30+ Privacy Sandbox proposals offered by Chrome and others.Trust Tokens: Enable a website to convey a limited amount of information from one browsing context to another (for example, across sites) to help combat fraud, without passive tracking.Privacy Budget: Explore methods of quantifying the amount of information about a user's browser or device that are available to websites, and develop practical mechanisms to enable browser-based limits on the information a site can access.Gnatcatcher also ensures that sites requiring access to IP addresses for legitimate purposes such as abuse prevention can do so, subject to certification and auditing. There are two parts to the proposal: Willful IP Blindness provides a way for websites to let browsers know they are not connecting IP addresses with users, and Near-path NAT allows groups of users to send their traffic through the same privatizing server, effectively hiding their IP addresses from a site host. Gnatcatcher: Limit the ability to identify individual users by accessing their IP address.DNS-over-HTTPS: A protocol for DNS resolution via the secure context of HTTPS.Client Hints enable developers to actively request only the information they need about the user's device or conditions, rather than needing to parse this data from the User-Agent string. User-Agent Client Hints: The User-Agent (UA) string is a significant passive fingerprinting surface, as well as being difficult to process.Enables two types of reports: event-level and aggregate. Previously known as the Event Conversion Measurement API. Core Attribution Reporting: Correlate ad clicks or ad views with conversions.FLEDGE is the first experiment to be implemented in Chromium within the TURTLEDOVE family of proposals. FLEDGE: Ad selection to serve remarketing and custom audience use cases, designed so that it cannot be used by third parties to track user browsing behavior across sites.The Topics API proposes a mechanism to map website hostnames to topics of interest, and provides a JavaScript API that returns coarse-grained topics a user might currently be interested in, based on their recent browsing activity. Designed so that it doesn't require third-party cookies and cannot be used by third parties to track user browsing behavior across sites. Topics API: Enable interest-based advertising.WebID enables federated sign-in without the use of redirects, pop-ups or third-party cookies which can be used to identify and track users across sites. Federated Credential Management: Support federated identity (where a user can sign into a website through a third-party service) without sharing the user's email address or other identifying information with a third-party service or website, unless the user explicitly agrees to do so.HTTP Cache Partitioning: Improve security and privacy by partitioning the browser HTTP cache.Network State Partitioning: Partition network state to prevent browser network resources being shared across first-party contexts, by ensuring that every request has a network partition key that must match in order for resources to be reused.Fenced Frames: Provide a type of frame element that can be used to display content (such as an advertisement) but can't interact with the page around it.Storage Partitioning: Enable all forms of user agent state, such as localStorage or cookies, to be double-keyed: by the top-level site as well as the origin of the resource being loaded, rather than a single origin or site.SameSite cookies: Secure sites by explicitly marking cross-site cookies.Origin-Bound Cookies: Bind cookies to their setting origin by default, so they are only accessible by that origin.A partitioned third-party cookie is tied to the top-level site where it was initially set and cannot be accessed from elsewhere. The core aim is to allow cookies to be set by a third-party service, but only read within the context of the top-level site where they were initially set. CHIPS: As with First-Party Sets, this proposal addresses use cases around partitioning, and how cross-origin interactions and sharing might be enabled, where it makes sense, and how this can be kept safe.Shared Storage: Proposal for a general-purpose, low-level API that can serve a number of legitimate use cases that currently rely on unpartitioned storage (which is being deprecated).First-Party Sets: Allow related domain names owned by the same entity to declare themselves as belonging to the same first party.# Strengthen cross-site privacy boundaries Over the coming months, we'll add more posts within this site to summarize external content. Some items below link to API explainers or other resources.
0 kommentar(er)
