Re: [w3ctag/design-reviews] First-Party Sets (#342)

> Per this announcement the "partitioning by default" mode is only in the opt-in Strict mode, with additional heuristics in place. As @englehardt mentions above, there is additional work to be done to completely remove reliance on lists, heuristics, and consent prompts that are hard to understand.

Understood, but also as @englehardt says, their goal is to ship this by default.  I only mean that its not the case that FF thinks the Disconnect list (or similar curated exceptions, like FPS) is a good solution to the problem being discussed here; their goal is exception-less partitioning by site.

> The point I was anchoring on in your statement was about prompting the user before committing the navigation. …

The browser doesn't need to alert people before a redirect happens _as long as there are strong privacy boundaries between sites_.  Users always know that their behavior on instagram.com is isolated from their behavior on facebook.com or instagram.facebook.com, regardless of what redirection is happening. If there is no way that facebook.com gets privileged access to instagram.com storage (or vise versa) w/o user intention; there is nothing to notify anyone about.  Whatever the top level site is decides what storage is accessible.

Where pre-navigation / pre-redirection notification would be needed is if what I did on facebook.com _wasn't_ isolated from instagram.com.  Then you would need a "you're about to visit facebook.com. On that page, instagram.com etc will be able to access their 1p storage and share it with facebook.com.  Are you sure you want to expose your IG behavior with FB in this way?" notification.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/342#issuecomment-820599181