-
Notifications
You must be signed in to change notification settings - Fork 630
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Critical feature request: partitioned cookies (CHIPS) and partitioned storage (Storage Partitioning) that can leverage Related Website Sets #314
Comments
Thanks @kelvingraddick. Your use case looks similar to those in WICG/first-party-sets#94 and #179. Based on your feature requests (especially "We need to know if this user has a current conversation to know whether to show the conversation or an invitation, without the user clicking."), you may also be interested in Shared Storage, particularly in the "known customers" use case: https://developers.google.com/privacy-sandbox/relevance/shared-storage/known-customer |
Thanks for responding @cfredric ! That is a very similar issue and seems like it would help our use case too. I don't see in the thread any changes stemming from it yet. I did see the "known customers" use case, but in our case, we need to be able to share a "LivePerson consumer ID" across related domains to load the user's exact same conversation again, and not generically whether they just have a conversation or not. Is that something that can be done with Shared Storage API? To me it seems like the current output gates won't allow us to store and retrieve a unique consumer ID (https://developer.mozilla.org/en-US/docs/Web/API/Shared_Storage_API#output_gates), but maybe there is something I am missing. Do you have any advice on this? |
I see, so your real requirement is for a user identifier, not just whether this user has an active conversation. In that case, that is higher-entropy data, and (clearly) provides the ability to track users unless it is partitioned somehow. This is not something Shared Storage can provide, since that API (as well as other Privacy Sandbox APIs) is specifically designed to make cross-site tracking infeasible. With that in mind, I think your use case is a good example for WICG/first-party-sets#94, since (IIUC) you need a user identifier but you don't want it to be totally unpartitioned; you're ok with the identifier being scoped to within a single RWS, and therefore not usable for tracking outside of that RWS. (And because it doesn't enable pervasive tracking, it'd be ok to provide the identifier to your site without asking for the user's permission first, IMO.) Do I have that right? If so, then this is definitely something I want to support; this feature request has just been on our backlog for a while, while we work on other problems. |
Yes! @cfredric this is exactly our use case, and what we need! Unpartitioned storage scoped within an RWS. Or for the partitioned storage to be available/keyed by the whole RWS, instead of just being keyed to each domain separately in the RWS like it is now. If this is something you are considering – that is great news! My team, company, and our large customers like Verizon who are currently having this issue would GREATLY appreciate this. Like you said, I think it covers a valid use case that doesn't violate the new privacy efforts. I will share our use case as an example in the other GitHub issue link you provided. Please let me know if there are other possible next steps, and/or if there something I can do to help with this. Thanks! |
Hey @cfredric! Hope all is well. You mentioned "this feature request has just been on our backlog for a while" – I wanted to check if there has been any update on it or any plans for it? |
This comment was marked as off-topic.
This comment was marked as off-topic.
@kelvingraddick We proposed a potential API for this feature request here. Could you please provide your feedback on that thread? |
@kelvingraddick Ah, I see you already did. Closing out this issue, but please continue to use the other thread for discussion. |
Background / Context
I work for LivePerson, a major web chat provider for companies like Microsoft, Verizon, The Home Depot, GoDaddy, and many more.
Our web chat product is "embedded" – running as an application directly on the webpages of our customers listed above (not in an iframe), where typically we can use first party cookies / storage to store things like a user's chat identity, in order to maintain a conversation page-to-page.
However, some of our customers have multiple top-level domains (ex. verizon.com and verizon-sales.com) where they still need a consumer's chat identity / conversation maintained across.
To be clear this is NOT an advertising tracking scenario, but simply a 3rd-party chat application scenario, that major brands are currently using.
Feature Request
What we propose is that partitioned cookies (CHIPS) and/or partitioned storage (Storage Partitioning) are automatically allowed to be accessed across the Related Website Set, without the need for the Storage Access API, nor user interaction.
In other words, the cookies or storage is able to be partitioned/accessed per Related Website Set (if one is defined), and NOT just per single domain. For our scenario, this will allow a brand to define their related website set, and us to be able to still access partitioned cookies/storage across them, in order to maintain a user's chat identity and conversation across the related website set.
Why can't we just use the Storage Access API with Related Website Sets?
Please let me know if you have any questions, feedback, and/or concerns. Thanks!
The text was updated successfully, but these errors were encountered: