Google Chrome Rolls Out Support for 'Privacy Sandbox' to Bid Farewell to Tracking Cookies
12.9.23 Security The Hacker News
Google has officially begun its rollout of Privacy Sandbox in the Chrome web browser to a majority of its users, nearly four months after it announced the plans.
"We believe it is vital to both improve privacy and preserve access to information, whether it's news, a how-to-guide, or a fun video," Anthony Chavez, vice president of Privacy Sandbox initiatives at Google, said.
"Without viable privacy-preserving alternatives to third-party cookies, such as the Privacy Sandbox, we risk reducing access to information for all users, and incentivizing invasive tactics such as fingerprinting."
To that end, the search giant is initially leaving nearly three percent of users unaffected by the change in order to conduct sufficient tests. General availability is expected to encompass all users in the coming months.
Privacy Sandbox is Google's umbrella term for a set of technologies that aim to eliminate third-party tracking cookies on the web and replace them with privacy-preserving alternatives, while still serving tailored content and ads.
The company is also simultaneously testing Privacy Sandbox on Android in beta to eligible mobile devices running Android 13.
Central to the project is a Topics API, which sorts users into different topics (that can change over time) based on the sites visited and the frequency with which those sites are visited, which websites can query to infer what topics a specific user is interested in and serve personalized ads without knowing who they are.
In other words, the web browser acts as an intermediary between the user and the website. Users can further control their experience by customizing the ad topics they're interested in, the relevance and measurement APIs they want enabled, or entirely opt out of these features.
However, Privacy Sandbox is not without its fair share of criticism, with Movement For An Open Web noting last week that "Google gathers reams of personal data on each and every one of its users, sourced through an opt-in process that it's hard for most web users to avoid."
The development comes as Google is enabling real-time protections against phishing attacks through improvements to Safe Browsing, without any prior knowledge of users' browsing history.
Google did not disclose the exact technical aspects involved, but it has leveraged Oblivious HTTP relays (OHTTP relays) as part of Privacy Sandbox to incorporate anonymity protections and mask IP address information.
"Previously, it worked by checking every site visit against a locally-stored list of known bad sites, which is updated every 30 to 60 minutes," Parisa Tabriz, vice president of Chrome, said.
"But phishing domains have gotten more sophisticated — and today, 60% of them exist for less than 10 minutes, making them difficult to block. By shortening the time between identification and prevention of threats, we expect to see 25% improved protection from malware and phishing threats."