Google has announced that as part of its effort to provide users with more ad transparency, it will begin testing the idea of using “trust tokens” which, unlike cookies, will allow website owners to authenticate users to advertisers without giving up their identities. The effort is part of its Privacy Sandbox initiative launched in response to user complaints about advertisers and unknown agents tracking their actions on the internet.
When you go to a website and create a login, software run by the owner of the website creates a cookie—a smile data file—that is saved to your computer. It is how the website is able to remember you the next time you visit. But very often, another entity on a web page creates a cookie, generally with the express purpose of tracking your web activity. This kind of cookie is called a third-party cookie, and in addition to tracking your activity, it can sometimes be used for fraudulent purposes. Because of this, the makers of browsers such as Safari and Firefox have already blocked them. Google, on the other hand, has been slower to block them because they have been used as part of anti-bot and anti-fraud systems by website owners. In this new effort, Google is working to provide a means for preserving such abilities while still blocking third-party cookies—trust tokens, they suggest, should do the trick—but it will take some time. Google’s timeline calls for removing support for third-party cookies in 2022.
Google describes its trust token technology as an API that can generate unique cryptographically signed tokens for each user of a website—it can be used by a website owner to let advertisers know if a visitor is a user or a bot—but would not be of any use to third parties. Most importantly, trust tokens could not be used to track user activity on the internet, because to third parties, they would all look the same. Google notes that the API and the software is still a work in progress—the company posted an intro for interested parties on its blog page last month.