Google's plan to make advertising less invasive hits another roadblock

(Image credit: Shutterstock)

Replacing third-party cookies in Chrome to prevent users from being tracked online is proving more difficult than initially thought for Google as the company continues work on its Privacy Sandbox.

As reported by The Register, the search giant's Privacy Sandbox is a set of technologies designed to deliver personalized ads while making it much more difficult to track users online. 

All of the web technology proposals included in Google's Privacy Sandbox have bird-themed names and although we've heard a lot about FLoC (Federated Learning of Cohorts) senior software engineer at Microsoft, John Mooring recently created a conceptual attack that could be used to target FLEDGE which stands for First Locally-Executed Decision over Groups Experiment.

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

While FLoC tracks users across the web by putting them into groups as opposed to doing so individually, FLEDGE is a remarketing proposal that will be used to reach users on other sites after they've previously visited a company's website.


In a recently opened issue in the GitHub repository for Turtledove which is now known as FLEDGE, Mooring described a conceptual attack that would allow an attacker to create code on webpages to use Google's technology proposal to track users across different sites.

This is particularly concerning as Google has designed FLEDGE to enable remarketing without tracking site visitors using personal identifiers. Google Mathematician Michael Kleber responded to Mooring's issue by acknowledging that his sample code could be abused to create an identifier in situations where there's no ad competition, saying: 

"This is indeed the natural fingerprinting concern associated with the one-bit leak, which FLEDGE will need to protect against in some way. We certainly need some approach to this problem before the removal of third-party cookies in Chrome." 

Before Google goes through with its plan to phase out support for third-party cookies in 2023, this one-bit leak issue will certainly need to be fixed to ensure the success of its Privacy Sandbox initiative.

Via The Register

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.