Request to Increase the Limit of Associated Domains in Related Website Sets (RWS) Solution

[elliatab]

Hello Google Privacy Sandbox Team,

I am writing on behalf of Rakuten Analytics team to request an increase in the limit of Associated domains within the Related Website Sets (RWS) solution. Currently, the limit is set to five domains, as outlined in your blog post.

Our organization operates a network of related websites that exceed this limit, and we believe that increasing the number of allowable Associated domains would significantly enhance our ability to provide a seamless and cohesive user experience across our entire web ecosystem.

Here are a few key points to consider:

1. Operational Efficiency: Managing user sessions and data across a larger number of domains under a single Related Website Set would streamline our operations and reduce the complexity of our infrastructure.
2. Privacy and Security: We are committed to adhering to all privacy and security guidelines set forth by the Privacy Sandbox. Increasing the limit would not compromise user privacy, as all domains within our set are managed by the same legal entity. This ensures that the same stringent privacy policies and security measures are uniformly applied across all associated domains, maintaining a high standard of user data protection and compliance.
3. Industry Relevance: Many organizations, especially those with diverse digital portfolios, face similar challenges. Increasing the limit would make the RWS solution more applicable and beneficial to a broader range of businesses.

We kindly request that the limit of Associated domains be reconsidered and increased to accommodate organizations like ours. We believe this change would align with the Privacy Sandbox's goals of enhancing user privacy while supporting the needs of modern web operations.

Thank you for considering our request. We are open to further discussions and can provide additional details if needed.

[dmarti]

The issue of a hard numeric limit for associated RWSs has been extensively discussed: https://github.com/WICG/first-party-sets/issues/93 so this issue might get closed as a duplicate. Basically, even a three-domain set is too big if it's deceptive to the user, and a larger set would have to be evaluated case by case to see if it's understandable to the user as a common "party".

Right now it's not clear what the process for removing an invalid set is, though ( https://github.com/GoogleChrome/related-website-sets/issues/292 ) so changing or removing the arbitrary 5-site limit would need to be done along with figuring out how to remove an invalid set, to keep bogus sets from continuing to pile up.

[krgovind]

Thank you for the feedback @elliatab. As @dmarti suggested, this is being discussed in #93. Our current inclination is to keep the associated domain limit, given the feedback we've received from the community regarding privacy impact and user comprehension; but we would like to understand the use-cases involved, so we can advise on alternative solutions/APIs. For example, if the user sessions are tie to login actions, we would recommend using the FedCM API to maintain functionality. I'd encourage you to enumerate any other use-cases on #93.