Google launched the Privacy Sandbox initiativeIn which proposed several APIs to implement in browsers that allow a compromise between the need for users to maintain confidentiality and the desire for ad networks and sites to track visitor preferences.
Practice shows that confrontation only exacerbates the situation. For example, the introduction of blocking cookies used to track cookies has led to a more intensive use of alternative techniques.
Such as browser fingerprint methods, trying to distinguish a user from the general mass, based on the specific settings used (installed fonts, MIME types, encryption modes, and so on) and computer characteristics (screen resolution, specific artifacts during rendering, etc.).
About Privacy Sandbox
Faced with this problematic Google Privacy Sandbox ad where its main focus is to provide different APIs to ad networks, but protecting the user (in a certain way).
We outline our vision for an initiative aimed at developing the web with an architecture that promotes privacy, while continuing to support an open and free ecosystem. To work towards that vision, we have started publishing a series of explainer that are intended to be shared and iterated across the community.
Google offers to provide a API Floc, which will allow ad networks to determine the user's interest category, but will not allow individual identification.
First, let's identify how user information is currently used in the advertising ecosystem so that we can explore the development of the privacy preservation APIs for the Privacy Sandbox.
The API will work with groups of common interest encompassing large anonymous masses of users (eg 'classical music lovers'), but it will not allow manipulating data at the history level visits to specific sites.
We are exploring how to serve ads to large groups of similar people without allowing individually identifiable data to leave your browser, taking advantage of Differential Privacy techniques that we have been using in Chrome for almost 5 years.
On the other hand, Google It also offers another option that is used to measure the effectiveness of advertising and evaluate the conversion of clicks, the conversion measurement API is developed, which allows to obtain general information about the activity of users on the site after clicking on the ad.
Both Google and Apple have already published the first stages to assess how one could address some of these use cases. These proposals are a first step in exploring how to address the advertiser's measurement needs without allowing the advertiser to track a specific user across all sites.
To distinguish the general flow of activity from scammers and spammers (for example, cheating clicks or making false transactions to mislead advertisers and site owners), Trust Token API was prepared based on the use of the Privacy Pass protocol, which CloudFlare already uses to classify Tor users.
Today's publishers often need to detect and prevent fraudulent behavior, for example, fake transactions or attempts to fake advertising activity to steal money from advertisers and publishers.
The API allows users to be divided into trusted and untrusted, without the use of cross-site identifiers.
Many companies, including Google, work to detect and prevent fraud, and that's especially true of ad companies and ad fraud.
Some of the tools used to legitimately fight fraud today use techniques that can benefit from the use of more secure mechanisms for privacy.
To avoid indirect identification, the privacy budget technique is proposed. The essence of the method is that the browser gives away information that can potentially be used for identification, only in a certain amount.
If the limit on the number of API calls is exceeded and issuing more information may lead to an anonymity violation, then further access to certain APIs is blocked.
Source: https://blog.chromium.org