Progress in the Privacy Sandbox (January/February 2022)
Welcome to the start of year edition of "Progress in the Privacy Sandbox", covering January and February 2022, as we track the milestones on the path to phasing out third-party cookies in Chrome and working towards a more private web. In each edition, we share an overview of the updates to the Privacy Sandbox timeline along with news from across the project—and the beginning of 2022 has plenty of updates.
Privacy Sandbox on Android
If you have been watching the Privacy Sandbox site, you may have noticed changes to the structure as we introduced the Privacy Sandbox on Android.
"We’re announcing a multi-year initiative to build the Privacy Sandbox on Android, with the goal of introducing new, more private advertising solutions. Specifically, these solutions will limit sharing of user data with third parties and operate without cross-app identifiers, including advertising ID. We're also exploring technologies that reduce the potential for covert data collection, including safer ways for apps to integrate with advertising SDKs."
You can learn more and track progress in the Android section of the Privacy Sandbox site.
Getting feedback from a diverse set of stakeholders across the web ecosystem is critical to the Privacy Sandbox initiative. We've added a dedicated feedback section that provides an overview of the existing public channels where you can follow or contribute to discussion along with a feedback form to ensure you can always reach the Chrome team directly.
Strengthen cross-site privacy boundaries
Third-party cookies are a key mechanism that enables cross-site tracking. Being able to phase them out is a major milestone, but we also need to tackle other forms of cross-site storage or communication.
As the cookie-related proposals progress, you should audit your own
SameSite=None or cross-site cookies and plan the action you will need to take on your site.
If you set cookies that are sent in cross-site contexts, but in 1:1 relationships—like iframe embeds, or API calls—we have added a new overview for CHIPS, or Cookies Having Independent Partitioned State. CHIPS allows you to mark cookies as "
Partitioned", which puts them in a separate cookie jar per top-level site.
We've also sent the I2E (Intent to Experiment) for CHIPS with the plan to start the origin trial in Chrome 100 and run from March 31st, 2022 until June 30, 2022. The origin trial will be available for registration on the Chrome Origin Trials site.
Additional cookie updates
We're also continuing to clean up issues in general cookie implementation in Chrome and have sent an I2S (Intent to Ship) to allow cookie domain attributes to be the empty string. Unless you are already aware that you make use of an empty domain in cookie attributes, there is unlikely to be any developer action needed. This brings Chrome's behavior inline with other browsers.
Federated Credentials Management
The Federated Credentials Management API builds on existing identity provider use cases to allow new and existing federated identity use cases to continue without third-party cookies. We have sent the I2E for an initial FedCM origin trials starting with a limited trial from Chrome 101 on Android. This initial trial is primarily aimed at identity providers who will eventually integrate FedCM into their own libraries.
Network State Partitioning
Network State Partitioning continues the pattern implemented in HTTP Cache Partitioning by creating finer-grained containers for caches, which prevents cross-site information leakage. We sent an I2S to partition network state which affects websocket connections, DNS cache, and others—however after discussion on the list we will be running additional performance experiments before returning to this topic with a new intent.
Preventing covert tracking
As we reduce the options for explicit cross-site tracking, we also need to address the areas of the web platform that expose identifying information that enables fingerprinting or covert tracking of users.
User-Agent string reduction and User-Agent Client Hints
We are incrementally reducing the information passively available in Chrome's user-agent string and providing alternative User-Agent Client Hints (UA-CH) for sites that need to actively request that information. We have sent the I2S for phase 4 of the reduction where we replace the minor version information with zeros starting in Chrome 101.
Mozilla/5.0 (Linux; Android 12; Pixel 6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4638.16 Mobile Safari/537.36
Mozilla/5.0 (Linux; Android 12; Pixel 6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/184.108.40.206 Mobile Safari/537.36
Also starting in Chrome 101 we're launching (via an I2E) the User-Agent reduction deprecation trial. This allows sites that have not had time to migrate to User-Agent Client Hints to continue receiving the full user-agent string.
We are continuing to improve the User-Agent Client Hints functionality. There is a new I2S for markup-based Client Hints delegation for third-party content. This allows for sites to use a
<meta> tag in their HTML instead of a
Permissions-Policy header to send extended Client Hints on cross-origin requests. There is also a new I2E to expand the GREASE functionality for UA-CH which is intended to encourage correct parsing of special characters, avoiding the fragile parsing associated with the user-agent string.
Show relevant content and ads
As we move towards phasing out third-party cookies, we are introducing APIs that enable key use cases that sites depended on to allow them to fund their content without continuing to enable cross-site tracking.
The Topics API is a new proposal to enable interest-based advertising without cross-site tracking. Topics was informed by our learning and widespread community feedback from our earlier FLoC trials, and replaces our FLoC proposal. The Topics API uses a curated taxonomy of topics to map a site to an associated topic and provide a method to retrieve a browser's top topics.
You can read more in the introductory Topics blog post along with the full detail in the Topics explainer. This is also linked from the associated Topics I2P, announcing our intent to start coding on the feature.
FLEDGE enables remarketing and custom audience use cases, as in advertising that can make use of sites or products previously visited, without relying on an individual identifier.
Measure digital ads
As the companion to displaying ads without cross-site tracking, we need privacy-preserving mechanisms to enable measuring the effectiveness of those ads.
Attribution Reporting API
The Attribution Reporting API enables functionality to measure events on one site, like clicking or viewing an ad, that lead to a conversion on another site—without enabling cross-site tracking.
A number of new changes landed in the Attribution Reporting API proposal. We have made a full list available in the Attribution Reporting API January 2022 update. This includes an overview of summary reports (previously referred to as aggregate reports). Summary reports provide an aggregated view of detailed conversion data, while retaining critical information for reporting, without the ability to identify individual users within that data. Event-level reporting added new features for third-party reporting, view-through measurement, filtering reports, and debugging functionality.
As we continue to publish these updates and progress through the Privacy Sandbox as a whole, we want to make sure that you as a developer are getting the information and support that you need. Let us know on @ChromiumDev Twitter if there's anything that we could improve in this series. We'll use your input to continue improving the format.