Re: [w3ctag/design-reviews] Shared Storage API (Issue #747) from Daniel Appelquist on 2023-04-21 (public-webapps-github@w3.org from April 2023)

From: Daniel Appelquist <notifications@github.com>
Date: Fri, 21 Apr 2023 01:32:09 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/747/1517473034@github.com>

From our TAG F2F today:

Having reviewed the Mozilla and Webkit position discussions, the TAG shares the privacy concerns Mozilla raised regarding this. We'd like to see these use cases worked on in PATCG, with broader participation from other implementors.

We are concerned about the privacy implications of any storage intended to be available across sites or origins without the user's explicit permission, and see that this could lead to capabilities used to create a drop-in replacement for third-party cookies as they work now. This goes against the Ethical Web Principle [The web must enhance individuals' control and power](https://www.w3.org/TR/ethical-web-principles/#control). The TAG is explicitly trying to encourage development of new web technologies to replace 3rd party cookies that do not replicate the privacy pitfalls of 3rd party cookies. See our draft finding [Improving the web without third-party cookies](https://w3ctag.github.io/web-without-3p-cookies/).

We are concerned that the user needs given aren't technical needs. For example, a comparison table between the way these use cases are currently serviced and the way they are envisioned to be serviced with this new technology in place, and what the user benefit would be, would be more like what we're looking for. We recognise the use cases (cross-origin A/B experiments, user measurement, etc — which are site owner or developer needs) can provide value, but are not convinced that the value is worth the compromise to users' privacy.

We'd be grateful if you would please clarify the user needs as outlined above.

One last more general question we'd like to get a clear answer on is on a scale of 1 to 100, what pieces of the proposals in privacy sandbox will need to be in place to have a clear deprecation plan for third-party cookies, and how much does Shared Storage get us there? With so many related proposals coming in, we are concerned that the collective amount of entropy might result in a supercookie that maintains the status quo. We would likely be able to be able to provide more constructive (and likely pragmatic) feedback with some level of clarity on roughly how close we will be getting to deprecation (of third-party cookies) with the current set of proposals.

--
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/747#issuecomment-1517473034
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/747/1517473034@github.com>

Received on Friday, 21 April 2023 08:32:14 UTC