Google wants devs to promise they won’t abuse new Chrome ad API
Google will soon be launching a new API for Chrome, designed to provide ads tailored to users’ preferences within the web browser.
However, since the revelation that a fingerprinting attack on the API could lead to individuals being identified, Google has asked that developers refrain from abusing it by using this method.
In responding to the discussion about the issue on GitHub, Josh Karlin, a technical lead at Google responsible for Chrome, wrote, “we’ve added a requirement on Chrome that developers enroll to use the API and to attest that they won’t abuse the API. That’s not a technical solution, but I do believe it goes a long way to addressing this problem. Closing for now.”
Topics API
The Topics API will come as part of Chrome version 115, set to release July 12. Mozilla and Apple have opposed using the new API for their respective browsers (FireFox and Safari), with both citing privacy concerns.
Apple WebKit team member Anne van Kesteren also posted on GitHub to say that “We don’t think cross-site data about the user’s browsing behavior should be exposed in APIs.” They also cited many other reasons for taking against the Topics API.
And Mozilla engineer Martin Thomson, in speaking for the company, said that, “we’re “negative” on Topics. Our reasoning is different than that of Apple, though we broadly agree with many of the points they make.”
Thomson also added, “Though the information the API provides is small, our belief is that this is more likely to reduce the usefulness of the information for advertisers than it provides meaningful protection for privacy. Unfortunately, it is hard to identify concrete ways in which this might be improved.”
Google’s previous attempt at an interest-based advertising API – Federated Learning of Cohorts (FLoC) – ended in failure, and this is another shot for the tech giant to plug the gap once third-party cookies disappear near the end of 2024.
The Topics API is part of the Google Privacy Sandbox, and aims to maintain users’ privacy whilst serving ads relevant to their interests. It allows a website to run a JavaScript code to find three topics based on the user’s past visits, and show ads related to them.
The problem is that web publishers could run the code on multiple websites and then build up a picture – or fingerprint – of the user. Earlier this month, Google announced changes to the Topic API to address concerns, but Mozilla, Apple and others in the space remain unconvinced.