W3C slaps down Google's proposal to treat multiple domains as same origin

A Google proposal which enables a web browser to treat a group of domains as one for privacy and security reasons has been opposed by the W3C Technical Architecture Group (TAG).

Google’s First Party Sets (FPS) relates to the way web browsers determine whether a cookie or other resource comes from the same site to which the user has navigated or from another site. The browser is likely to treat these differently, an obvious example being the plan to block third-party cookies.

The proposal suggests that where multiple domains owned by the same entity – such as google.com, google.co.uk, and youtube.com – they could be grouped into sets which “allow related domain names to declare themselves as the same first-party.”

The idea allows for sites to declare their own sets by means of a manifest in a known location. It also states that “the browser vendor could maintain a list of domains which meet its UA [User Agent] policy, and ship it in the browser.”…

This thread was posted by one of our members via one of our news source trackers.

Corresponding tweet for this thread:

Share link for this tweet.