In an attempt to reduce the use of third-party cookies, last January Google Chrome announced a new advertising system to minimize online tracking as part of its Privacy Sandbox initiative.
Google's Protected Audience API now enables on-device auctions through the browser to personalize relevant ads without sharing your information and browsing activities with third parties.
So far so good, at least on paper. However, according to VPN service provider and ad blocker AdGuard, this solution is “far from private”, as it will de facto transform the browser into an ad auction tool. Let's see what this means for your privacy.
Half privacy solution
“If you read somewhere that simply using the Protected Audience API solves any problem and makes behavioral targeting GDPR compliant, that's not true,” Andrey Meshkov, co-founder and CTO of AdGuard, told me.
Despite acknowledging that Google's new mechanism is “somewhat better” in terms of privacy, he believes that its actual capabilities are significantly different than what has been advertised.
Did you know?
TO Web Cookie It is a small piece of code that is stored in your browser every time you access a website. While some are essential for personalizing your digital profile (such as billing address and payment method on e-commerce platforms, for example), others can be much more intrusive for the purpose of spying on your online activities even after you leave. the website. Advertisers used the latter type to personalize the ads you see online. Check out our explanation of web crawlers to learn more.
So how does Google's Protected Audience API promise to protect your online privacy?
Traditionally, advertisers used to track you across the web to understand your interests through your online behaviors. This helped them show him the best ads based on what he previously searched for or clicked on online.
Now, as the great technology giant explains, the new API uses so-called interest groups to allow different sites to show relevant ads to their users. It works by allowing your web browser to join these groups, bid for advertising space, and ultimately display the winning ad.
That's exactly where AdGuard feels there is an intrinsic problem with Google's new advertising system.
To carry out these operations, the provider explains, your Chrome will need to run various scripts and ads in the background to contact the interest group owner and get updates on bidding activities. Worse still, this may occur without the user's knowledge or consent, something some commentators believe could go against EU GDPR rules.
“Trying to structure this and implement a new mechanism specifically for advertising use will certainly be more private than the previous one,” Meshkov told me. “But really, we just have a slightly more private alternative to cookies.”
Third-party cookies are a subtype of cookies used to track you across websites. Chrome, unlike most browsers, has not disabled them yet. Instead, Google's replacement solution, Protected Audience API, turns your browser into an ad auction tool. https://t.co/7dwuEB53UZJanuary 12, 2024
Google's move doesn't come out of nowhere, but rather is part of a broader trend among notoriously data-hungry web browsers to improve user privacy. “It's a simple thing: actions that were previously performed on the server are now moved to users' devices,” Meshkov said.
Apple led the way in this direction with the so-called Private Click Measurement in Safari, now known as UIEventAttributionView. The solution takes the form of a Webkit development to enable “privacy-friendly tracking.” This means that, instead of completely replacing third-party cookies, the system only prevents the collection of some sensitive personal data.
“Unlike Apple, Google decided not to act in small steps, offering alternatives for small parts of the advertising ecosystem,” Meshkov explained. “Instead, they try to offer a “local” solution that transfers the most important thing, the ad auction mechanism, directly to your browser.”
Simply put, he explains, what Google intends to do is too complex in practice to allow the provider to protect users effectively. In fact, the web browser is now the center of the ecosystem. This means that Google Chrome must store all its information locally, maintain contacts with advertisers, and deliver the necessary details to the entities involved in the process.
In light of the aforementioned privacy risks, AdGuard decided to remove Google's Protected Audience API for users who have its tracking protection filter enabled. The team is also working on other ways to safely disable the API and educate users about its risks.
The vendor even created a demo site to better illustrate your concerns. You can use it to check if advertisers can still continue to show you ads based on your personal data instead of some aggregated signals; Simply access the website and follow the instructions.
