Google Privacy Sandbox (2019-2025)
A short history of Google Privacy Sandbox for web that ended where it started. The When, What and Why.
Google's Privacy Sandbox initiative is back to square one this week.
What was stated as a promising move in 2019 is back to where it was after seven years of to-and-fro.
Where it all started
Apple announced ITP(Intelligent Tracking Prevention) for its web browser in 2017, targeting specific marketing sites from tracking other site users through third-party cookies. They kept tightening the rules on third-party cookies with the subsequent ITP release. Finally, in their 2019 ITP release, they completely blocked all cross-site requests through 3rd party cookies.
In parallel, Apple started explicitly marketing privacy as a key selling point in their ads in 2019.
In the same year, Firefox also blocked all third-party cookies from its browser.
This pushed Google to take action on the privacy front, as otherwise, it may lose its privacy-conscious users. Because privacy-conscious users are also likely to be high-value users, they must act fast.
In addition, Google Chrome's market share started plateauing in 2019, while Safari gained market share.
Hence, they announced Google's privacy sandbox initiative in 2019. As part of the initiative, they said they will slowly sunset the third-party cookies in Chrome while introducing new privacy-first technology for user targeting.
FLoC (Federated Learning of Cohorts)
In 2020, Google introduced FLoC, which can eventually replace third-party cookies. FLoC is the process of clustering users into cohorts based on their browsing behavior.
The idea was to anonymize individual user tracking by grouping users with similar interests. e.g., "Fitness enthusiasts" 411, "Online gamer" 412
However, FLoC faced severe backlash.
Privacy advocates like Electronic Frontier Foundation (EFF) criticized FLoC for enabling fingerprinting(more on this latter) and potential exposure of sensitive categories like race or sexuality.
Browsers like Brave, Edge, and DuckDuckGo rejected FLoC, and websites like GitHub actively blocked it during the pilot.
So by July 2021, Google ended FLoC testing and replaced it with a new method called Topics API.
Topics API (2022–2024)
Google rolled out the Topics API in January 2022.
Topics API moved away from user cohorting to broader interest categories like "Sports" or "Travel." It derives this from the user's recent browsing history, not holding data for a longer period.
The Topics API has three critical characteristics that differentiate it from FLoC.
It followed a publicly curated taxonomy of ~469 non-sensitive topics.
Topics were stored locally on the user's device, refreshed weekly, and users could view/remove them in their Chrome settings.
Last but not least, only three topics were shared with advertisers, with a 5% chance of random topics to prevent fingerprinting.
While Topics addressed most FLoC criticisms, Privacy advocates were still worried about a potential misuse of combining topics to infer sensitive data using fingerprinting.
Note: Fingerprinting is a technique used to uniquely identify a user's web browser and device by collecting and analyzing many of their data points. Privacy advocates felt three topics shared with advertisers will provide a strong fingerprint when combined with other user data like IP address, screen size etc which websites get.
So, where are we now?
Back to square one
Finally, this week, Google announced that it will continue to maintain the third-party cookie approach for Chrome and will not roll out any privacy sandbox update.
All their innovation and hustle over the last seven years have been wasted. I have two thoughts on why Google is taking a back seat to Chrome's privacy sandbox.
First, due to the recent development of the antitrust case. FTC wants Google to sell Chrome to break its dominance in ads. In this situation, Google doesn’t want to continue investing in Chrome privacy.
The second is more to do with the last 6-year trend; if you refer to the above browser market share graph, Google Chrome's share hasn’t dropped much after 2020. Apple’s 2019 privacy stalled Chrome marketshare gain, but didn’t bring it down.
Which one do you think is the reason behind this? Comment below.
I think that people say that they care about privacy and I know people who are finicky about sharing details but that’s a very small niche. Most people do lip service to privacy, when it comes to taking steps to remain private and losing personalisation.
For a majority, privacy means= don’t check my phone. iPhone tried to sell it, didn’t work for the masses. :)