TURTLEDOVE and SPARROW are two of the web browser APIs in Google’s Privacy Sandbox and aim to serve as alternatives for third-party cookies.
Back in 2020, Google announced that it will be deprecating third-party cookies, the time period for which has extended till late 2023, in order to preserve the privacy of users. This news, however, was a cause for concern for publishers and advertisers, for whom cookies are a way to essentially enhance the advertising experience for users.
(Also checkout our blog on Web Browser Cookies to know how different browsers are handling them.)
But, all this is ancient history now and publishers and advertisers have come to terms, more or less, with the situation. Moreover, Google came up with Privacy Sandbox (which is a series of browser APIs) to replace third-party cookies, so things aren’t as bleak as they appear.
While nothing in the ‘sandbox’ has become a concrete solution as of now, there have been various developments in the project. In this blog, we are going to talk about a couple of those developments- TURTLEDOVE and SPARROW- and how they have furthered the advancement of Google’s initiative to replace third-party cookies.
However, before moving forward, here’s Privacy Sandbox API in a nutshell.
Privacy Sandbox APIs (Application Programming Interfaces)
The Privacy Sandbox APIs require web browsers to take on a new role. Rather than working with limited tools and protections, the APIs enable the user’s browser to act on the user’s behalf—locally, on their device—to protect the user’s identifying information as they navigate the web.web.dev
You can also checkout this short video to see what role browser is expected to play in the future.
Since the use of third-party cookies led to serious concerns about user privacy, in the sense that users can be tracked across sites, Privacy Sandbox APIs aim to establish a way to serve ads or allow conversion measurement without divulging any personal information about the user. The use cases of user information are varied in the ad tech industry, therefore, it’s imperative that web browser APIs are eventually able to satisfy those without compromising user privacy.
Initially, the APIs that were introduced included aggregated reporting API, trust tokens API, conversion measurement API, Federated Learning of Cohorts (FloC), privacy budget, TURTLEDOVE, and first-party sets.
TURTLEDOVE, the acronym for Two Uncorrelated Requests, Then Locally-Executed Decision On Victory, was originally proposed by Chrome in January 2020. It’s meant for providing advertisers and publishers a way to retarget users without violating their privacy.
Consider this simple example for understanding the use case of this API:
You might have often seen that if you are looking to shop for shoes and browse through a particular website, you may later see advertisements for that particular website on other pages that you visit or while you’re scrolling through any social media channel.
At the present time, these ads are served by tracking the users across different websites and possibly using other user information. This is exactly what TURTLEDOVE proposes an alternate way for, a manner through which user information remains hidden from any third party.
While currently, decisions related to auctions occur in the ad server, TURTLEDOVE proposes that auction decisions take place in the browser instead. The reason for this being that such a change might prevent any troublemakers in the industry from creating user profiles that are used to track them across sites.
Since the user-specific information will be stored in the browser rather than with the advertiser, they will only be able to serve interest-based ads and won’t be able to combine any other user information with interest. Another key privacy advance that this API provides is that the ad network that a website is using will not have access to the user’s interest.
Introducing Interest Groups
The proposal submitted to Github defines an interest group as
a collection of people whom an advertiser or their ad network believes will be interested in seeing some type of ad.
As the user visits a website, they are supposed to interact with it in some manner. For example, they might be interested in product A on the website, so they open that page. The way a user interacts with a website then allows the site owner to classify them in one or two interest groups. These interest groups can then be used by advertisers to serve relevant ads to users of a particular interest group.
Now, let’s take a look at the key objectives of TURTLEDOVE.
- It is upon the user if they want to keep seeing ads that remind them of websites that they have previously visited. Users can avoid such ads if they wish.
- It might be confusing for users to know exactly why they are seeing ads about the websites they have been on, therefore, TURTLEDOVE aims to give a clear answer to the users about the same.
- A user can opt out of any interest group that they are part of and will stop seeing ads that are being served to that group based on retargeting.
- Advertisers will not have access to user’s browsing behaviour and websites will not know if a person visiting them is part of any specific interest group.
Problems with TURTLEDOVE
While in theory, this API seems to solve some key privacy-related issues, it is only the first proposal for the use case of retargeting and therefore isn’t without limitations.
One of the key issues with TURTLEDOVE is that by conducting auction decisions in the browser, a large amount of strain is being put on it.
You’re now making an enormous amount of decisions on the browser — it’s not clear that’s an improvement of having cookies on the browser.
After certain drawbacks of TURTLEDOVE came into the limelight, Criteo, a French ad tech company, came up with another proposal in May- Secure Private Advertising Remotely Run On Webserver or SPARROW.
This response to Google’s proposal builds upon the same and has introduced some additional capabilities to protect users while making sure that the ad tech industry is able to function in a more controlled and transparent manner.
A primary change in this proposal is that it suggests that auction-related decisions are taken care of by an independent party, known as the ‘gatekeeper’, as opposed to the browser, which TURTLEDOVE proposed in the first place.
Charles-Henri Henault, VP of Product, Ads Platform and Analytics at Criteo, told AdMonsters during an interview that they see their proposal as an enhancement to TURTLEDOVE.
In fact, SPARROW maintains many of Chrome’s objectives within their own proposal.
Apart from the objectives that were set by Chrome’s TURTLEDOVE, SPARROW introduces some more goals to improve the position of the ad tech industry and better safeguard users:
- Advertisers have the option of gaining control of their campaign and its performance, albeit in a way that respects user privacy.
- Publishers and advertisers are given more control over brand safety, ad safety, and transparency in billing.
- User experience, which is becoming more and more important in the industry (see Core Web Vitals), is preserved, since the browser is not responsible for handling decisions related to the auction.
- Lastly, SPARROW moves beyond just retargeting and supports more advertising use cases:
- Advertisers can create new interest groups by identifying intersectionality between existing, single-domain interest groups.
- If the advertiser allows, an interest group can be used for branding and redirecting for related domains other than the original one.
But, SPARROW is not perfect
While this proposal takes further the original idea of TURTLEDOVE, there are still concerns about its functionality. A major issue being with the concept of ‘gatekeeper’. A lot of parties are concerned whether a third-party can be trusted to ensure that data is kept safely or not.
Furthermore, the lack of companies in the ad tech industry that can serve as a gatekeeper is another issue with SPARROW.
Henault has rightly described the situation in saying that:
It’s important to note that we see SPARROW as a continuous work in progress. We designed it to help kickstart ideas in the industry and propel the industry forward. Regardless of which proposal ends up being adopted, we strongly believe the entire industry needs to work together to find a solution, one that respects the end user’s privacy and gives them control or choice over their data.
Since both TURTLEDOVE and SPARROW have some drawbacks, other proposals have been submitted by different parties in the industry that build further on the original ideas. These are, DOVEKEY, PARROT, TERN, and FLEDGE.
At the present time, it’s hard to say whether the latest version of the TURTLEDOVE family, FLEDGE, will be the perfect solution or not, as it is still in the experimental phase. But, it can be said with certainty that with each proposal developments are being made for this API.
We will discuss the other proposals broadly in our upcoming blogs.
What is Google’s Privacy Sandbox?
The Privacy Sandbox aims to pave the way for publishers and advertisers to target users and measure campaigns, while making sure that user privacy is protected.
What is TURTLEDOVE?
TURTLEDOVE is one of the web browser APIs in the Privacy Sandbox. The proposal breaks down how advertisers and publishers can retarget users without violating their privacy. TURTLEDOVE proposes that the auction decisions take place in the browser so sensitive data remains hidden from ad networks or other third-parties.
What is SPARROW?
SPARROW is a response to TURTLEDOVE and is proposed by Criteo. It suggests that rather than putting the browser in charge, a third-party, the gatekeeper, should be taking care of auction related decisions. This proposal builds upon TURTLEDOVE and expands advertising use cases for the industry.