[gigel82]

Not going to comment on the technical merits of this proposal because it's not my area of expertise but as a user I look at any proposal in this space with extreme caution (because most of the time "the man" really is out to "get you" - see "Web Environment Integrity").

I'm a big fan of Firefox's Total Cookie Protection and make extensive use of the "Temporary Containers" extension, so I will likely disable this feature as well if it becomes standard because it eventually boils down to making tracking easier.

[ghayes]

This would be more akin to being logged in to a specific site with a JWT than to tracking writ large. Basically, if your site has access to this secure key, then it already knows who you are (i.e. because you are logged in). This key would never be shared with third-party sites and doesn’t introduce any novel ways of doing so. You could clear the token by clearing website storage or disabling JavaScript.