Re: [w3ctag/design-reviews] TAG spec review of Storage Access Heuristics (Issue #919)

Hi @torgo , thanks for the feedback! Responding inline below.

> is there a consensus on agreeing to common heuristics in the Privacy CG and WebCompat efforts?

We brought this to Privacy CG at TPAC and got a consensus on the general need for these heuristics. The details are being worked out in the WebCompat spec in https://github.com/whatwg/compat/pull/253. We have tried to align with other browsers as much as possible, and the few changes we made were to make the heuristics more restrictive, in response to privacy/security reviews internally. We plan to continue talking with other browsers both on the heuristics and on how to reduce their usage on the web.

> It seems like a design goal for this work should be to implement the most minimal set of heuristics possible in order to achieve the other goals.

Agreed. I have added this as an explicit goal in the [explainer](https://github.com/amaliev/3pcd-exemption-heuristics/blob/main/explainer.md#goals).

> Is there a deprecation plan for the heuristics?

I have also clarified this as a long-term goal in the explainer. Other browsers have indicated that they want to deprecate their versions of the heuristics, but do not have specific plans we could align with yet. Deciding on a deprecation timeline will require future collaboration with other browsers and site devs.

> does that mean that third party cookies would be re-enabled, or would that mean heuristics off and third party cookies off as well?

The explainer covers this in the [User signals and preferences](https://github.com/amaliev/3pcd-exemption-heuristics/blob/main/explainer.md#user-signals-and-preferences) section. Turning off heuristics would mean third-party cookies are blocked in these cases. (Although most browsers also have user settings for re-enabling cookies in case of breakage.)

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/919#issuecomment-1894319679
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/919/1894319679@github.com>

Received on Tuesday, 16 January 2024 18:45:28 UTC