Microsoft's playdate in Google's Privacy Sandbox gets messy

Targeted ads in Edge may be blocked before they even arrive

Analysis Inspired by Google's Privacy Sandbox ad tech renovation initiative, Microsoft last month announced plans for a "privacy preserving" mechanism to deliver interest-based ads in its Edge browser.

As described by Microsoft, the Ad Selection API resembles Google's Protected Audience API, which aims to provide a way to deliver targeted ads through an auction process without the privacy problems associated with third-party cookies. The software giant's plan hasn't yet been implemented, but already AdGuard, a vendor of ad-blocking software, says it will block the API due to privacy concerns.

HTTP cookies are files that web applications store in browsers to help maintain state (eg, whether you're logged in, your preferences) and to perform other functions, some necessary and some not. Websites may also allow third parties to set cookies, which have traditionally been used for tracking people online, assisting with targeted ad delivery, and analyzing user behavior.

We are supposed to believe that the mere fact that user data is encrypted eliminates the possibility of unauthorized access

Third-party cookies diminish or deny privacy by making it possible to track people online and build profiles of their interests and activities. They are getting increasingly stale, thanks to privacy regulations in Europe and in some states like California. Third-party cookie support will be dropped in Google's Chrome browser later this year, and more privacy-focused browsers like Brave, Firefox, and Safari already block third-party cookies by default.

Don’t assume that’s how the cookie crumbles.

To prepare for the demise of third-party cookies – an event that represents the end of an era for current ad tech – Google devised its Privacy Sandbox, a suite of advertising-related technologies that aim to provide the functionality of third-party cookies without the privacy problems. The extent to which that's possible is still being evaluated in browser tests and by the UK's Competition and Markets Authority, to which Google has made a set of commitments intended to ensure a competitive market.

Microsoft, having already adopted Google's open source Chromium project as the basis for its Edge browser, has also warmed to the idea of privacy-preserving targeted ads.

"The Ad Selection API is a browser platform feature that enables advertisers and publishers to show relevant ads to users—all without relying on third-party cookies or other cross-site tracking identifiers," Redmond explained last month. Microsoft said it expects the Ad Selection API to be available for testing in the second half of 2024.

In a note to The Register, AdGuard CTO Andrey Meshkov said that Microsoft's Ad Selection API and Google's Protected Audience API are similar – aside from a few minor differences.

"But one difference that stands out is that while Google leaves two options for the location of the ad auction, either in the Trusted Execution Environment (TEE) or on the device, Microsoft wants to run it only in a TEE," Meshkov said.

An ad auction run in a TEE theoretically should be inaccessible from the host machine – data is processed in-memory through an encrypted process, thereby preventing those participating from gaining access to details about those who are served ads.

Meshkov said Microsoft's decision not to turn the browser itself into an ad network is a step in the right direction. However, he questions the Microsoft’s assumptions about the impenetrability of TEEs and the trustworthiness of the ad tech firms that would be running these auctions.

"We are supposed to believe that the mere fact that user data is encrypted eliminates the possibility of unauthorized access, that the TEEs are secure environments that no one can penetrate," he said, expressing skepticism that a system this complicated will work properly out of the gate.

Meshkov said AdGuard already blocks Google's Protected Audience API for users who have the Tracking Protection filter enabled. And because Microsoft's Ad Selection API is similar, "we will start blocking it as well," he said, as soon as it is implemented in Edge.

"Microsoft’s Ad Selection API is bad for the Web for many of the same reasons as Google’s Protected Audiences API: both systems are enormously complex and difficult for users to understand," Peter Snyder, principal privacy researcher at Brave Software, told The Register.

"Both systems require huge amounts of computing power to perform the simple task of display ads (though the systems differ in whether that energy is consumed on the user’s device or on central servers), and both systems require browsers with massive install bases to provide any meaningful 'targeting' in the first place, further centralizing the Web around a small number of dominant browsers."

Snyder also expressed skepticism about the trustworthiness of Trusted Execution Environments.

"Despite their name, TEE’s do not automatically protect user data," he explained. "First, TEEs do not ensure that the code they’re running is privacy preserving; users still must trust some auditor of that code to ensure that the code is privacy-respecting. This is no small thing given how poorly ad companies (including Google’s and Microsoft’s) have treated user data in the past.

"Second, and similarly, TEEs do not provide protections against code that is unexpectedly malicious, such as from supply chain attacks (see the recent xz situation). In short, the moment sensitive user data leaves the user’s device, user privacy is at risk. Using a TEE doesn’t change that fact, it obscures it."

Microsoft’s Ad Selection API and Google's Protected Audience API, he argues, rely on complicated systems that put users at risk.

"These systems are advertising being 'done to' users, instead of 'done for' users," he contends, adding that classic contextual advertising or newer systems are simpler, safer, and better for the Web. ®

More about


Send us news

Other stories you might like