Friday, November 8, 2024

Why Privacy Badger Opts You Out of Google’s “Privacy Sandbox”

Must read

Update July 22, 2024: Shortly after we published this post, Google announced it’s no longer deprecating third-party cookies in Chrome. We’ve updated this blog to note the news.

The latest update of Privacy Badger opts users out of ad tracking through Google’s “Privacy Sandbox.” 

Privacy Sandbox is Google’s way of letting advertisers keep targeting ads based on your online behavior without using third-party cookies. Third-party cookies were once the most common form of online tracking technology, but major browsers, like Safari and Firefox, started blocking them several years ago. After pledging to eventually do the same for Chrome in 2020, and after several delays, today Google backtracked on its privacy promise, announcing that third-party cookies are here to stay. Notably, Google Chrome continues to lag behind other browsers in terms of default protections against online tracking.

Privacy Sandbox might be less invasive than third-party cookies, but that doesn’t mean it’s good for your privacy. Instead of eliminating online tracking, Privacy Sandbox simply shifts control of online tracking from third-party trackers to Google. With Privacy Sandbox, tracking will be done by your Chrome browser itself, which shares insights gleaned from your browsing habits with different websites and advertisers. Despite sounding like a feature that protects your privacy, Privacy Sandbox ultimately protects Google’s advertising business.

How did Google get users to go along with this? In 2023, Chrome users received a pop-up about “Enhanced ad privacy in Chrome.” In the U.S., if you clicked the “Got it” button to make the pop-up go away, Privacy Sandbox remained enabled for you by default. Users could opt out by changing three settings in Chrome. But first, they had to realize that “Enhanced ad privacy” actually enabled a new form of ad tracking.

You shouldn’t have to read between the lines of Google’s privacy-washing language to protect your privacy. Privacy Badger will do this for you!

Three Privacy Sandbox features that Privacy Badger disables for you

If you use Google Chrome, Privacy Badger will update three different settings that constitute Privacy Sandbox:

Screenshot of the Chrome browser page for "Ad privacy" settings. The page contains links to three different settings pages.

  • Ad topics: This setting allows Google to generate a list of topics you’re interested in based on the websites you visit. Any site you visit can ask Chrome what topics you’re supposedly into, then display an ad accordingly. Some of the potential topics–like “Student Loans & College Financing”, “Credit Reporting & Monitoring”, and “Unwanted Body & Facial Hair Removal”–could serve as proxies for sensitive financial or health information, potentially enabling predatory ad targeting. In an attempt to prevent advertisers from identifying you, your topics roll over each week and Chrome includes a random topic 5% of the time. However, researchers found that Privacy Sandbox topics could be used to re-identify users across websites. Using 1,207 people’s real browsing histories, researchers showed that as few as three observations of a person’s “ad topics” was enough to identify 60% of users across different websites.

  • Site-suggested ads: This setting enables “remarketing” or “retargeting,” which is the reason you’re constantly seeing ads for things you just shopped for online. It works by allowing any site you visit to give information (like “this person loves sofas”) to your Chrome browser. Then when you visit a site that runs ads, Chrome uses that information to help the site display a sofa ad without the site learning that you love sofas. However, researchers demonstrated this feature of Privacy Sandbox could be exploited to re-identify and track users across websites, partially infer a user’s browsing history, and manipulate the ads that other sites show a user.

  • Ad measurement: This setting allows advertisers to track ad performance by storing data in your browser that’s then shared with the advertised sites. For example, after you see an ad for shoes, whenever you visit that shoe site it’ll get information about the time of day the ad was shown and where the ad was displayed. Unfortunately, Google allows advertisers to include a unique ID with this data. So if you interact with multiple ads from the same advertiser around the web, this ID can help an advertiser build a profile of your browsing habits.

Why Privacy Badger opts users out of Privacy Sandbox

Privacy Badger is committed to protecting you from online tracking. Despite being billed as a privacy feature, Privacy Sandbox protects Google’s bottom line at the expense of your privacy. Nearly 80% of Google’s revenue comes from online advertising. By building ad tracking into your Chrome browser, Privacy Sandbox gives Google even more control of the advertising ecosystem than it already has. Yet again, Google is rewriting the rules for the internet in a way that benefits itself first.

Researchers and regulators have already found that Privacy Sandbox “fails to meet its own privacy goals.” In a draft report leaked to the Wall Street Journal, the UK’s privacy regulator noted that Privacy Sandbox could be exploited to identify anonymous users and that companies will likely use it to continue tracking users across sites. Likewise, after researchers told Google about 12 attacks they conducted on a key feature of Privacy Sandbox prior to its public release, Google forged ahead and released the feature after mitigating only one of those attacks.

Privacy Sandbox offers some privacy improvements over third-party cookies. But it reinforces Google’s commitment to behavioral advertising, something we’ve been advocating against for years. Behavioral advertising incentivizes online actors to collect as much of our information as possible. This can lead to a range of harms, like bad actors buying your sensitive information and predatory ads targeting vulnerable populations.

Your browser shouldn’t put advertisers’ interests above yours. As Google turns your browser into an advertising agent, Privacy Badger will put your privacy first.

What you can do now

If you don’t already have Privacy Badger, install it now to automatically opt out of Privacy Sandbox and the broader ecosystem of online tracking. Already have Privacy Badger? You’re all set! And of course, don’t hesitate to spread the word to friends and family you want to protect from invasive online tracking. With your help, Privacy Badger will keep fighting to end online tracking and build a safer internet for all. 

Latest article