I really like that perspective! A few more high-profile cases like this and we just might nudge the internet in this direction! :)

Yes please. Third party cookies and the like are the plague. They have so few legitimate use cases.

Make it a long deprecation if you have to. Give even longer exemptions to the really big players / the big breakage / the legitimate use cases while we find better ways. But it is up to the browser vendors to remove the weapons here.

Unfortunately, OAuth relies on them. Many SaaS offerings rely on OAuth.

SAML and some oauth flavors do, but most of oauth does not.

I don't think OAuth requires third-party cookies, and SAML definitely does not. The authentication parts use HTTP POSTs or redirects from the IdP to SP. You probably do want cookies to track the sessions on each end, but those would be first-party.

It's possible for your IdP to track the SPs you authenticate to regardless of protocol or cookie use, of course.

The problem is that basically all of Google’s products would be affected, which is something no browser can easily ship without angering users.

Can you elaborate? Is there some reason that running every Google property except google search (unless desired, but I prefer non-tailored results) in one container wouldn't work?

In that case each origin is not really getting an isolated cookie jar.

Agreed. There are good kinds of broken.