Digging into the Privacy Sandbox

Digging into the Privacy Sandbox

web.dev web.dev3 months ago in #Dev Love20

The Privacy Sandbox is a series of proposals to satisfy third-party use cases without third-party cookies or other tracking mechanisms. Apr 8, 2020 • Updated Apr 9, 2020 Summary # This post outlines APIs and concepts from the Privacy Sandbox proposals. The proposals need your feedback. You can comment on the proposals by filing issues on the repositories linked to below. There’s a glossary for the proposals at the end of this post. Thanks to Michael Kleber and Marshall Vale for their help in writing this post. Why does the web use third-party code? # Websites use services from other companies to provide analytics, serve video and do lots of other useful stuff. Composability is one of the web’s superpowers. Most notably, ads are included in web pages via third-party JavaScript and iframes. Ad views, clicks and conversions are tracked via third-party cookies and scripts. That’s how most of the web is funded. Relevant ads are less annoying to users and more profitable for publishers (the people running ad-supported websites). Third party ad targeting tools make ad space more valuable to advertisers (the people who purchase ad space on websites) which in turn increases revenue for ad-supported websites and enables content to get created and published. Reliable measurement and anti-fraud protection are also crucial. Advertisers and site owners must be able to distinguish between malicious bots and trustworthy humans. If advertisers can’t reliably tell which ad clicks are from real humans, they spend less, so site publishers get less revenue. Many third party services currently use techniques such as device fingerprinting to combat fraud. The problem is… privacy. The current state of privacy on the web # When you visit a website you may not be aware of the third parties involved and what they’re doing with your data. Even publishers and web developers may not understand the entire third-party supply chain. Ad targeting, conversion measurement, and other use cases currently rely on establishing stable cross-site identity. Historically this has been done by using third-party cookies, but browsers have begun to restrict access to these cookies. There’s been an increase in the use of other mechanisms for cross-site user tracking, such as covert browser storage, device fingerprinting, and requests for personal information like email addresses. This is a dilemma for the web. How can legitimate third-party use cases be supported without enabling users to be tracked across sites? In particular, how can websites fund content by enabling third parties to show ads and measure ad performance—but not allow individual users to be profiled? How can advertisers verify real users, and site owners check that users are trustworthy, without resorting to dark patterns such as device fingerprinting? The way things work at the moment can be problematic for everyone concerned, not just users. For publishers and advertisers, tracking identity and using a variety of non-native, un-standardised third-party solutions can add to technical debt, code complexity and data risk. Users, developers, publishers, and advertisers shouldn’t have to worry. Introducing the Privacy Sandbox # The Privacy Sandbox introduces a set of privacy-preserving APIs to accomplish tasks that use tracking today. The Privacy Sandbox APIs require web browsers to take on a new role.  » Read More

Like to keep reading?

This article first appeared on web.dev. If you'd like to keep reading, follow the white rabbit.

View Full Article

Leave a Reply