Google has announced that its Privacy Sandbox initiative, which began in 2019, is now effectively dead(nouvelle fenêtre). It’s core stated aim was to protect internet users from being tracked by third-party cookies(nouvelle fenêtre), but Google has a long record of privacy washing. After all, its entire business model is invading your privacy so that it can target you with highly-personalized ads.

It is nevertheless striking that Google has given up any pretense at trying to protect people from highly invasive advertising practices. It’s a move reminiscent of Google quietly dropping its Don’t be evil(nouvelle fenêtre) motto in 2015 and also follows its abandonment(nouvelle fenêtre) of its pledge(nouvelle fenêtre) to phase out third-party cookies from its Chrome web browser in April 2025.

What is (or was) Privacy Sandbox?

Combining a range technologies (see below), the aim of Privacy Sandbox was to provide a way for advertisers to track you without the need for privacy-invasive third-party cookies. Centered around the notion of FLoC (Federated Learning of Cohorts), Google would do its tracking inside its Chrome browser.

To preserve your privacy, it would group your online activities into cohorts or interest groups. Advertisers wouldn’t get direct access to the exact websites and online services you used, but would still be able to target you with personalized ads based on your general interests (as inferred from the cohorts of websites you visited).

While this might have provided some privacy from the websites you visited, it effectively gave Google total visibility of your online life.

So what exactly is Google doing now?

Google is retiring the following Privacy Sandbox technologies:

It will, however, maintain a small number of tools developed for Privacy Sandbox that have had some traction in the market:

  • CHIPS(nouvelle fenêtre) (allows websites to store cookies in a sandboxed state, preventing them from tracking users across different websites)
  • FedCM(nouvelle fenêtre) (allows you to sign into websites using third-party accounts — for example, using your Google or Facebook login details — while preventing those third parties from tracking you across different websites)
  • Private State Tokens(nouvelle fenêtre) (an authentication tool designed to combat online fraud while preserving privacy)

Why is it doing this?

Google says that “we’ve heard clearly from marketers and publishers the importance of scaled measurement solutions to understand the impact of advertising campaigns and the value of different audiences”. It also cites “low levels of adoption” for its Privacy Sandbox technologies.

So basically, advertisers have shown little interest in giving Google even more of a monopoly over online data collection. And when push comes to shove, Google makes far too much money from the status quo to ever do anything meaningful to protect peoples’ online privacy (not that Privacy Sandbox was ever a serious attempt at this).

How to protect your privacy online

Fortunately, we don’t need to rely on Google to protect our privacy (an absurd idea anyway, as Google’s entire business model relies on invading our privacy). Effective measures you can take include:

At Proton, we offer a suite of independently audited open-source privacy tools that empower you to take privacy into your own hands.