Evaluating Google's Protected Audience Protocol
Authors: Minjun Long (University of Virginia), David Evans (University of Virginia)
Volume: 2024
Issue: 4
Pages: 892–906
DOI: https://doi.org/10.56553/popets-2024-0147
Abstract: While third-party cookies have been a key component of the digital marketing ecosystem for years, the way they allow users to be tracked across web sites raises serious privacy concerns. Google has proposed the Privacy Sandbox initiative to enable ad targeting without third-party cookies. While there have been several studies focused on other parts of this initiative, there has been little analysis to date as to how well the system achieves the intended goal of preventing request linking. This work focuses on analyzing linkage privacy risks for the reporting mechanisms proposed in the Protected Audience (PrAu) proposal (previously known as FLEDGE), which is intended to enable online remarketing without using third-party cookies. In this work, we summarize the overall workflow of PrAu and highlight potential privacy risks associated with its proposed design. We focus on scenarios in which adversaries attempt to link two requests to different sites to the same user and show that a realistic adversary would be still able to use the privacy-protected reporting mechanisms to link user requests and conduct mass surveillance, even with correct implementations of all the currently proposed privacy mechanisms.
Keywords: web privacy, Google's Privacy Sandbox, information leakage, online tracking
Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.