Google's Privacy Sandbox is ready. Chrome to drop third-party cookies in 2024
Google published an update on its Privacy Sandbox initiative and the fate of third-party cookies in the company's Chrome web browser. The news was published on the German version of Google's main The Keyword blog by Antony Chavez, VP, Privacy Sandbox.
Chavez reveals that Google has finalized its Privacy Sandbox API and that websites may start to integrate it once the API lands in the company's Chrome web browser. Google plans to launch it in Chrome in July 2023.
Developers may start running scaled tests based on live traffic once the API lands in Chrome. Google promises that it won't make "any significant changes to the API interfaces" until third-party cookies are eliminated in 2024.
Google plans to drop third-party cookies support for 1% of Chrome users in the first quarter of 2024. The change allows developers to run real-world tests on scale to "evaluate the readiness and effectiveness of their products without third-party cookies" according to Chavez.
Developers may furthermore configure Chrome in the fourth quarter of 2023 to simulate the removal of third-party cookies in the browser for testing purposes. These changes "enable developers to run tests on a higher volume of cookieless traffic before Q1 2024".
Privacy Sandbox's main aim is to limit user tracking while still allowing advertisers to display personalized advertising to target groups. One of the main differences between cookie-based tracking and Privacy Sandbox is that the latter is group-based.
Third-party cookies allow advertisers to track individual users across the Internet. Tracking is an essential part of the advertising ecosystem.
Another difference between the two systems is that Privacy Sandbox is assigning interests locally. Chrome analyzes the browsing history of the user and links it to certain interests groups. Websites may then use an API to retrieve these information and use it to display personalized advertising to the user.
Chrome users get some control over the groups, as they may add or delete interests in the browser.
Ad retargeting continues to be possible as well. Retargeting is a technique that many users dislike as it may lead to the display of similar types of advertisement on different Internet websites.
Google introduced first bits of Privacy Sandbox code in Chromium in 2020 after it received criticism for First-Party Sets.
Google had to postpone the death of third-party cookies in Chrome several times. The company announced in mid-2022 that it would delay the end to 2024.
Internet users may disable third-party cookies already in their browsers, but most users have these enabled as it is the default of most web browsers. The change will benefit these users, but it will introduce another form of tracking, and this one directly into the Chrome browser.
It remains to be seen if other browser makers will follow Google or block these changes from landing in their browsers. Most browsers are based on Chromium, and Chromium is controlled by Google to a large extent. Firefox and Safari are two main web browsers that are not based on Chromium.
Now You: what is your take on this development?
No benefit to user privacy in the end. Just more tracking in the name of removing third party cookies.
It appears that Google requires yet another antitrust inquiry.
Before it’s too late, switch back to Firefox everyone.
> Before it’s too late, switch back to Firefox everyone.
No, don’t use the Google browser! Use the browser entirely sponsored by Google instead!
Ads should be declared as such.
They are dropping third party cookies because it’s very unusual to found an user that allows them. None of my friends neither myself are allowing third party cookies in none browser. And furthermore, I think that they want to control us in a more invasive way, that’s my opinion about this short theme.
Obviously. The replacement for third party cookies is “locally” assigning interest tags based on your browser history to assign you to “groups of users with similar interests”.
When did we hear this before? I hope I’m not the only one who still remembers the whole FLoC fiasco, which is literally what this is.
No don’t use the Google sponsored browser. Use the browser made by Google itself and sponsor it with BAT tokens and Google image search in Brave search. Ads definitely should be declared as such.
> Use the browser made by Google itself
I did not even mention Brave, but you mentioned it indirectly by hating on BAT (as usual). Glad to see that Brave lives in your head rent free, after all.
Brave is made by Google in as much GrapheneOS or LineageOS, are also made by Google.
> and sponsor it with BAT tokens
Yes Sir! It’s absolutely fatal for the browser that they aren’t a search engine leech, but have an own business model. They push it on me too by making it opt-in, you see.
> Google image search in Brave search
So? Brave bought a barebones search engine and is currently building it up, image search is still missing, so they have to substitute it with another service out of necessity. The alternative here would be Bing, which is not any better. They are working on implementing image search using their own crawler as we speak. You know nothing, and should not talk big considering that Firefox outright promotes Google search in all its aspects.
Considering Brave is a Google leach when it comes to browser engine and wrapped around by BAT tokens(how’s that doing anyway), you can get even better browser in Librewolf which doesn’t sponsor BAT. Or you can even customise Firefox to move it away from Google search to whatever you like in main settings. Yeah man, ads should be declared as such. Thanks for sponsoring BAT nonsense Google leach.
> Considering Brave is a Google leach when it comes to browser engine
Only megacorps and leeches of said megacorps like Mozilla can create new browser engines by now, it is very expensive. It would also not work on many websites as web devs would not test for Brave specifically. If they fork Chromium at some point, it would be based on them having some relevance and for an actual, good reason, which has yet to appear. Useless hating on your part.
> BAT tokens(how’s that doing anyway)
If the company had issues, you would have heard of it by now. For example reports about staff reductions (like the 250 employees that Mozilla fired while the CEO raises her salary again for such success). So I would assume they are doing OK, but thanks for asking.
> better browser in Librewolf
LOL, no thanks. Firefox with a different logo and copied & pasted user.js.
> Or you can even customise Firefox to move it away from Google search to whatever you like in main settings.
Maybe I can switch to another search engine, but what I can’t do is reverse several asinine decisions Mozilla makes in Google’s favor. @Andy Prough praises Pale Moon for maintaining JPEG XL support, and not just support for AV1 format pushed by Google. Well guess what, as soon as Chromium removed support for JPEG XL, Mozilla did so too. And no, I can’t reverse that by fiddling with about:config. So why would I run Firefox for ideological reasons, they follow Google’s lead anyway, monetarily or otherwise.
I always hear Firefox fans harping on how they are the last bastion fighting against their sponsor, but if you actually ask them for instances where Mozilla opposed them, you only hear the crickets.
> Yeah man, ads should be declared as such. Thanks for sponsoring BAT nonsense Google leach.
Show me how the Big Bad Brave rubbed you the wrong way, lol.
1) Dodged the BAT token question but that’s classic. Countless security issues in Chromium but that’s not enough to go separate ways but then that question will also get dodged in the name of user share.
2) Having a problem with Mozilla because it maintains a separate browser engine which attracts deals from search engine providers. Compare that to Brave where their own default search engine redirects to Google Image search and doesn’t even get paid when Brave could’ve used StartPage or route traffic to preserve user privacy like Piped. Certainly Big Bad Brave is rubbing you Brave users and lovers the wrong way. Enjoy!
3) Librewolf is better than Brave in every regard even if you disable RFP and it doesn’t sell BAT nonsense. Of course Brave lovers don’t want to hear that.
4) Does Brave support JPEG XL? Firefox would support Manifest V2 extensions. It allows for customisation, privacy add-ons works best in FF and will continue to work. What has Brave done? Disable this new Google feature?
Ads as obvious as yours should be declared as such. Enjoy!
“They are dropping third party cookies because it’s very unusual to found an user that allows them. None of my friends neither myself are allowing third party cookies in none browser.”
You and your friends are not the usual user. What is usual to find is a user using the default configuration. What is usual is a user not even knowing what a third party cookie is. I’m assuring you, you attitude of disbelief would just help Google (if it had any effect).
>”Google introduced first bits of Privacy Sandbox code in Chromium in 2020″
I wonder if other chromium-based browsers are going to be forced to use this “Un-Privacy [sic] Sandbox” as well?
>”Most browsers are based on Chromium, and Chromium is controlled by Google to a large extent. Firefox and Safari are two main web browsers that are not based on Chromium.”
Pale Moon 32.2.0 was released yesterday and its compatibility with websites is much higher than previous versions. At this point Pale Moon is a drop-in replacement for doing very nearly anything a chromium-based browser can do. It also is the only browser I know of that has fully implemented jpeg-xl rendering whereas Google has completely removed support for jpeg-xl from chromium in order to push their own AV1 graphics format. Pale Moon might be one browser to keep a close eye on going forward.
> I wonder if other chromium-based browsers are going to be forced to use this “Un-Privacy [sic] Sandbox” as well?
No, because a) there is likely a kill switch provided by Google anyway and b) because ultimately the code is open source and can be removed as well if need be. But you know that already, don’t you?
> Pale Moon might be one browser to keep a close eye on going forward.
I actually do. I am wondering when its single developer calls it quits, how incompatible Pale Moon has to get with the modern web in order to say it’s no longer worth it.
>”No, because a) there is likely a kill switch provided by Google anyway”
Ahh – so relying on Google to solve your problems that Google created in the first place. Smart.
It’s kind of like Brave using Google and Bing image search in their Brave Search. Very “Brave” of them, and so privacy(ish).
> Ahh – so relying on Google to solve your problems that Google created in the first place. Smart.
No, good development practice. There are internal kill switches for many things in the browser in case of breaking bugs.
> It’s kind of like Brave using Google and Bing image search in their Brave Search. Very “Brave” of them, and so privacy(ish).
Yash mentioned it already, I outlined the obvious reason for this, and you are not any smarter for repeating the same shit yet again.
“> I wonder if other chromium-based browsers are going to be forced to use this “Un-Privacy [sic] Sandbox” as well?
No, because a) there is likely a kill switch provided by Google anyway ”
This reply is interesting because IH’s pet browser similarly uses currently opt-in of some of its (different) malware features as an excuse, before it becomes like always as the market allows, opt-out or simply mandatory. They’re businesses, the only reason why they would not enforce their shit is because they don’t feel yet strong enough to do it. Chrome also pretends for now that the “privacy” sandbox spyware will be opt in, until this changes because nothing will stop them from doing so. And then the other sold-out browsers will follow, later, if it succeeds, like they have done countless many times before for other malicious features before, sometimes even doing it before Chrome as testing fields. Maybe his pet browser a bit later than the others considering that it has had an equivalent of Google’s “privacy” sandbox of its own for much longer already (boo), a full adware component right inside the browser with a false privacy narrative behind it. I would even consider it as having pioneered those systems together with Firefox, although at a more insignificant scale considering its user base.
My take on Google’s ‘Privacy Sandbox’ in replacement of 3rd-party cookies is very simple : a different glove for the same iron hand, a refashioned clothing for the same unhealthy body, a new mask for the same ugly face. Tracking, retargeting remain, be they modestly formulated as ‘local’.
I cannot bear excessive advertisement when moreover for the profit of wealthy corporations (when websites get the crumbs) which strive not to survive but to increase their power in a dialectical process with unreasonable earnings.
I cannot accept whatever tracking. I’ll never use Google, its search engine, its various and numerous services on that very ground : I refuse to be tracked and this is not negotiable.
> I’ll never use Google, its search engine, its various and numerous services on that very ground : I refuse to be tracked and this is not negotiable.
False, you use YouTube because you prefer the heavily censored corporate safe space. You have said as much in other articles.
I don’t “use” YouTube in that I access it, I redirect it’s invaluable number of videos to a ‘Piped’ instance. All Google servers I know are blocked system-wide and managed with the ‘REDIRECTOR’ extension when required, as with YouTube. Google libraries, fonts are handled by the ‘LocalCDN’ extension.
You’ve missed an opportunity to not saying nonsense.
> I don’t “use” YouTube in that I access it, I redirect it’s invaluable number of videos to a ‘Piped’ instance.
That’s just a frontend meant to allegedly protect your privacy a bit better, by shifting trust to the instance. You still accept all YouTube censorship, its manipulating algorithm, and many more mischievous behavior, Piped can only show you what YouTube gives to Piped. Don’t mistake me for stupid, you know exactly that this is not at all what I meant.
> You’ve missed an opportunity to not saying nonsense.
What I can say for sure is that I didn’t miss the opportunity to call you out on your hypocrisy. You’re welcome.
So Google’s “Privacy Sandbox”, unsurprisingly, provides neither. But Orwell would be proud of the name.
I don’t use their products, and recommend my clients don’t, as well.
How can anyone keep a straight face while using the words “google” and “privacy” in the same sentence?
“How can anyone keep a straight face while using the words “google” and “privacy” in the same sentence?”
Or Microsoft for that matter.
I would argue that the reason why building a browsing engine is limited to the mega rich, megacorps is because google made it so by hijacking web standards and pushed their own agenda and everyone essentially has to play by their rules to be a part of the internet and once again this is another example of google trying to do just that… create another system that greatly favours them as its abundantly clear that the entire cookie system is much more controlled these days so in comes captain google to protect the interest of itself and advertisers.
I feel like the internet would have been a lot better off if web standards were not hijacked by google, in fact I would go so far as to say that if google stayed in their lane and stuck to just being a search engine and that’s it. I’m talking long before they dreamed up their idea to create a browser ad foist it upon users via pups when they were piggybacking their trash onto the browser that had the biggest marketshare at the time.
It was never about you and me, it was about google worming their way in and we let it happen then and we are continuing to let it happen now.
Of course taking the above into consideration google would never have owned Youtube either and perhaps given another person a chance at wealth at the very least and maybe kept more of a balance.
This is just as bad as Manifest v3 which is another attempt by google to up the stakes.
I don’t care for google and don’t care for the majority of browsers that are chrome clones. Brave would do well to distance itself from it greatly. I do recall a time when Brave was based on firefox. I wonder what things would have been like had they stayed on that path.
I don’t think we should be wasting time attacking each other but rather focusing on the issues at hand.
Does anyone actually believe that google is doing this for your benefit? Google is just trying to regain an upper hand over the situation because it’s clear that they have lost a lot of control over cookies, tracking and manipulation.
This should be fought against just as hard as Manifest v3 and Google put in their place. Use this fire you guys have against Google not each other.
“I would argue that the reason why building a browsing engine is limited to the mega rich, megacorps is because”
It’s not only about the engine, but about the full browser with the part on top. Spyware parts are at least as often added to the rest than to the engine part, while for example beacons and hyperlink auditing or Apple engine’s “privacy preserving ad attribution” spyware are indeed engine’s parts.
Google largely controlling the web standards is a part of the problem, although it’s actually by reflecting the interests of many other web companies against the rest of mankind.
But it’s not everything. No web standard is requiring that Chrome or Firefox display their own ads, send everything typed in the address bar to the browser developer plus Google, tell to Google most of what the users download, but they do, and lots more in that vein. Google controls Firefox through a search deal providing Mozilla with half a billion yearly dollars in exchange for sensitive private user search data, and given the involved sums, it’s obvious that the deal implicitly goes beyond that, and this has been proved over the years beyond any doubt.
The thing to explain is that Chromium and Firefox are mostly open source software (I won’t use the libre software term considering the amount of malicious open source components), so according to the libre idea, it should be easy to just fork the crap away. The problem is that controlling a gateway to the web is controlling the web and it’s too much dirty money to be made to leave it to hairy librists. So there are many dirty tricks used to evict ethical forks.
For instance, if you want to watch Netflix or Disney streaming stuff on a browser, I have heard, you need some Google controlled DRM. You actually need Google’s permission for your browser to work there, and sometimes they said no. Ok bad example, DRM is closed source (and Firefox and Chromium too by the way, did you know ? and there are even other parts ! mostly malicious ones too).
Web sites could falsely dismiss your browser as not up-to-date enough, or even as not secure (“please use chrome instead”). Cloudflare might and does make your life harder to access its client sites for no legitimate reason. So does Google, with recaptchas for instance, again with no legitimate reason.
Journalists could and do dishonestly dismiss your browser as a security threat simply for not being made by a corporation. They don’t even need their site to depend on ads for that, as it’s their function to be corrupt, but it helps. I could give specific corruption examples with browser devs getting money from web news publishers but they’re anecdotic compared to the big picture.
Another barrier is that you need someone not to be cupid while Google, Bing and so on will approach them with golden search/ad/whatever crappy business deals and “ethical” orgs like Mozilla broke for everyone the idea that OSS should refrain from accepting such unethical deals, which was not the least of their role. Well everyone in the browser sector at least for sure.
Then you need to be known, advertised for. But bad luck: your enemy is the advertising industry as a whole. Not that you would want to go through their “services” anyway, but they’re good at making something known… or unknown. That involves also micro-managing to counter even word of mouth, infiltrating privacy communities and so on, of course with lies at all floors, and the worse is that it’s not even the most difficult/costly part for them. I’ve seen lots of that with disgust. Those mega-corporations cut through our communities like through butter and appropriate them, because we don’t really have the necessary organizational and ideological self-defense against them. Considering they even control the communication platforms, it doesn’t help either, we witness unjustified platform-level bans on privacy speech sometimes too.
I forgot one of the most important: the default installed browser. Surely the GAFAM won’t have an ethical browser installed by default, and most of users won’t want to spend their life countering every piece of mistreatment by their computers. Assuming they would even be allowed to.
There are a hundred other things we could mention along those lines, which goes as far as the surveillance state and their fascist tugs acting criminally to disrupt and silence privacy activists, and of course the usual systemic capitalist bribery to control elections, judges, passed laws or avoid having to obey the existing ones.
The easier it looks like to replace those evil parasites, the harder they have to hit to be sure they won’t be.
Let’s remind the basics: tracking is nefarious, it does not produce anything and is not necessary, being only parasitic, and has far worse side effects than this parasiting, having already made the world a fascist surveillance dystopia. And tracking is of course not just about personal data as defined by regulatory frameworks ; much of the evil uses of data does not need to know what your real name is to target without consent and even hurt you, it just needs to know everything else about you, which is what Google proposes to safeguard while complying with the new regulations.
Now, Google’s “privacy” sandbox. They intentionally mixed under the same name two very different things. One, adding new spyware components directly inside Chrome, that did not exist before. Sure, lots of spyware components existed before in Chrome, really lots of them, but these ones are spyware of a new category. They are not even trying to hide their spyware activity as say, a security or a spellcheck feature, as usual. They admit that these spyware features are centrally about spying on us only to use the data against us, with no pretext behind it. Before, that kind of shameless spying with no pretext was done outside of the local code of Chrome because they did not dare to push the rape that far, for example using Google components on websites, that could be easily countered with adblockers (modulo Google slowing killing adblockers in Chrome and all other browsers). But at Google, they think now is the time to push further. So the spyware will execute right in your local Chrome code. And myriads of people who ultimately see themselves as depending on surveillance, such as ghacks, will have told you before that this was to, uh, reduce tracking, yes you heard correctly. So now is a good time to say no.
And supposedly that thing has another very different thing involved, which is removing third party cookies. Well, only some of them used for some tracking might really be, maybe, removed, some time in the future, with some whitelist that already in “OSS” software that implements the idea you’re not really asked an opinion about, or even not really have an easy read-only access to. And if it follows the partitioning scheme one sees pioneered in Firefox for instance (not out of one heroic move of them, but admittedly done at the request of Google and Apple), the others won’t even disappear, just be limited in how they can be read, but third-parties like Google will still be able to use them to do full surveillance on a given site for instance (do you want to abort ?). Sure, as not really killing third-party cookies as it is, I would still love to see that done by default on Chrome too. But who knows when that will happen, especially how long after the spyware part of the first paragraph is well installed. And more importantly, I don’t see what this has to do with us having to accept that spyware of the previous paragraph. Google has no right to spy on us, period. And us accepting the spyware will have no influence on Google limiting third-party cookies.
And for those who still dream about corporate ethics, that was not either the motivation behind that choice. First, Google doesn’t really need individual data to profit from personalized ads, it only needs what it will have with its new system with the extra local spyware. However, it needs acceptance as legal frameworks are now finally recognizing their activity as criminal and hostile even to the ruling class in ever larger parts of the world (that don’t host Google, but luckily it could come closer to the source with time). So why not use very technical workarounds that those frameworks were almost designed to allow to still do exactly the same thing as before, while complying with the laws here and there ? And looking like now they’ve solved privacy for the general public, helped by all their usual relays repeating it, including but not limited to their pet companies/foundations and those depending on them for business. Well, not exactly the same as before: this time they need more of your consent to do it from the local code. You need to accept to use Chrome with the new spyware additions. In fact, they may even benefit here from evicting small competitors with less reach and sophistication than they have (like those who whined everywhere in the press about this), while not losing anything themselves. Nothing altruistic here, no worry. Thus, same for those who followed their directives on that topic, like their above mentioned pet foundation for instance.