As third-party cookies and other web trackers lose efficacy, companies are getting better at tracking people by puzzling together disparate pieces of information. Google, meanwhile, is erecting a variety of technical blockades in an attempt to thwart this fingerprinting tech. Among the digital ad giant’s anti-fingerprinting efforts is Privacy Budget.
Google has proposed Privacy Budget as part of its Privacy Sandbox initiative. By putting its stamp-of-approval on the concept — a privacy budget is a common method in privacy research arenas — and by including it on its Privacy Sandbox timeline, the company creates some momentum behind it.
What is a privacy budget?
Whether it’s Google’s branded Privacy Budget or the lower-case generic versions implemented by firms such as Apple for privacy protections in Safari, the privacy budget is a technique used to defend against fingerprinting. The idea is that it places limits on the “fingerprinting surfaces,” such as the HTTP headers that are sent each time a web page loads, that can be mined for information and combined to detect or assign someone’s identity.
It’s important to remember here that, in the Privacy Budget scenario, the web browser is the user agent, or a proxy for the person using the browser. The Privacy Budget is a limit on the amount of information various systems can access or detect in someone’s browser. In other words, based on pre-set thresholds, the Privacy Budget allows the browser to reveal information up to a certain point, then it blocks additional pieces of data from being accessed or detected.
Got it. So how does a privacy budget work in general?
In a way, the privacy budget can be thought of like a monetary budget or a limit on the amount of money that can be accessed. However, the currency used in a privacy budget is not dollars; instead, the value of data allowed in a privacy budget is expressed in bits. So, for example, when a Privacy Budget is at work, it would limit the amount of information that a website or technology employing it has access to, according to how each piece of data is valued in bits. So, if the system can detect that a browser is set to use the Korean language, that language setting would be considered a distinguishing characteristic, and it would be valued as a certain number of bits. Once a pre-defined number of bits or amount of distinguishing browser characteristics is detected, the privacy budget is used up.
Why are people talking about privacy budgets now?
Google plans to enable its branded Privacy Budget as a Privacy Sandbox tool by sometime in 2023, according to its timeline for that overarching project. But as Google has helped fuel more interest in the concept, it has also been mentioned in a variety of other web standards specifications proposed in the Worldwide Web Consortium, the web standards body, as a technique that could mitigate potential fingerprinting capabilities of those various technologies, such as tech used to stream video and audio, for example.
So why is Google behind this idea?
A company spokesperson stressed the technology’s infancy, telling Digiday, “Privacy Budget, an early-stage proposal designed to protect people from fingerprinting, applies a limit on information about a user’s browser to websites on a per-site basis and therefore would not introduce new information across sites that could be used for tracking. As with all proposals, we will continue to get feedback and provide resources for developers throughout the development process to help ensure a smooth transition to a more private web.”
The company also pointed to information made public about the technology by a Google engineer found in the developer forum GitHub. That post states, “Fundamentally, we want to limit how much information about individual users is exposed to sites so that in total it is insufficient to identify and track users across the web, except for possibly as part of large, heterogeneous groups,” and adds, “Our maximum tolerance for revealing information about each user is termed the privacy budget.”
If — or when — Google implements it, what happens to a site or tech when a budget is tapped out?
According to Google’s developer outline, when a website or technology tries to detect a piece of information the budget restricts, it could result in a page error or in replacement of that tech by a “privacy-preserving version” of the fingerprinting surface that could return “noisy” or generic results.
That sounds like it could be messy. What problems could arise?
People who have dug into privacy budget methods say there are a lot of possible hiccups. But there are some pretty important ones for marketers and site publishers to consider that could have a negative impact on user experience.
Researchers at browser maker Brave identified multiple potential issues with the privacy budget approach Google has proposed, including two that could specifically affect user experience and site optimization.
First, the privacy-preserving system that would be triggered when a privacy budget was tapped out could end up throwing out so much noise that the browser’s performance would suffer. “Second, there are few-to-no mechanisms in place to prevent websites from” bombarding the browser with attempts to access the data used for fingerprinting, wrote Brave chief scientist Dr. Ben Livshits and senior privacy researcher and director of privacy Pete Snyder.
Plus, Synder told Digiday, the approach could be “a non-starter” for some web developers trying to build websites and tech that can respond to a variety of dynamic limitations on how sites function. Of course, if Google were to build Privacy Budget into its market-dominant Chrome browser, those web developers would seem to have little recourse than to build tech that reaches the two-thirds of global web traffic the Google browser reaches.
Member ExclusiveMarketing Briefing: ‘An era of outrage porn’: Social experts weigh in on the value of brands’ edgy, viral content
Social media experts have mixed feelings on brands chasing viral moments, noting that it's a high-risk one that can come with a viral moment and boosted sales or online calls to cancel the brand and bad press.
Why Clarks enlisted influencers to bring users into its metaverse experience
As more brands dip their toes into the metaverse, they risk burning users out on branded experiences that are more akin to interactive commercials than games. Proper gamification is one way to circumvent this, with the most well-designed experiences inspiring community conversations and content in their own right.
Inside Bloomberg Media’s regional expansion plan into an economically uncertain U.K.
Almost every downturn presents an opportunity to take advantage of change and win —even for publishers. For Bloomberg Media, that opportunity is to become a bit more mainstream.
SponsoredHow marketers and retailers are unlocking the true value of retail media
Ben Kneen, senior director of product management, Xandr It’s a challenging time for retailers in the advertising industry. As they cope with supply chain woes and inflation-related pressures, they seek high-margin revenue streams amid evolving privacy regulations and massive shifts in identity solutions — including IDFA, the deprecation of third-party cookies and more. In light […]
How this founder evolved the agency he started in 9th grade into an incubator for new brands
XenoPsi is splitting into two main agency brands: Method One and Function Growth, while a third unit houses direct investments in startups.
Why a CBD brand is experimenting with OOH advertising to counter e-commerce buzzkills
As the digital marketing landscape continues to be murky for niche brands, CBD brand Sunday Scaries looks to OOH as a workaround.