Progress in the Privacy Sandbox (September 2021)
Welcome to the September edition of "Progress in the Privacy Sandbox" tracking the milestones on the path to phasing out third-party cookies in Chrome and working towards a more private web. Each month we'll share an overview of the updates to the Privacy Sandbox timeline along with news from across the project.
- Prevent covert tracking
- User-agent reduction timeline published, changes start from Chrome 101 (stable in Q2 2022) and end with Chrome 113 (stable in Q2 2023)
- User-agent reduction early opt-in origin trial registration opened
- Strengthen cross-site privacy boundaries
- Initial origin trial for First-Party Sets concluded
- DevTools cookie functionality improved
- Show relevant content and ads
- Extending the overall Discussion period to Q4 2021 and starting the Testing period in Q1 2022
- Highlighting the existing feature flag for FLEDGE developer testing
- Measure digital ads
- Attribution Reporting origin trial extended to Chrome 94
- DevTools Attribution Reporting functionality improved
- Fight spam and fraud on the web
- Trust Token API origin trial extended to Chrome 101
Preventing covert tracking
As we reduce the options for explicit cross-site tracking, we also need to address the areas of the web platform that expose identifying information that enables fingerprinting or covert tracking of users.
User-Agent string reduction and User-Agent Client Hints
The end result retains the same string format to minimise compatibility issues, but will be using fixed values for device model, platform version, and the full Chrome build.
Mozilla/5.0 (Linux; Android 12; Pixel 5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.16 Mobile Safari/537.36
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/188.8.131.52 Mobile Safari/537.36
You can see further examples and the rollout phases here.
If you rely on any of these values, you will need to migrate to user-agent client hints to request that additional information.
The changes are planned to start from Chrome 101 (stable in Q2 2022) and complete in Chrome 113 (stable in Q2 2023). While the changes are a little way in the future, User-Agent Client Hints are already fully available in Chrome stable, so you should be actively assessing any impact and implementing any changes now.
Strengthen cross-site privacy boundaries
Third-party cookies are the key mechanism that enables cross-site tracking. Being able to phase them out is a major milestone, but we also need to tackle other forms of cross-site storage or communication.
As the cookie-related proposals progress, you should be auditing your own
SameSite=None or cross-site cookies and planning the action you will need to take on your site.
If you set cookies that are sent in cross-site contexts, but in 1:1 relationships—like iframe embeds, or API calls—you should follow the CHIPS proposal, or Cookies Having Independent Partitioned State. This allows you to mark cookies as "Partitioned" putting them in a separate cookie jar per top-level site.
The Intent to Prototype (I2P) for CHIPS was sent in July so we're currently writing the code and you should expect to see the feature available behind a flag as the next step. You can track this on the timeline and we'll have more docs and demos ready for you soon.
If you set cookies for cross-site contexts, but only across sites you own—like you host a service on your .com that's used by your .co.uk—then you should follow First-Party Sets. This proposal defines a way of declaring which sites you want to form a set and then marking cookies as "SameParty" so that they are only sent for contexts inside of that set.
The initial origin trial for First-Party Sets concluded this month and work continues based on that feedback. You can still continue to test via the feature flags and we'll update the docs as work progresses.
We're also continuing to improve DevTools functionality for much of this early testing. You can now see origin trial status, upcoming deprecations, and raw cookie header values. There's more detail from Jecelyn on What's New In DevTools (Chrome 94).
Show relevant content and ads
As we move towards phasing out third-party cookies, we need to introduce APIs that enable the use cases that depended on them but without continuing to enable cross-site tracking.
Given the active ecosystem feedback, the Discussion phase for the Show relevant content and ads use case is going to extend through Q4 2021 as we work on changes to the proposals. The current expectation is that both FLoC and FLEDGE will be available for wider testing by sometime in Q1 2022.
FLoC is a proposal to enable interest-based advertising without the need for individual cross-site tracking. The origin trial for the first version of FLoC ended in mid-July and we are evaluating improvements for the next version of FLoC before advancing to further ecosystem testing. If you're still serving your origin trial token for FLoC or other experimental code, then now is a good time to clean up.
FLEDGE is an initial experiment in enabling remarketing use cases, showing ads based on the user's previous interactions with the advertiser's site, but without third-party tracking.
Some key concepts here involve running the ad auction in a restricted on-device worklet and loading the ad in a restricted fenced frame. This ensures only a limited amount of data can be used at each stage. Sam has a new video overview explaining the concepts in more detail.
FLEDGE is available via CLI flags for early developer testing (as opposed to scaled user testing) and we're updating the timeline to make these flags more visible. The feature is under active development, so you should run against a Canary or Dev build of Chrome to test the latest changes. Developer feedback at this early stage is helpful to ensure we're heading in the right direction in preparation for origin trials, but be aware this is very fresh code and will not be stable.
Measure digital ads
As the companion to displaying ads without cross-site tracking, we need privacy-preserving mechanisms to enable measuring the effectiveness of those ads.
Attribution Reporting API
The Attribution Reporting API enables functionality to measure events on one site, like clicking or viewing an ad, that lead to a conversion on another site—again, all without being able to track the individual on that cross-site journey.
Developer feedback has been very active here, with Yahoo! Japan providing a detailed report on their origin trial findings. We have also shared our own figures on the effects of users clearing site data on pending reports. To enable further developer testing, an extension to the Attribution Reporting API origin trial has been approved to run through to Chrome 94.
DevTools has added Issue support for the Attribution Reporting API. Common issues that may block source or report registration and prevent you from receiving reports will now appear along with tips on how to fix them. See What's New In DevTools (Chrome 93) for more details.
Fight spam and fraud on the web
The other challenge as we reduce the surfaces available for cross-site tracking is that these same fingerprinting techniques are often used for spam and fraud protection. We need privacy-preserving alternatives here as well.
The Trust Token API is a proposal that allows one site to share a claim about a visitor—such as "I think they're human"—and enable other sites to verify that claim, again without identifying the individual.
Issuing your own tokens does require spinning up a new service and we've heard from the ecosystem feedback that more testing time is required here. As such, we've applied to extend the Trust Token origin trial through to Chrome 101. Registration for the origin trial is available on the origin trials site.
As we continue to publish these monthly updates and progress through the Privacy Sandbox as a whole we want to make sure that you as a developer are getting the information and support that you need. Let us know on @ChromiumDev Twitter if there's anything that we could improve in this series, we'll use your input to continue improving the format.
We have also added an Privacy Sandbox FAQ section which we will continue to expand based on the issues you submit to the developer support repo. If you have any questions around testing or implementation on any of the proposals, come talk to us there.