Lola: I haven't looked at this yet.

Ehsan: I haven't read it carefuly. Don't have concrete opinion yet.

Lola: Am a bit biased the title doesn't fill me with hope.

Ehsan: It seems like the discussions have been around for a long time (2020?) I see Martin has an interaction so will ask him later for opinion.

Lola: I may be wrong about this but this is one of the proposals related to third-party cookies.

Matthew: What's the diff with https://github.com/w3ctag/design-reviews/issues/1145 ?

Lola: I'll ask them.

Matthew: Any updates? Ehsan: Have read the explainer, preparing review on it, hope to have the review by next week. … Don’t have any critical objections up until now. … Maybe next week we can discuss it in more detail. Matthew: Think we discussed this during the F2F in HK, there was confusion about a potential duplicate between issue #1145 vs. #1136. Let’s discuss this next week.

Ehsan: Review almost ready to post. Main concern is that removing one of the URLs (shwoing 2 instead of 3) may increase the chance of phishing/social engineering attacks. This is becuase they're delegating the task of specifying the iframe to the developer and trusting that they will act in good faith. This seems to be a fundamental question: it seems to reduce user confusion perhaps, but increase the chance of phishing and privacy leakages. I am slightly inclined to oppose it due to that. Whilst the likelihood isn't huge, it does present some risk. (That's a summary of what I'm about to post.)

Lola: Can you post that in the private thread and folks can review it? I have questions but would like to read it.

Ehsan: Yes, sure.

Lola: To Matthew's question yesterday about whether they have any mock-ups. I was looking at the web speech API today and they have a screenshot of what the UI could look like if you're using Web Speech APi - so I dont' think it's out of our remit to ask for something similar on this. Whislt it's up to the UA to decide on the UI, the spec authors could give us an idea.

Ehsan: My main issue is they're removing one of the URLs. If they can find a way to include all 3 It hink it would help.

Matthew: Bump to Breakout C. We thought the picture would be a mock-up of the UI, and it's just a flowchart. They want to minimize the number of domains you need to show. Ehsan has concerns about that. Death of the line of death. They say that sometimes they don't need to show all 3 domains. Where are they proposing to show 3 domains? Address bar, iframe, 3rd???

Lola: They're talking more about implementation than presentation.

Matthew: Get that we avoid talking about UI design, but want some illustration. Even some text.