Google Chrome Privacy Sandbox open to all: Now websites can tap into your habits directly for ads

Google's Privacy Sandbox is now open for business, the search advertising behemoth said today.

Specifically, the web giant's Privacy Sandbox APIs, a set of ad delivery and analysis technologies, now function in the latest version of the Chrome browser. Website developers can thus write code that calls those APIs to deliver and measure ads to visitors with compatible browsers.

That is to say, sites can ask Chrome directly what kinds of topics you're interested in – topics automatically selected by Chrome from your browsing history – so that ads personalized to your activities can be served. This is supposed to be better than being tracked via third-party cookies, support for which is being phased out. There are other aspects to the sandbox that we'll get to.

While Chrome is the main vehicle for Privacy Sandbox code, Microsoft Edge, based on the open source Chromium project, has also shown signs of supporting the technology. Apple and Mozilla have rejected at least the Topics API for interest-based ads on privacy grounds.

"Today, we mark a major milestone for the Privacy Sandbox for the Web, reaching 'general availability' on Chrome for the relevance and measurement APIs," said Anthony Chavez, VP of Google's Privacy Sandbox initiative, in an announcement. "This milestone is a significant step on the path towards a fundamentally more private web."

Google's definition of privacy is not the dictionary definition most might understand. Rather it's the ad industry and legal definition where privacy is not so much a binary state – public or private – but a notionally consent-based trade of information to gain access to ad-supported content.

• Google asks websites to kindly not break its shiny new targeted-advertising API
• Google Chrome pushes ahead with targeted ads based on your browser history
• Google opens up Chrome 117 Developer Tools box, drops in a few spanners
• Google's next big idea for browser security looks like another freedom grab to some

What Google calls a "more private web" – or less intrusive web – aims to be better, at least, than the personal data free-for-all made possible by web cookies.

"Third-party cookies and other identifiers make it possible to track your activity across sites and apps, and your data can be shared more widely than you would like," the biz explained in a video accompanying its announcement.

"The Privacy Sandbox technologies will offer sites and apps alternative ways to show you personalized ads while keeping your personal information more private and minimizing how much data is collected about you."

These APIs include:

• Topics: Locally track browsing history to generate ads based on demonstrated user interests without third-party cookies or identifiers that can track across websites.
• Protected Audience (FLEDGE): Serve ads for remarketing (e.g. you visited a shoe website so we'll show you a shoe ad elsewhere) while mitigating third-party tracking across websites.
• Attribution Reporting: Data to link ad clicks or ad views to conversion events (e.g. sales).
• Private Aggregation: Generate aggregate data reports using data from Protected Audience and cross-site data from Shared Storage.
• Shared Storage: Allow unlimited, cross-site storage write access with privacy-preserving read access. In other words, you graciously provide local storage via Chrome for ad-related data or anti-abuse code.
• Fenced Frames: Securely embed content onto a page without sharing cross-site data. Or iframes without the security and privacy risks.

These technologies, Google and industry allies believe, will allow the super-corporation to drop support for third-party cookies in Chrome next year without seeing a drop in targeted advertising revenue.

"The future of commerce media hinges on scalable, open-source solutions that respect consumer expectations, and today’s milestone gives Criteo and other industry players a valuable opportunity to ramp up testing efforts and gain deeper insight into the utility of the Privacy Sandbox APIs," said Todd Parsons, chief product officer at ad biz Criteo, in a supportive statement solicited by Google.

Nor everyone in the ad industry is so sanguine about the transition, however. Marketing advocacy group Movement for an Open Web, which has opposed the third-party cookie phaseout as a power grab, challenged the Privacy Sandbox project when API availability was initially teased in May.

"Privacy Sandbox removes the ability of website owners, agencies and marketers to target and measure their campaigns using their own combination of technologies in favor of a Google-provided solution," James Rosewell, co-founder of MOW, told The Register at the time.

"No one would accept all food retailers closing the home baking aisle and forcing everyone to buy their own brand bread. Why would anyone accept Google and Apple’s identical behavior in digital markets?"

Google has been preparing the Chrome-using public for this transition over the past few months with a popup notification announcing new privacy controls tailored to the new ad tech.

Controversially, in the US, where lack of coherent privacy rules suit ad companies just fine, the popup merely informs the user that these APIs are now present and active in the browser but requires visiting Chrome's Settings page to actually manage them – you have to opt-out, if you haven't already. In the EU, as required by law, the notification is an invitation to opt-in to interest-based ads via Topics. ®