Chrome intends to deprecate and remove default access to third-party (aka cross-site) cookies, starting with the 1% testing period [1] that began in Q1 2024, followed by a gradual phaseout planned to ramp up from Q1 2025, subject to addressing any remaining competition concerns of the UK’s Competition and Markets Authority. Third-party cookie phaseout [2] is a central effort of the Privacy Sandbox [3] initiative, which aims to responsibly reduce cross-site tracking on the web (and beyond) while supporting key use cases through new technologies. [1] https://developers.google.com/privacy-sandbox/blog/cookie-countdown-2024jan [2] http://goo.gle/3pcd [3] https://developers.google.com/privacy-sandbox
Web Compatibility: Despite 3PCs already being blocked in Firefox and Safari and developer outreach efforts to raise awareness and encourage developers to prepare for the deprecation, we currently estimate that a non-trivial number of sites are still relying on third-party cookies for some user-facing functionality. See Intent to Deprecate and Remove for more information: https://groups.google.com/a/chromium.org/g/blink-dev/c/RG0oLYQ0f2I/m/xMSdsEAzBwAJ Interoperability: Both Firefox and Safari have removed default access to third-party cookies already, though there are small differences in how browsers treat SameSite=None cookies in so called “ABA” scenarios (site A embeds site B, which embeds site A again). Chrome ships the more secure and more restrictive variant, and from initial conversations we are optimistic that other browsers will adopt it as well. There are also subtle differences in how browsers restore access to third-party cookies through mechanisms such as heuristics or custom quirks. Where Chrome implements similar measures (such as the heuristics), we try to follow the launch and standards processes to achieve as much interop as we can, given other requirements such as privacy and security.
Impact on the Ads ecosystem: A suite of APIs for delivering relevant ads, measuring ad performance, and preventing fraud and abuse are now generally available in Chrome to continue to facilitate ad-supported content on the web. We continue to work closely with the UK Competition and Markets Authority (CMA) on evaluating the impact of this change on the ads ecosystem.
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
None
We request to extend the origin trial to M133 to give sites more time to test with third-party cookies restricted. Recently, we announced a new path focused on elevating user choice, instead of third-party cookie deprecation. We will continue to support and invest in the Privacy Sandbox technologies. While we can't predict what exact user preferences will be, it’s important for businesses and developers to prepare for a likely increase in Chrome browsers without support for third-party cookies, and to continue investing in privacy-enhancing technologies. This change in path necessitates a departure from our initially planned timeline. Extending this trial is necessary to continue allowing businesses and developers to perform broader testing of alternatives to third-party cookies ahead of any increase in Chrome browsers without support for third-party cookies, and to continue providing valuable real-world feedback on those alternatives.
None.
Developers may use the command-line testing switch --test-third-party-cookie-phaseout (available starting Chrome 115) or enable chrome://flags#test-third-party-cookie-phaseout (available starting Chrome 117), to simulate browser behavior with default access to third-party cookies removed. We also started reporting DevTools issues for cookies impacted by the deprecation starting in Chrome 117 to help identify potentially impacted workflows. We are continuing to improve our developer documentation on debugging third-party cookies usage, and guidance on migration to new APIs. https://developer.chrome.com/blog/cookie-countdown-2023oct/
Third-Party Cookies will be deprecated on Windows, Mac, Linux, Chrome OS, Android. The deprecation will not affect Android WebView for the time being, where 3PCs are already blocked by default, but can be re-enabled by the embedding application.
Yes. We have put together a set of WPTs which cover third-party cookie blocking for subresource requests. It is not yet comprehensive, we are working on adding additional tests to support our standardization efforts. https://wpt.fyi/results/cookies/third-party-cookies/third-party-cookies.tentative.https.html?label=experimental&label=master&aligned
Origin trial desktop first | 120 |
Origin trial desktop last | 132 |
Origin trial desktop first | 127 |
Origin trial desktop last | 130 |
Origin trial desktop first | 120 |
Origin trial desktop last | 132 |
Origin trial desktop first | 120 |
Origin trial extension 1 end milestone | 133 |
DevTrial on desktop | 117 |
Origin trial Android first | 127 |
Origin trial Android last | 130 |
DevTrial on Android | 117 |
We request to extend the origin trial to M133 to give sites more time to test with third-party cookies restricted. Recently, we announced a new path focused on elevating user choice, instead of third-party cookie deprecation. We will continue to support and invest in the Privacy Sandbox technologies. While we can't predict what exact user preferences will be, it’s important for businesses and developers to prepare for a likely increase in Chrome browsers without support for third-party cookies, and to continue investing in privacy-enhancing technologies. This change in path necessitates a departure from our initially planned timeline. Extending this trial is necessary to continue allowing businesses and developers to perform broader testing of alternatives to third-party cookies ahead of any increase in Chrome browsers without support for third-party cookies, and to continue providing valuable real-world feedback on those alternatives.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAAp0QgdadRC7Cm9pdVUJ36mEqPuFCw8mDKnLxA9A%2B4wz9a4Jqw%40mail.gmail.com.