> Is this feature fully tested by web-platform-tests >>>> <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> >>>> ? >>>> >>>> No, as there are no plans to standardize this behavior. >>>> >>>> Tracking bugcrbug.com/1448875 >>>> Launch bug >>>> >>>> https://launch.corp.google.com/launch/4260778 >>>> >>>> Estimated milestones >>>> >>>> M118 >>>> >>>> Links to previous Intent discussions >>>> >>>> Intent to prototype: >>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/Zy6uyaTdcJ8 >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "blink-dev" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADAcp086BcDbQX%2B2ED-9eU06ZZPH6_MMpB0cr2F0Jf40H4EACw%40mail.gmail.com >>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADAcp086BcDbQX%2B2ED-9eU06ZZPH6_MMpB0cr2F0Jf40H4EACw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADAcp0-Ev04vsD9u5hS6963z8DGzAS1jRLy9%2BgHXRRKVRqmCjg%40mail.gmail.com.
