First-party sets and Storage Partitioning

[elimenko]

So, First-party sets is one of the approaches to solve Third-party cookies issues. Is there a way to make it work for the cases when local storage is used for communication between trusted websites from different domains? For example by making LS unpartitioned, but allowing access to it if domains are specified in the FPS relation. We have quite a complex communication mechanism in place, that relies on Local Storage and StorageEvents, that was impacted by Third-party storage partitioning rollout, and it would take quite a lot of effort to refactor it. Also, I don't see any other option except for using backend for this kind of communication now. Also it seems that Storage Access API works only with cookies, maybe it can be applied to other storage types too?

[johannhof]

Hi @elimenko, yes, you're looking for https://github.com/privacycg/storage-access/issues/102, which tracks the Storage Access API actually dealing with storage instead of just cookies. We recently revived the issue with a few concrete suggestions for how this could work, and you can follow the thread to stay in the loop.

Also I'd like to make you aware of the Deprecation Trial that Chrome is running for Storage Partitioning which should hopefully give you some additional time to evaluate your options.

[elimenko]

Thank you @johannhof ! I will dig into the suggested topic 👍

[annevk]

How does that setup work in browsers that have already partitioned storage?

[johannhof]

The Chrome DT does not work in other browsers, I was just sharing it for completeness since this seemed to refer to the recent Chrome rollout. The SAA updates will apply to all browsers, should they choose to implement them.

It's probably fine to close this issue given that we're tracking progress on https://github.com/privacycg/storage-access/issues/102

[elimenko]

@annevk Most of our customers use Google Chrome, so most likely non of them just ran into issues in other browsers