Google Chrome’s Update on Privacy Sandbox Initiative (Browser Tracking without 3rd-Party Cookies)

Third-party cookies are were a central component to personalized advertisement on the Web. Due to GDPR, privacy concerns of users, and other reasons, using third-party cookies becomes less feasible for advertisers. While this may be good news for individual users, it’s not so good news for website operators who depend on income generated by advertisements.

The Privacy Sandbox initiative aims to find a solution to this dilemma. It consists of “a series of proposals to satisfy third-party use cases without third-party cookies or other tracking mechanisms”.

The Privacy Sandbox initiative proposes a set of privacy-preserving APIs to support business models that fund the open web in the absence of tracking mechanisms like third-party cookies. It was introduced in 2019, and Chrome shared updates on progress in January and October last year.

https://developer.chrome.com/blog/privacy-sandbox-update-2021-jan/

Two days ago, Justin Schuh and Marshall Vale from Google released a progress report on the ‘Privacy Sandbox’ initiative. Among others:

In 2020, we also improved the safety of current web technology. The SameSite cookie policy has been adopted by Chrome and Edge and is coming to Firefox soon, treating cookies as first-party, unless the developer indicates that they need to be accessed across sites. We’ve also rolled this out for Android webview and expect to enforce the “SameSite=Lax” default treatment beginning in apps targeting Android S.

New in this month’s Chrome 88 release, we are strengthening this policy by modifying the definition of SameSite to prevent some forms of cross-site attacks, including downgrading a connection’s security. Now secure and insecure versions of the same host domain, such as https://site.example and http://site.example, are considered as third-party context to each other.

https://developer.chrome.com/blog/privacy-sandbox-update-2021-jan/