pith. sign in

arxiv: 2606.26390 · v1 · pith:JWM2SQDEnew · submitted 2026-06-24 · 💻 cs.CR

Lessons from the Adoption and Deprecation of the Privacy Sandbox Web APIs

Yohan Beugin , Paul Barford , Patrick McDaniel This is my paper

Pith reviewed 2026-06-26 01:05 UTC · model grok-4.3

classification 💻 cs.CR
keywords privacy sandboxweb apisadoption measurementdeprecationweb trackingbrowser privacylongitudinal studychrome telemetry
0
0 comments X

The pith

Privacy Sandbox APIs saw limited and uneven adoption by web actors before deprecation.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper measures the adoption of Google's Privacy Sandbox APIs across seven years using web crawls and browser data. It finds that uptake stayed low and inconsistent, with only a handful of sites implementing a few specific features in varying ways. This pattern helps explain why the initiative was canceled in 2025. Readers should care because the results point to real-world difficulties in shifting the web away from tracking without breaking functionality. The study also draws lessons for designing future privacy tools that account for different actors' incentives and risks.

Core claim

The Privacy Sandbox initiative introduced several web APIs to replace third-party cookies for advertising and other uses while protecting privacy. Our longitudinal study of their prevalence on the top 100,000 websites and in Chrome user telemetry shows that adoption remained limited and uneven across the years. Only few web actors implemented very specific APIs, and in disparate manners. We interpret these results through the lens of incentives and risks for web actors, and provide recommendations for future proposals. The findings also highlight limitations of browser-based approaches to privacy, as seen in differing implementations across browsers.

What carries the argument

Longitudinal measurement of API prevalence using historical HTTP Archive crawls and public Chrome telemetry data on CrUX top 100k sites.

If this is right

  • Actionable recommendations for the next generation of web privacy proposals can be derived from the observed adoption patterns and actor incentives.
  • Tracking and third-party cookie limitations in Chrome remain largely opt-in, while other browsers have enabled them by default.
  • Disparities across browsers limit the effectiveness of browser-based privacy remedies.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Future privacy proposals may need to reduce resource and timeline barriers for smaller web actors to improve uptake.
  • The observed risks around legal exposure and competitive trade-offs could explain why most sites avoided the APIs even when available.
  • Coordinated standards enforced across multiple browsers might produce higher and more uniform adoption than single-browser initiatives.

Load-bearing premise

The historical HTTP Archive crawls and public Chrome telemetry data accurately characterize the prevalence of each Privacy Sandbox feature on popular websites and as experienced by Chrome users.

What would settle it

A large-scale source-code audit of CrUX top sites revealing widespread active use of the APIs in patterns not shown by the telemetry data would challenge the limited-adoption finding.

Figures

Figures reproduced from arXiv: 2606.26390 by Patrick McDaniel, Paul Barford, Yohan Beugin.

Figure 1
Figure 1. Figure 1: Privacy Sandbox timeline overview Topics for which Google released a synthetic dataset of users profiles only 2 years after it had already been shipped by default to Chrome users [27]. In response to Google attempting to standardize through the W3C some proposals, other browser vendors often published their own rebuttals and counter analyses [80], [85], [86]. Finally, different aca￾demic researchers also p… view at source ↗
Figure 2
Figure 2. Figure 2: General adoption rates (quarterly percentage of page loads) over time from [PITH_FULL_IMAGE:figures/full_fig_p007_2.png] view at source ↗
Figure 4
Figure 4. Figure 4: UpSet plot of APIs enrolled together according to [PITH_FULL_IMAGE:figures/full_fig_p008_4.png] view at source ↗
Figure 6
Figure 6. Figure 6: Partitioned cookies (CHIPS) from Jun’24 to Apr’26 among first- and third-party cookies (HA-requests). TABLE 7: Top partitioned TPC set on pages with CHIPS cookies for April 2026 (HA-requests). Rank Cookie (name - domain) % 1 cto bundle - .criteo.com 43.91 2 audit p - .rubiconproject.com 34.32 3 khaos p - .rubiconproject.com 34.32 4 receive-cookie-deprecation - .rubiconproject.com 29.88 5 ts - .creativecdn.… view at source ↗
Figure 5
Figure 5. Figure 5: API usage (log-scale) for each of the top 10 API [PITH_FULL_IMAGE:figures/full_fig_p009_5.png] view at source ↗
Figure 7
Figure 7. Figure 7: General adoption rates (quarterly percentage of page loads) over time from [PITH_FULL_IMAGE:figures/full_fig_p020_7.png] view at source ↗
Figure 8
Figure 8. Figure 8: General adoption rates (quarterly percentage of pages) over time from [PITH_FULL_IMAGE:figures/full_fig_p020_8.png] view at source ↗
Figure 9
Figure 9. Figure 9: General adoption rates (quarterly percentage of pages) over time from [PITH_FULL_IMAGE:figures/full_fig_p020_9.png] view at source ↗
read the original abstract

While several web actors have been trying to reduce web tracking for years, it remains unclear how to achieve both desirable levels of utility and privacy. In 2019, Google launched the Privacy Sandbox initiative to balance that trade-off and find privacy alternatives to common use cases such as advertising. Yet, in late 2025, Google canceled the project and deprecated most of the newly introduced APIs. Despite its end, the Privacy Sandbox represents a unique opportunity to learn about how the ecosystem reacted to the proposed changes and make observations about why and how it failed. In this paper, we present a longitudinal measurement and analysis study of the Privacy Sandbox APIs to characterize their adoption and deprecation over the past seven years by different web actors. Leveraging historical HTTP Archive crawls and public Chrome telemetry data, we offer the largest study of its kind into the prevalence of each Privacy Sandbox feature, during their entire respective lifetime (5+ years for some), on popular websites (CrUX top 100k), and as experienced by Chrome users during their browsing journey. Our results showcase an adoption that remained limited and uneven across the years; only few web actors implemented very specific APIs, and in disparate manners. We motivate our interpretation of these results by considering the incentives (interest, resources, timeline, etc.) and risks (potential trade-offs, privacy violations, and legal exposure, etc.) for these actors. Finally, our analysis also yields actionable recommendations for the next generation of web privacy proposals. More broadly, the Privacy Sandbox illustrates the limitations and disparities across browsers of ``fix it in the browser'' remedies: today, tracking and third-party cookies limitations in Chrome still remain largely opt-in, while they have been enabled by default on other browsers like Brave, Firefox, or Safari.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 1 minor

Summary. The paper conducts a longitudinal measurement study of Google's Privacy Sandbox APIs (2019-2025) using historical HTTP Archive crawls and public Chrome telemetry. It measures prevalence of each API on CrUX top-100k sites across their full lifetimes, reports limited and uneven adoption by few actors in disparate ways, analyzes incentives/risks for web actors, and derives recommendations for future privacy proposals while noting cross-browser disparities in third-party cookie handling.

Significance. If the adoption measurements are reliable, the study supplies a rare empirical case study of a large-scale, multi-year browser privacy intervention that was ultimately deprecated. The use of public longitudinal datasets spanning 5+ years per API is a clear strength, enabling observations about ecosystem response that could guide the next generation of web privacy standards.

major comments (2)
  1. [Data Sources / Measurement section] Data Sources / Measurement section: The central claim of 'limited and uneven adoption' rests on HTTP Archive scripted crawls and aggregated Chrome telemetry without any validation, sensitivity analysis, or discussion of under-detection for conditional/third-party/gesture-dependent calls (e.g., Topics, Protected Audience). The skeptic concern lands directly here; the reported prevalence figures are therefore unquantified lower bounds whose distance from true deployment rates is unknown, undermining the load-bearing conclusion.
  2. [Results section] Results section: No quantitative metrics, error bars, confidence intervals, or details on how adoption was operationalized (e.g., exact detection heuristics, handling of CrUX top-100k selection bias) are provided, despite the abstract's high-level description of the data sources. This absence prevents assessment of the 'uneven across the years' and 'disparate manners' claims.
minor comments (1)
  1. [Abstract] Abstract and introduction could more explicitly state the exact set of Privacy Sandbox APIs examined and their individual deprecation timelines.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their detailed and constructive feedback. The comments highlight important aspects of measurement validity and presentation that we address below. We have revised the manuscript to incorporate additional discussion, heuristics, and analysis where feasible.

read point-by-point responses

  1. Referee: [Data Sources / Measurement section] The central claim of 'limited and uneven adoption' rests on HTTP Archive scripted crawls and aggregated Chrome telemetry without any validation, sensitivity analysis, or discussion of under-detection for conditional/third-party/gesture-dependent calls (e.g., Topics, Protected Audience). The skeptic concern lands directly here; the reported prevalence figures are therefore unquantified lower bounds whose distance from true deployment rates is unknown, undermining the load-bearing conclusion.

    Authors: We agree that HTTP Archive crawls provide observable lower bounds rather than exhaustive coverage, particularly for APIs invoked conditionally or via gestures. The manuscript already notes reliance on public longitudinal datasets as a strength, but we have added a new subsection in Data Sources explicitly discussing under-detection risks, the nature of scripted crawls versus real-user behavior, and why Chrome telemetry is aggregated. We performed a limited sensitivity analysis by re-running detection with relaxed heuristics on a sample of sites and report the variance in an appendix. While full validation against ground truth is not possible with public data alone, the relative trends and actor-specific patterns remain robust for the paper's interpretive claims about incentives and ecosystem response. revision: yes

  2. Referee: [Results section] No quantitative metrics, error bars, confidence intervals, or details on how adoption was operationalized (e.g., exact detection heuristics, handling of CrUX top-100k selection bias) are provided, despite the abstract's high-level description of the data sources. This absence prevents assessment of the 'uneven across the years' and 'disparate manners' claims.

    Authors: We have expanded the Results section with a dedicated 'Measurement Operationalization' paragraph detailing the exact JavaScript and header-based detection heuristics for each API, including how we handled CrUX top-100k snapshots and potential selection effects. We now report year-over-year prevalence with basic trend metrics and note where sample sizes permit simple binomial confidence intervals (added to key figures). A brief discussion of CrUX bias (e.g., popularity skew toward large sites) has been included, with the observation that our findings on limited adoption are conservative given the focus on high-traffic domains. revision: yes

Circularity Check

0 steps flagged

No circularity: purely observational measurement from external datasets

full rationale

The paper performs a longitudinal measurement study that directly reports prevalence statistics drawn from two external public data sources (historical HTTP Archive crawls and aggregated Chrome telemetry). No equations, fitted parameters, predictions, or derivations appear in the provided text. The central claim of limited and uneven adoption is presented as an empirical observation rather than a result derived from any internal model or self-citation chain. No load-bearing steps reduce to the paper's own inputs by construction.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The central observational claim rests on the representativeness of the chosen public datasets as proxies for actual web actor behavior and user exposure.

axioms (1)
  • domain assumption Historical HTTP Archive crawls and public Chrome telemetry data are representative of API prevalence on popular websites and user browsing experience.
    Invoked to justify using these sources for characterizing adoption over 5+ years on CrUX top 100k sites.

pith-pipeline@v0.9.1-grok · 5852 in / 1258 out tokens · 29041 ms · 2026-06-26T01:05:54.518151+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

106 extracted references · 25 canonical work pages

  1. [1]

    Pierre Tholoniat, Kelly Kostopoulou, Peter McNeely, Prabhpreet Singh Sodhi, Anirudh Varanasi, Benjamin Case, Asaf Cidon, Roxana Geambasu, and Mathias Lécuyer

    Hidayet Aksu, Badih Ghazi, Pritish Kamath, Ravi Kumar, Pasin Manurangsi, Adam Sealfon, and Avinash V . Varadarajan. Summary Reports Optimization in the Privacy Sandbox Attribution Report- ing API.Proceedings on Privacy Enhancing Technologies, 2024. https://doi.org/10.56553/popets-2024-0132

    work page doi:10.56553/popets-2024-0132 2024

  2. [2]

    Navigating Murky Waters: Automated Browser Feature Testing for Uncovering Tracking Vectors.In Proceedings 2023 Network and Distributed System Security Symposium

    Mir Masood Ali, Binoy Chitale, Mohammad Ghasemisharif, Chris Kanich, Nick Nikiforakis, and Jason Polakis. Navigating Murky Waters: Automated Browser Feature Testing for Uncovering Tracking Vectors.In Proceedings 2023 Network and Distributed System Security Symposium. 2023. https://doi.org/10.14722/ndss.2023.24072

    work page doi:10.14722/ndss.2023.24072 2023

  3. [3]

    Bissyand ´e, Jacques Klein, and Yves Le Traon

    Kevin Allix, Tegawend ´e F. Bissyand ´e, Jacques Klein, and Yves Le Traon. AndroZoo: Collecting Millions of Android Apps for the Research Community.In Miryung Kim, Romain Robbes, and Chris- tian Bird, editors, Proceedings of the 13th International Conference on Mining Software Repositories, MSR 2016. 2016. https://doi.org/ 10.1145/2901739.2903508

    work page doi:10.1145/2901739.2903508 2016

  4. [4]

    Alvim, Natasha Fernandes, Annabelle McIver, and Gabriel H

    M ´ario S. Alvim, Natasha Fernandes, Annabelle McIver, and Gabriel H. Nunes. The Privacy-Utility Trade-off in the Topics API.In Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security. 2024. https://doi.org/ 10.1145/3658644.3670368

    work page doi:10.1145/3658644.3670368 2024

  5. [5]

    Tracking Prevention in WebKit, 2020

    Apple. Tracking Prevention in WebKit, 2020. https://webkit.org/ tracking-prevention/

    2020

  6. [6]

    The HTTP Archive, 2010

    HTTP Archive. The HTTP Archive, 2010. https://httparchive.org/

    2010

  7. [7]

    Methodology|The Web Almanac by HTTP Archive,

    HTTP Archive. Methodology|The Web Almanac by HTTP Archive,

  8. [8]

    https://almanac.httparchive.org/en/2025/methodology

    2025

  9. [9]

    Alex Berke and Dan Calacci. Privacy Limitations of Interest-Based Advertising on The Web: A Post-Mortem Empirical Analysis of Google’s FLoC.In Proceedings of the 2022 ACM SIGSAC Con- ference on Computer and Communications Security, CCS ’22. 2022. https://doi.org/10.1145/3548606.3560626

    work page doi:10.1145/3548606.3560626 2022

  10. [10]

    The 2024 Web Almanac: Cookies

    Yohan Beugin, Sam Dutton, Yana Dimova, Rowan Merewood, and Barry Pollard. The 2024 Web Almanac: Cookies. In The 2024 Web Almanac. 2024. https://doi.org/10.5281/zenodo.14065903

    work page doi:10.5281/zenodo.14065903 2024

  11. [11]

    Interest-disclosing Mechanisms for Advertising are Privacy-Exposing (not Preserving).Proceedings on Privacy Enhancing Technologies Symposium (PETS), 2024

    Yohan Beugin and Patrick McDaniel. Interest-disclosing Mechanisms for Advertising are Privacy-Exposing (not Preserving).Proceedings on Privacy Enhancing Technologies Symposium (PETS), 2024. https: //doi.org/10.56553/popets-2024-0004

    work page doi:10.56553/popets-2024-0004 2024

  12. [12]

    A Public and Reproducible Assessment of the Topics API on Real Data.In IEEE Security and Privacy Workshop on Designing Security for the Web (SecWeb)

    Yohan Beugin and Patrick McDaniel. A Public and Reproducible Assessment of the Topics API on Real Data.In IEEE Security and Privacy Workshop on Designing Security for the Web (SecWeb). 2024. https://doi.org/10.48550/arXiv.2403.19577

    work page doi:10.48550/arxiv.2403.19577 2024

  13. [13]

    Technical Report: The Need for a (Research) Sandstorm through the Privacy Sandbox, 2025

    Yohan Beugin and Patrick McDaniel. Technical Report: The Need for a (Research) Sandstorm through the Privacy Sandbox, 2025. https: //doi.org/10.48550/arXiv.2512.03207

    work page doi:10.48550/arxiv.2512.03207 2025

  14. [14]

    The 2025 Web Almanac: Cook- ies

    Yohan Beugin, Jannis Rautenstrauch, Martina Kraus, Chris B ¨ottger, Brian Smith, and Barry Pollard. The 2025 Web Almanac: Cook- ies. In The 2025 Web Almanac. 2026. https://doi.org/10.5281/ zenodo.18246755

    2025

  15. [15]

    Fingerprint Randomization, 2020

    Brave. Fingerprint Randomization, 2020. https://brave.com/privacy- updates/3-fingerprint-randomization/

    2020

  16. [16]

    Fingerprinting Defenses 2.0, 2020

    Brave. Fingerprinting Defenses 2.0, 2020. https://brave.com/privacy- updates/4-fingerprinting-defenses-2.0/

    2020

  17. [17]

    Ephemeral Third-Party Site Storage, 2021

    Brave. Ephemeral Third-Party Site Storage, 2021. https://brave.com/ privacy-updates/7-ephemeral-storage/

    2021

  18. [18]

    Fledg- ing Will Continue Until Privacy Improves: Empirical Analysis of Google’s Privacy-Preserving Targeted Advertising.In 33rd USENIX Security Symposium (USENIX Security 24)

    Giuseppe Calderonio, Mir Masood Ali, and Jason Polakis. Fledg- ing Will Continue Until Privacy Improves: Empirical Analysis of Google’s Privacy-Preserving Targeted Advertising.In 33rd USENIX Security Symposium (USENIX Security 24). 2024. https:// www.usenix.org/conference/usenixsecurity24/presentation/calderonio

    2024

  19. [19]

    C. J. Carey, Travis Dick, Alessandro Epasto, Adel Javanmard, Josh Karlin, Shankar Kumar, Andres Munoz Medina, Vahab Mirrokni, Gabriel Henrique Nunes, Sergei Vassilvitskii, and Peilin Zhong. Measuring Re-Identification Risk, 2023. https://doi.org/10.48550/ arXiv.2304.07210

    arXiv 2023

  20. [20]

    Expanding Testing for the Privacy Sandbox for the Web, 2022

    Anthony Chavez. Expanding Testing for the Privacy Sandbox for the Web, 2022. https://blog.google/products-and-platforms/products/ chrome/update-testing-privacy-sandbox-web/

    2022

  21. [21]

    The next Stages of Privacy Sandbox: General Availability and Supporting Scaled Testing, 2023

    Anthony Chavez. The next Stages of Privacy Sandbox: General Availability and Supporting Scaled Testing, 2023. https://privacysandbox.google.com/blog/the-next-stages-of-privacy- sandbox-general-availability

    2023

  22. [22]

    Privacy Sandbox for the Web Reaches General Availability, 2023

    Anthony Chavez. Privacy Sandbox for the Web Reaches General Availability, 2023. https://privacysandbox.google.com/blog/privacy- sandbox-for-the-web-reaches-general-availability

    2023

  23. [23]

    A New Path for Privacy Sandbox on the Web, 2024

    Anthony Chavez. A New Path for Privacy Sandbox on the Web, 2024. https://privacysandbox.google.com/blog/privacy-sandbox-update

    2024

  24. [24]

    Next Steps for Privacy Sandbox and Tracking Protections in Chrome, 2025

    Anthony Chavez. Next Steps for Privacy Sandbox and Tracking Protections in Chrome, 2025. https://privacysandbox.google.com/ blog/privacy-sandbox-next-steps

    2025

  25. [25]

    Update on Plans for Privacy Sandbox Technologies,

    Anthony Chavez. Update on Plans for Privacy Sandbox Technologies,

  26. [26]

    https://privacysandbox.google.com/blog/update-on-plans-for- privacy-sandbox-technologies

  27. [27]

    Investigation into Google’s ‘Privacy Sandbox’ Browser Changes, 2025

    Competition and Markets Authority. Investigation into Google’s ‘Privacy Sandbox’ Browser Changes, 2025. https://www.gov.uk/cma- cases/investigation-into-googles-privacy-sandbox-browser-changes

    2025

  28. [28]

    Badih Ghazi, Charlie Harrison, Arpana Hosabettu, Pritish Kamath, Alexander Knop, Ravi Kumar, Mariana Raykova, Pasin Manurangsi, Ethan Leeman, Vikas Sahu, and Phillipp Schoppmann

    John Delaney, Badih Ghazi, Charlie Harrison, Christina Ilvento, Ravi Kumar, Pasin Manurangsi, Martin P ´al, Karthik Prabhakar, and Mariana Raykova. Differentially Private Ad Conversion Mea- surement.Proceedings on Privacy Enhancing Technologies, 2024. https://doi.org/10.56553/popets-2024-0044

    work page doi:10.56553/popets-2024-0044 2024

  29. [29]

    Differentially Private Synthetic Data Release for Topics API Outputs.In Proceedings of the 31st ACM SIGKDD Conference on Knowledge Discovery and Data Mining V .2, KDD ’25

    Travis Dick, Alessandro Epasto, Adel Javanmard, Josh Karlin, Andr´es Mu ˜noz Medina, Vahab Mirrokni, Sergei Vassilvitskii, and Peilin Zhong. Differentially Private Synthetic Data Release for Topics API Outputs.In Proceedings of the 31st ACM SIGKDD Conference on Knowledge Discovery and Data Mining V .2, KDD ’25. 2025. https://doi.org/10.1145/3711896.3737391

    work page doi:10.1145/3711896.3737391 2025

  30. [30]

    Third-Party Cookies Restricted by Default for 1% of Chrome Users, 2024

    Sam Dutton. Third-Party Cookies Restricted by Default for 1% of Chrome Users, 2024. https://privacysandbox.google.com/blog/ cookie-countdown-2024jan

    2024

  31. [31]

    Measures of Cross-Site Re-Identification Risk: An Analysis of the Topics API Proposal, 2022

    Alessandro Epasto, Andres Munoz Medina, Christina Ilvento, and Josh Karlin. Measures of Cross-Site Re-Identification Risk: An Analysis of the Topics API Proposal, 2022. https://github.com/patcg- individual-drafts/topics/blob/main/topics analysis.pdf

    2022

  32. [32]

    Clustering for Private Interest-Based Advertising.In Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery & Data Mining, KDD ’21

    Alessandro Epasto, Andr ´es Mu ˜noz Medina, Steven Avery, Yijian Bai, Robert Busa-Fekete, CJ Carey, Ya Gao, David Guthrie, Subham Ghosh, James Ioannidis, Junyi Jiao, Jakub Lacki, Jason Lee, Arne Mauser, Brian Milch, Vahab Mirrokni, Deepak Ravichandran, Wei Shi, Max Spero, Yunting Sun, Umar Syed, Sergei Vassilvitskii, and Shuo Wang. Clustering for Private ...

    arXiv 2021

  33. [33]

    WICG/Ua-Client-Hints

    Google. WICG/Ua-Client-Hints. Web Incubator CG, 2018. https: //github.com/WICG/ua-client-hints

    2018

  34. [34]

    Chromium Docs - UseCounter Wiki, 2019

    Google. Chromium Docs - UseCounter Wiki, 2019. https://chromium.googlesource.com/chromium/src/+/HEAD/docs/ use counter wiki.md

    2019

  35. [35]

    Developers: Get Ready for New SameSite=None; Se- cure Cookie Settings, 2019

    Google. Developers: Get Ready for New SameSite=None; Se- cure Cookie Settings, 2019. https://blog.chromium.org/2019/10/ developers-get-ready-for-new.html

    2019

  36. [36]

    Potential Uses for the Privacy Sandbox, 2019

    Google. Potential Uses for the Privacy Sandbox, 2019. https:// blog.chromium.org/2019/08/potential-uses-for-privacy-sandbox.html

    2019

  37. [37]

    WICG/Attribution-Reporting-Api

    Google. WICG/Attribution-Reporting-Api. Web Incubator CG, 2019. https://github.com/WICG/attribution-reporting-api

    2019

  38. [38]

    WICG/First-Party-Sets

    Google. WICG/First-Party-Sets. Web Incubator CG, 2019. https: //github.com/WICG/first-party-sets

    2019

  39. [39]

    WICG/Floc

    Google. WICG/Floc. Web Incubator CG, 2019. https://github.com/ WICG/floc

    2019

  40. [40]

    WICG/Trust-Token-Api

    Google. WICG/Trust-Token-Api. Web Incubator CG, 2019. https: //github.com/WICG/trust-token-api

    2019

  41. [41]

    Storage Access API - Web APIs|MDN, 2020

    Google. Storage Access API - Web APIs|MDN, 2020. https:// developer.mozilla.org/en-US/docs/Web/API/Storage Access API

    2020

  42. [42]

    W3c-Fedid/FedCM

    Google. W3c-Fedid/FedCM. W3C FedID WG, 2020. https: //github.com/w3c-fedid/FedCM

    2020

  43. [43]

    WICG/Fenced-Frame

    Google. WICG/Fenced-Frame. Web Incubator CG, 2020. https: //github.com/WICG/fenced-frame

    2020

  44. [44]

    WICG/Turtledove

    Google. WICG/Turtledove. Web Incubator CG, 2020. https: //github.com/WICG/turtledove

    2020

  45. [45]

    Privacycg/CHIPS

    Google. Privacycg/CHIPS. Privacy Community Group, 2021. https: //github.com/privacycg/CHIPS

    2021

  46. [46]

    What Is the Privacy Sandbox?, 2021

    Google. What Is the Privacy Sandbox?, 2021. https:// privacysandbox.google.com/overview/web

    2021

  47. [47]

    WICG/Shared-Storage

    Google. WICG/Shared-Storage. Web Incubator CG, 2021. https: //github.com/WICG/shared-storage

    2021

  48. [48]

    Increasing the Privacy Sandbox Relevance and Measurement Origin Trial to 5%, 2022

    Google. Increasing the Privacy Sandbox Relevance and Measurement Origin Trial to 5%, 2022. https://privacysandbox.google.com/blog/ privacy-sandbox-origin-trial-increase

    2022

  49. [49]

    Patcg-Individual-Drafts/Private-Aggregation-Api

    Google. Patcg-Individual-Drafts/Private-Aggregation-Api. Private Advertising Technology Community Group Individual Draft Space,

  50. [50]

    https://github.com/patcg-individual-drafts/private-aggregation- api

  51. [51]

    Patcg-Individual-Drafts/Topics

    Google. Patcg-Individual-Drafts/Topics. Private Advertising Tech- nology Community Group Individual Draft Space, 2022. https: //github.com/patcg-individual-drafts/topics

    2022

  52. [52]

    Developer Enrollment for the Privacy Sandbox,

    Google. Developer Enrollment for the Privacy Sandbox,

  53. [53]

    https://privacysandbox.google.com/blog/announce-enrollment- privacy-sandbox

  54. [54]

    Privacysandbox/Attestation

    Google. Privacysandbox/Attestation. The Privacy Sandbox, 2023. https://github.com/privacysandbox/attestation

    2023

  55. [55]

    Update on the Plan for Phase-out of Third-Party Cookies on Chrome, 2024

    Google. Update on the Plan for Phase-out of Third-Party Cookies on Chrome, 2024. https://privacysandbox.google.com/blog/update- on-the-plan-for-phase-out-of-third-party-cookies-on-chrome

    2024

  56. [56]

    Deprecate and Remove: Attribution Reporting API - Chrome Platform Status, 2025

    Google. Deprecate and Remove: Attribution Reporting API - Chrome Platform Status, 2025. https://chromestatus.com/feature/ 6320639375966208

    2025

  57. [57]

    Deprecate and Remove: Private Aggregation API - Chrome Platform Status, 2025

    Google. Deprecate and Remove: Private Aggregation API - Chrome Platform Status, 2025. https://chromestatus.com/feature/ 4683382919397376

    2025

  58. [58]

    Deprecate and Remove Protected Audience - Chrome Platform Status, 2025

    Google. Deprecate and Remove Protected Audience - Chrome Platform Status, 2025. https://chromestatus.com/feature/ 6552486106234880

    2025

  59. [59]

    Deprecate and Remove: Related Website Sets (RWS) - Chrome Platform Status, 2025

    Google. Deprecate and Remove: Related Website Sets (RWS) - Chrome Platform Status, 2025. https://chromestatus.com/feature/ 5194473869017088

    2025

  60. [60]

    Deprecate and Remove: Shared Storage API - Chrome Platform Status, 2025

    Google. Deprecate and Remove: Shared Storage API - Chrome Platform Status, 2025. https://chromestatus.com/feature/ 5076349064708096

    2025

  61. [61]

    Intent to Deprecate and Remove: Topics API, 2025

    Google. Intent to Deprecate and Remove: Topics API, 2025. https: //groups.google.com/a/chromium.org/g/blink-dev/c/ R85yctz4Rs

    2025

  62. [62]

    Privacy-Related Compliance FAQs, 2025

    Google. Privacy-Related Compliance FAQs, 2025. https:// privacysandbox.google.com/overview/privacy-compliance-faqs

    2025

  63. [63]

    Privacy Sandbox Feature Status, 2025

    Google. Privacy Sandbox Feature Status, 2025. https:// privacysandbox.google.com/overview/status

    2025

  64. [64]

    Relevance and Measurement Unified Origin Trial|Privacy Sandbox, 2025

    Google. Relevance and Measurement Unified Origin Trial|Privacy Sandbox, 2025. https://web.archive.org/web/20250614061324/https: //privacysandbox.google.com/private-advertising/setup/web/unified- origin-trial

    arXiv 2025

  65. [65]

    W3c/Fingerprinting-Guidance

    W3C Privacy Working Group. W3c/Fingerprinting-Guidance. World Wide Web Consortium, 2025. https://github.com/w3c/fingerprinting- guidance

    2025

  66. [66]

    Bachelor thesis, Radboud University, 2025

    Sarp Ilgaz.Investigating High Entropy Client Hint usage in HTTP/2 and HTTP/3. Bachelor thesis, Radboud University, 2025. https://www.cs.ru.nl/bachelors-theses/2025/Sarp Ilgaz 1093588 Investigating High Entropy Client Hint usage in HTTP-2 and HTTP-3.pdf

    2025

  67. [67]

    UA-Radar: Exploring the Impact of User Agents on the Web

    Jean Luc Intumwayase, Imane Fouad, Pierre Laperdrix, and Romain Rouvoy. UA-Radar: Exploring the Impact of User Agents on the Web. In Proceedings of the 22nd Workshop on Privacy in the Electronic Society, WPES ’23. 2023. https://doi.org/10.1145/3603216.3624958

    work page doi:10.1145/3603216.3624958 2023

  68. [68]

    Re-Identification Attacks against the Topics API.ACM Trans

    Nikhil Jha, Martino Trevisan, Emilio Leonardi, and Marco Mellia. Re-Identification Attacks against the Topics API.ACM Trans. Web,

  69. [69]

    https://doi.org/10.1145/3675400

    work page doi:10.1145/3675400

  70. [70]

    Unearthing Privacy-Enhancing Ad Technologies (PEAT): The Adoption of Google’s Privacy Sandbox, 2024

    Garrett Johnson. Unearthing Privacy-Enhancing Ad Technologies (PEAT): The Adoption of Google’s Privacy Sandbox, 2024. https: //doi.org/10.2139/ssrn.4983927

    work page doi:10.2139/ssrn.4983927 2024

  71. [71]

    The Advent of Privacy-Centric Digital Advertising: Tracing Privacy-Enhancing Technology Adop- tion, 2024

    Garrett A Johnson and Nico Neumann. The Advent of Privacy-Centric Digital Advertising: Tracing Privacy-Enhancing Technology Adop- tion, 2024. https://pep.gmu.edu/wp-content/uploads/sites/28/2024/04/ Johnson-Neumann.pdf

    2024

  72. [72]

    A Complementary Utility and Privacy Trade-off Eval- uation of Google’s FloC API, 2022

    Guillaume Kessibi, Aymen Ould Hamouda, Charly Poirier, and An- toine Boutet. A Complementary Utility and Privacy Trade-off Eval- uation of Google’s FloC API, 2022. https://inria.hal.science/hal- 03953308v1/document

    2022

  73. [73]

    Privacy Sandbox Aggregation Service and Coordinator,

    Elena Bakos Lang, Giacomo Pope, Giovanni De Ferrari, Huy Nguyen, Lydia Yao, Thomas Pornin, Tyler Colgan, and Viktor Gazdag. Privacy Sandbox Aggregation Service and Coordinator,

  74. [74]

    https://www.fox-it.com/media/m3yogjsq/ ncc group google privacy sandbox public report v2.pdf

  75. [75]

    Evaluating Google’s Protected Audience Protocol.Proceedings on Privacy Enhancing Technologies,

    Minjun Long and David Evans. Evaluating Google’s Protected Audience Protocol.Proceedings on Privacy Enhancing Technologies,

  76. [76]

    https://doi.org/10.56553/popets-2024-0147

    work page doi:10.56553/popets-2024-0147 2024

  77. [77]

    A First Look at Related Website Sets.In Proceedings of the 2024 ACM on Internet Measurement Conference

    Stephen McQuistin, Peter Snyder, Hamed Haddadi, and Gareth Tyson. A First Look at Related Website Sets.In Proceedings of the 2024 ACM on Internet Measurement Conference. 2024. https://doi.org/ 10.1145/3646547.3689026

    work page doi:10.1145/3646547.3689026 2024

  78. [78]

    State Partitioning - Privacy on the Web|MDN, 2024

    MDN. State Partitioning - Privacy on the Web|MDN, 2024. https: //developer.mozilla.org/en-US/docs/Web/Privacy/State Partitioning

    2024

  79. [79]

    Storage Access API - Web APIs|MDN, 2024

    MDN. Storage Access API - Web APIs|MDN, 2024. https: //developer.mozilla.org/en-US/docs/Web/API/Storage Access API

    2024

  80. [80]

    Firefox Rolls Out Total Cookie Protection By Default To All Users, 2022

    Mozilla. Firefox Rolls Out Total Cookie Protection By Default To All Users, 2022. https://blog.mozilla.org/en/mozilla/firefox-rolls-out- total-cookie-protection-by-default-to-all-users-worldwide/

    2022

Showing first 80 references.