[w3ctag/design-reviews] TAG spec review of Navigational-Tracking Mitigations (Issue #862) from Anton Maliev on 2023-06-16 (public-webapps-github@w3.org from June 2023)

From: Anton Maliev <notifications@github.com>
Date: Fri, 16 Jun 2023 14:18:13 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/862@github.com>

こんにちは TAG-さん!

I'm requesting a TAG review of Navigational-Tracking Mitigations.

With browser vendors now actively working to remove third-party cookies from the web, some platform trackers are moving to bounce tracking. This technique involves navigating to a tracker domain at the top level of a browser tab, setting or reading a first-party cookie, and then quickly redirecting away using a request that encodes the value of that first-party cookie. Sometimes the redirect is back to the original page and sometimes to a new site. In either case, bounce tracking semantically functions like setting a third-party cookie. This explainer outlines a proposal for mitigating the privacy impact of bounce trackers.

  - Explainer¹ (minimally containing user needs and example code): https://github.com/privacycg/nav-tracking-mitigations/blob/main/bounce-tracking-explainer.md
  - Specification URL: https://privacycg.github.io/nav-tracking-mitigations/
  - Tests: None. (Our algorithm runs on a long timer, and there is no support for moving the clock forward in WPT tests.)
  - User research: N/A (some additional background in Google-internal [doc](https://docs.google.com/document/d/16Il2-9Ou_WInXu__CiWNzTBkKreCQwEFw9-k3seeGGI/edit?usp=sharing))
  - Security and Privacy self-review²: https://github.com/privacycg/nav-tracking-mitigations/blob/main/tag-privacy-security.md
  - GitHub repo (if you prefer feedback filed there): https://github.com/privacycg/nav-tracking-mitigations
  - Primary contacts (and their relationship to the specification):
      - [Jeffrey Yasskin] (jyasskin, Google): Primary spec author and reviewer
      - [Ben Kelly] (wanderview, Google): Primary spec author
      - [Anton Maliev] (amaliev, Google): Spec contributor
  - Organization(s)/project(s) driving the specification: Google, Privacy Sandbox
  - Key pieces of existing multi-stakeholder review or discussion of this specification: N/A
  - External status/issue trackers for this specification (publicly visible, e.g. Chrome Status): N/A

Further details:

  - [X] I have reviewed the TAG's [Web Platform Design Principles](https://www.w3.org/TR/design-principles/)
  - Relevant time constraints or deadlines: Q3 2023
  - The group where the work on this specification is currently being done: PrivacyCG
  - The group where standardization of this work is intended to be done (if current group is a community group or other incubation venue): N/A
  - Major unresolved issues with or opposition to this specification: N/A
  - This work is being funded by: Google

You should also know that...

N/A

We'd prefer the TAG provide feedback as (please delete all but the desired option):

  🐛 open issues in our GitHub repo for **each point of feedback**

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/862
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/862@github.com>

Received on Friday, 16 June 2023 21:18:19 UTC