Despite a public perception that the project is all but dead, Google continues to progress features from its Privacy Sandbox that harm the Open Web and favour their own business and partners. Zombie-like, the remnants of Sandbox live on to continue to create disruption and confusion for the entire digital marketing industry.
Back in May, Google promised the CMA it would not launch a new standalone prompt that would restrict rivals’ cookies. As a result, and believing Google was no longer progressing its Sandbox, the CMA released Google from its Commitments early. Now Google has adopted a more subtle approach to degrading interoperability.
We believe they will fully deploy most Sandbox changes that remove interoperability, including a new stand-alone prompt that restricts rivals’ cookies. Why? Since they offered to do so in California court the day prior to their promise to the CMA that they wouldn’t!
Moreover, Google will continue expanding their walled garden by introducing seemingly innocent proposals that in theory could be implemented by anyone. This new Sandbox is not the first time they steered the market in this way. Accelerated Mobile Pages (AMP) used the veil of alleged performance improvements to steer publishers towards Google’s garden.
“Sign in with Google” will become the obvious way to authenticate for users that wish to remove friction from navigating around the web, further placing control over data critical to publishers into the hands of Google. Ironically this also diminishes the more privacy-forward, anonymous web which will become a waste land. The only way to access services will be to be authenticated, and in practice that means authenticated by Google.
All these changes impact competition as they restrict interoperability and steer business relationships. These features violate the W3C’s antitrust policy and should have been ruled out of scope a long time ago.1 Unfortunately, W3C does not operate as a neutral technical standards body. It is for this reason MOW continues to call for reform of technical standards bodies so that removal of established interoperability must be agreed by regulators. This is what happens in mature industries like payments and telecoms.Google knows W3C is weak and continues to abuse their brand by iterating these proposals within their forums.
Regulators must urgently step up their oversight of Google, Apple, and W3C to prevent these foreseeable and likely abuses. Industry participants and trade bodies need to be more vigilant than ever making the case for guaranteed and unrestricted interoperability. Strong governance is needed, not more tinkering.
Features
| Feature | Summary | Movement for an Open Web’s Issues |
| Bounce tracking mitigations | Removes publisher and advertiser data from URLs and wipes “first party” storage arbitrarily. | Google will use frequency of visit to a domain to determine when to apply bounce tracking. Thus a domain like Google.com which is often the users home page will not be subject to the penalties, where as a domain that is visited less frequently will be penalised. |
| CHIPS | An optional “cookie jar” that cookies can be placed in, limiting access. | Google will likely implement a user prompt or other interface element to warn users when CHIPS are not being used. A warning icon which when inspected would yield a message like “This website uses regular cookies that are not secure. Consider blocking regular cookies to protect your privacy” or an interface component that intrudes on the user journey and must be acknowledged before continuing. |
| FedCM | Enable other parties to provide log in services without using cookies or URL navigation (which might be degraded by bounce tracking). | FedCM is a privacy threat as it will encourage people that might otherwise be anonymous to become identifiable. It furthers the expansion of walled gardens. Such technologies favour the largest and most well-known brands as they are presented as a list of login options to users. This is often experienced today with “Sign in with Google / Meta / Apple” icons. Failing to address support for a large number of possible providerslimits competition in practice. |
| Fenced Frames | A web page component that cannot share data with other components. | Restricting interoperability and the web browser making decisions over which parties and data are allowed limits the freedom of other web participants. Fenced frames are a concrete example of this policy. |
| Frame-ancestors directive | Limits the web pages that web content can be embedded within. | No issues. |
| Private State Tokens | Passing proof of authenticity from one party to another without using data that might be considered by some to representa privacy risk. | The party that is providing proof is limited by the other features. Thus,the proposal “passes the buck” to other parties whilst making Google appear to be improving privacy. |
| Storage and Network State Partitioning | Storage is limited to BOTH the third party and the first party context. i.e. data from 3p.com written when present under pubA.com cannot be accessed by 3p.com when operated under pub.com. | See issues for CHIPs. |
| Storage Access (including Storage Access Header) | An extremely complex method of gating access to different storage with many interplays with other features like FedCM. | The proposal is very complex and appears to be an attempt by Google, who can handle complexity, to implement work arounds for their own use cases that are degraded by the other features. |
| User-Agent Client Hints | Requires a complex series of modifications to data models and logic to access information previously available via User-Agents. For example; device model, browser version, or OS version. | Increases complexity for developers without any privacy benefit. Further Google, via their privileged role as the web browser vendor, get more and richer information via other routes. For example X-Client-Data which is information sent to Google’s web servers when embedding something as simple as a font and which publishers and advertisers have no choice over. Web performance is degraded by around 100ms for small web sites that are accessed less frequentlythan Google’s domains. |
| User-Agent reduction | Making the User-Agent unusable for most use cases. | Unilaterally removes interoperability. |
Source: Privacy Sandbox feature status