- From: krgovind <notifications@github.com>
- Date: Tue, 27 Jul 2021 07:05:52 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/654/887542219@github.com>
Thanks for the clarification @torgo! > In the facebook like button example, the harm from the cited example (UK NHS putting like buttons on their pages and thereby unintentionally leaking sensitive health information to Facebook) is a clear example of user harm that can result from this pattern – which is one of the things that has led to the (in progress) deprecation of "unpartitioned cross-site cookies." Ah yes, indeed. The other mechanism (which many browsers now ship) to prevent this harm is to trim the default referrer. For example, Chrome changed the default referrer policy to `strict-origin-when-cross-origin` in M85, and we also initiated (and successfully merged) [an update to the spec](https://github.com/w3c/webappsec-referrer-policy/pull/142), which means that Facebook will now by default only receive `https://www.nhs.uk` as the referrer. Therefore, any potentially sensitive health information that can be gleaned from the `Referer` URL is no longer available. With this change NHS would have to opt-in to sending Facebook the full URL path by specify `unsafe-url` or `no-referrer-when-downgrade` as the referrer policy on the widget element. [This article](https://developers.google.com/web/updates/2020/07/referrer-policy-new-chrome-default) explains the change. > My initial reaction to your question about permission prompts is that it should be required for 3rd party cookies in order to ensure that there is user consent going on when information is shared to those 3rd parties – and to inform them when they visit (e.g.) an NHS or NYTimes page that "(e.g.) Facebook would like to know what pages you visit here." Note that the proposal is not about (unpartitioned) 3p cookies as they exist today. What we're proposing is partitioning/double-keying those cookies. In the long-term default/un-gated access to unpartitioned 3p cookies will be deprecated, so Facebook would not be able to correlate the user activity on NHS/NYTimes with the user's logged in identity. Is the concern about use of covert tracking signals (like fingerprinting or IP addresses) to join cross-partition identity? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/654#issuecomment-887542219
Received on Tuesday, 27 July 2021 14:06:04 UTC