- From: Andrew Liu <notifications@github.com>
- Date: Thu, 27 Feb 2025 13:58:59 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/1062@github.com>
MrPickles created an issue (w3ctag/design-reviews#1062) こんにちは TAG-さん! I'm requesting a TAG review of Bounce Tracking Mitigations. With browser vendors now actively working to remove third-party cookies from the web, some platform trackers are moving to bounce tracking. This technique involves navigating to a tracker domain at the top level of a browser tab, setting a first-party cookie or storing data in the HTTP cache, and then quickly redirecting away using a request that encodes the value of that first-party cookie or contents of the HTTP cache. Bounce tracking semantically functions like setting a third-party cookie. This spec outlines a proposal for mitigating the privacy impact of bounce trackers. - Explainer: https://github.com/privacycg/nav-tracking-mitigations/blob/main/bounce-tracking-explainer.md and https://github.com/privacycg/nav-tracking-mitigations/issues/41#issuecomment-2504329542 - Specification: https://privacycg.github.io/nav-tracking-mitigations/#bounce-tracking-mitigations - WPT Tests: https://wpt.fyi/results/nav-tracking-mitigations?label=experimental&label=master&aligned - User research: N/A - Security and Privacy self-review: https://github.com/privacycg/nav-tracking-mitigations/blob/main/tag-privacy-security.md - GitHub repo: https://github.com/privacycg/nav-tracking-mitigations - Primary contacts: - Andrew Liu (@MrPickles), Google, Spec contributor - Ben Kelly (@wanderview), Google, Spec author - Svend Larsen (@svendlarsen), Google, Spec contributor - Anton Maliev (@amaliev), Google, Spec contributor - Organization/project driving the specification: Google, Privacy Sandbox - Multi-stakeholder support: - Chromium comments: (positive) - Mozilla comments: https://github.com/mozilla/standards-positions/issues/835 - WebKit comments: https://github.com/WebKit/standards-positions/issues/214 - Status/issue trackers for implementations: https://chromestatus.com/feature/5705149616488448 and https://chromestatus.com/feature/6299570819301376 Further details: - [x] I have reviewed the TAG's [Web Platform Design Principles](https://www.w3.org/TR/design-principles/) - Previous early design review, if any: https://github.com/w3ctag/design-reviews/issues/862 - Relevant time constraints or deadlines: Q1 2025 - The group where the work on this specification is currently being done: PrivacyCG - The group where standardization of this work is intended to be done (if different from the current group): N/A - Major unresolved issues with or opposition to this specification: N/A - This work is being funded by: Google You should also know that... This is intended to only cover "bounce tracking mitigations" which is one part of the `nav-tracking-mitigations` repository. (The Privacy chairs asked for it to be included this repo and due to Bikeshed tooling support it became a single document. Please disregard other parts of the document other than the section on Bounce Tracking Mitigations.) This tag review is a continuation of https://github.com/w3ctag/design-reviews/issues/862. Since then, the spec has evolved to also look for "stateless bounces" (in other words, ignoring the requirement for cookie access) to prevent usage of the HTTP cache as a means to store data. Additionally, Mozilla is positive with the changes. Note that there are two explainers: one for the original feature and another to explain a modification. Not all of the spec has not been merged and exists as a pull request at the time of writing. Apologies in advance for the inconvenience. -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/1062 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/issues/1062@github.com>
Received on Thursday, 27 February 2025 21:59:03 UTC