Security News > 2022 > May > Google starts testing fenced frames to guard its Privacy Sandbox
Google in the next few days plans to begin testing fenced frames, a proposed web API to help its Privacy Sandbox ad technologies meet commitments to privacy of a sort.
Fenced frames are designed to take the place of inline frames, or iframes, for specific scenarios like delivering interest-based ads without betraying interest data to the web page in which they're embedded.
Fenced frames are an essential part of Google Privacy Sandbox vision because they're the mechanism that, hopefully, will deny data accessible to one web domain from being piped to a different web domain.
The section on Privacy Considerations in fenced frames points out that it may be useful to share some data across the so-called fence.
The IntersectionObserver API, used for determining how page elements overlap - e.g. detecting when display ads are obscured - has the potential to be used for repositioning frames to communicate a user identifier to a fenced frame.
So fenced frames have to limit the scope of that API. Then there are concerns about side channel communication that's possible over the network, via data derived from URL navigation, or the way permissions get delegated among top-level frames and embedded contexts.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/05/03/google_fenced_frames/
Related news
- UK data watchdog questions how private Google's Privacy Sandbox is (source)
- Watchdog reveals lingering Google Privacy Sandbox worries (source)
- Google to Delete Billions of Browsing Records in 'Incognito Mode' Privacy Lawsuit Settlement (source)
- Google Chrome Adds V8 Sandbox - A New Defense Against Browser Attacks (source)