The Google Privacy Sandbox is a new initiative to make the web more private for users while still permitting advertisers to track and measure. It comes as a response to growing concern over the use (and misuse) of cookies for marketing purposes.
The broad aim is to spark industry-wide collaboration to develop alternative purpose-built APIs designed to improve user privacy while simultaneously supporting the ad-funded web. In computing terms, a sandbox is a virtual space in which certain functions can be run/tested without impacting anything outside of the sandbox.
It’s a common approach for testing, but the principal is now being applied to Google’s privacy framework. The intention is to turn a series of browser APIs into open web standards that all browsers could adopt. These would provide the functionality to replace “leakier” approaches such as Third-Party Cookies, Fingerprinting, and User-Agent Strings.
These APIs will store and process data at the browser level instead of the data leaving the users’ device. This provides more security and privacy to users but still allows advertisers to utilize this more controlled environment for targeting and measurement.
More and more internet users are moving towards cookie-less browsers — unlike Chrome, which still supports the third-party cookie even though competitors Safari and Firefox have withdrawn support. Despite the move towards cookie-less browsers, Google continues to maintain its majority browser market share. To continue to run its advertising business smoothly, Google needed to come up with an alternative.
The Privacy Sandbox is the response to the cookie-less future, and its purpose is to provide anonymity to the user data while at the same time using browser APIs to continue to allow advertisers to use behavioural targeting.
Google claims that the Privacy Sandbox solution will protect user privacy while also helping content remain freely available, all without using third-party cookies. The company believes that their changes — even though they’re agitating publishers — will improve choice, transparency, and control for users in the long run.
Here’s a breakdown of each of the five APIs for Google’s Privacy Sandbox.
Trust Token API
This API will allow publishers to differentiate between human users and bots. It will request that users fill out a form to receive cryptographic tokens to prevent fraud. The Trust Token API is an alternative to a CAPTCHA, and due to its cryptic nature, sites won’t be able to track users.
Google released a Chrome extension in 2020 based on the Trust Token API that shows how many ads are loaded on any given page, what user data has been used to show personalized ads, and what advertisers are present on said page. The Ads Transparency Spotlight makes it easier for users to understand how ads are shown on the pages they visit.
Aggregated Reporting API
The Aggregated Reporting API will allow performance-related information without cross-site tracking of the user. The information will include reach, views, impressions, and more, and it will all be condensed in a single report.
The API will make it possible to store reporting data in the browser and send a report to an ad tech provider’s reporting endpoint. With this API’s help, a more significant percentage of the user information will be kept on the device only.
Conversion Measurement API
This API will allow advertisers to determine whether users were converted either by clicking on the ad or by buying the advertised product. This is similar to Apple’s SKAdNetwork and will signal that a conversion took place without actually revealing any user’s personal information.
However, since Google acknowledges that a single API cannot support all ad-related conversion measurement cases, this proposal will likely be the jumping-off point for multiple APIs related to conversion.
Federated Learning of Cohorts
Federated learning is a machine learning technology that makes it possible for browsers to form a centralized model and work together without actually exchanging data. The Federated Learning of Cohorts (FLoC) proposed by Google refers to different grouping sets of users by their browsing habits and trying to establish shared meaning.
This is all done anonymously, so no actual user data is shared. By creating FLoCs, users’ identities will be concealed, but it will still be possible to use data from a user’s browsing history to determine their interests.
Retargeting
The TURTLEDOVE proposal (which stands for Two Uncorrelated Requests, Then Locally-Executed Decision on Victory) is Google’s solution to retargeting that is currently done via cookies. Ad networks will be able to add users to segment groups in the browser-based on specific actions. For example, advertisers will serve ads based on interest groups to users who abandoned a shopping cart with a specific item in it.
TURTLEDOVE is supposed to be the successor of Private Interest Groups, Including Noise (PIGIN), and Google’s first attempt to target advertising that protects user privacy. However, PIGIN was removed because of privacy concerns. The current theory is that TURTLEDOVE has improved privacy guarantees by removing ad auction logic from servers to having the auction occur in-browser. This is currently a framework, not a stable API, so it’s rather challenging to determine whether it would work as expected and what exactly it will change.
Conclusion
It is clear that Google and the ad tech industry still have a long way to go in the next two years before Third-Party Cookies are phased out completely. Privacy Sandbox is still in its early developmental stage, and Google will continue to seek out ideas and feedback from all members of the industry, such as advertisers, publishers, developers, and of course, privacy advocates.
The tech giant has already set the wheels in motion by introducing some new Chrome measures, such as the SameSite attribute that aim to preserve user’s privacy.
To keep up with the latest commercial news, click on commercial to get your daily dose.
Donate & Support