Replies: 1 comment 2 replies
-
It is actually quite simple: anything which involves connection to a third-party host without any user interaction has to be pruned. After the n-th privacy scandal perhaps they will add some user prompt or permission and if there is any actual measured user benefit we will consider enabling something (it will take around 1 year, or more).
When in doubt let's disable it. |
Beta Was this translation helpful? Give feedback.
-
This discussion is simply meant to be a collection point for the new features related to the privacy sandbox that the chromium team is starting to develop, in order to make decisions about what to disable, how and why.
This is a first list, for each point I am looking for the "Design Reviews" and the "Security and Privacy Reviews" mainly from the w3c and PING sites, as well as the issues related to privacy questions.
Tell me if you agree or if you prefer it to remain in my personal collection.
Timeline: https://privacysandbox.com/timeline/
FLoC: https://github.com/WICG/floc
Status 95.0.4638.78: Enabled with origin trial or with command line (disabled in bromite)
Disabling lsh clusters and page is eligible for FLoC clustering: #1582
Trust Tokens API: https://github.com/WICG/trust-token-api
Status 95.0.4638.78: Enabled with origin trial
Ad conversion measurement: https://github.com/WICG/conversion-measurement-api
Status 95.0.4638.78: Enabled, can be disabled with
kConversionMeasurement
Disable possible with #1583
App to Web: https://github.com/WICG/conversion-measurement-api/blob/main/app_to_web.md
Status 95.0.4638.78:
kAppToWebAttribution
disabled by default (not quite everything, as far as it seems to me)Disable possible with #1583
Aggregation Service Client: https://bugs.chromium.org/p/chromium/issues/detail?id=1207974
Status 95.0.4638.78: I don't know
Ads targeting
FLEDGE: https://github.com/WICG/turtledove/blob/main/FLEDGE.md
TURTLEDOVE: https://github.com/WICG/turtledove
Fenced frames: https://github.com/shivanigithub/fenced-frame
Status 95.0.4638.78: I don't know
Federated login: not found yet
Status 95.0.4638.78: I don't know
Partitioned cookies (CHIPS): https://github.com/WICG/CHIPS
Status 95.0.4638.78: Flags
net::features::kPartitionedCookies
, currently does nothingFirst-Party Sets: https://github.com/privacycg/first-party-sets
Status 95.0.4638.78: not active, flag
kFirstPartySets
disabled by defaultPrivacy Budget: https://github.com/bslassey/privacy-budget
Status 95.0.4638.78: Under development
Cache inspection: https://github.com/MattMenke2/Explainer---Partition-Network-State
Status 95.0.4638.78: I don't know
Navigation tracking: not found yet
Status 95.0.4638.78: I don't know
Network Level tracking: not found yet
Status 95.0.4638.78: I don't know
For each of these I am evaluating how they have been developed in chromium, as far as I can, by looking also to understand what is defined as standard and what google has decided to implement instead, why, reading specifications, there are differences between what (privacy) experts say should be implemented and what chromium decides to do instead (so, potentially, not everything should be eliminated).
Surely the fact that now the origin trials are disabled brings us an advantage, because, always reading the various issues in the various repo, often the new features are enabled still semi-developed, aware of the fact that they have potentially privacy issues.
I would like to understand with you if it is possible to coordinate and how. the only thing I am sure of is that if we evaluate the code now it is easier to disable it, because it is stuffed with flags that sooner or later will be removed.
Beta Was this translation helpful? Give feedback.
All reactions