Contact emails
dylan...@google.com, kaust...@google.com
Spec
Summary
Given that Chrome plans on obsoleting unpartitioned third-party cookies, we want to give developers the ability to use cookies in cross-site contexts that are partitioned by top-level site (or First-Party Set, where the site uses that feature) to meet use cases that are not cross-site tracking related (e.g. SaaS embeds, headless CMS, sandbox domains, etc.). In order to do so, we introduce a mechanism to opt-in to having their third-party cookies partitioned by top-level site using a new cookie attribute, Partitioned.
Link to “Intent to Prototype” blink-dev discussion
https://groups.google.com/a/chromium.org/g/blink-dev/c/hvMJ33kqHRo
Goals for experimentation
CHIPS is a new, opt-in technology meant to preserve a set of use cases (e.g. third-party embeds) that may break once third-party cookies are phased out while preventing cross-site tracking. We need to validate whether the proposed syntax and semantics solve these use cases prior to third-party cookie obsoletion by giving developers a way to test it in a scaled manner and provide early feedback. We hope to validate ergonomics, deployability, and backward compatibility.
Experimental timeline
The experiment will start in M100 and run from March 31st, 2022 until June 30, 2022.
Any risks when the experiment finishes?
Since Chrome will not send and may delete partitioned cookies when it is started with the feature disabled, sites that set cookies with the Partitioned attribute during the experiment will no longer have those cookies available on clients' machines.
Reason this experiment is being extended
N/A
Ongoing technical constraints
None.
Debuggability
We have coordinated with the DevTools team to surface cookie partition keys to developers in DevTools. We have added a new cookie inclusion reason with a debug string when sites set Partitioned cookies incorrectly. We may also support surfacing partitioned cookies that are not included in requests because their partition key did not match the top-level site in DevTools.
Will this feature be supported on all five Blink platforms supported by Origin Trials (Windows, Mac, Linux, Chrome OS, and Android)?
Yes.
Link to entry on the feature dashboard
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMCNMFRxpqxLUXAEfFqcACt-S7A8Y_6Q9is%3DCZJskiYuby0qJA%40mail.gmail.com.
Contact emails
dylan...@google.com, kaust...@google.com
Spec
Summary
Given that Chrome plans on obsoleting unpartitioned third-party cookies, we want to give developers the ability to use cookies in cross-site contexts that are partitioned by top-level site (or First-Party Set, where the site uses that feature) to meet use cases that are not cross-site tracking related (e.g. SaaS embeds, headless CMS, sandbox domains, etc.). In order to do so, we introduce a mechanism to opt-in to having their third-party cookies partitioned by top-level site using a new cookie attribute, Partitioned.
Link to “Intent to Prototype” blink-dev discussion
https://groups.google.com/a/chromium.org/g/blink-dev/c/hvMJ33kqHRo
Goals for experimentation
CHIPS is a new, opt-in technology meant to preserve a set of use cases (e.g. third-party embeds) that may break once third-party cookies are phased out while preventing cross-site tracking. We need to validate whether the proposed syntax and semantics solve these use cases prior to third-party cookie obsoletion by giving developers a way to test it in a scaled manner and provide early feedback. We hope to validate ergonomics, deployability, and backward compatibility.
Experimental timeline
The experiment will start in M100 and run from March 31st, 2022 until June 30, 2022.
Any risks when the experiment finishes?
Since Chrome will not send and may delete partitioned cookies when it is started with the feature disabled, sites that set cookies with the Partitioned attribute during the experiment will no longer have those cookies available on clients' machines.
Reason this experiment is being extended
N/A
Ongoing technical constraints
None.
Debuggability
We have coordinated with the DevTools team to surface cookie partition keys to developers in DevTools. We have added a new cookie inclusion reason with a debug string when sites set Partitioned cookies incorrectly. We may also support surfacing partitioned cookies that are not included in requests because their partition key did not match the top-level site in DevTools.
Will this feature be supported on all five Blink platforms supported by Origin Trials (Windows, Mac, Linux, Chrome OS, and Android)?
Yes.
Link to entry on the feature dashboard
Can you verify that I am getting this right.
1. The long term plan is to get rid of "tracking" cookies, or more specifically third party cookies shared between multiple first parties.
2. This will not change anything unless a site explicitly asks for their cookies to stop tracking people.
3. (outside this experiment) Eventually the default might change to "Partioned" and another flag will have to be used to keep tracking users cross sites.
4. (outside this experiment) Finally tracking cookies are disabled completely (similar to what Safari has done).
If that is right, should this prepare the syntax to allow for step 3, like having "Partitioned=Absolutely" and "Partitioned=Nope" instead of just partitioned?
In step 4 I assume "Partitioned" becomes a no-op since that is the only available stage?
Another question: Do you have partners ready to start testing this?
/Daniel
Will this be run as a third-party Origin Trial? As a Finch experiment? Other?
So, when the experiment finishes, sites that opted-in to that mode will lose their cookies and their users will e.g. be logged out, etc?
That seems like a deterrent. Is there a way around that? (e.g. migrate the cookies to the default 3P behavior when the experiment is done. Not sure how feasible that is..)
The long term plan is to get rid of "tracking" cookies, or more specifically third party cookies shared between multiple first parties.
This will not change anything unless a site explicitly asks for their cookies to stop tracking people.
Eventually the default might change to "Partioned" and another flag will have to be used to keep tracking users cross sites... In step 4 I assume "Partitioned" becomes a no-op since that is the only available stage?
If that is right, should this prepare the syntax to allow for step 3, like having "Partitioned=Absolutely" and "Partitioned=Nope" instead of just partitioned?
Do you have partners ready to start testing this?
Will this be run as a third-party Origin Trial? As a Finch experiment? Other?This experiment will be run as a 3P Origin Trial,So, when the experiment finishes, sites that opted-in to that mode will lose their cookies and their users will e.g. be logged out, etc?
That seems like a deterrent. Is there a way around that? (e.g. migrate the cookies to the default 3P behavior when the experiment is done. Not sure how feasible that is..)The reasoning behind why we didn't do that is that partitioned cookies allow the existence of multiple cookies with the same host key, name, and path to exist in separate partitions. Rather than coalescing these into one cookie (which one is the right one to keep, after all?), we decided to just remove partitioned cookies from clients' machines when the feature is disabled to provide deterministic behavior.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
Thanks for your answers. I hope it works out fine. (You already have Chris' LGTM so your experiment is ready to go)
/Daniel
    
--
You received this message because you are subscribed to a topic in the Google Groups "blink-dev" group.
To unsubscribe from this topic, visit https://groups.google.com/a/chromium.org/d/topic/blink-dev/_dJFNJpf91U/unsubscribe.
To unsubscribe from this group and all its topics, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/c201a517-e292-40a9-aebd-3ebed0d67f4dn%40chromium.org.