madrox

I hope no one is saying Privacy Sandbox is worse than third party cookies, or is trusting this article to form an opinion about it. Web advertising was a $319 billion dollar industry in 2019. Does anyone wonder who may be lobbying their government to scrutinize Google and offer themselves for interviews for articles like this? Does anyone think the result of beating up Project Sandbox will be more radical privacy protection?

No, I don't think this article has anything really to do with a better privacy outcome and everything to do with watering down Google's stance to something more status quo for the advertising industry.

There are no actual critiques of Privacy Sandbox's APIs here. There's no mention of what critics stand to lose if Privacy Sandbox becomes the standard. There's merely hand wringing of "but do you trust Google?" Everyone who's made themselves available for quoting in this article is a web advertising professional, including the ones who come off as not[1][2]. None of them care about you.

[1] James Rosewell is cited as director of "Marketers for an Open Web." He's also the CEO of a company that specializes in device detection. His LinkedIn headline reads "THE Fastest and Most Accurate Device Detection = more profitable websites"

[2] Alan Chapell is sarcastic about Google attempting to do this openly through the w3c. He's cited as running a privacy law firm. Their web site says they represent tech companies navigating privacy issues. They aren't actual privacy advocates. https://chapellassociates.com/

davidfstr

I actually like the idea of Privacy Sandbox. It appears to enable sites which depend on ad revenue to continue to exist while seeking to eliminate the usual problem with current adtech: third party tracking.

I wrote up a more nuanced version of this opinion here:

* Privacy Sandbox: Google's answer to privacy-conscious advertising -- https://dafoster.net/articles/2021/02/04/privacy-sandbox-goo...

jefftk

I like your post. It does conflate Privacy Sandbox with one of the specific proposals, however: "there still exists an algorithm which is fed a user’s browsing history and that algorithm is used to put the user into an advertising cohort. However the interesting change with Privacy Sandbox is that this algorithm is run locally within the user’s browser, and never actually needs to transmit the user’s browsing history over the internet. Instead only a code for the identified cohort is transmitted, and a remote ad server can use that cohort directly." is describing https://github.com/WICG/floc

Another component of Privacy Sandbox is Turtledove (https://github.com/WICG/turtledove), where advertisers can tag a user as belonging to a "interest group" and then later on can target ads against that interest group. Which groups a user is in is maintained entirely by the browser, and never sent to the server, And any ads that are rendered based on interest group targeting have to execute in a special "fenced frame" which prevents them from leaking information to the surrounding page or to the advertiser in a non-aggregated way.

(Disclosure: I work on ads at Google, so I'm following these proposals. Speaking only for myself)

davidfstr
> I like your post. It does conflate Privacy Sandbox with one of the specific proposals, however: [...] https://github.com/WICG/floc

Thanks for the clarification Jeff.

> Another component of Privacy Sandbox is Turtledove (https://github.com/WICG/turtledove), [...]. Which groups a user is in is maintained entirely by the browser, and never sent to the server

Interesting. I'll plan to read up on this tonight and amend my post from what I learn.