Bounce tracking: Record user activation times.

This information will be used as a signal in other algorithms to avoid deleting storage for these sites. The deletion algorithms have not been written yet.
privacycg · Mar 30, 2023 · 2f60726 · 2f60726
1 parent c177b0e
commit 2f60726
Showing 1 changed file with 35 additions and 2 deletions.
diff --git a/index.bs b/index.bs
@@ -41,6 +41,9 @@ spec: HTTP; urlPrefix: https://httpwg.org/specs/rfc7231.html#
     type: dfn; text: HTTP 3xx statuses; url: status.3xx
 spec: tracking-dnt; urlPrefix: https://www.w3.org/TR/tracking-dnt/#
     type: dfn; text: tracking; url: dfn-tracking
+spec: html; urlPrefix: https://html.spec.whatwg.org/
+    type: dfn
+        text: activation notification; url: #activation-notification
 </pre>
 
 <section class="non-normative">
@@ -292,16 +295,46 @@ the PrivacyCG.
 
 * TODO: Define how bounce tracking information is stored; e.g. sites,
         timestamps, etc.
-* TODO: Define how site interaction information is stored.
 * TODO: Define a recurring global timer to run the analyze and delete algorithm.
 
+The user agent holds a <dfn>user activation map</dfn> which is a [=map=] of
+[=site=] [=hosts=] to [=moments=].  The [=moments=] represent the most recent
+[=wall clock=] time at which the user activated a top-level document on the
+associated [=host=].
+
+<p class=note>
+Schemeless site is used as the data structure key because by default cookies
+are sent to both `http://` and `https://` pages on the same domain.
+</p>
+
 <h3 id="bounce-tracking-mitigations-algorithms">Algorithms</h3>
 
 * TODO: Define the steps necessary to detect and store a "bounce".
-* TODO: Define the steps necessary to store user interactions.
 * TODO: Define the steps to analyze information in the data model and delete
         appropriate sites.
 
+<h4 id="bounce-tracking-mitigations-activation-monkey-patch">User Activation Monkey Patch</h4>
+
+<div algorithm>
+
+To <dfn>record a top-level user activation</dfn> given a [=Document=]
+|document|, perform the following steps:
+
+1. If |document|'s [=node navigable=] is null, then abort these steps.
+1. Let |settings| be |document|'s [=relevant settings object=].
+1. Let |origin| be |settings|' [=environment/top-level origin=].
+1. If |origin| is an [=opaque origin=] then abort these steps.
+1. Let |site| be the result of running [=obtain a site=] given |origin|.
+1. Set [=user activation map=][|site|'s [=host=]] to |settings|'s
+    [=environment settings object/current wall time=].
+
+</div>
+
+Append the following steps to the [=activation notification=] steps in the
+[[HTML#user-activation-processing-model|user activation processing model]]:
+
+1. Run [=record a top-level user activation=] given <var ignore>document</var>.
+
 <h2 id="acknowledgements" class="no-num">Acknowledgements</h2>
 
 Many thanks to the Privacy Community Group for many good discussions about this proposal.