What is the Privacy Sandbox?
The Privacy Sandbox is a series of proposals to satisfy cross-site use cases without third-party cookies or other tracking mechanisms.
Why do we need the Privacy Sandbox?
The Privacy Sandbox initiative has two core aims:
- Develop replacement solutions to support web use cases and business models without enabling users to be tracked across sites, and avoiding cross-site tracking users aren't aware of.
- Phase out support for third-party cookies when new solutions are in place.
What are the Privacy Sandbox proposals?
Chrome and other ecosystem stakeholders have offered more than 30 proposals to date, which can be found in the public resources of W3C groups. These proposals cover a wide variety of use cases and requirements.
The key proposals developed by the Chrome team are listed below.
Relevant content and ads
- FLoC: Privacy-preserving interest-based ad and content selection: "relevant ads".
- FLEDGE: Ad selection for remarketing. Descendant of TURTLEDOVE.
Measurement and attribution
- Attribution Reporting: Correlate ad clicks or ad views with conversions. Previously known as the Event Conversion Measurement API. Enables two types of reports: event-level and aggregate.
- SameSite cookie changes: Secure sites by explicitly marking your cross-site cookies.
- First-Party Sets: Allow related domain names owned by the same entity to declare themselves as belonging to the same first party.
- Trust Tokens: Convey trust in a user from one context to another, in order to help combat fraud and distinguish bots from humans.
Limiting data collection
- Privacy Budget: Allow websites to get information about a user's browser or device, but enable the browser to set a quota on the total amount of information a site can access, so that a user cannot be identified.
- User-Agent Client Hints: The User-Agent (UA) string is a significant passive fingerprinting surface, as well as being difficult to process. Client Hints enable developers to actively request only the information they need about the user's device or conditions, rather than needing to parse this data from the User-Agent string.
- Gnatcatcher: Limit the ability to identify individual users by accessing their IP address. There are two parts to the proposal: Willful IP Blindness provides a way for websites to let browsers know they are not connecting IP addresses with users, and Near-path NAT allows groups of users to send their traffic through the same privatizing server, effectively hiding their IP addresses from a site host. Gnatcatcher also ensures that sites requiring access to IP addresses for legitimate purposes such as abuse prevention can do so, subject to certification and auditing.
- WebID: Support federated identity (where a user can sign into a website through a third-party service) without sharing the user's email address or other identifying information with the third-party service or the website, unless the user explicitly agrees to do so. WebID enables federated sign-in without the use of redirects, pop-ups or third-party cookies which can be used to identify and track users across sites.
Who is working on the Privacy Sandbox?
By early 2021 there were:
- 30+ Privacy Sandbox proposals offered by Chrome and others.
- 400+ participants who joined W3C groups to provide input including the Improving Web Advertising Business Group and the Privacy Community Group.
- Five API implementations available for testing in Chrome.
When will the APIs be implemented?
The implementation status page on this site provides progress updates for individual APIs.
Engage and share feedback
- GitHub: read the explainer for the proposal on GitHub and raise questions or comments in the Issues tab for the explainer.
Links to explainers are provided below.
- W3C: Use cases can be discussed and industry feedback shared in the W3C Improving Web Advertising Business Group, the Privacy Community Group, and the Web Incubator Community Group.
- Developer support: Ask questions and join discussions on the Privacy Sandbox Developer Support repo.
Find out more
Privacy Sandbox proposal explainers
The API proposal explainers need feedback, in particular to suggest missing use cases and more-private ways to accomplish their goals. You can make comments or ask questions in the Issues tab for each explainer.
- Privacy Budget
- Trust Tokens
- First-Party Sets
- Aggregated Reporting API
- Attribution Reporting
Articles and videos for web developers
- Digging into the Privacy Sandbox
- SameSite cookies explained
- Getting started with Trust Tokens
- A more private way to measure ad conversions
- What is FLoC?
- Introducing the Privacy Budget
Principles and concepts behind the proposals
- A Potential Privacy Model for the Web sets out the core principles underlying the APIs.
- The Privacy Sandbox
- Privacy Sandbox overview: Building a more private web
- Google AI Blog: Federated Learning: Collaborative Machine Learning without Centralized Training Data
- The future of third-party cookies