Fighting for quality news media in the digital age.

  1. Ads & Marketing
June 30, 2022updated 16 Nov 2022 5:54pm

Privacy Sandbox: What is the impact on publishers?

By 10up

This in-depth sponsored report from 10up looks at Google’s Privacy Sandbox changes to online advertising and explains their impact on publishers.

In 2019, Google announced that it would be phasing out support for third-party cookies in Chrome by 2022. Google announced a revised timeline in 2021 with a goal to phase out support for third-party cookies over a three-month period, finishing in late 2023.

Let us explore The Privacy Sandbox and the opportunities and challenges that it’s likely to represent for publishers and the future of online advertising. It is going to be a disruptive time for publishers and their advertisers.

Google Sandbox impact on publishers: Overview

The Privacy Sandbox is a Google-led, industry-wide effort to develop new technology that will improve people’s privacy across the web and apps on Android. The proposed solutions aim to limit tracking of individuals and provide safer alternatives to existing technology on these platforms while keeping them open and accessible to everyone.

The initiative aims to create technologies that both protect people’s privacy online and give companies and developers tools to build thriving digital businesses. The Privacy Sandbox will reduce cross-site and cross-app tracking while helping to keep online content and services free for all.

It is the belief of Google and the open source community that technology providers and businesses should be able to make money from their sites and apps, as well as reach customers with relevant ads. 

The Privacy Sandbox initiative is actively developing new solutions that support key ecosystem needs – without reliance on online tracking identifiers – so that publishers and developers can provide free content and grow their businesses in a privacy-preserving way.

Why is Google phasing out third-party cookies and introducing the Privacy Sandbox?

There are a number of reasons as to why Google decided to phase out support for third-party cookies, the biggest of which is that the information that can be collected by cookies is potentially unlimited and highly detailed, which may lead to a misuse of personal data and infringe on the user’s privacy. 

The rising awareness of privacy among users is another key reason. More and more users have become concerned with the way third-party vendors are collecting their data, which has led to, amongst others, privacy laws such as GDPR.

The Privacy Sandbox initiative has identified three primary goals:

  1. Build new technology to keep your information private: People should be able to enjoy their browsing and app experience without worrying about what personal information is collected, and by whom. The Privacy Sandbox technologies aim to make current tracking mechanisms obsolete, and block covert tracking techniques, like fingerprinting.
  2. Enable publishers and developers to keep online content free: Billions of people around the world rely on sites and apps to access information, news, and more. To provide this content for free without relying on intrusive tracking, publishers and developers need privacy-preserving alternatives for their key business needs, including serving relevant content and ads.
  3. Collaborate with the industry to build new internet privacy standards: The internet is a source of information and engine of economic growth worldwide. Google invites members of the industry – including publishers, developers, advertisers, and more – to get involved and contribute to the development of better privacy standards for the Web and on Android.

Google Privacy Sandbox impact on publishers: Five key themes

The Privacy Sandbox currently consists of five key themes and proposals, which are in various stages of the development process. Each theme offers proposed new purpose-built APIs that offer solutions for legitimate and meaningful use cases that were previously enabled by cookies, thus eliminating cookies as we know them today. The end result envisioned by Google is set to rely on anonymized signals instead of cookies within the browser to get access to the browsing habits of its users.

1) Fight spam and fraud on the web

Trust Tokens: Trust Tokens will help websites distinguish real people from bots or malicious attackers. Based on your behavior on a site, like regularly signing into an account, a site can choose to issue a trust token to your browser. The token can then be checked by other sites that want to verify that you’re a human, and not a bot. Trust tokens are encrypted, so it isn’t possible to identify an individual or connect trusted and untrusted instances to discover your identity.

2) Show relevant content and ads 

Topics API: Topics are recognizable categories that the browser infers based on the pages you visit. With Topics, the specific sites you’ve visited are no longer shared across the web, like they might have been with third-party cookies. In Chrome, you will be able to see the topics and remove any you don’t like, or disable them completely in Settings.

FLoC API: FLoC was a proposal in the Privacy Sandbox designed to cluster people with similar browsing patterns into large groups, or “cohorts”. This “safety in numbers” approach was designed to effectively blend any individuals into a crowd of people with similar interests. The development of FLoC stopped in 2021.

FLEDGE: FLEDGE is a new way to address remarketing, i.e. reminding you of sites and products you’ve been interested in, for in-browser ad selection without relying on third-party cookies. As you move across the web, the sites of advertisers you’ve visited can inform your browser that they would like a chance to show you ads in the future. Advertisers can directly share information with your browser, including the specific ads they’d like to show you and how much they’d be willing to pay to show you an ad. Then, when you visit a website with ad space, an algorithm in your browser helps inform what ad might appear.

3) Measure digital ads

Attribution Reporting API: Marketers currently rely on third-party cookies to gather data about a person’s browsing activity and how they respond to ads. To allow advertisers to place relevant ads and study their effectiveness in a privacy preserving way, the Privacy Sandbox will replace third-party cookies with new measurement and reporting tools that will prevent people from being identified across different websites. This includes several connected proposals.

4) Strengthen cross-site privacy boundaries 

First-Party Sets: Current attempts to restrict cross-site tracking don’t address a common scenario: one organization may have related sites with different domain names, and may need to load resources like videos or perform other activities across those domains.

This Privacy Sandbox proposal allows domains that belong to the same entity to declare themselves as a “first-party set“. Outside of the first-party set, the exchange of information is restricted to protect people’s privacy.

Shared Storage API: To prevent cross-site tracking, browsers are starting to separate all forms of storage, e.g. caches, localStorage, etc. However, there are many legitimate cases where shared storage is needed, and this proposal aims to address them. It will provide “shared storage” that isn’t partitioned, but ensures the data in it can only be read in a secure environment.

CHIPS: Sometimes, embedded services such as chat widgets or embedded maps need to know about your activity on the given site to work properly. Privacy Sandbox introduces partitioned cookies a.k.a. CHIPS (Cookies Having Independent Partitioned State) that will indicate to browsers that the necessary cookie is allowed to work “across sites” only between the site in question (or sites within the same First-Party Set) and an embedded widget.

Storage Partitioning: Storage Partitioning will isolate some web platform APIs used for storage or communication if used by an embedded service on the site, ie. in the third-party context. This effort will help make the web more private and secure while largely maintaining web compatibility with existing sites.

Fenced Frames API: Fenced frames are a type of embedded frame, like an iframe, that can’t communicate with the host page. This makes it safe for the fenced frame to have access to its unpartitioned storage since it will not be able to join its identifier with the top site.

Network State Partitioning: A browser’s network resources, such as connections, DNS cache, and alternative service data are generally shared globally. Network State Partitioning will partition much of this state to prevent these resources from being shared across first-party contexts. To do this, each request will have an additional “network partition key” that must match in order for resources to be reused.

This extra key will protect user privacy by making it so that sites will not be able to access shared resources and metadata learned from loading other sites.

Federated Credential Management: Federated Credential Management aims to bridge the gap for the federated identity designs which relied on third-party cookies. The API delegates authentication of the user to trusted external identity providers. This replaces federated identity needs which currently depend on third-party cookies, from sign-in to sign-out and  revocation.

5) Limit covert tracking 

Same-Site Cookies: Chrome (and other browsers) require developers to use a SameSite cookie “label” to clearly specify if a cookie is used in a first-party or third-party context. This means that browser controls can be more precise, e.g. enabling control over third-party cookies only. There is also a significant security benefit by protecting cookies from cross-site injection and data disclosure attacks.

User-Agent Client Hints: The User-Agent string specifies details about the browser and device you use so that the sites you visit render and function well. However, it is also a significant surface for so-called passive fingerprinting. Client Hints API enables sites to request the information they need directly and will eventually reduce details contained in the User-Agent string, limiting the information shared about you online.

User-Agent Reduction: User-Agent (UA) reduction is the effort to minimize the identifying information shared in the User-Agent string which may be used for passive fingerprinting.

HTTP Cache Partitioning: With cache partitioning, cached resources will be keyed using a new “Network Isolation Key” in addition to the resource URL. The Network Isolation Key is composed of the top-level site and the current-frame site. This adds an additional layer of security.

DNS-over-HTTPS: DNS-over-HTTPS is a protocol that encrypts Domain Name System (DNS) queries and responses by encoding them within HTTPS messages. This helps prevent attackers from observing what sites you visit or sending you to phishing websites.

Gnatcatcher: Gnatcatcher is Privacy Sandbox’s proposal to hide your IP address. At a baseline, it will ensure your IP addresses will be hidden, but sites can do the extra work to attest that they aren’t misusing IP addresses if they would like to have direct connections.

Privacy Budget: Privacy Budget is a proposal that combines multiple factors to help limit fingerprinting. It’s being designed to work by restricting the amount of identifying information that a site is allowed to access in order to help prevent the user from being uniquely identifiable.

Privacy Sandbox, impact for publishers: Conclusions

The effects of the deprecation of third-party cookies may be felt by any publisher who hasn’t taken action to either minimise and eliminate their reliance on third-party cookies or implemented new technologies, like the Privacy Sandbox’s proposed solutions, to keep necessary functions working as expected.

At this time, many of the Privacy Sandbox proposals have implementation for ad tech companies and advertisers, rather than relying on publisher implementation. This allows publishers to keep “business as usual” and remove the technological implementation needs in this early stage. In the future, it’s possible that publishers will also need to implement changes and new APIs to maintain functionality.

The numerous proposals laid out above will work best with the feedback and input from publishers, to ensure even edge use cases are known and can be addressed.

Learn more

The majority of publishers will already be considering solutions and the impact on their businesses/brands. If you are keen to understand more, reach out to your internal teams, technology partners for more information or alternatively contact 10up directly via sales@10up.com to discuss your strategies in more detail.

Google & 10up have an established partnership, focusing on delivering tools for publishers and products that make experiencing content on the web better for all. 

Site Kit free WordPress plugin from Google

Site Kit developed in partnership with 10up is the free official WordPress plugin from Google. With over +2m active installs Site Kit is the one-stop solution to deploy, manage, and get insights from critical Google tools to make your site successful on the web. 

It provides authoritative, up-to-date insights from multiple Google products directly in your WordPress dashboard for easy access.

Site Kit includes powerful features that make using these Google products seamless and flexible:

  • Easy-to-understand stats directly on your WordPress dashboard
  • Official stats from multiple Google tools, all in one dashboard
  • Quick setup for multiple Google tools without having to edit the source code of your site
  • Metrics for your entire site and for individual posts
  • Easy-to-manage, granular permissions across WordPress and different Google products

How to improve WordPress site performance

In October 2021, Google and WordPress contributors from a number of agencies including 10up posted a proposal to create a dedicated performance team that would be responsible for improving speed and performance in WordPress Core. The proposal was well-received, and in November, work began on the official Performance Lab plugin.

The Performance Lab plugin is a collection of modules designed to monitor and enhance the performance of your WordPress site, many of which will eventually be merged into WordPress core. 

10up has formed a mini-working group with Google to tackle a specific focus area (Images) as well as involvement in other focus areas. The mini working groups within this wider community we established in an effort to get things moving much quicker.

The internal WPP Group is a core working group of Google and 10up engineers that are steering the overall work of the Performance Team by:

  • Defining priority projects and issues
  • Creating and maintaining policies and workflows
  • Providing project management and support for the broader Team.

The broader Performance Team is open to anyone who wants to contribute. Within the Team, we have designated several focus areas, each of which is led by a Point of Contact (POC). The most up-to-date information on focus areas and POCs are available here.

About 10up 

Founded in 2011 by Jake Goldman and headquartered in the State of California with a dedicated EMEA presence, 10up offers expertise in digital strategy, design, engineering, cloud infrastructure, SEO, audience, and revenue strategy.

We are united by a mission to make a better web and advance our customers through our core values of service, craftsmanship, creativity, and openness. Fortune 500 giants like Microsoft and Google, as well as the publishing elite Al Jazeera, City A.M, and POLITICO, entrust 10up to deliver on those values every day. We are united by our mission to make finely crafted websites and tools for enterprise content creators at scale.

Influencing communities around the world, our team leads meetups, speaks at local events, and visits clients wherever they may be. Independence from traditional “brick and mortar” offices, freedom from commutes, and flexible schedules across nearly a dozen time zones mean our team works when and where they’re most inspired, and are available when our clients need them. 

Services & Expertise

With a united goal to make the internet a better place, 10up is a full-service digital agency, offering consultative creative and engineering services, innovative tools, and dependable products that take the pain out of content creation and management, in service of digital experiences that advance business and marketing objectives.

A customer-centric service model that covers every base, unrivaled leadership and investment in open-source platforms and tools for digital makers and content creators, and a forward-looking remote work culture make for a refreshing agency experience.

Cross-discipline teams of specialists that include best-in-class engineers, UX and visual designers, digital strategists as well as in-house specialists in SEO and revenue strategy all organise around qualified project and product managers, by putting customer delivery front and center. 

Whether your ads are down, your visitor bounce rate is up, or your database server is sideways, we’re a partner who understands the challenges our clients regularly face when embarking on a program of digital transformation.  

Press Gazette is hosting the Future of Media Technology Conference. For more information, visit NSMG.live

Topics in this article :

Email pged@pressgazette.co.uk to point out mistakes, provide story tips or send in a letter for publication on our "Letters Page" blog

Websites in our network