Table of Contents
Why Third-Party Cookies Are Going Away
For over two decades, third-party cookies have been the backbone of online advertising and tracking. These small text files, placed by domains other than the one you are visiting, allow advertisers to follow you across websites, building detailed profiles of your browsing behavior, interests, and purchasing habits.
The backlash against this pervasive tracking has been building for years. Safari blocked third-party cookies by default in 2020, and Firefox followed with Enhanced Tracking Protection. Regulatory pressure from GDPR in Europe and CCPA in California forced companies to reckon with the consent requirements and privacy implications of cookie-based tracking.
Google Chrome, which holds roughly 65% of the global browser market, was the last major holdout. Google's position is uniquely conflicted: Chrome is a browser that should protect user privacy, but Google's advertising business depends on the ability to target ads based on user behavior. The Privacy Sandbox is Google's attempt to reconcile these competing interests.
What Is the Privacy Sandbox?
The Privacy Sandbox is a collection of technologies designed to replace third-party cookies with mechanisms that Google claims provide useful advertising capabilities while offering better privacy. Rather than allowing individual tracking across websites, the Privacy Sandbox processes information on your device and shares only aggregated or anonymized data with advertisers.
The initiative includes several distinct APIs, each addressing a different aspect of the advertising ecosystem that currently relies on third-party cookies.
Key Privacy Sandbox Technologies
Topics API
The Topics API replaces interest-based tracking with a system where your browser determines your interests locally. Each week, Chrome analyzes your browsing history and selects a handful of topics from a taxonomy of roughly 470 categories (such as "Fitness," "Travel," or "Cooking").
When you visit a website that participates in the Topics API, the browser shares up to three topics — one from each of the three most recent weeks. Advertisers use these topics to show relevant ads without knowing which specific websites you visited.
Topics are stored on your device for three weeks and then deleted. You can view and remove topics, and you can disable the feature entirely in Chrome's settings.
Protected Audience API (formerly FLEDGE)
The Protected Audience API handles remarketing — the practice of showing you ads for products you previously viewed. Instead of tracking you with cookies, the browser itself manages the ad auction locally.
When you visit an advertiser's website, your browser can join an "interest group" for that advertiser. Later, when you visit a site with ad space, the browser runs an on-device auction among the interest groups you belong to, selecting the winning ad without sending your browsing data to external servers.
Attribution Reporting API
The Attribution Reporting API measures ad effectiveness without tracking individual users. When you see an ad and later make a purchase, this API reports the conversion back to the advertiser using aggregated data with added noise, making it impossible to link the conversion to a specific individual's browsing history.
This replaces the detailed conversion tracking that third-party cookies enabled, where advertisers could follow your exact path from ad impression to purchase across multiple websites.
Privacy Implications: Is It Actually Better?
The Privacy Sandbox is a genuine improvement over third-party cookies in several respects. Data processing happens on your device rather than on remote servers. Individual browsing histories are not shared with advertisers. Interest categories are broad rather than granular, and they expire after three weeks.
However, privacy advocates have raised legitimate concerns.
Google remains the gatekeeper. The Privacy Sandbox is controlled by Google, which defines the topic taxonomy, the auction rules, and the privacy parameters. Critics argue this consolidates even more power in Google's advertising ecosystem.
On-device processing is still tracking. While your data stays on your device, Chrome is still analyzing your browsing behavior to categorize your interests. For users who do not want any form of behavioral profiling, this represents a privacy violation regardless of where the processing occurs.
The topic taxonomy reveals sensitive information. Even broad categories can be sensitive. Topics related to health conditions, political leanings, or financial difficulties can enable discriminatory targeting without revealing specific website visits.
Fingerprinting risks persist. The combination of topics shared with a website, along with other browser signals, could potentially be used for fingerprinting — identifying unique users without cookies.
How to Control Privacy Sandbox Settings
In Chrome, you can manage Privacy Sandbox settings by navigating to Settings, then Privacy and Security, then Ad Privacy. Here you will find toggles for:
- Ad topics: View your assigned topics and disable the feature
- Site-suggested ads: Control the Protected Audience API
- Ad measurement: Control the Attribution Reporting API
You can disable all three features to opt out of the Privacy Sandbox entirely while continuing to use Chrome.
Alternative Browsers for Privacy
If you prefer to avoid Google's approach to privacy entirely, several alternative browsers offer stronger privacy protections by default.
Firefox blocks third-party cookies by default through Enhanced Tracking Protection and does not implement Privacy Sandbox APIs. Mozilla's revenue comes partially from search engine deals but the organization has a strong track record on privacy advocacy.
Brave blocks ads and trackers by default, including fingerprinting attempts. It offers an opt-in advertising model where users earn cryptocurrency for viewing privacy-respecting ads. Brave is built on the same Chromium engine as Chrome but strips out Google's tracking infrastructure.
Safari uses Intelligent Tracking Prevention (ITP), which employs machine learning to identify and block tracking behavior. Apple's business model does not depend on advertising revenue, which aligns its incentives with user privacy.
Making an Informed Choice
The Privacy Sandbox represents a complex trade-off. It is measurably better than third-party cookies for user privacy, but it still enables a form of behavioral profiling controlled by the world's largest advertising company. Whether this compromise is acceptable depends on your personal privacy priorities. Review your Chrome Ad Privacy settings to understand what data Chrome is collecting about your interests, and consider whether an alternative browser better aligns with your expectations for online privacy.
Share this article
Raimundo Coelho
Cybersecurity specialist and technology professor with over 20 years of experience in IT. Graduated from Universidade Estácio de Sá. Writing practical guides to help you protect your data and stay safe in the digital world.
