Hello, I would be happy to pick up the implementation of `Sec-GPC`. Can I continue in this thread or should I start a new one?
Here is a draft of the Intent to Prototype *Contact emails: * [email protected] *Explainer *https://github.com/w3c/gpc/blob/main/explainer.md *Specification* https://w3c.github.io/gpc/ *Summary* This proposal adds support for the Global Privacy Control (GPC) signal. GPC allows users to notify businesses of their privacy preferences, such as a request not to sell or share their personal information. This implementation involves: 1. Adding a Sec-GPC HTTP request header with a value of 1 when the user has enabled the signal. 2. Exposing a navigator.globalPrivacyControl property in the DOM, returning true when enabled. *Blink component*Blink <https://issues.chromium.org/issues?q=customfield1222907:%22Blink%22> *Motivation*The signal is already implemented by other browsers and Chrome should catch-up with this privacy setting. This year California signed a bill under the CCPA/CPRA that obligates the browsers to provide ability to communicate do-not-sell-or-share preference before 2027. Currently, Chrome allows to send GPC header only via an extension which may be not sufficient to be compliant with the bill. *Search tags* GPC, Global Privacy Control, Privacy, Sec-GPC *Risks* *Interoperability and Compatibility* The risk is low as this is an additive feature. - *Gecko*: Shipped (Enabled by default in Firefox private browsing and optional in standard mode). - *WebKit*: Based on the info from the Internet, the signal is not yet implemented in WebKit - *Web developers*: Publishers are obligated to honor the signal. - *Other signals*: Brave, DuckDuckGo, and other privacy-focused browsers have shipped this. *Ergonomics* The feature is simple (a boolean flag). It does not introduce complex performance or ergonomic challenges. There is already a similar setting for DoNotTrack header. *Activation* Web developers can easily feature-detect navigator.globalPrivacyControl. *Security* This feature exposes a user preference, which could theoretically be used for fingerprinting. However, it is a high-entropy bit intended to be broadcast to all sites, similar to DNT (Do Not Track), but with a clearer legal framework for enforcement. *WebView application risks* Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? No. *Debuggability* DevTools will show the Sec-GPC header in network requests and allow inspecting navigator.globalPrivacyControl in the console. *Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?*Yes. *Is this feature fully tested by web-platform-tests?* No, but tests will be added as part of the prototyping process. *Flag name* --enable-blink-features=GlobalPrivacyControl *Tracking bug* https://issues.chromium.org/issues/40745270 *Link to entry on the Chrome Platform Status* (Not available yet, I've send a request for access to the platform) wtorek, 31 stycznia 2023 o 20:32:29 UTC+1 Jeffrey Yasskin napisaĆ(a): > And, with respect to the launch process, whoever upstreams this will have > to put it in Chrome Status (which I can help with) and send an Intent to > Prototype, but you can stop there. While we'd love for you to take it all > the way to Intent to Ship and have the discussion about how to have > Chromium default-on a feature while Chrome is still undecided about it, you > aren't signing up for that work just by sending your I2P. > > Jeffrey > > On Tue, Jan 31, 2023 at 11:11 AM Ari Chivukula <[email protected]> > wrote: > >> Maxim ended up abandoning the CL to add GPC for lack of time, but support >> exists for any contributor who wants to pick that torch back up. >> >> If you're interested please reach out to myself or Jeffrey (cc'd) for >> support on the code and/or on navigating the launch process. >> >> ~ Ari Chivukula (Their/There/They're) >> >> On Fri, Jan 20, 2023, 12:35 PM Ari Chivukula <[email protected]> wrote: >> >>> Thanks for reaching out! This is the right place to publish intents to >>> launch new features in Chrome, and an overview of the process can be found >>> here: https://www.chromium.org/blink/launching-features/ >>> >>> I believe the prototyping phase is the best place to start given GPC >>> itself already has a specification. >>> https://privacycg.github.io/gpc-spec/ >>> >>> Some examples of the format in action can be found here: >>> https://groups.google.com/a/chromium.org/g/blink-dev/search?q=subject%3Aintent%20subject%3Ato%20subject%3Aprototype >>> >>> ~ Ari Chivukula (Their/There/They're) >>> >>> >>> On Fri, Jan 20, 2023 at 12:22 PM Maxim Nesterov <[email protected]> >>> wrote: >>> >>>> I uploaded change for review >>>> <https://chromium-review.googlesource.com/c/chromium/src/+/4177061/2> with >>>> >>>> Sec-GPC implementation (both additional header and js api), but was >>>> mentioned >>>> >>>> <https://chromium-review.googlesource.com/c/chromium/src/+/4177061/2#message-30c38ba4734cd7a2fb3ee91ebc71a9fc3d6990e2>that >>>> >>>> the change should be approved on [email protected] first. >>>> Could you, please, help me with that? >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "blink-dev" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/dcdd636b-f476-4291-883b-267b260f8d90n%40chromium.org >>>> >>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/dcdd636b-f476-4291-883b-267b260f8d90n%40chromium.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/be603311-085f-4305-bc4a-6ae077ef8d96n%40chromium.org.
