Formation | August 2019 |
---|---|
Founder | |
Type | Initiative |
Purpose | Development of web standards |
Website | privacysandbox |
The Privacy Sandbox is an initiative led by Google to create web standards for websites to access user information without compromising privacy.[1] Its core purpose is to facilitate online advertising by sharing a subset of user private information without the use of third-party cookies.[2]:39 The initiative includes a number of proposals, many of these proposals have bird-themed names which are changed once the corresponding feature reaches general availability.[3] The technology include Topics API (formerly Federated Learning of Cohorts or FLoC),[4] Protected Audience, Attribution Reporting, Private Aggregation, Shared Storage and Fenced Frames as well as other proposed technologies.[5] The project was announced in August 2019.[6][7]
The initiative has been described as anti-competitive and has generated an antitrust response.
Privacy Sandbox will also be available on Android.[8][9]
On September 7, 2023, Google announced general availability of Privacy Sandbox APIs, naming explicitly Topics, Protected Audience, Attribution Reporting, Private Aggregation, Shared Storage and Fenced Frames, meaning these features were enabled for more than half of Google Chrome users.[10][11]
Proposals in the Privacy Sandbox follow the idea of k-anonymity and are based on advertising to groups of people called cohorts instead of tracking individuals. They generally place the web browser in control of the user's privacy, moving some of the data collection and processing that facilitates advertising onto the user's device itself.[2]:41 There are three focuses within the Privacy Sandbox initiative: replacing the functionality of cross-site tracking, removing third-party cookies, and mitigating the risk of device fingerprinting.[2]:45
Topics API aims to provide the means for advertisers to show relevant content and ads by sharing interest-based categories, or ‘topics’, based on recent browsing history processed on the user device. Google Chrome is the only mainstream browser supporting Topics API. (As of December 2023), Google Chrome allows users to disable sharing of the interests via Topics API in browser's Settings.
Fenced frames are an embedded frame type that is not permitted to communicate with a given host page, making it safe to access its unpartitioned storage as joining its identifier with the top site is impossible. FLEDGE-based will only be allowed to be displayed within Fenced Frames, although for the purpose of current testing it is still permissible.
The Attribution Reporting API facilitates conversion tracking, for example recording whenever an click on an ad or a view results in a purchase, while suppressing the ability to track users across multiple websites.
Protected Audience API is designed for targeting of interested audiences, including through retargeting. It allows vendors selected for advertising to take an advertiser’s website data and to place users in interest groups specifically defined for a given advertiser, meaning that users can see tailored ads, with no infringement on their privacy.[12] Prior to reaching global availability on August 17, 2023, the technology was known as "First Locally-Executed Decision over Groups Experiment", (FLEDGE).[13][14]
Shared Storage API addresses a need for browsers, for legitimate cases, to store information in different, multiple, unpartitioned forms, rather than separately as the prevention of cross-site tracking generally dictates. Despite being unpartitioned, Shared Storage API ensures data can only be read in a secure environment.
Private Aggregation API tracks some aggregated statistics across ad campaigns.
In January 2020, Google invited advertising technology companies to join the Improving Web Advertising Business Group (IWABG) of the World Wide Web Consortium (W3C) as a way to participate in the proposal process for the Privacy Sandbox. The IWABG is chaired by Wendy Seltzer.[15] The W3C is a consensus-building organization and would not prevent Google from deploying technology without consensus.[16]
Each proposal within the Privacy Sandbox initiative would perform one of the functions of targeted advertising that is currently done through cookies.[17]
The Federated Learning of Cohorts algorithm analyzes users' online activity within the browser, and generates a "cohort ID" using the SimHash algorithm[18] to group a given user with other users who access similar content.[19]:9 Unlike other Privacy Sandbox proposals which replace existing functions of cookies, FLoC proposes a new mechanism for targeted advertising.[20] The FLoC proposal has been criticized by privacy advocates, data ethics researchers, and others.[21] All major browsers based on Chromium pledged to remove FLoC. Google ended development of FLoC and proposed Topics API as a replacement.[22] Topics API, which transfers information about user interests from one site to another, has been criticized by web publishers for enabling user tracking often at the detriment to publishers with unique content.
[23]
TURTLEDOVE, which stands for "Two Uncorrelated Requests, Then Locally-Executed Decision On Victory",[2]:45 is a framework proposed by Google to serve ads through the browser.[2]:49
Private state tokens will be able to be issued by websites to verify those browsers whose behavior denotes a real person rather than a bot or malicious attacker. Private state tokens are encrypted, so that an individual's identity is protected.
First-party sets will allow domains that belong to the same entity, that have related sites with different domain names, to declare themselves, and be recognized, as a "first-party set". The exchange of information outside of a first-party set, is restricted to safeguard the privacy of users.
CHIPS (Cookies Having Independent Partitioned State) take into account that certain embedded services need to know a given user’s activity on a site to function. CHIPS are partitioned cookies that will inform browsers that the necessary cookie is allowed to function only between a particular site and an embedded widget.
Storage Partitioning will isolate certain web platform APIs that are used for storage or communication when used by an embedded service on a given site.This will enhance web privacy while still allowing web compatibility with existing sites.
Network State Partitioning will partition a browser’s network resources to prevent these resources from being shared across first-party contexts. It requires each request to have an additional "network partition key" for resources to be reused and safeguards user privacy by disallowing access to shared resources and metadata learned from loading other sites.
Federated Credential Management is an API that will provide the primitives needed to support federated identity designs that previously depended on third-party cookies.
Same-site cookie labels are required by Chrome and other browsers to define if a cookie is used in first- or third-party context. This protects cookies from cross-site injection and data disclosure attacks.
Client Hints API allows sites to request required information directly rather than via a User-Agent String, a significant surface vulnerable to passive fingerprinting, therefore reducing details that can be shared about a user online.
User Agent reduction minimizes the information in a User-Agent String thereby reducing its vulnerability to passive fingerprinting.
HTTP Cache Partitioning, to add additional security, assigns cached resources with a ‘Network Isolation Key’ along with the resource URL, composed of the top-level site and current-frame site.
The DNS-over-HTTPS protocol prevents attackers from observing the sites a user visits by encrypting Domain Name System (DNS) queries.
IP Protection is a proposal that will hide a user’s IP address from third parties using double-hop anonymous proxy.[24]
Privacy Budget aims to limit fingerprinting by restricting the identifying information that a site is allowed to access.
For Android, Privacy Sandbox will use technology that operates without cross-app identifiers, such as Android/Google Advertising ID. SDK (Software Development Kit) Runtime will limit covert tracking and the collection of user data by way of a process for third-party code, e.g. used for advertising, that runs separately from a given app’s code.
For the measurement of digital ads, the Attribution Reporting API is intended to supersede current measurement methods with solutions not reliant on user-level tracking mechanisms.
In order to continue to show relevant ads and content on Android, Topics will present categories that are based on the use of apps on a user’s device and are selected only through a given device’s settings. To further supplement privacy on Android, FLEDGE will use “custom audiences” that are built by app developers based on interactions with their app, information that will be stored locally so that no individual identifiers are shared with external parties.
On March 31, 2022, Google announced the start of a single origin trial, for the Topics, FLEDGE and Attribution Reporting APIs. It allows sites to run unified experiments across the APIs.
In October 2022 RTB House published its findings of actively testing FLEDGE by adding users to interest groups. Google and Criteo, also ran tests. The report highlighted that, while positive, the FLEDGE origin trials were limited in scope. It noted that a number of essential features of FLEDGE, specifically k-anonymity requirements, were not available for testing, and will require adjustments after industry feedback.[25]
The scale of tests is increasing. Google Chrome aims to dedicate H1 of 2023 to developer testing, and make FLEDGE available for the entirety of Chrome users in H2 of 2023.[26]
In November 2022 the Competition and Markets Authority released a report on Google’s quantitative testing of its Sandbox technologies that highlighted the importance of the industry adopting a common testing framework so that performance tests can be conducted more widely across multiple testing entities. Google is developing such a framework in cooperation with the CMA and is seeking to drive engagement with market participants on the design of testing between now and at least the beginning of General Availability in Q3 2023.[27]
In January 2021, the Competition and Markets Authority (CMA) in the United Kingdom announced plans to investigate the Privacy Sandbox initiative, with a focus on its potential impacts on both publishers and users.[28] In a statement, CMA chief executive Andrea Coscelli said that "Google’s Privacy Sandbox proposals will potentially have a very significant impact on publishers like newspapers and the digital advertising market," and that there were also "privacy concerns to consider."[29]
CMA accepted legally binding commitments offered by Google concerning its proposals to remove third party cookies (TPCs) on Chrome and develop the Privacy Sandbox. The formal acceptance of these commitments by the CMA resulted in the closure of the investigation, with no decision on whether the Competition Act 1998 was infringed.[30] CMA reported that Google was complying with its legally-binding commitments between July 2022 and September 2022.[31]
In March 2021, 15 attorneys general of U.S. states and Puerto Rico amended an antitrust complaint filed the previous December; the updated complaint says that Google Chrome's phase-out of third-party cookies in 2022[32] will "disable the primary cookie-tracking technology almost all non-Google publishers currently use to track users and target ads. Then [...] Chrome, will offer [...] new and alternative tracking mechanisms [...] dubbed Privacy Sandbox. Overall, the changes are anticompetitive".[33][34] The lawsuit suggests that the proposed changes in the Privacy Sandbox would effectively require advertisers to use Google as a middleman in order to advertise.[32]
Original source: https://en.wikipedia.org/wiki/Privacy Sandbox.
Read more |