first-party-sets VS fenced-frame

https://github.com/WICG/first-party-sets#non-goals has:

Non-goals: ... Information exchange between unrelated sites for ad targeting or conversion measurement.

To get something onto the list (https://github.com/GoogleChrome/first-party-sets/blob/main/f..., currently empty) you need to make a public PR with rationale (https://github.com/GoogleChrome/first-party-sets/blob/main/F...). It doesn't look to me like DoubleClick would qualify?

How would you propose handling this with DNS? Here are some things it covers:

* a.example.com and b.example.com are the same site

* a.co.uk and b.co.uk are not the same site

* a.cloudfront.net and b.cloudfront.net are not the same site

* a.higashikawa.hokkaido.jp and b.higashikawa.hokkaido.jp are not the same site

* a.example.higashikawa.hokkaido.jp and b.example.higashikawa.hokkaido.jp are the same site

There is a proposal to do something similar using .well-known urls: https://github.com/privacycg/first-party-sets

Yes, that's a known problem. The only proposed solution I've seen so far is Fenced Frames (https://github.com/shivanigithub/fenced-frame).

I don't know if that would even work in your use case, as it's still very limited.

The idea of Fenced Frames is that what is inside can't touch the outside and visa versa, think of it like a more severe version of Sandbox that doesn't impact interactivity with the frame. So some of the problems that have to be addressed with the future of privacy proposal def include IVT, viewability and brand safety measurement, which often occurs with scripts crawling out of the frame. The proposal goes into some use cases: https://github.com/shivanigithub/fenced-frame