Chromium Blog: August 2019

Thursday, August 22, 2019

Fraud Prevention

Publishers today often need to detect and prevent fraudulent behavior, for instance false transactions or attempts to fake ad activity to steal money from advertisers and publishers. Many companies, including Google, work to detect and prevent fraud, and that’s especially true of ad companies and ad fraud.

Some of the tools used to legitimately fight fraud today use techniques that can benefit from using more privacy safe mechanisms. One example is the PrivacyPass token, introduced by CloudFlare for Tor users, which is now moving through the standards process.

Protecting the Sandbox Boundary

Our experience has shown us that removing certain capabilities from the web causes developers to find workarounds to keep their current systems working rather than going down the well-lit path. We’ve seen this recently in response to the actions that other browsers have taken to block cookies - new techniques are emerging that are not transparent to the user, such as fingerprinting.

With fingerprinting, developers have found ways to learn tiny bits of information that vary between users, such as what device they have or what fonts they have installed. By combining several of these small data points together they can generate a unique identifier which can then be used to match a user across websites. Unlike cookies, users cannot clear their fingerprint, and this means that even if a user wishes not to be identified, they cannot stop the developer from doing so. We think this subversion of user choice is wrong.

As referenced in May at I/O, we are actively taking steps to prevent fingerprinting. We are proposing the implementation of what we call a privacy budget. With a privacy budget, websites can call APIs until those calls have revealed enough information to narrow a user down to a group sufficiently large enough to maintain anonymity. After that, any further attempts to call APIs that would reveal information will cause the browser to intervene and block further calls.

We appreciate you taking the time to read through our early proposals for building the Privacy Sandbox. We understand it is ambitious and can’t overstate how important it is that this be refined and improved as a result of collaboration across the industry, including other browsers and publishers. We look forward to hearing your thoughts!

Posted by Justin Schuh - Director, Chrome Engineering

outlined our visiona series of explainers User information

Ad Selection

One of the most challenging questions is what your browser could do to allow a publisher to pick relevant content or show a relevant ad to you, while sharing as little information about your browsing history as possible.

We're exploring how to deliver ads to large groups of similar people without letting individually identifying data ever leave your browser — building on the Differential Privacy techniques we've been using in Chrome for nearly 5 years to collect anonymous telemetry information. New technologies like Federated Learning show that it's possible for your browser to avoid revealing that you are a member of a group that likes Beyoncé and sweater vests until it can be sure that group contains thousands of other people.

Conversion Measurement

Publishers and advertisers need to know if advertising actually leads to more business. If it’s driving sales, it’s clearly relevant to users, and if it’s not, they need to improve the content and personalization to make it more relevant. Users then benefit from ads centered around their interests, and advertisers benefit from more effective advertising.

Both Google and Apple have already published early stage thinking to evaluate how one might address some of these use cases. These proposals are a first step in exploring how to address the measurement needs of the advertiser without letting the advertiser track a specific user across sites.

Fraud Prevention

Protecting the Sandbox Boundary

Chrome Dev Summit is now open for registration!

Tuesday, August 20, 2019

Event details:

Date: Nov 11-12, 2019

Venue: Yerba Buena Center for the Arts in San Francisco, CA

What’s happening?

Over the two days, we will focus on the latest best practices, tools and updates coming to the web platform and give developers a chance to hear directly from the Chrome product engineering teams.

Similar to last year, we’ll have a single track of content in one hall so everyone can enjoy all the sessions and have meaningful discussions. We’re also bringing back the Forum where you’ll be able to enjoy demos of the latest web technologies and developer tools as well as engage with the Chrome team as well as folks from the community.

We’ll be adding more details on the event site, as we move closer to the event, so watch out for more in the coming weeks and months.

Can’t attend in person?

As always, we want to ensure that Chrome Dev Summit stays inclusive and exciting for everyone, regardless of whether you’re joining us in person or online. We’ll be livestreaming the entire two days of content for our online attendees and will also include some exciting livestream-only content.

The Chrome team is committed to making the Web the best platform to give everyone in the world universal access to content and apps. We want to make it easier for developers to bring best-in-class content and experiences to their users, by making it more powerful and by reducing the cost of development. And we hope to do this as responsible citizens of the community, working with others to uphold our principles of promoting the open web.

We look forward to seeing you in San Francisco for yet another awesome Chrome Dev Summit!

Posted by Paul Kinlan, Content-Herder-and-Speaker-Wrangler-in-Chief

We’re excited to announce that registration for the seventh Chrome Dev Summit is now open and you can request your invite here today! During the Summit, we will share our vision for and updates on our work towards moving the web platform forward and of course, have a bit of fun. ‘Cuz what’s Chrome Dev Summit, without some fun?

Event details: Date: Nov 11-12, 2019 Venue: Yerba Buena Center for the Arts in San Francisco, CA What’s happening? Over the two days, we will focus on the latest best practices, tools and updates coming to the web platform and give developers a chance to hear directly from the Chrome product engineering teams.
Similar to last year, we’ll have a single track of content in one hall so everyone can enjoy all the sessions and have meaningful discussions. We’re also bringing back the Forum where you’ll be able to enjoy demos of the latest web technologies and developer tools as well as engage with the Chrome team as well as folks from the community.
We’ll be adding more details on the event site, as we move closer to the event, so watch out for more in the coming weeks and months. Can’t attend in person? As always, we want to ensure that Chrome Dev Summit stays inclusive and exciting for everyone, regardless of whether you’re joining us in person or online. We’ll be livestreaming the entire two days of content for our online attendees and will also include some exciting livestream-only content.
Sign up here so we can send you updates on the livestream and other related info around the event.
The Chrome team is committed to making the Web the best platform to give everyone in the world universal access to content and apps. We want to make it easier for developers to bring best-in-class content and experiences to their users, by making it more powerful and by reducing the cost of development. And we hope to do this as responsible citizens of the community, working with others to uphold our principles of promoting the open web.
We look forward to seeing you in San Francisco for yet another awesome Chrome Dev Summit!

Posted by Paul Kinlan, Content-Herder-and-Speaker-Wrangler-in-Chief

Chrome 77 Beta: New performance metrics, new form capabilities, capabilities in origin trials and more

Friday, August 9, 2019

ChromeStatus.com New Performance Metrics Largest Contentful Paint

Largest Contentful Paintweb.dev First Input TimingPerformanceEventTiming interface New Form Capabilities<input>formdata<input>formdataFormDataformdataMore capable form controlsweb.dev Origin TrialsOrigin Trials dashboardOrigin Trials Guide for Web Developers A Contact Picker for the WebA Contact Picker for the Web Other features in this release Enter Key Hintenterkeyhint<form>enterdonegonextprevioussearchsend Feature Policy Control over Document.domaindocument-domain policydocument.domain Layout Instability MonitoringLayoutShift Limit the "referer" Header's Length to 4kBStrips the referer header downrefererrefererno-cors Limit registerProtocolHandler() url Argument to http/https The registerProtocolHandler() New Features for Intl.NumberFormatimproves Intl.NumberFormat Overscroll Behavior Logical LonghandsCSS flow-relative propertiesflow-relativeoverscroll-behavior-inlineoverscroll-behavior-block PerformanceObserverInit Buffered FlagAdds a buffered flag to observer.observe()PerformanceObserver WebRTCRTCPeerConnection.onicecandidateerrorincecandidateerrorSTUN (RFC5389)TURN (RFC5766)RTCPeerConnection.restartIce()a method for triggering an ICE restarticeRestartcreateOffer()restartIce()signalingState Service WorkersPreserve Request Priorities through Service WorkerPreserves a request's original priorityService Workers Support Basic HTTP AuthenticationDisplays HTTP authentication dialog boxes Stop Action for Media SessionsstopMediaSessionAction MediaSession.setActionHandler()stopSamples are available Web Payments: Throw a TypeError on Invalid "basic-card" DataPaymentRequestnow throws a TypeErrorsupportedNetworkssupportedTypesW3C Payment API changes in Chrome 77 Interoperability Improvements Support Step Timing Functions jump-start|end|both|nonea richer set of step animationsjump-*jump-bothjump-nonejump-startjump-endjump-startjump-endstartend white-space: break-spacesbreak-spaceswhite-spacewhite-space: pre-wrapoverflow-wrap: break-spacestextareacontenteditablewhite-spaceword-breakoverflow-wrap Deprecations, and Removals Card Issuer Networks as Payment Method Namessupport for calling PaymentRequestsupportedMethods Deprecate Web MIDI Use on Insecure Origins will no longer be allowed Deprecate WebVR 1.1 APIdeprecated in Chromebeing replaced byWebXR Device API

Chromium Blog

Potential uses for the Privacy Sandbox

Fraud Prevention

Protecting the Sandbox Boundary

Chrome Dev Summit is now open for registration!

What’s happening?

Can’t attend in person?

Chrome 77 Beta: New performance metrics, new form capabilities, capabilities in origin trials and more

Labels

Archive

Feed