Enrolling requires filing a bug about the website being affected, so here it is: https://issuetracker.google.com/issues/329250103

There are two third-party cookie blocking deprecation trials:

• A first party trial where we could register a top-level domain such as wikipedia.org and third-party cookie access is allowed as long as the top-level document's domain is a subdomain of that. Enabling the trial happens via an Origin-Trial HTTP header or a corresponding meta tag on the embedding page.
• A third-party trial where we can register a third-party domain and then it can be used anywhere. The documentation is a bit confusing on this point but AIUI you we can either use a header or meta tag on the embedded page, or use JS to add a meta tag to the embedding page. (The generic origin trial docs include this somewhat confusing warning: "Caution: A third-party token must be provided in an external JavaScript file included via a <script> element: a third-party token won't work in a meta tag, inline script or HTTP header.") Whether the trial will be declared on embedding or embedded pages needs to be declared up ahead; if we want both, we need to register twice.

Generic origin trial documentation describes two variants, normal origin tials and third-party origin trials. The cookie blocking trials don't directly reference these docs but presumably they match the two options here.

The third-party trial is a persistent trial, meaning that the origin trial declaration is not applied to the first request where the browser sees it, but it gets applied to the next request (and then whether that request declared the origin trial will determine the state of the request after that, and so on) - the header / meta tag (or lack thereof) will set a flag in the browser, which will be applied to subsequent requests.

So this leaves two ways of enrolling:

• Register login.wikimedia.org for a thrid-party trial with the option that the trial token will be used on the embedding page (the alternative wouldn't work with invisible pixels), with all the registrable domains we have as potential embedders (I believe that's 12 domains, see the bug report above for the list). Add the trial token on every wiki pageload (via Varnish or a CentralAuth meta tag hook, the first is probably easier). This fixes autologin (which always loads loginwiki) but probably does not fix edge login (which also loads set-representative wikis in a subrequest and tries to set cookies).
• Register a first-party trial for every registrable domain we have wikis on, and for each register every other registrable domain as potential embedded domains. This should fix both edge login and autologin, but it requires 12 separate origin trial registrations and thus 12 trial tokens. We can either include each (multiple tokens on the same page are documented as OK) or we need a mechanism to select the right one.

Registering is free and not a lot of effort, and selecting the right token in Varnish doesn't seem too complicated (alternatively, just including each doesn't seem like a huge payload cost) so I think we should go for the second option.

Usually origin trials are disabled for a given site after reaching 0.5% of all Chrome pageloads; it seems unlikely but not completely inconceivable that Wikipedia would reach this threshold. But, if I understand the documentation correctly, this restriction doesn't apply for deprecation trials, only trials of new features, so we don't need to worry about it.

Note that for any of those issue links in the task description, I get "Access is denied to this issue". But the issue linked to in T359957#9625065 is visible at least.

The relevant information from the non-public tasks and admin UI:

• "Trial Available: Up to Chrome 132 (ends with the rollout of next Chrome release), no later than Dec 28, 2024"
• "If you’d like to submit additional third-party domains for review for this top level site, please email 3pcd-1p-deprecationtrial@google.com."
• "For all other questions and issues, please visit our blog post. If further support is needed, please file an issue here"

Change #1015145 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):

[operations/mediawiki-config@master] Enter deprecation trial for third-party cookie blocking

https://gerrit.wikimedia.org/r/1015145

The more public-facing Google posts are a bit confusing about whether there are usage limits for the trial, but the origin trials developer guide is pretty clear that they don't apply to deprecation trials, so we won't have to worry about that.

Change #1015145 merged by jenkins-bot:

[operations/mediawiki-config@master] Enter deprecation trial for third-party cookie blocking

https://gerrit.wikimedia.org/r/1015145

Mentioned in SAL (#wikimedia-operations) [2024-03-28T21:06:22Z] <tgr@deploy1002> Started scap: Backport for [[gerrit:1015145|Enter deprecation trial for third-party cookie blocking (T359957)]], [[gerrit:1014634|Add CommunityConfiguration log channel (T361072)]]

Mentioned in SAL (#wikimedia-operations) [2024-03-28T21:08:36Z] <tgr@deploy1002> urbanecm and tgr: Backport for [[gerrit:1015145|Enter deprecation trial for third-party cookie blocking (T359957)]], [[gerrit:1014634|Add CommunityConfiguration log channel (T361072)]] synced to the testservers (https://wikitech.wikimedia.org/wiki/Mwdebug)

Mentioned in SAL (#wikimedia-operations) [2024-03-28T21:25:53Z] <tgr@deploy1002> Finished scap: Backport for [[gerrit:1015145|Enter deprecation trial for third-party cookie blocking (T359957)]], [[gerrit:1014634|Add CommunityConfiguration log channel (T361072)]] (duration: 19m 30s)

I have set

• chrome://flags/#tracking-protection-3pcd -> enabled
• chrome://flags/#tpcd-heuristics-grants -> disabled
• chrome://flags/#tpcd-metadata-grants -> disabled
• chrome://flags/#top-level-third-party-cookie-deprecation-trial -> enabled / disabled

and tried both normal browsing (where third-party cookies are "limited" according to the info popup in the URL bar) and incognito mode (where third-party cookies are "blocked"). The test protocol was:

1. log in on en.wikipedia.org (with "keep logged in" checked)
2. visit wikidata.org, reload a few times
3. if not logged in, click on login
4. wait for two hours (the bounce tracking grace period plus bounce tracking timer period, per (1); see T345249#9672556)
5. visit wikifunctions.org, reload a few times
6. if not logged in, click on login

(on Chrome 134, using their beta channel)

(In step 2 and 5 for the enabled/normal combination, edge login is working, ie. the user is already logged in on first pageview.)

FWIW, this is how the new Chrome UI looks:

tracking dialog, default state	tracking dialog after clicking the toggle	incognito tracking dialog, default state	incognito tracking dialog after clicking the toggle	Tracking Protection subpage in settings

I haven't found any documentation on the difference between "limited" and "blocked". Without the deprecation trial, they seem to behave identically.