The Privacy Sandbox project is gearing up to ship the relevance and measurement
APIs to Chrome Stable. On the
project timeline for the web,
we show general availability (GA) starts in Q3 2023. Specifically, we intend to
target Chrome Stable 115, which
means we’ll begin making the APIs generally available from late July, 2023.
In this post, we review multiple components of this launch, including:
- What’s shipping. The relevance and measurement APIs launching are Topics,
Protected Audience, Attribution Reporting, Private Aggregation, Shared
Storage, and Fenced Frames. We’ll make these APIs available gradually to
monitor for potential issues. - The official launch process. Each API goes through the standard Chrome
launch process, which includes individual «Intent to Ship» messages published
on the blink-dev mailing list for approval. - Updated user controls. Users will have Ad privacy controls to manage the APIs.
- Status of the origin trial. The origin trial will continue to be
available through to Stable release. - Enrollment. Enrollment will be available in June and required to access
the relevance and measurement APIs in August. - Chrome-facilitated testing. We’re preparing options for developers to
test the APIs without third-party cookie data.
We’ll keep you posted as we get closer to GA. For now, the only immediate
action for developers is to become informed. By identifying what changes are
coming, you can ensure your sites are ready.
When we say «GA,» we mean the APIs are available by default in Chrome, without
requiring browser flags or participation in an origin trial. However, this does
not mean 100% of Chrome browsers immediately have the APIs enabled—the
APIs will be made available gradually, and users can always control if the APIs
are active. Once we are ramped up, the ecosystem can use the APIs in
production.
These are the same set of APIs available for testing in the
relevance and measurement origin trial.
The feedback we received from the ecosystem during testing has been absolutely
critical in shaping this functionality to meet important use cases. We’re
grateful to all of you who have been testing, reporting issues, and sharing
your results with the world—it’s a genuinely collaborative effort!
What’s shipping
The relevance and measurement APIs include:
- Topics: Generate signals for interest-based advertising without third-party cookies or other user identifiers that track individuals across sites.
- Protected Audience: Select ads to serve remarketing and custom audience use cases, designed to mitigate third-party tracking across sites. (This API was previously named FLEDGE. As we head towards launch, we’ve updated the name to better reflect the functionality.)
- Attribution Reporting: Correlate ad clicks or ad views with conversions. Ad techs can generate event-level or summary reports.
- Private Aggregation: Generate aggregate data reports using data from Protected Audience and cross-site data from Shared Storage.
- Shared Storage: Allow unlimited, cross-site storage write access with privacy-preserving read access.
- Fenced Frames: Securely embed content onto a page without sharing cross-site data.
Shipping features in Chrome
All proposals for new web platform features, including those in the Privacy Sandbox, go through our standard process to ship new functionality in Chrome. Each milestone in an API’s lifecycle is signaled by an Intent message that we share on the public blink-dev mailing list. That means for each of the Privacy Sandbox features, we sent an «Intent to Prototype» (I2P) when we shared the initial proposal for discussion and an «Intent to Experiment» (I2E) when we made the features available for testing via origin trial.
Soon, we’ll send an «Intent to Ship» (I2S) message to blink-dev for each feature. The I2S messages will include additional detail on exact functionality and the plan to target Chrome version 115. An I2S must receive approvals from three Chromium API owners before it can proceed.
The APIs will not immediately be enabled for all browser instances with the Stable release. As with some previous Privacy Sandbox features, we’ll gradually enable the APIs for an increasing percentage of browser instances to ensure that we can monitor and respond to any potential issues. As we progress, we’ll share the status across our developer channels: here on developer.chrome.com, the blink-dev I2S threads, and the developer mailing lists.
Already shipped
The relevance and measurement APIs are a critical piece of the Privacy Sandbox project. But, there are also some significant milestones we’ve already hit and plenty more to come:
- User-Agent reduction: Limit passively shared browser data to reduce the volume of sensitive information which leads to fingerprinting, while providing User-Agent Client Hints to actively request data. We began reduction of these values in May 2022 and completed in May 2023.
- CHIPS: Allow developers to opt-in a cookie to partitioned storage, with a separate cookie jar per top-level site. CHIPS became available in Chrome Stable in February 2023.
- First-Party Sets: Declare relationships among sites to allow for limited cross-site cookie access using the Storage Access API. First-Party Sets is slowly rolling out with Chrome Stable 113, this week.
- Federated Credential Management (FedCM): Support federated identity without sharing the user’s email address or other identifying information with a third-party service or website, unless the user explicitly agrees to do so. FedCM shipped in November 2022.
Updated user controls
Alongside shipping the web platform APIs, we’re updating the interface in Chrome to configure the features. We’re evolving this interface from the trial participation controls to be more integrated with the overall Chrome settings. Currently, we’re testing an updated Ad privacy interface with a small percentage of Chrome Stable users.
Developers can preview these controls by setting the chrome://flags/#privacy-sandbox-settings-4
flag. We’re continuing to evaluate the updated controls and the current version may differ from what we ship by default. However, these user controls don’t change how sites interact with the API surface—the methods for feature detection and calling the APIs remain the same.
Origin trial
The Privacy Sandbox Relevance and Measurement origin trial
allows sites to run unified
experiments across Attribution Reporting, Protected Audience, Topics, Fenced
Frames, and Shared Storage. We intend to continue the origin trial through to
Chrome Stable 115. Testers participating in the origin trial may see
some gaps in availability or data from the APIs as Stable rolls
out, and we will provide additional guidance and details to help testers manage
this transition.
We’ll update our documentation
as this progresses.
Enrollment and next steps
Alongside GA, we want to ensure these APIs are used as intended and with
transparency. We announced a new
developer enrollment process for
Privacy Sandbox relevance and measurement APIs, across Chrome and Android.
We’ll share updates and instructions in the enrollment documentation.
Chrome-facilitated testing modes
We intend to provide Chrome-facilitated testing that allows sites to
meaningfully preview what it’s like to operate in a world without third-party
cookies. This will allow us to perform more effective API testing and grow
confidence within the ecosystem, as to its readiness for third-party cookie
phase out.
We have worked with the CMA to ensure these testing modes align with the
testing framework (and timeline) for third parties laid out in its note on
Quantitative testing of Google’s Privacy Sandbox technologies.
As a result, the CMA anticipates that the results from testing in these modes
can be used in its assessment of the Privacy Sandbox.
We plan to have two modes of Chrome-facilitated testing:
- Mode A: Ad techs can receive control and experiment labels on a portion
of traffic and use these to conduct testing and experiments. - Mode B: Chrome globally disables third-party cookies for some portion of
all Chrome users.
These details are not final, and we’ll publish further implementation guidance
as we progress in Q3 2023. The current proposals are as follows.
Mode A: Opt-in testing
Ad techs will be able to receive experiment labels for a portion of Chrome
traffic. An ad tech can choose to coordinate with other ad techs, for example,
to run Protected Audience auctions without
third-party cookies for a consistent experiment group. Ad techs can also use
these labels for their own independent experiments and testing.
Chrome will not modify the state of third-party cookies for users in Mode A.
Chrome only provides the labels, as to ensure that ad techs can experiment with
consistent control and experiment groups. This means that a publisher’s site
could still receive third-party cookie data for the publisher’s own usage, even
if their ad tech partners are participating in the experiment.
We expect this to allow for meaningful experimentation, where all involved
sites and services can coordinate to ensure third-party cookies are not used at
any point within the process. We anticipate providing labels for up to 10% of
Chrome browsers via a new request header and low-entropy client hint. We
encourage anyone interested in testing to provide
feedback
from the ecosystem on the method for accessing labels and the granularity of
labels.
We plan to make the opt-in testing mode available starting in Q4 2023, and
we’ll continue this mode until third-party cookie deprecation.
Mode B: 1% third-party cookie deprecation
Chrome will deprecate third-party cookies for up to 1% of browsers. There is no
opt-in for this mode, as it will be applied globally. There is, of
course, the possibility that some site features may be impacted if the site
hasn’t yet adopted an alternative solution, such as
CHIPS or
First-Party Sets.
If you rely on third-party cookie data for site functionality, read our
guide to prepare for third-party cookie phase-out
to understand if CHIPS or First-Party Sets can address your needs. We’ve
launched a public issue tracker, where you
can report site issues resulting from third-party cookie deprecation.
We’re working on mitigations to detect, address, and proactively alert site
owners of issues that impact user experience during this phase.
Additionally, we plan to provide a small fraction of traffic within Mode B that
has Privacy Sandbox relevance and measurement APIs disabled. Other APIs, like
First-Party Sets, CHIPS, FedCM, and so on, will not be disabled. We anticipate
that this combination will be helpful to establish a baseline of
performance without third-party cookies, and we’re seeking
feedback on
an appropriate fraction of traffic to devote to this subset of testing.
We plan to deprecate 1% of third party cookies in Q1 2024, and we’ll work
closely with the CMA before taking further steps to expand deprecation.
Engage and share feedback
If you’re not already participating in the relevance and measurement origin
trial, you can still sign up and experiment
with these APIs. By signing up now, you’ll have a chance to get more familiar
with how these APIs work in practice and try different techniques before they
are widely available.
Feedback from a diverse set of stakeholders across the web ecosystem is
critical to the Privacy Sandbox initiative. Our dedicated
feedback section provides an overview of the
existing public channels, where you can follow or contribute to discussion,
along with a feedback form to ensure you can always reach the Chrome team
directly.
If you’re a developer, you can ask questions and join discussions in the
Privacy Sandbox Developer Support repository
on GitHub.
This post is also available in: English