> Modern adtech can track users regardless if cookies are enabled or not, and whether they enable this new Chrome feature or not, via browser fingerprinting. They've been doing this for years.
One of the explicit goal of "privacy sandbox" is preventing browser fingerprinting by limiting informational entropy from user environment. https://github.com/mikewest/privacy-budget
You can't block fingerprinting completely without breaking a ton of useful features. But the sandbox has a concept called the privacy budget which tries to determine if a site is collecting too much information. It should allow sites that actually use some of these features to continue to work.
The idea is that if sites that query fonts, engage canvas, read the user agent information, etc, they are likely trying to build a fingerprint, so the browser will start to return generic data.
Presumably - hopefully - it would allow users to set their own privacy budgets. Even better if it supports granular per-site control, which may be needed for certain specialized websites.
I don't think there are any plans to make this a pop-up. But it's still useful to move this entropy to be something that has to be actively collected: people can see which sites are collecting what information, and eventually browsers can start enforcing something like privacy budgets (https://github.com/mikewest/privacy-budget). You can't do these with something always sent automatically.