I don't speak for Mozilla, but I did see a bug in bugzilla which showed the blocking bugs for FedCM. I don't have the link now, but can share it later. That's what I thought of when I stated Firefox has committed to it. But I could be wrong.

I do see a Mozilla employee engaging regularly. You can see some of the issues he has filed here: https://github.com/w3c-fedid/FedCM/issues?q=is%3Aissue%20sta...

Isn't that the case for half of modern browsers APIs? Google develops whatever it needs for its own products into Chrome and then pushes it to W3C. Other browsers perpetually behind. They've gotten quite good at this strategy.

While most of the contributions I have seen are from Google on the browser side, they are trying to work through the standards process. Here's the first draft of the w3c standard: https://www.w3.org/TR/fedcm/

I know there's a later draft but can't find it right now. Will share when I do.

As mentioned in sibling comments I have seen are least on Firefox contributor and they are actively seeking input from identity providers.

As usual, the feature is being railroaded by google and other implementers are given the choice between following Chrome's de-facto choices or not implementing it, and breaking websites that will use it anyway.

My gmail is quite old and well used, and it gets relatively little spam. I go through and aggressively unsubscribe link everything I don't want to see, and it surprisingly works. I get more spam on my @myname.tld address than my gmail even and I keep that one quieter.

Almost every site actually does unsubscribe, and those that don't get marked as junk.

And we should also do something about website that consider you a "customer" when you've only started an order and entered your email but you've never pressed submit to complete the order.

That's you/OAuth giving the provider your google account id, which is your @gmail.com email.

It refers to the property of FedCM that means nothing about your account is revealed to the website until you click the "Continue As" button. In other words, alternatives to this that use third-party cookies enable tracking you between websites without any user interaction.

I don't think they are trying to preserve privacy between you and the identity provider you are logging in with and the website you are logging into. (At least not now. There's talk about some of this with IDP delegation, I think. Here's more on that: https://github.com/w3c-fedid/delegation )

The first goal is to prevent data brokers from correlating data about users across the Internet using cookies and redirects. You can read more about the privacy focus here:

https://www.w3.org/TR/fedcm/#privacy

Why would you share your real name with Google when making a gmail account, or use your real picture?

It's fine to be pseudonymous on the Internet if you are in control of your pseudonyms, which Google accounts actually does allow with some extra work (don't mix your chrome profiles and Google accounts, etc.)

Or, like me, you can roll the dice on real names on the Internet (for professional things mostly)

Yeah, websites can choose any other identity provider, and in fact, do.

OpenID lives on for real in Steam ( https://partner.steamgames.com/doc/features/auth#website) and in the principles behind OpenID Connect! :)