LGTM1 On Thu, May 23, 2024 at 11:53 AM 'Jonathan Njeunje' via blink-dev < blink-dev@chromium.org> wrote:
> In anticipation of approval here, we have a small tool to help people > validate their well-known files accessible at > https://3pcd-mitigations-wrv.glitch.me. > > On Thursday, May 16, 2024 at 1:19:23 PM UTC-4 Anton Maliev wrote: > >> > Each grace period entry has its own expiration date, depending on when >> the site applied for the deprecation trial. >> >> To clarify, the currently published expiration date is June 30, but we >> are assessing how grace periods will be used after that date. This feature, >> though, is intended to help sites migrate off the grace period in a safe >> way. >> >> On Thursday, May 16, 2024 at 10:15:20 AM UTC-4 Anton Maliev wrote: >> >>> > Will developers have a way of knowing if the current site (where they >>> may see breakage metrics) is opted-out of the grace period? >>> >>> Google is planning to build a site dashboard where developers can check >>> on the status of their grace period and opt-out values. In the interim, >>> Chrome DevTools shows an Issue for third-party cookies which are allowed >>> due to the grace period - this can be used to validate whether the grace >>> period is active for that particular client. >>> >>> > Do you have a rough estimate on the length of the grace period? (I'm >>> guessing this will not be relevant after it) >>> >>> That's correct, a site will no longer need an opt-out file after it is >>> removed from the grace period. Each grace period entry has its own >>> expiration date, depending on when the site applied for the deprecation >>> trial. We will need to assess the demand for new sites onboarding to the >>> trial before we can give an estimate on how long we will continue to >>> support grace periods overall. >>> >>> On Thursday, May 16, 2024 at 3:56:15 AM UTC-4 Yoav Weiss wrote: >>> >>>> This is an odd one, but I agree that it's a web exposed feature and >>>> hence should go through the blink process. Thanks for sending this! >>>> >>>> >>>> On Tue, May 14, 2024 at 11:15 PM Anton Maliev <ama...@chromium.org> >>>> wrote: >>>> >>>>> Contact emails >>>>> >>>>> ama...@chromium.org >>>>> >>>>> nje...@chromium.org >>>>> >>>>> wande...@chromium.org >>>>> >>>>> Explainer >>>>> >>>>> https://github.com/explainers-by-googlers/3pcd-grace-period-opt-out >>>>> >>>>> Specification >>>>> >>>>> Well-known resource specification: >>>>> https://github.com/explainers-by-googlers/3pcd-grace-period-opt-out/blob/main/well-known-specification.md >>>>> >>>>> Summary >>>>> >>>>> This proposal details a new mechanism for site developers to conduct a >>>>> self-service staged opt-out of their third-party cookie phaseout grace >>>>> period. This is intended primarily for Chrome’s active trials for >>>>> third-party cookie deprecation - one for top-level sites >>>>> <https://developers.google.com/privacy-sandbox/3pcd/temporary-exceptions/first-party-deprecation-trial> >>>>> and one for embedded sites >>>>> <https://developers.google.com/privacy-sandbox/3pcd/temporary-exceptions/third-party-deprecation-trial>. >>>>> When a site is approved for one of these trials, they are added to a >>>>> short-term grace period which mitigates breakage until the token is >>>>> launched. Sites may also use this opt-out to test long term solutions. >>>>> >>>>> Each site on the trial will specify their desired opt-out percentage >>>>> in a new resource in their .well-known directory >>>>> <https://datatracker.ietf.org/doc/html/rfc8615>, specified here >>>>> <https://github.com/explainers-by-googlers/3pcd-deprecation-trial-staged-rollout/blob/main/well-known-specification.md>. >>>>> Google will implement server infrastructure to fetch and update these >>>>> values on a schedule, and assign clients randomly to cohorts matching this >>>>> percentage. These cohorts persist for a client up until clearing site >>>>> storage or reinstalling the browser. >>>>> >>>> >>>> >>>> Will developers have a way of knowing if the current site (where they >>>> may see breakage metrics) is opted-out of the grace period? >>>> >>>> >>>> >>>>> >>>>> Blink component >>>>> >>>>> Privacy <https://b.corp.google.com/components/1457231> >>>>> >>>>> TAG review >>>>> >>>>> N/A >>>>> >>>>> TAG review status >>>>> >>>>> N/A >>>>> >>>>> Risks >>>>> >>>>> There aren’t inherent security implications for fetching external >>>>> resources using server-side infrastructure, but there is a risk of >>>>> fetching >>>>> bad data, which our implementation addresses. >>>>> >>>>> There are also privacy implications for randomly assigning clients to >>>>> cohorts, which we mitigate by clearing cohorts on site data deletion. >>>>> There >>>>> is also a risk that the fetching system fails or that a site loses access >>>>> to its .well-known resource, both cases which we have planned mitigations >>>>> for. >>>>> >>>>> Interoperability and Compatibility >>>>> >>>>> The third-party cookie deprecation trials are a Chrome feature, so >>>>> these new well-known resources will only be fetched by the Chrome browser. >>>>> The new resource will be distinct and will not interfere with any existing >>>>> resources used by other browsers or features. >>>>> >>>> >>>> Beyond that, I think that the fact that this is a short-lived >>>> capability also significantly reduces risk. >>>> Do you have a rough estimate on the length of the grace period? (I'm >>>> guessing this will not be relevant after it) >>>> >>>> >>>>> WebView application risks >>>>> >>>>> Does this intent deprecate or change behavior of existing APIs, such >>>>> that it has potentially high risk for Android WebView-based applications? >>>>> >>>>> No >>>>> >>>>> Debuggability >>>>> >>>>> N/A >>>>> >>>>> Will this feature be supported on all six Blink platforms (Windows, >>>>> Mac, Linux, Chrome OS, Android, and Android WebView)? >>>>> >>>>> All except WebView. (Third-party cookie deprecation launches don’t >>>>> include WebView.) >>>>> >>>>> Is this feature fully tested by web-platform-tests >>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>>> ? >>>>> >>>>> No >>>>> >>>>> Flag name on chrome://flags >>>>> >>>>> N/A >>>>> >>>>> Finch feature name >>>>> >>>>> base::features::TpcdMetadataStageControl >>>>> >>>>> Non-finch justification >>>>> >>>>> N/A >>>>> >>>>> Requires code in //chrome? >>>>> >>>>> No. All code for the grace period and new staged opt-out handling is >>>>> in //components/tpcd/metadata >>>>> <https://source.chromium.org/chromium/chromium/src/+/main:components/tpcd/metadata/> >>>>> . >>>>> >>>>> Estimated milestones >>>>> >>>>> Client support is shipping to M125 on May 14. Server-side file >>>>> processing will begin some time after that date. A separate notice will >>>>> be >>>>> sent when that process begins. >>>>> >>>>> Anticipated spec changes >>>>> >>>>> None >>>>> >>>>> Link to entry on the Chrome Platform Status >>>>> >>>>> https://chromestatus.com/feature/5205350707101696 >>>>> >>>>> Links to previous Intent discussions >>>>> >>>>> Intent to prototype: >>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/O9mh5XvbqqE/m/IyK22zHkAAAJ >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "blink-dev" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to blink-dev+unsubscr...@chromium.org. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAODhGg7m2ARTr5%3DxE0Jex1bcmQ2ySUZRa%3DJSWpW6UuX56sD5Yg%40mail.gmail.com >>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAODhGg7m2ARTr5%3DxE0Jex1bcmQ2ySUZRa%3DJSWpW6UuX56sD5Yg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/2064a6b6-bbed-4e37-a4a4-4d707b2c373dn%40chromium.org > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/2064a6b6-bbed-4e37-a4a4-4d707b2c373dn%40chromium.org?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw9TgFCvY0Cu51Va8wr8%2B%2Bv8-BfGhvohOg952NSGntQdbw%40mail.gmail.com.
