Re: [w3ctag/design-reviews] First-Party Sets (#342) from pes on 2021-05-03 (public-webapps-github@w3.org from May 2021)

From: pes <notifications@github.com>
Date: Mon, 03 May 2021 12:04:36 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/342/831467800@github.com>

> And that if there is a browser where (b) leads to a similar situation where a session created on instagram.com is shared with instagram.facebook.com via, say, a URL parameter, a similar prompt should be displayed?

@krgovind Im wondering if part of the differing point of view is around what other privacy improvements we hope or expect the platform to have going forward, and so whether the right standard to measure FPS against is the web today, or some possible future web where other privacy harms are addressed.

I understand you to be saying "there is no need to warn a browser user of the weakened privacy boundaries between sites in a FPS before they visit a site in that FPS, because cooperating 1st parties could already circumvent domain-privacy-boundaries.  For example, cooperating sites could by linking 1p storage areas though URL parameters on navigation. (i.e. bounce tracking, or tracking through link decoration)"

If I've captured that correctly, then maybe disagreement around whether FPS weakens privacy boundaries scrapes down to whether we think cross-site-tracking through URL decoration / bounce tracking is a solvable problem. If you don't think bounce tracking / link decoration a solvable problem, then I think I understand your point of view, that FPS doesn't really weaken the ability of users to understand privacy boundaries on the Web, bc that ability is pretty weak in the first place.

On the other hand, if you think efforts like https://github.com/w3ctag/design-reviews/issues/342 might be successful (my view) then FPS really does weaken privacy boundaries (and the ability of users to reason about them) just as browsers are trying to strengthen the origin privacy boundary (through bounce tracking protections, among many other efforts).

@krgovind, does that seem like an accurate way of capturing different views on it, and as a plausable explanation for the disagreement here?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/342#issuecomment-831467800

Received on Monday, 3 May 2021 19:04:48 UTC