[PerformanceControlOfEmbeddedContent] Privacy implications of blocking embedded content

[lflores-ms]

Loose transcript from BlinkOn talk feedback: 21:14

Does the negotiation piece get over the privacy issues that are related to getting info from embedded content? I'm assuming we're also talking about 3rd party embedded content [...]. Have you looked into the potential privacy issues that come from that kind of blocking and whether the negotiation mechanism get[s] over them?

[lflores-ms]

Does the negotiation piece get over the privacy issues that are related to getting info from embedded content?

Is the concern specifically around state from the embedded document leaking over to the embedder? If that's the case, I don't think blocking itself would be much different from something like iframe sandboxing, which could also break things in the embedded document. Just as in the sandboxing case, the parent document might try to infer some things about the embedded doc: iframe fails to load would suggest policy wasn't accepted, or it has embed-blocking security headers. But I don't think these present a privacy or security risk.

I think reporting would be more relevant to privacy. It might be a risk for cross-document violation reports, if we enable that in some way. My understanding is that currently, Reporting API (whether through Document Policy or other mechanisms) only reports to the document where the violation occurs, regardless of who set the policy. #1085 goes more into this.