Domenic, Sorry about using the wrong template. We accidentally used the "Intent to Deprecate" template from https://www.chromium.org/blink/launching-features/ without realizing it was not for "Intent to Deprecate and Remove"s. We also requested the chromestatus.com gates. Here's the proper template filled out:
Contact emails carai...@chromium.org pauljen...@chromium.org Explainer https://github.com/WICG/turtledove/blob/main/FLEDGE.md#251-using-subresource-bundles Removal here: https://github.com/WICG/turtledove/pull/1368 Specification New version specified in https://github.com/WICG/turtledove/pull/771; version being removed was not specified. Summary The Protected Audience API provides 2 mechanisms that allow signals to be passed into auctions in such a way that ensures the authenticity and integrity of the signals: the original version <https://github.com/WICG/turtledove/blob/main/FLEDGE.md#251-using-subresource-bundles>, which used subresource web bundles <https://github.com/WICG/webpackage/blob/main/explainers/subresource-loading.md> to contain the signals, and the subsequent version <https://github.com/WICG/turtledove/blob/main/FLEDGE.md#252-using-response-headers>, which used special HTTP response headers on page-initiated fetch() requests. This deprecation and removal is only for the original, subresource web bundle version, and does not affect the response header version. Use counter metrics <https://chromestatus.com/metrics/feature/timeline/popularity/5034> show the feature is used on less than 1 in 500 million page loads. Deprecating and removing the original subresource web bundle version of directFromSellerSignals will improve code health and remove potential attack surfaces. Blink component Blink>InterestGroups <https://issues.chromium.org/issues?q=customfield1222907:%22Blink%3EInterestGroups%22> TAG review For Protected Audience: https://github.com/w3ctag/design-reviews/issues/723 TAG review status Completed for Protected Audience, resolved unsatisfied. RisksInteroperability and Compatibility Edge: not supported (Edge’s Ad Selection API <https://github.com/WICG/privacy-preserving-ads>, which is similar to the Protected Audience API, only supports on-server auctions which don’t use directFromSellerSignals) Firefox: not supported Safari: not supported Web developers: Requestor of directFromSellerSignals said header mechanism preferred to web bundle mechanism here <https://github.com/WICG/turtledove/issues/119#issuecomment-1274013176>. WebView application risks Protected Audience not supported on WebView. Debuggability Chrome DevTools allows you to place breakpoints in and debug bidding and scoring scripts where the directFromSellerSignals fields will now be null if the web bundle support is removed but relied upon. Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)? Removing this support from all platforms that support Protected Audience, i.e. all but WebView. Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ? We added a negative WPT here <https://chromium-review.googlesource.com/c/chromium/src/+/6096602/2/third_party/blink/web_tests/external/wpt/fledge/tentative/direct-from-seller-signals.https.window.js> . Flag name on about://flags None Finch feature name FledgeDirectFromSellerSignalsWebBundles Requires code in //chrome? False Estimated milestones Planning to remove in M133. Anticipated spec changes None Link to entry on the Chrome Platform Status https://chromestatus.com/feature/4926509595492352?gate=5314119119667200 This intent message was generated by Chrome Platform Status <https://chromestatus.com/>. On Wed, Dec 11, 2024 at 11:34 AM Vladimir Levin <vmp...@chromium.org> wrote: > LGTM3 > > On Wednesday, December 11, 2024 at 11:17:36 AM UTC-5 Rick Byers wrote: > >> I double-checked internal metrics and usage is indeed effectively zero, >> so compat risk should be effectively non-existent. >> >> LGTM2 to remove directly with just the usual kill switch in case of >> emergency somehow. >> >> On Wed, Dec 11, 2024 at 11:13 AM Alex Russell <slightly...@chromium.org> >> wrote: >> >>> LGTM1 w/ finch control for rollout. >>> >>> On Wednesday, December 4, 2024 at 6:17:10 AM UTC-8 Daniel Bratell wrote: >>> >>>> Privacy and Security gates are also missing. >>>> >>>> I would assume that removing this could only have a positive effect but >>>> they should still be given a heads-up in the chromestatus tool. >>>> >>>> /Daniel >>>> On 2024-11-27 03:27, Domenic Denicola wrote: >>>> >>>> This Intent is missing several important fields for a deprecation and >>>> removal, such as: Web developer signals, WebView application risks, web >>>> platform test support (it's best to add negative tests which only pass >>>> after the removal), Debuggability (how hard will it be for developers to >>>> debug failures due to this feature missing?), Finch feature name / >>>> non-Finch justification, and Estimated milestones. >>>> >>>> Some of these are probably not too serious given the low volume of >>>> usage, e.g. I suspect no special debuggability support is required. But >>>> it'd be helpful to include them all. >>>> >>>> Additionally, the Enterprise, Debuggability, and Testing gates have not >>>> been requested yet. >>>> >>>> Would you be able to re-generate the Intent email after filling in >>>> those fields and requesting those gates? (You can send the updated version >>>> to this thread; no need for a new one.) >>>> >>>> On Wed, Nov 27, 2024 at 7:12 AM Paul Jensen <pauljen...@chromium.org> >>>> wrote: >>>> >>>>> Contact emails >>>>> >>>>> carai...@chromium.org >>>>> >>>>> pauljen...@chromium.org >>>>> >>>>> Summary >>>>> >>>>> The Protected Audience API provides 2 mechanisms that allow signals to >>>>> be passed into auctions in such a way that ensures the authenticity and >>>>> integrity of the signals: the original version >>>>> <https://github.com/WICG/turtledove/blob/main/FLEDGE.md#251-using-subresource-bundles>, >>>>> which used subresource web bundles >>>>> <https://github.com/WICG/webpackage/blob/main/explainers/subresource-loading.md> >>>>> to contain the signals, and the subsequent version >>>>> <https://github.com/WICG/turtledove/blob/main/FLEDGE.md#252-using-response-headers>, >>>>> which used special HTTP response headers on page-initiated fetch() >>>>> requests. >>>>> >>>>> >>>>> This deprecation and removal is only for the original, subresource web >>>>> bundle version, and does not affect the response header version. >>>>> >>>>> >>>>> Use counter metrics >>>>> <https://chromestatus.com/metrics/feature/timeline/popularity/5034> >>>>> show the feature is used on less than 1 in 500 million page loads. >>>>> >>>>> >>>>> Deprecating and removing the original subresource web bundle version >>>>> of directFromSellerSignals will improve code health and remove potential >>>>> attack surfaces. >>>>> >>>>> Motivation >>>>> >>>>> Removing this unused feature will remove potential attack surface and >>>>> reduce maintenance burden. >>>>> >>>>> Interoperability and Compatibility Risk >>>>> >>>>> Edge: not supported (Edge’s Ad Selection API >>>>> <https://github.com/WICG/privacy-preserving-ads>, which is similar to >>>>> the Protected Audience API, only supports on-server auctions which don’t >>>>> use directFromSellerSignals) >>>>> >>>>> Firefox: not supported >>>>> >>>>> Safari: not supported >>>>> >>>>> Alternative implementation suggestion for web developers >>>>> >>>>> The header-based directFromSellerSignals >>>>> <https://github.com/WICG/turtledove/blob/main/FLEDGE.md#252-using-response-headers> >>>>> provides the same functionality via a different mechanism. >>>>> >>>>> Usage information from UseCounter >>>>> <https://code.google.com/p/chromium/codesearch#chromium/src/third_party/WebKit/Source/core/page/UseCounter.h&sq=package:chromium&type=cs&q=file:UseCounter.h%20Feature&l=39> >>>>> >>>>> This feature is used on less than 1 in 500 million page loads: >>>>> https://chromestatus.com/metrics/feature/timeline/popularity/5034 >>>>> >>>>> Entry on the feature dashboard <https://www.chromestatus.com/> >>>>> https://chromestatus.com/feature/4926509595492352 >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "blink-dev" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to blink-dev+unsubscr...@chromium.org. >>>>> To view this discussion visit >>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CABQTWrm2zO7GX%2B88wwj_nZ9N_LUX2P_%2BhhD3t3uAfvMFm73%3D9g%40mail.gmail.com >>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CABQTWrm2zO7GX%2B88wwj_nZ9N_LUX2P_%2BhhD3t3uAfvMFm73%3D9g%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "blink-dev" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to blink-dev+unsubscr...@chromium.org. >>>> >>>> To view this discussion visit >>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAM0wra_YaLByRw%3DXcJd1-Xg1Z_spSg3vW1w0L8%3D9mOBChcXkjw%40mail.gmail.com >>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAM0wra_YaLByRw%3DXcJd1-Xg1Z_spSg3vW1w0L8%3D9mOBChcXkjw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to blink-dev+unsubscr...@chromium.org. >>> >> To view this discussion visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/c14b13c1-586e-48ba-a92d-607ac7eadcb2n%40chromium.org >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/c14b13c1-586e-48ba-a92d-607ac7eadcb2n%40chromium.org?utm_medium=email&utm_source=footer> >>> . >>> >> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CABQTWr%3D4yMCbbK9KvR%3DjaEDxxB5TuO%2BzYw%2BaY9q6Q%2B9vDn0t%3DQ%40mail.gmail.com.
