An examination of Google's Privacy Sandbox, focusing on the technical details and privacy implications of the Topics API and the FLEDGE API.
The digital advertising world is undergoing a major shift. As privacy concerns and regulations grow, traditional third-party cookies are being phased out. In their place, Google has introduced the Privacy Sandbox, a suite of tools designed to keep user data private while still allowing websites to show relevant ads.
Two key parts of this initiative are the Topics Application Programming Interface, or API, and the Protected Audience API, formerly known as Fledge. The Topics API categorizes your browsing history into broad interest groups, like travel or fitness, entirely on your device. It only shares a few of these general categories with advertisers, keeping your personal details secure.
Meanwhile, the Protected Audience API handles remarketing, which shows ads based on sites you have already visited. Instead of sending your data to external ad servers, this tool runs the ad auction directly inside your browser.
Recently, Google shifted its approach. Instead of completely eliminating third-party cookies, Chrome will let users choose how they are tracked. But this has sparked concerns about device fingerprinting, a technique that identifies your specific device by its settings and system info. Critics warn fingerprinting is incredibly hard to block, meaning tracking could continue covertly.
The Privacy Sandbox is a major step toward a more secure web, but the industry still faces a complex balancing act between true user privacy and effective digital marketing.
The digital advertising landscape is undergoing a significant transformation as privacy concerns grow and regulations like GDPR and CCPA take effect. Third-party cookies, long the backbone of online advertising, are being phased out due to their intrusiveness and potential for misuse. In response, Google has introduced the Privacy Sandbox, a collection of initiatives aimed at developing new technologies that enhance user privacy while still allowing for relevant advertising and website monetization. These initiatives include the Topics API, the FLEDGE API, the Attribution Reporting API, and the Protected Audience API 1. This article delves into the technical details of two key components of the Privacy Sandbox: the Topics API and the FLEDGE API, exploring their on-device model execution and potential impact on the advertising industry and user privacy. It also examines Google’s recent shift towards greater user choice and the implications of allowing fingerprinting for advertising purposes.
The Topics API is Google’s proposed alternative to third-party cookies for interest-based advertising. It aims to preserve user privacy by categorizing interests into broad topics without relying on individual user tracking across websites.
The Topics API operates by analyzing a user’s browsing history within the Chrome browser to identify their top interests over a defined timeframe, known as an “epoch,” currently set to one week 2. Each user’s epochs are unique and start at a random time 2. The API then selects a few topics from a predefined taxonomy of approximately 350 topics, such as “Fitness,” “Travel,” or “Technology.” 3 These topics are stored locally on the user’s device 4.
When a user visits a website that uses the Topics API, their browser shares a few of their top topics with the website and its advertising partners 2. This allows advertisers to deliver relevant ads without having access to the user’s detailed browsing history or personal information 5.
A key aspect of the Topics API is that all the processing happens locally on the user’s device. This means that no personal data is sent to external servers, including Google’s servers 3. The browser’s classifier model maps website hostnames to topics, considering only subdomains and root domains, not the full URL 3. This on-device execution ensures that user data remains private and secure.
The Topics API can be implemented using both HTTP headers and JavaScript 6. For both fetch and iframe requests, topics observed for a user can be retrieved on the server from the Sec-Browsing-Topics request header. The Topics API will include user topics in the header automatically on fetch() or iframe requests 6.
It’s important to note that certain sub-features of the Topics API are gated by enrollment 7. This means that websites and advertisers need to enroll in the Privacy Sandbox program to access the full functionality of the API.
The Topics API is designed to provide users with greater control and transparency over their data. Users can view the topics assigned to them, remove unwanted ones, or disable the API entirely in their Chrome browser settings 3. This empowers users to manage their privacy preferences and limit the information shared with advertisers.
FLEDGE, now renamed to the Protected Audience API, is another crucial component of the Privacy Sandbox. It focuses on enabling remarketing and custom audience use cases without relying on cross-site tracking.
FLEDGE allows advertisers to show relevant ads to users who have previously interacted with their website or expressed interest in their products or services. It achieves this by running on-device auctions within the user’s browser 8.
When a user visits an advertiser’s website, their browser can be asked to join an “interest group” based on their activity on the site 9. This interest group represents a collection of users with similar interests or behaviors. The browser stores information about the interest group locally on the user’s device 8.
Later, when the user visits a website that sells ad space, an auction is run directly in the browser 9. The advertiser who created the interest group can participate in this auction and bid to show ads to users who belong to that group. The winning ad is then displayed to the user 9.
FLEDGE’s on-device auction process is a significant departure from traditional ad auctions that occur on external servers. By conducting the auction locally, FLEDGE minimizes the sharing of user data with third parties 8. The browser acts as a neutral intermediary, facilitating the auction and ensuring that user privacy is maintained.
To support real-time bidding and provide advertisers with necessary information during the auction, FLEDGE utilizes a Key/Value service 10. This service allows advertisers to store and retrieve data related to their bids and ad creatives in real-time. For example, it can provide information about a buyer’s budget when calculating a bid or details about an ad creative to help the seller decide which ad to show 10. The Key/Value service can be implemented in a trusted execution environment in the cloud to further enhance security and privacy 10.
The FLEDGE API also proposes a Bidding and Auction Service to optimize performance 11. Since the on-device bidding and auction processes can be computationally intensive, this service allows ad space buyers and sellers to offload these computations to the cloud. This can free up resources on the user’s device and potentially improve ad rendering latency 11.
While both the Topics API and FLEDGE API aim to improve user privacy in online advertising, they have distinct functionalities and use cases. Here’s a comparison of the two:
| Feature | Topics API | FLEDGE API |
| Primary Use Case | Interest-based advertising | Remarketing and custom audiences |
| Data Collection | Analyzes browsing history to infer broad interest categories | Relies on user joining interest groups based on website interactions |
| Targeting Mechanism | Shares user’s top topics with websites and advertisers | Runs on-device auctions to show ads to users in specific interest groups |
| User Control | Users can view, remove, or disable topics | Users can manage interest group memberships |
| Data Sharing | Limited to a few topics shared with participating websites | More specific to user’s interactions with a particular advertiser |
The Topics API provides a more general approach to interest-based advertising, while FLEDGE allows for more targeted remarketing to users who have already shown interest in a specific brand or product 8.
In a recent development, Google announced a shift in its approach to replacing third-party cookies. Instead of completely deprecating them, the company plans to introduce a new experience in Chrome that allows users to make an informed choice about tracking that applies across their web browsing 13. This means that users will have more control over whether they opt-in or opt-out of tracking mechanisms, including fingerprinting.
Fingerprinting involves collecting information about a user’s device, such as its operating system, browser version, installed plugins, and screen resolution, to create a unique identifier 14. This identifier can be used to track users across websites even if they clear their cookies.
While Google previously acknowledged that fingerprinting does not meet users’ expectations for privacy 15, the company’s recent policy change suggests a willingness to allow this practice for advertising purposes. This has raised concerns among privacy advocates and regulators who argue that fingerprinting undermines user control and transparency 16.
The Information Commissioner’s Office (ICO) in the UK, for example, has expressed concerns about Google’s policy change, stating that fingerprinting relies on signals that users cannot easily wipe 17. This means that even if users clear their browsing data, organizations using fingerprinting techniques could immediately identify them again.
The Privacy Sandbox initiatives, including the Topics API and FLEDGE API, are designed with user privacy as a core principle. They aim to minimize the collection and sharing of personal data while still allowing for relevant advertising. However, the recent shift towards greater user choice and the potential use of fingerprinting raise new privacy considerations.
Compared to third-party cookies, the Topics API and FLEDGE API collect significantly less data about individual users 18. They focus on broad interest categories rather than detailed browsing histories, reducing the risk of user identification and tracking 5.
The on-device model execution in both APIs ensures that user data is not shared with external servers, minimizing the potential for data breaches and unauthorized access 3. This localized processing enhances user privacy and control over their data.
The Topics API utilizes several techniques to further preserve user privacy. These include:
Both APIs provide users with mechanisms to view, manage, and control the data used for advertising purposes 3. Users can remove unwanted topics, disable the APIs, or opt out of personalized advertising altogether. This transparency and control empower users to make informed decisions about their privacy.
While the increased user choice offered by Google’s new policy may seem positive, the potential use of fingerprinting raises concerns about covert tracking and the erosion of user privacy. Fingerprinting can be more difficult to detect and prevent than cookies, making it harder for users to control how their data is collected and used [20].
The shift away from third-party cookies and the adoption of the Privacy Sandbox will have a significant impact on the advertising industry. The recent policy change and the potential use of fingerprinting further complicate this landscape.
The Topics API and FLEDGE API offer less precise targeting capabilities compared to third-party cookies 18. Advertisers will need to adapt to broader interest-based targeting and explore new strategies to reach their desired audiences.
With the decline of third-party cookies, advertisers will need to rely more on first-party data, which is collected directly from their own websites and customer interactions [21]. This will require building strong relationships with customers and obtaining their consent for data collection.
The Privacy Sandbox presents new opportunities for innovation in the advertising technology space. Advertisers and technology providers will need to develop new tools and solutions that leverage the Privacy Sandbox APIs to deliver relevant ads while respecting user privacy. The shift towards on-device processing, for example, could lead to the development of new ad tech solutions that operate locally on user devices, minimizing data sharing and improving performance 10.
The use of fingerprinting for advertising purposes raises questions about regulatory compliance. Advertisers will need to ensure that their fingerprinting practices comply with data protection laws, such as GDPR and CCPA, which require transparency, user consent, and data protection safeguards [22].
The transition to a cookieless future and the adoption of new technologies like the Privacy Sandbox APIs may increase costs and complexity for advertisers. They will need to invest in new infrastructure, develop new strategies, and navigate a changing regulatory landscape.
While the Topics API and FLEDGE API are primarily developed by Google, there are open-source initiatives and discussions surrounding their implementation.
The Topics API has an open-source explainer document and a taxonomy that is publicly available for review and feedback [23]. Browser compatibility information is also available, showing support in Chrome, Edge, and Opera 7.
The FLEDGE Key/Value service code is available in a Privacy Sandbox GitHub repository 10. This allows developers to explore and contribute to the development of the service.
Both APIs face challenges and limitations. The Topics API’s broad interest categories may not be sufficient for all advertising use cases, and its effectiveness is still being evaluated 4. FLEDGE’s complexity and reliance on new technologies like trusted execution environments may pose implementation challenges [24]. Additionally, while FLEDGE aims to reduce reliance on third-party cookies, it still requires some form of user identification, such as through joining an interest group, which may involve alternative identifiers.
Google’s Privacy Sandbox represents a significant step towards a more privacy-centric web. The Topics API and FLEDGE API offer promising alternatives to third-party cookies, enabling interest-based advertising and remarketing while minimizing the collection and sharing of personal data. However, the recent shift towards greater user choice and the potential use of fingerprinting introduce new challenges and uncertainties.
The advertising industry will need to adapt to these changes, exploring new strategies and technologies to deliver relevant ads while respecting user privacy and complying with evolving regulations. The Privacy Sandbox is an ongoing initiative that will continue to shape the future of online advertising, and its success will depend on collaboration and innovation across the industry.
1. www.cookieyes.com, accessed on January 13, 2025, https://www.cookieyes.com/knowledge-base/cookies-101/what-is-google-replacing-cookies-with/#:~:text=Google%20initially%20introduced%20Federated%20Learning,API%20and%20Protected%20Audience%20API.
2. A Guide to Google Topics API – Setupad.com, accessed on January 13, 2025, https://setupad.com/blog/google-topics-api/
3. Google Chrome’s Topics API Explained + FAQs – Clearcode, accessed on January 13, 2025, https://clearcode.cc/blog/google-chrome-topics-explained/
4. Google Topics API: A Comprehensive Guide For Publishers – Snigel, accessed on January 13, 2025, https://snigel.com/blog/google-topics-api
5. Your guide to understanding Google Topics API – RTB House, accessed on January 13, 2025, https://www.rtbhouse.com/blog/everything-you-need-to-know-about-google-topics-api
6. Implement the Topics API | Privacy Sandbox – Google for Developers, accessed on January 13, 2025, https://developers.google.com/privacy-sandbox/private-advertising/topics/web/implement
7. Topics API – MDN Web Docs, accessed on January 13, 2025, https://developer.mozilla.org/en-US/docs/Web/API/Topics_API
8. The Privacy Sandbox – Seal Metrics | Consentless Analytics, accessed on January 13, 2025, https://sealmetrics.com/blog/privacy-sandbox/
9. FLEDGE API developer guide | Privacy Sandbox, accessed on January 13, 2025, https://developers.google.com/privacy-sandbox/blog/fledge-api
10. Open sourcing the FLEDGE Key/Value service | Privacy Sandbox | Google for Developers, accessed on January 13, 2025, https://developers.google.com/privacy-sandbox/blog/open-sourcing-fledge-key-value-service
11. FLEDGE services for Chrome and Android | Privacy Sandbox – Google for Developers, accessed on January 13, 2025, https://developers.google.com/privacy-sandbox/blog/fledge-service-overview
12. Google Topics API: What is it, and how does it work? – NordVPN, accessed on January 13, 2025, https://nordvpn.com/blog/google-topics/
13. What Is Google Topics API? | Publift, accessed on January 13, 2025, https://www.publift.com/blog/google-topics-api
14. Enhancements to the Topics API | Privacy Sandbox – Google for Developers, accessed on January 13, 2025, https://developers.google.com/privacy-sandbox/blog/topics-enhancements
15. Google Pivots Away from Third-Party Cookie Deprecation to User Choice – Junction by CJ, accessed on January 13, 2025, https://junction.cj.com/article/google-pivots-away-from-third-party-cookie-deprecation-to-user-choice
16. Topics API: Criteo’s First Look at Google’s Interest-Based Advertising Solution, accessed on January 13, 2025, https://techblog.criteo.com/is-googles-topics-api-a-viable-replacement-for-interest-based-advertising-297076192bd
17. Google’s Topics API: Rebranding FLoC Without Addressing Key Privacy Issues | Brave, accessed on January 13, 2025, https://brave.com/web-standards-at-brave/7-googles-topics-api/
18. patcg-individual-drafts/topics: The Topics API – GitHub, accessed on January 13, 2025, https://github.com/patcg-individual-drafts/topics
19. What is Google’s Protected Audience API and how will it impact programmatic advertising?, accessed on January 13, 2025, https://relay42.com/resources/blog/google-fledge-what-is-it-and-how-will-it-impact-programmatic-advertising
Dan Petrovic ·
Jan 14, 17:19
Sign in with Google to comment.
