updates‎ > ‎

First-Party Sets

First-Party Sets (aka FPS)

Motivation

Borrowing from the First-Party Sets explainer: In defining this scope [of ‘first-party’ in privacy models], we must balance two goals: the scope should be small enough to meet the user's privacy expectations, yet large enough to provide the user's desired functionality on the site they are interacting with.

Origin Trial

First-Party Sets will begin Origin Trial in M89.

The goals of the Origin Trial are to:

  • Test FPS functionality within a limited prototype, including the SameParty attribute
  • Build awareness/interest in the FPS feature.
  • Receive set membership requests and determine if FPS policy needs to be adjusted in order to meet privacy norms.
  • Determine if FPS functionality meets needs of common-owned, separate-domain entities (during or post-OT) Test FPS UI options for user visibility and usefulness

Origin Trial Policy

In order to apply a structured approach to examining user understanding of FPS relationships, the following policy constraints will apply to the First-Party Sets Origin Trial:

  • First-Party Sets during OT will be limited to five registrable domains (plus any TLD variants of those five). This allows for viable testing of FPS functionality, and a small set size to initially gauge user understanding of the feature.
  • An individual domain may only be included in a single Set
  • First-Party Sets during OT will only be available to common-owned, common-controlled domains. Common ownership and control has been proposed to aid in user understanding of FPS relationships.
  • First-Party Set requests during OT will specify the location of the privacy policy or privacy policies of their proposed set members, and will list any differences in those policies.

Origin Trial Functionality

The FPS Origin Trial will be “cosmetic” in that it will not change data sharing capabilities for FPS member domains; therefore, UX treatments will not be required for initial OT. In addition, when the user has third-party cookie blocking enabled, Chrome's normal functionality will persist and cookies will not be shared in cross-domain contexts - even if the domains are part of the First-Party Set OT.

In parallel with the Origin Trial, we will be conducting user research to better understand user expectations with respect to First-Party Sets. It is expected that this will allow testing of browser user interface options to make First-Party Sets discoverable and transparent for users.

Joining the Origin Trial

To request participation in the Origin Trial for Chrome M89+, please utilize the standard Origin Trial process: https://developers.chrome.com/origintrials/#/trials/active. Note: you only need to register one domain - the “owner domain” of the set. We will use OT registrations for feedback and follow-up as needed. If performance/usage/unintended consequences present themselves during this experiment, we may end the experiment and notify participants.

Additionally, please submit your proposed set details with this bug template; bugs (and any resulting comments/questions) will be publicly visible once submitted.

If you have any questions, please reach out to chrome-first-party-sets@chromium.org.


Update History

  • November 23, 2020: created First-Party Sets page on chromium.org

  • January 5, 2021: expanded details about First-Party Sets and added Origin Trial information


Resources

Comments