Cross Domain Non Tracking Apps (chat modules, gmail etc) in Floc

[TheMaskMaker]

@michaelkleber Thanks in advancing for helping me flesh this out a bit better!

To repeat the context, in the privacywg call, Mr. Lee expressed he was having trouble with his third party non-tracking user sign-in chat app in the various new privacy environments especially with the death of cookies and various changes. I am still trying to get my browser to run the floc origin trial, but seeing the 'browser not supported' message form the glitch.io despite flag runs, I went to this repo's very readme which currently details:

For Chrome’s POC, cohorts will be logged with sync in a limited set of circumstances. Namely, all of the following conditions must be met:

1. The user is logged into a Google account and opted to sync history data with Chrome

This requires login to chrome/gmail and syncing all of browser history with chrome. I am not sure if this is my problem as I am still debugging the origin trial, but it raise a good question:
Will this continue to be required in the final production launch of floc. If so, or if chrome technologies can identify a user and send data to a server, could Mr. Lee's problem be solved by allowing third party chat apps and integrations like his to use the same mechanism?

Basically, will some third party user opt-in/sign-in cross domain solution be available? Which one does Google plan to use for syncing and gmail etc as that could advise other companies of the correct approach?

If not, will chrome discontinue syncing and gmail login?

[michaelkleber]

The only thing here that relies on a person being logged into a Google account and opted into sync is the way we, Chrome, are counting how many people are in each flock. For now, that's how we make sure they are all large and private enough.

Browser instances (individual copies of Chrome) calculate their own flock in exactly the same way, whether someone is logged in or not. Being logged in has zero impact on your experience of the origin trial or anything else about the API.

[TheMaskMaker]

So to clarify:
What will gmail and chrome sign-in do in a floc world? I did not understand your answer to this part? Will this solution work for others as well such as the module Mr. Lee mentioned?

Separately, I think you answered my other question, but to confirm, are you saying logging in and syncing are only needed now, but that will be removed later?

[TheMaskMaker]

Also, I'm confused why the issue was closed; you asked me to file it here as opposed to discussing it on the call, I assumed you wanted to discuss it in great detail?

[michaelkleber]

Sorry, I thought I answered all of your questions about flock, which is why I closed the issue. I'll try again, and let you choose to close it this time :-)

What will gmail and chrome sign-in do in a floc world?

gmail has nothing to do with FLoC.

Will this solution work for others as well such as the module Mr. Lee mentioned?

There is no solution here. The only thing FLoC lets you do is find out a person's interest cohort. That wouldn't be useful to Mr. Lee, so I don't think it's at all relevant.

Separately, I think you answered my other question, but to confirm, are you saying logging in and syncing are only needed now, but that will be removed later?

That's right — sync is used right now as the way to make sure that each cohort is large enough, but that will be removed once we have a better way to do it.

[TheMaskMaker]

Thank you for reopening! and I think you have answered the sync part of my question. I am still confused about the privacycg question (cross domain sign in). Let me try to ask this part of the question separately.

I was hoping google's plan to handle this could serve as an example to others. I was excited to hear you say that google would not be giving itself any special treatment with chrome, meaning that google products will use the same technologies available to everyone else. It struck me as very respectable. It also made me realize that you suffer from the same issues we do.

Naturally, google has 2 technologies affected by floc that will have the same issues as Mr. Lee's app once third party cookies disappear. Floc prevents individual user tracking and I thought google might have a solution since chrome currently has single user sign in, and sync functionality which to use requires single user sign-in (to a chrome and a gmail account which is why I mentioned it). These are single user tracking cases that collect interests and browser histories etc. The data is currently used for ad personalization (it says so on the button) Surely you have thought about what to do with these services when you cannot track a single user anymore, and I was hoping you would share your solution as it might solve the problem for many worried companies.

Namely my question is how does google itself plan to handle this for its own (web and client-side browser) products and could that solution be applied to others? Is it some method of partitioned storage? Or given the recent announcement that 'even google' won't know your browsing history (it came up in a few articles such as https://www.searchenginejournal.com/are-you-ready-to-join-a-cohort-google-releases-floc/401074/ though they could have their facts wrong) in floc world will syncs be discontinued or limited in some way?

[jyasskin]

Maybe you're looking for https://wicg.github.io/WebID/README.html, which is actively trying to handle federated identity?

[TheMaskMaker]

@jyasskin This is not what I was asking about, but it is interesting and separately from this conversation I'll take a look/join that group as well, as it speaks to the broader issue.

My question here though is floc specific, i.e. in absence of a sister proposal what are google's plans for these technologies so that we could apply them to other tech as well?

[samdutton]

I am still trying to get my browser to run the floc origin trial, but seeing the 'browser not supported' message form the glitch.io despite flag runs, I went to this repo's very readme which currently details:

Sorry to hear the demo didn't work for you.

Just to double check:
• You're accessing floc.glitch.me from Chrome 89 or above.
• You're running Chrome with the flags below using one of the methods described on chromium.org.
• You don't have chrome://settings/privacySandbox disabled.
• You don't have an adblocker or a similar app/extension running.
• You're not using Incognito mode.

Reloading the page may also work, if for some reason getting the cohort was slow.

--enable-blink-features=InterestCohortAPI 
--enable-features="FederatedLearningOfCohorts:update_interval/10s/minimum_history_domain_size_required/1,FlocIdSortingLshBasedComputation,InterestCohortFeaturePolicy"

[TheMaskMaker]

@samdutton I appreciate the help! But I also don't want to derail this topic so I made a new issue for that; could we discuss here: #98 Thanks!

[samdutton]

Thanks @TheMaskMaker !

[TheMaskMaker]

Thank you @samdutton I'd love to get floc running!

Btw while you are here, since you are a Google Developer Advocate so the question in this issue might also be up your alley; do you happen to know how google will do cross domain sign-in in a floc world? Like for chrome, gmail, device syncs, etc?

[TheMaskMaker]

Wondering if there was any follow up here? I see the question was also raised in #52 and no answer was given. It would be helpful to understand how this will work going forwards.

[npdoty]

I think maybe this is a question about how Google intends to provide single sign-on or related functionality with their proposed deprecation of third party cookies. (Is that right?)

That doesn't seem to be functionality provided by FLoC, either in current experiments or as a future goal. Maybe the Chrome team discusses these sorts of topics on blink-dev or some other Chromium-specific forum? Or some blog posts suggest using the https://lists.w3.org/Archives/Public/public-web-adv/ list.