FAQs

The Privacy Sandbox is a series of proposals to satisfy cross-site use cases without third-party cookies or other tracking mechanisms.

Published on Updated on

This page answers some common questions about the Privacy Sandbox. The range of questions in this initial version is in no way comprehensive, and we expect the list of topics under each heading to grow substantially over time.

Contributions are welcome. If you have a Privacy Sandbox question that's not answered here:

General questions

Why do we need the Privacy Sandbox?

The Privacy Sandbox initiative has two core aims:

  • Develop replacement solutions to support web use cases and business models without enabling users to be tracked across sites, and avoiding cross-site tracking users aren't aware of.
  • Phase out support for third-party cookies and other forms of tracking when new solutions are in place.

Who is working on the Privacy Sandbox?

The Privacy Sandbox is a set of proposed web standards.
Chrome and other browser vendors, as well as ad companies and other stakeholders, have offered more than 30 proposals to date, which can be found in the public resources of W3C groups. These proposals cover a wide variety of use cases and requirements.

How can I get involved?

For questions about specific APIs you can also file an issue on the GitHub repo for an API Explainer.

I don't understand the terminology in the API explainers. Is there a glossary?

Yes: the Privacy Sandbox glossary.

When will the Privacy Sandbox APIs be implemented?

The Privacy Sandbox timeline shows the roadmap to phasing out third-party cookies. Additional current information for individual APIs is available on the implementation status page.

Are the Privacy Sandbox APIs in Chromium or Chrome?

The APIs are implemented in Chromium, which is the open-source browser used to make Chrome. Code for the Privacy Sandbox APIs can be accessed via Chromium Code Search. You can download Chromium, then run it with flags to enable access to APIs that are in the process of implementation.

How can I try out Privacy Sandbox APIs that aren't yet enabled in Chrome by default?

As an API progresses through development in Chrome, there are multiple ways it may be made available for testing.

  • For a single user via command line flags
    Early features may often provide a specific command line flag to allow a developer to launch the browser with the new feature enabled.
  • For a single user via chrome://flags
    As a feature progresses, it's often made available via an experimental flag within the more accessible chrome://flags interface. These flags can also be enabled via the command line. chrome://flags#enable-experimental-web-platform-features bundles together current experimental features.
  • For your users, in an origin trial
    Once an iteration of a new feature is code-complete and relatively stable, an origin trial may be provided to allow individual sites to enable the feature for Chrome users on their site. If an origin trial is available for an API you want to test with your users, register for the origin trial and provide a valid trial token with every page load.
  • For users of early Chrome releases When a feature is approved to ship in a given release, it will progress through Canary and Beta channels before reaching Stable. The feature will be enabled by default for all users of those channels.

Chrome offers the ability for users to opt-out of Privacy Sandbox trials in browser settings, so Privacy Sandbox features may not be enabled for all your users, even if the page they're viewing provides a valid origin trial token.

I registered for the origin trial of a Privacy Sandbox API, but the API isn't working on my site

See Troubleshooting Chrome's origin trials.

Will Privacy Sandbox origin trials work in Chromium, or in other browsers?

Chrome origin trials are designed to work for Chrome users. Don't rely on Chrome origin trial tokens to enable trial features in other browsers, including Chromium, and other Chromium-based browsers. For more detailed information, see Troubleshooting Chrome's origin trials. In particular, Chrome on iOS and iPadOS does not support Chrome origin trials.

Trust Tokens

How can I ask a question about this feature?

  • For questions about the proposal: create an issue on the proposal repo.
  • For origin trial questions: file a Chromium bug
    or respond to the feedback form that is sent to you as an origin trial participant.
  • For implementation, integration, and general best practice questions: create an issue on the Privacy Sandbox developer support repo.

Is tooling available for Trust Tokens?

Chrome DevTools enables trust token inspection from the Network and Application tabs: see Getting started with Trust Tokens.

FLEDGE

How can I ask a question about this feature?

  • For questions about the proposal: create an issue on the proposal repo.
  • For questions about the implementation currently available for testing in Chrome: file a Chromium bug.
  • For implementation, integration, and general best practice questions: create an issue on the Privacy Sandbox developer support repo.

What's the difference between FLEDGE and TURTLEDOVE?

FLEDGE is the first experiment to be implemented in Chromium within the TURTLEDOVE family of proposals.
The differences are mostly about separating the on-device role of the buyer and seller:

  • FLEDGE enables a 'trusted server' to provide access to real time data used by a worklet during bidding (without compromising privacy). Each interest group can have a trusted_bidding_signals_url and trusted_bidding_signals_keys attribute. At auction time, the browser communicates with the trusted server to fetch the values for those keys, and then makes those values available to the generate_bid() function.
  • The advertiser (ad buyer) can store additional metadata along with the interest group, to help it do better on-device bidding.

Attribution Reporting

How can I ask a question about this feature?

Is Attribution Reporting the same as the Event Conversion Measurement API?

Yes: the name was changed, as the original event-level scope expanded to cover additional measurement use cases.

First-Party Sets

How can I ask a question about this feature?

  • For questions about the proposal: create an issue on the proposal repo.
  • For implementation, integration, and general best practice questions: create an issue on the Privacy Sandbox developer support repo.

What does 'sharded' mean in the context of First-Party Sets?

Not joined across first parties.

User-Agent Client Hints

How can I ask a question about this feature?

  • For questions about the API: create an issue on the specification repo.
  • For implementation, integration, and general best practice questions: create an issue on the Privacy Sandbox developer support repo.

How can I detect tablet devices using the UA-CH API?

As the line between mobile, tablet, and desktop devices continues to become less distinct and dynamic form-factors are more common (folding screens, switching between laptop and tablet mode) it's advisable to prefer responsive design and feature detection to present an appropriate user interface.

However, user-agent information provided by the browser for both the user-agent string and User-Agent Client Hints comes from the same source, so the same forms of logic should work.

For example, if this pattern was being checked on the UA string:

  • Phone pattern: 'Android' + 'Chrome/[.0-9]* Mobile'
  • Tablet pattern: 'Android' + 'Chrome/[.0-9]* (?!Mobile)'

The matching default UA-CH headers interface may be checked:

  • Phone pattern: Sec-CH-UA-Platform: "Android", Sec-CH-UA-Mobile: ?1
  • Tablet pattern: Sec-CH-UA-Platform: "Android", Sec-CH-UA-Mobile: ?0

Or the equivalent JavaScript interface:

  • Phone pattern: navigator.userAgentData.platform === 'Android' && navigator.userAgentData.mobile === true
  • Tablet pattern: navigator.userAgentData.platform === 'Android' && navigator.userAgentData.mobile === false

For hardware-specific use-cases, the device model name may be requested via the high entropy Sec-CH-UA-Model hint.

Shared Storage

How can I ask a question about this feature?

  • For questions about the proposal: create an issue on the proposal repo.
  • For implementation, integration, and general best practice questions: create an issue on the Privacy Sandbox developer support repo.

CHIPS

How can I ask a question about this feature?

  • For questions about the proposal: create an issue on the proposal repo.
  • For implementation, integration, and general best practice questions: create an issue on the Privacy Sandbox developer support repo.

Storage Partitioning

How can I ask a question about this feature?

  • For questions about the proposal: create an issue on the repo for the proposal explainer.
  • For implementation, integration, and general best practice questions: create an issue on the Privacy Sandbox developer support repo.

Fenced Frames

How can I ask a question about this feature?

  • For questions about the proposal: create an issue on the proposal repo.
  • For implementation, integration, and general best practice questions: create an issue on the Privacy Sandbox developer support repo.

What are the use cases for Fenced Frames?

The API proposes a new form of embedded document that will enable new APIs to isolate themselves from their embedders, preventing cross-site recognition.
For ads use cases, see Fenced frames for Ads Design Doc.

Network State Partitioning

How can I ask a question about this feature?

  • For questions about the specification: create an issue on repo for the explainer.
  • For implementation, integration, and general best practice questions: create an issue on the Privacy Sandbox developer support repo.

WebID

How can I ask a question about this feature?

  • For questions about the proposal: create an issue on the proposal repo.
  • For implementation, integration, and general best practice questions: create an issue on the Privacy Sandbox developer support repo.

What is WebID?

The name "WebID" can be confusing! WebID is not a type of user identifier. Rather, WebID is a proposal for a privacy-preserving approach to federated identity services (such as "Sign in with ...") where users can log into sites without sharing their personal information with the identity service or the site. WebID is still in incubation in the W3C.

Last updated: Improve article

We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.