- From: krgovind <notifications@github.com>
- Date: Mon, 19 Apr 2021 16:47:55 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 19 April 2021 23:48:07 UTC
> Hi @krgovind - Just thinking about this: > > > The primary goal of the FPS policy is to prevent abuse that may be possible by formation of sets with unrelated domains. > > In the context of the governance discussion. I think it's clear from the discussion we've had on this issue and in our calls that "same organization" is not a technical concept – it's a social / legal / regulatory concept. So I'm wondering whether "preventing abuse" could be expressed in a purely technically way? (For example, the "a site can only be part of one set" requirement.) The transparency mechanism you mentioned above also could serve as a deterrent to abuse. @torgo - We did initially take the approach of using purely technical mitigations for abuse, and also provided for a revocation-style blocklist in the cases that abuse was later detected. However, the "Incentives to Form Sets" concern raised by @johnwilander on privacycg/first-party-sets/issues/6 and @ehsan on privacycg/first-party-sets/issues/7 led us to pivot to a policy-based allowlist. It might be interesting to have a discussion on whether a transparency mechanism would successfully address this specific concern. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/342#issuecomment-822861608
Received on Monday, 19 April 2021 23:48:07 UTC