Trust Tokens

Trust Tokens is a new API to help combat fraud and distinguish bots from real humans, without passive tracking.

Published on Updated on

Translated to: Español, Português, 한국어, 中文, Pусский, 日本語

Implementation status

What are Trust Tokens?

Trust Tokens enable trust in a user's authenticity to be conveyed from one context to another, to help sites combat fraud and distinguish bots from real humans—without passive tracking.

  • An issuer website can issue tokens to the web browser of a user who shows that they're trustworthy, for example through continued account usage, by completing a transaction, or by getting an acceptable reCAPTCHA score.
  • A redeemer website can confirm that a user is not fake by checking if they have tokens from an issuer the redeemer trusts, and then redeeming tokens as necessary.

Trust tokens are encrypted, so it isn't possible to identify an individual or connect trusted and untrusted instances to discover user identity.

Caution

Trust Tokens are not a replacement for reCAPTCHA or other mechanisms for determining whether or not a user is who they say they are.

Trust Tokens are a way to convey trust in a user, not establish trust in a user.

Why do we need Trust Tokens?

The web needs ways to establish and convey trust signals which show that a user is who they say they are, and not a bot pretending to be a human or a malicious third-party defrauding a real person or service. Fraud protection is particularly important for advertisers, ad providers, and CDNs.

Unfortunately, many existing mechanisms to gauge and propagate trustworthiness—to work out if an interaction with a site is from a real human, for example—take advantage of techniques that can also be used for fingerprinting. Mechanisms to convey trust must preserve privacy, enabling trust to be propagated across sites without individual user tracking.

With the Trust Tokens API, a website can issue cryptographic tokens to a user it trusts, which can later be used elsewhere. The tokens are stored securely by the user's browser, and can then be redeemed in other contexts to confirm the user's authenticity. This allows trust of a user on one website (such as a social media site or email service) to be conveyed to another website (such as a publisher or online store) without identifying the user or linking identities across sites.

Key Term

Fingerprinting enables sites to identify and track individual users by getting data about their device, operating system, and browser setup (such as language preferences, user agent, and available fonts) or changes in device state. This may be done on the server by checking request headers or on the client with JavaScript.

Fingerprinting uses mechanisms that users aren't aware of and can't control. Sites such as Panopticlick and amiunique.org show how fingerprint data can be combined to identify you as an individual.

How do Trust Tokens work?

In this example a publisher website wants to check if a user is a real human, and not a bot, before displaying an ad.

  1. A user visits a website (known as an issuer) and performs actions that lead the site to believe that the user is a real human, such as making purchases, using an email account or successfully completing reCAPTCHA.
  2. The issuer site uses the Trust Tokens JavaScript API to trigger a request for trust tokens for the user's browser.
  3. The issuer site responds with token data.
  4. The user's browser securely stores data for the trust token.
  5. The user visits a different website (such as a news publisher) that wants to verify if the user is a real human: for example, when displaying ads.
  6. The site uses the Trust Tokens API to check if the user's browser has trust tokens stored for issuers that the site trusts.
  7. Trust tokens are found for the issuer the user visited previously.
  8. The publisher site makes a request to the issuer to redeem the trust tokens.
  9. The issuer site responds with a Redemption Record.
  10. The publisher site makes a request to an ad platform, including the Redemption Record to show that the user is trusted by the issuer to be a real human.
  11. The ad platform provides the data required to display an ad.
  12. The publisher site displays the ad.
  13. An ad view impression is counted.

For more detail about the JavaScript calls in this example, see Sample API usage.


Engage and share feedback

Find out more

Last updated: Improve article

We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.