What is the Privacy Sandbox?

The Privacy Sandbox is a series of proposals to satisfy cross-site use cases without third-party cookies or other tracking mechanisms.

Published on Updated on

Translated to: Español, Português, 한국어, 中文, Pусский, 日本語

Why do we need the Privacy Sandbox?

The Privacy Sandbox initiative has two core aims:

  • Develop replacement solutions to support web use cases and business models without enabling users to be tracked across sites, and avoiding cross-site tracking users aren't aware of.
  • Phase out support for third-party cookies when new solutions are in place.

What are the Privacy Sandbox proposals?

Chrome and other ecosystem stakeholders have offered more than 30 proposals to date, which can be found in the public resources of W3C groups. These proposals cover a wide variety of use cases and requirements.

The key proposals developed by the Chrome team are listed below.

Relevant content and ads

  • FLoC: Privacy-preserving interest-based ad and content selection: "relevant ads".
  • FLEDGE: Ad selection for remarketing. Descendant of TURTLEDOVE.

Measurement and attribution

  • Attribution Reporting: Correlate ad clicks or ad views with conversions. Previously known as the Event Conversion Measurement API. Enables two types of reports: event-level and aggregate.

First-party protections

  • SameSite cookie changes: Secure sites by explicitly marking your cross-site cookies.
  • First-Party Sets: Allow related domain names owned by the same entity to declare themselves as belonging to the same first party.

Fraud detection

  • Trust Tokens: Convey trust in a user from one context to another, in order to help combat fraud and distinguish bots from humans.

Limiting data collection

  • Privacy Budget: Allow websites to get information about a user's browser or device, but enable the browser to set a quota on the total amount of information a site can access, so that a user cannot be identified.
  • User-Agent Client Hints: The User-Agent (UA) string is a significant passive fingerprinting surface, as well as being difficult to process. Client Hints enable developers to actively request only the information they need about the user's device or conditions, rather than needing to parse this data from the User-Agent string.
  • Gnatcatcher: Limit the ability to identify individual users by accessing their IP address. There are two parts to the proposal: Willful IP Blindness provides a way for websites to let browsers know they are not connecting IP addresses with users, and Near-path NAT allows groups of users to send their traffic through the same privatizing server, effectively hiding their IP addresses from a site host. Gnatcatcher also ensures that sites requiring access to IP addresses for legitimate purposes such as abuse prevention can do so, subject to certification and auditing.

Identity

  • WebID: Support federated identity (where a user can sign into a website through a third-party service) without sharing the user's email address or other identifying information with the third-party service or the website, unless the user explicitly agrees to do so. WebID enables federated sign-in without the use of redirects, pop-ups or third-party cookies which can be used to identify and track users across sites.

Who is working on the Privacy Sandbox?

By early 2021 there were:

When will the APIs be implemented?

The implementation status page on this site provides progress updates for individual APIs.


Engage and share feedback

Find out more

Privacy Sandbox proposal explainers

The API proposal explainers need feedback, in particular to suggest missing use cases and more-private ways to accomplish their goals. You can make comments or ask questions in the Issues tab for each explainer.

Articles and videos for web developers

Principles and concepts behind the proposals

Last updated: Improve article

We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.