Cookies, Fingerprints and a Sandbox… Google’s take on Privacy
Google recently launched a new initiative to put even more emphasis on Privacy at the heart of its business and of the web industry as a whole. This is a Chromium project called “The Privacy Sandbox” and, according to Chromium’s website:
[Its] mission is to “Create a thriving web ecosystem that is respectful of users and private by default.”
The main challenge to overcome in that mission is the pervasive cross-site tracking that has become the norm on the web and on top of which much of the web’s ability to deliver and monetize content has been built.
That is indeed the biggest challenge here… Let’s review briefly how and why the use of third-party cookies has evolved and what you should know about this project at this stage.
A brief reminder about Cookies
As you can read in our Privacy Center: “Cookies are small pieces of data stored on a User’s device.” In fact, cookies are really useful in our daily web activities as they allow us to save time by memorizing our passwords or contact information, user preferences, leaving a shopping cart in a pending status without losing our information, etc.
However, cookies have been used for more than 25 years by now and their usage has significantly evolved to meet the purpose of the advertising industry: targeting users by interests or habits to present them with relevant ads. But with the rise of privacy and transparency concerns, as well as the users’ right to control what they choose to share or not, several browsers like Firefox and Safari decided to implement drastic measures which enable users to allow or entirely block third-party cookies (with warnings that certain capabilities of the websites they visit may be broken).
In response to this approach, since the ability to implement cross-site tracking using cookies has been removed, some developers try to find workarounds to still be able to track users through other less transparent means such as “fingerprinting”.
What is Fingerprinting?
Fingerprinting is a way to collect very small pieces of information (e.g. device information, screen resolution, etc.) to generate a unique identifier that can be associated to a user across different websites, without accessing cookies. Unfortunately, unlike cookies, users do not have the ability to control which information they share or not, nor can they clear or block their fingerprints. This then cannot be considered as a good solution considering users’ right to privacy.
It is important to note that fingerprinting will not disappear entirely and that there are valid reasons beyond advertising for its continued usage. For instance, banking and insurance digital applications use this technology to protect users from fraud and identity theft. Publishers also use this technology to identify botnets and protect their content intellectual property and digital rights.
In this context, Google is working on a new path with its Privacy Sandbox project, to help improve privacy, security and transparency on the web while still allowing programmatic advertising to be efficient both for merchants and users.
Exploring the Privacy Sandbox
The Privacy Sandbox is a set of proposals, called “Explainers”, that explore approaches to increase privacy capability while maintaining the monitoring capabilities of online advertising.
The keyword here is Sandbox. It’s just that for the moment.
These explainers will be shared across the community to be collectively refined and improved, but there is a significant amount of dialogue and alteration that will happen before this eventually becomes part of W3C Recommendations, which are considered Web standards.
So far 10 explainers have been proposed and you can find more details about them on the Privacy Sandbox’s page. In its current state, the project is primarily focused on bringing changes at the browser level, with some proposals being more oriented to the server level. By experience, we can predict that server level changes will have a much higher adoption rate once it reaches the “Recommendation” status, as server security practices are more disciplined in applying patches. Browser adoption and upgrade paths are historically slower and provide challenges for adoption and transition.
So, what’s the ultimate objective? The stated goal is to focus on removing third-party cookies by 2022.
There are many other Explainers associated with this effort and only two objectives have been identified as a priority:
- Conversion Measurement
- Interest-Based Targeting
Understanding the business impacts of this project is difficult in these early stages and will depend heavily on the actual recommendations that surface from the Privacy Sandbox.
M32’s views and roadmap
From an internal point of view, here are the key elements that are currently being reviewed and enhanced in accordance with the Privacy Sandbox Project:
- M32 Connect software does not rely on third-party cookies directly. However, our Header Bidding partners rely on cookie synchronization to be able to present buyers with some interest information for ad personalization, so the impact there could be a drop in CPM rates for non-personalized advertising. This drop would be similar to what was witnessed when the AdChoice program was introduced and consumers became more educated on how to control the ads being displayed during their navigation.
- We have a similar goal with the methods we use to identify a unique user. While we are currently using a browser fingerprint, we will be moving towards a server-side mechanism. Note that the Privacy Sandbox suggests “reasonable” usage of information to determine a group a user most likely belongs to, knowing that this technology is still needed to protect consumers and publisher ad revenue.
One thing is for sure, there is still plenty of time and work that will be done before this project arrives at a final state! Since Transparency and Innovation are among M32’s core values, we definitely see this opportunity as a great way to keep on improving and putting users’ privacy at the center of our industry. Count on us to write more blog posts in the future to keep you updated as the project evolves!
VICE-PRESIDENT OF TECHNOLOGY
A results‑driven technologist with demonstrated success in leading management of large scale enterprise applications.