Google is back to shoveling stuff into its ‘Privacy Sandbox’ • The Register


Google is preparing another round of tests for the latest iteration of its supposedly private ad technology, after last year’s Federated Learning of Cohorts (FLoC) experiment revealed the need for further refinement.

In separate messages to Chromium developers declaring their “intent to experiment,” Google software developers said Friday that Origin trials for the company’s FLEDGE API and its Topics API would begin after the launch of Chrome 101 Beta. March 31. Testing should continue at least until Chrome 104 Beta, in three months.

FLEDGE aims to enable remarketing – displaying advertisements on one website based on previous interactions on another website – and Topics, which replaces FLoC, aims to enable interest-based advertising. And both aspire to do so in a way that doesn’t involve tracking individuals across the web, or so they say.

FLEDGE is an effort to implement Turtledove, an API to facilitate targeted advertising to interest groups. It moves the data of interest and the decision about which advertisement to present from the server side to the client (browser) side, with privacy in mind.

“The purpose of the Topics API is to provide callers (including third-party advertising or in-page advertising technology providers that run the script) with coarse advertising topics that might currently be of interest to the page visitor,” Google explains. .

Google’s explainer for FLEDGE/Turtledove states that the in-browser advertising scheme “involves the browser executing untrusted JavaScript downloaded from multiple parties” and describes the various ways the API imposes limitations on the environment enforcement for security reasons.

The Topics API also has security and privacy considerations that have not yet been fully addressed.

Google’s hope in experimenting with these APIs is to prove that FLEDGE and Topics preserve privacy and revenue, as well as security.

Since the early days of web advertising, serving ads to people using web browsers has involved cookies – files that are dropped by web server code on behalf of the site publisher and third-party affiliates. .

As the privacy concerns posed by this approach became apparent and spurred regulation, and Google’s competitors made changes to restrict the use of third-party cookies, Google launched its Privacy Sandbox initiative in 2019 to rethink its advertising technology in a manner that complies with changing privacy rules and tolerates privacy defenses.

With this project underway, Google announced in January 2020 its intention to phase out third-party cookies “within two years”, a commitment soon after covered in qualifiers. By the middle of last year, the phasing out of third-party cookies had returned to the end of 2023.

A matter of trust

Part of the problem for Google is that rivals in the ad industry fear they will be at a data disadvantage in the privacy sandbox and their concerns have reached the ears of lawmakers and regulators in the United States, in Europe and the UK at a time when the advertising industry is under intense scrutiny and antitrust litigation.

The result was that Google made a set of commitments to the UK Competition Authority and markets that it will design its Privacy Sandbox systems in consultation with its competitors. So now, instead of moving fast and breaking things, the online advertising giant needs to engage with marketers who think this whole privacy push will put them at a disadvantage.

Google also faces continued criticism from rival browser makers like Brave who say its privacy sandbox only improves privacy from the intrusive baseline set by Chrome. The Topics API, Brave’s chief privacy officer Peter Snyder said in January, is dangerous because it makes Google the arbiter of “sensitive” data in terms of the interests associated with a particular internet user.

And FLEDGE, Snyder warned, relies on WebBundles, which bundle web resources for download. They pose a security and privacy threat, he claims, because they remove resources from the global namespace, where they can be identified and blocked. Content blocking extensions couldn’t block bundled resources because they wouldn’t know what filename or string to look for.

“Anyone who cares about a truly privacy-centric web should care about the Fledge and Topics API, Snyder said in an email to The register. “Google is trying to follow the web down a path that still favors its infrastructure and benefits, before others can push things towards a more user-centric approach.”

“Much of the ‘Privacy Sandbox’ should be understood as a ‘Google gap’, where Google is pushing for a direct or middleman role in an ever-increasing percentage of web requests, knowing it has direct access to almost any site (Google Analytics, AdWords, Google Tag Manager, Google Maps, etc.).” ®


Comments are closed.