Feedback

Where and how to provide feedback for Privacy Sandbox proposals throughout the development process.

Published on Updated on

Getting feedback from a diverse set of stakeholders across the web ecosystem is critical to the Privacy Sandbox initiative. Here you’ll find explanations of the many public channels that inform development, and guidance on how individuals and organizations can provide feedback at every stage. Chrome product managers and engineers actively engage with this feedback, and there are hundreds of industry representatives already participating.

There are many feedback channels available to you. Individual interactions are public in most cases, which means you can follow along in discussions and decide where you want to contribute. There is also a feedback form, which provides the opportunity for stakeholders to share feedback directly to the Chrome team outside of public forums. Feedback received through the feedback form may be aggregated for inclusion in the Chrome team’s public reports, without attribution.

How will you know feedback has been considered?

Regular updates for each Privacy Sandbox API are published on this site. In particular, these updates will cover a summary of common feedback themes per API.

While public feedback channels are preferred, both public (e.g., GitHub) and direct (e.g., feedback form) channels do exist, and the Chrome team will explain whether and how feedback and concerns arising from stakeholder engagement are being incorporated into the design and development of each API.

Feedback routes

Collaborate on individual proposals

Every Privacy Sandbox proposal is open to public discussion, where proposal authors and web stakeholders collaborate to answer open questions and clarify implementation details before features are finalized.

A proposal begins with an explainer—a high-level technical overview of a proposed specification's functionality. Explainers are posted to start the feedback process, as there are always open questions and details that need clarification. This collaborative process is ongoing through the lifecycle of the proposal from early discussion of the idea through to iterating on revisions of a formal specification.

You can see this pattern of a high-level overview and open questions in the Topics API explainer.

The explainers and supporting content are hosted on GitHub. GitHub enables anyone with a GitHub account to raise an Issue (ask questions or add comments) in the repository (repo) to start or participate in a discussion. Proposal authors, including Chrome product managers and engineers, are active in these discussions and GitHub provides options to be alerted for any new activity. With GitHub feedback, you can engage directly with the community interested in a specific proposal. Even without a GitHub account, you can still read all the community commentary for each proposal.

Discussion in the repository should be focused on how and why the proposal addresses the use case it sets out to solve. You can find the link to view and raise an issue for each proposal in the Feedback column of the tables in the Proposals section.

Track and respond to Chromium feature development

Every stage of feature development is announced to a public mailing list, which encourages further discussion of technical implementation.

Each proposal may result in one or more features to build in Chromium. Proposal developers submit requests to begin each stage of feature development on the public blink-dev mailing list. These stages include: Intent to Prototype (I2P), Intent to Experiment (I2E), Intent to Ship (I2S), or Intent to Remove (I2R).

  • Intent to Prototype (I2P): the developer would like to begin an initial implementation in Chromium. This often results in early functionality being available for developer testing. Useful feedback at this stage is likely best suited to GitHub as the aim at this stage is to validate proposal ideas with working code.
  • Intent to Experiment (I2E): the developer would like to run scaled testing in the form of an origin trial. This allows sites to test early functionality on a portion of their own traffic. Useful feedback at this stage includes stating willingness to participate and if the proposed experiment meets your needs to validate behavior.
  • Intent to Ship (I2S): the developer would like to deploy the completed feature to Chromium. This results in the functionality being available for all users. Useful feedback at this stage addresses outstanding issues to ensure the feature is ready for general availability.
  • Intent to Remove (I2R): the developer would like to deprecate and remove functionality from Chromium. Useful feedback here includes highlighting if this removal impacts your use case in ways not captured by the development team.

Each stage has a standard template where the developer will provide a selection of relevant information. Certain stages require approval from Chromium project owners who will do this by providing a "Looks Good To Me" (LGTM) response on the post.

The mailing list is open to the public so you can follow along with the discussion on each milestone and join the list to ask additional questions. There is a high-level of activity on this list as it covers all functionality landing in the Chromium project, so you may wish to track individual features on the Chrome Status site.

Discussion on these threads should focus on the specifics of implementing the particular feature in Chromium; discussion on how the proposal itself functions is best suited for GitHub. You can find a link to view and contribute to each of these announcements in the Intents column in the tables in the Proposals section.

Track and discuss individual feature development

Specific mailing lists may be created as proposal implementation progresses, to allow for more focused discussion.

As individual proposals progress through implementation in Chromium, a proposal-specific mailing list may be created to allow for focused communication.

This allows for announcements and discussion of origin trial updates, necessary code updates , or known issues that may impact development. As with blink-dev, these lists are public. If you are directly tracking or working on one of these proposals, you should join the specific list to hear updates directly from the development teams.

Discussions on these threads should be focused on the ongoing implementation detail in Chromium as the intended audience is developers directly coding against the feature, as opposed to a general audience interested in broad announcements. You can find a link to read and contribute to these in the Mailing list column in the tables in the Proposals section.

Raise and track feature issues

As implementation continues, issues with the feature behavior can be raised in the Chromium issue tracker.

This includes implementation bugs where Chromium's behavior does not match the proposed specification, but can also cover browser-specific functionality such as how the feature interacts with DevTools and user preferences, or it may just be to report an error. Issues can be raised at any point in the lifecycle of a Chromium feature, whether that's newly available for developer testing behind a flag or something discovered in a stable release.

Discussion in Chromium issues should be focused on the details of the envisaged implementation of the feature in Chromium; discussion on how the proposal itself functions should go to GitHub. You can find a link to view or raise issues in the Chromium component column of the tables in the Proposals section.

Follow and participate in standards bodies

The World Wide Web Consortium (W3C) and Internet Engineering Task Force (IETF) develop open standards for all web platforms. They encourage interested parties to discuss and learn about individual standards as well as the web ecosystem at-large.

The W3C and IETF are international communities that develop open standards for the web and the Internet to ensure the long term growth of these open platforms. New web platform technologies, like Privacy Sandbox technologies, are proposed and discussed in various forums across these standards bodies. These forums are open to anyone who wants to actively participate in the design and development of the technologies.

Each standards body offers any interested party a variety of different membership and contribution options. There are Community Groups and Business Groups which include members from across the web ecosystem and relevant industries. Proposal authors will often present overviews and progress updates at associated meetings, providing an opportunity to ask direct questions and hear from other stakeholders. Meeting minutes for most groups are publicly available.

Discussion in standards bodies is wide-ranging, but generally focuses on how a proposal meets the needs of the ecosystem and its progress towards becoming an accepted standard. You can find a link to follow or join in the Standards groups column of the tables in the Proposals section.

Submit feedback through the feedback form

Not all issues fit neatly into the above categories. While these routes are the best way to start a public dialogue with the most relevant people, the feedback form is there to ensure you can always reach the Chrome team directly.

This form may be the right place if you want to know:

  • How particular situations may be affected by multiple proposals;
  • If your use case is covered by a proposal.

While this is an opportunity for stakeholders to share feedback to the Chrome team directly, the themes or issues in your feedback may be aggregated for inclusion in the Chrome team’s public reports, without attribution.

Proposals

Key

FeedbackOpen discussions on the individual proposal
IntentsAnnouncement messages for each stage of Chromium feature development
Chromium componentOpen issues related to Chromium feature implementations
Mailing listDeveloper announcements and discussion for in-progress Chromium features
Standards groupsW3C or IETF groups where individual proposals are discussed

Fight spam and fraud on the web

Trust Token API

Trust Tokens enables a site to share small amounts of information, like signaling a user is genuine, to another site without allowing cross-site tracking. Learn more about the Trust Token API

Last updated 2022/02

Show relevant content and ads

Topics API

Topics enable interest-based advertising, without resorting to tracking the sites a user visits. Learn more about the Topics API.

Last updated 2022/03: Topics is preparing for origin trial

Feedbackjkarlin/topics
IntentsI2E 2022/03, I2P 2022/02
Chromium component[to come]
Mailing listtopics-api-announce
Standards groupsImproving Web Advertising Business Group

FLoC API

FLoC provided a high-level view of a user's interests by grouping them in cohorts with thousands of similar browsers. Learn more about FLoC.

Last updated 2022/02: FLoC has been superseded by Topics API, links are for historical reference

FeedbackWICG/floc
IntentsI2E 2021/03, I2P 2020/05
Chromium componentBlink>InterestCohort
Mailing list[optional]
Standards groupsImproving Web Advertising Business Group

FLEDGE API

FLEDGE enables remarketing and custom audience use cases, as in advertising that can make use of sites or products previously visited, but without relying on an individual identifier. Learn more about FLEDGE.

Last updated 2022/03: FLEDGE is preparing for origin trial

Measure digital ads

Event-level reports in the Attribution Reporting API

Event-level reports allow sites to measure when a user action, such as an ad click or view, leads to a conversion, but without using cross-site identifiers. Learn more about the Attribution Reporting API.

Last updated 2022/03: Attribution Reporting is preparing for an additional origin trial

Summary reports in the Attribution Reporting API

Summary reports allow for an aggregated view of detailed conversion data, which retains critical information for reporting without the ability to identify individual users within that data. Learn more about the Attribution Reporting API.

Last updated 2022/03: Attribution Reporting is preparing for an additional origin trial

Strengthen cross-site privacy boundaries

First-Party Sets API

First-Party Sets allows related sites, owned and operated by the same entity, to declare themselves as belonging to the same first-party. Learn more about First-Party Sets.

Last updated 2022/02

Shared Storage API

Shared Storage allows sites to store unpartitioned cross-site data, but only read that data in specifically controlled ways. This facilitates several use cases, such as consistent A/B experiments across sites. Learn more about the Shared Storage API.

Last updated 2022/02

Cookies Having Independent Partitioned State (CHIPS)

CHIPS allows sites to opt-in a cookie to "partitioned" storage, with a separate cookie jar per top-level site. Learn more about CHIPS.

Last updated 2022/02

FeedbackWICG/CHIPS
IntentsI2E2022/02, I2P 07/2021
Chromium componentInternals>Network>Cookies
Mailing list[optional]
Standards groupsWeb Platform Incubator Community Group (WICG)

Storage Partitioning

Storage partitioning brings other existing storage and communication methods inline with the proposed cookie changes by creating separate containers for storage per top-level site. Learn more about Storage Partitioning.

Last updated 2022/02

Feedbackwanderview/quota-storage-partitioning
IntentsI2P 2021/05
Chromium componentBlink>Storage
Mailing list[optional]
Standards groupsPrivacy Community Group

HTTP Cache Partitioning

The HTTP cache previously provided a single point where it was possible for one site to determine if its resources had been loading another—effectively leaking cross-site information. Partitioning the cache ensures that activity is restricted to a single site. Learn more about HTTP Cache Partitioning.

Last updated 2022/02: HTTP cache partitioning has fully shipped

Network State Partitioning

Network State Partitioning continues the pattern implemented in HTTP Cache Partitioning by creating finer-grained containers for caches, preventing cross-site information leakage. Learn more about Network State Partitioning.

Last updated 2022/02

Fenced Frames

Fenced frames enforce a boundary between a page and embedded content which can allow safe access to unpartitioned data without allowing cross-site tracking. Learn more about Fenced Frames.

Last updated 2022/02

Feedbackshivanigithub/fenced-frame
IntentsI2P 2021/04
Chromium componentBlink>FencedFrames
Mailing list[optional]
Standards groupsImproving Web Advertising Business Group

Federated Credentials Management (FedCM)

The Federated Credentials Management API builds on existing identity provider use cases to allow new and existing federated identity use cases to continue without third-party cookies. Learn more about Federated Credentials Management.

Last updated 2022/03

Feedbackfedidcg/FedCM
IntentsI2E 2022/03, I2E 2022/02, I2P 2020/09
Chromium componentBlink>Identity>FedCM
Mailing list[optional]
Standards groupsFederated Identity Community Group

Prevent covert tracking

SameSite Lax by default cookies

"SameSite Lax by default" was a specification change which made all cookies first-party (or same-site) by default. This also required sites to explicitly mark their cookies for third-party (or cross-site) usage. Learn more about SameSite cookies.

Last updated 2022/02: SameSite=Lax by default has fully shipped

DNS-over-HTTPS

DNS-over-HTTPS ensures that the sites visited by the browser are not visible to observers on the same network. Learn more about DNS-over-HTTPS.

Last updated 2022/02: DNS-over-HTTPS has shipped for all platforms

Feedbacknet-dev
Intents[n/a]
Chromium componentInternals>Network>DoH
Mailing listnet-dev
Standards groupsDNS Over HTTPS (doh)

User-Agent reduction and User-Agent Client Hints

Chrome is reducing the amount of information exposed by default in its user-agent string which limits the potential for covert tracking. User-Agent Client Hints allows sites to receive this information on-request with a clean and auditable API. Learn more about the User-Agent reduction and User-Agent Client Hints (UA-CH).

Note: Overall work has shipped incrementally as a number of individual features resulting in more Intent messages.

Last updated 2022/02

Gnatcatcher

Gnatcatcher explores methods to mask a user's IP address from sites. Masking can reduce a major tracking signal while still retaining core functionality that requires the IP address. Learn more about Gnatcatcher.

Last updated 2022/02: The initial Privacy Budget proposal is still in early discussion

Feedbackbslassey/ip-blindness
Intents[to come]
Chromium component[to come]
Mailing list[optional]
Standards groupsMultiplexed Application Substrate over QUIC Encryption (masque)

Privacy Budget

The Privacy Budget explores how a browser could detect the amount of identifying information available to a site, then allow the browser to take action before too much data is collected. Learn more about Privacy Budget.

Last updated 2022/02: The initial Privacy Budget proposal is still in early discussion

Feedbackbslassey/privacy-budget
Intents[to come]
Chromium component[to come]
Mailing list[optional]
Standards groupsPrivacy Community Group

Updated on Improve article

We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.