Tracking and profiling of users across the internet has, unfortunately, become common practice across a wide swathe of the internet, especially in retail. Users are carefully tracked and scrutinised to determine their needs, wants or desires, which are then used to target them for tailored marketing campaigns, personalised experiences and remarketing efforts. A personal touch is great, but it should not come at the expense of privacy.

Online privacy is quickly gaining traction, with various organisations committing to protecting user privacy. Browsers such as Safari, with its Intelligent Tracking Prevention, have made privacy popular by default, whilst newer browsers such as Brave are completely privacy-focused; providing built-in ad-blockers and privacy shields. Even Google, who stand to lose the most from the restriction to cross-site tracking, has committed to improving the standard of protection in Chrome.

What is actually changing?

Browsers are providing a greater level of protection for user privacy, with the goal being to prevent users from being uniquely identifiable as they browse the web. One of the biggest changes is the removal of third-party cookie support. Third-party cookies are those which have a different domain to the site currently being viewed. So if you are browsing​com, a tracker will not be able to read or write cookies on the www.nasty-tracking-site.​com domain. This sandboxes the data available on each site - preventing a tracker from assigning a user a unique identifier which is then accessible from across the web. Safari has already started blocking such cookies by default, whilst Chrome has committed to doing so by 2022.

Cookies are unfortunately not the only method used to jeopardise user privacy. To avoid the ever-stricter rules being enforced by browsers, trackers often employ more nefarious means to fingerprint users' browsers. Fingerprinting involves collecting many seemingly innocuous pieces of data from a user’s device to build a unique identifier. Whilst screen resolutions or software versions seem harmless at first, once combined with enough other variables, these provide sufficient information to uniquely identify an individual. Various techniques are employed to prevent fingerprinting, including restricting access to the more unique information sources (Safari has refused to implement many useful APIs such as the Web Bluetooth API because of this) and attempting to detect malicious scripts - however, these require constant monitoring and updates, as the scripts themselves employ new counter-measures.

The Privacy Sandbox

To deter trackers from attempting to fingerprint users, an alternative strategy needs to be explored. Most web tracking is employed to support advertising, which is the revenue model for large parts of the web. Advertisers want to be able to track users, to understand what the best (most lucrative) adverts are to show to that individual.

Visit a shoe retailer’s site? You’ll probably be shown ads for sneakers for the next few days.

Crucially, however, most advertisers don’t care exactly who you are - they just want to know what kind of adverts to show to you.

Google (as one of these advertisers) has proposed a set of solutions to this problem - known as the ‘Privacy Sandbox’. This details various proposals, which have the collective aim of facilitating web personalisation and advertising whilst maintaining the privacy of individuals who receive personalised experiences or advertising. Essentially, it attempts to balance the amount of information exposed about a user - enough to indicate their preferences, but insufficient to pick them out from a crowd.

Federated Learning of Cohorts

Federated Learning of Cohorts, or FLoC, is one such proposal which does exactly that. Instead of exposing unique identifiers for individuals, browsers indicate the ‘cohort’ with which their interests align.

Returning to our shoe example - indicating that a user is part of a group of people who have an interest in a certain shoe brand will not compromise their privacy. Millions of people will share the same interest, which means the browser can expose this information without distinguishing who an individual is. The challenge of such a solution, and indeed where the ‘learning’ part of FLoC comes in, is working out when a cohort is sufficiently large to protect the users' privacy. FLoC proposes using clustering methods to determine cohorts which provide a sufficient balance of privacy to users and granularity to advertisers.

Privacy Budget

Alongside FLoC, to give users greater protection from fingerprinting, the Privacy Sandbox contains the Privacy Budget proposal. This seeks to limit the amount of fingerprintable surfaces which are accessible at one time, whilst maintaining access to useful APIs. Whenever an API which contains identifying information is used by a site, it eats into the finite privacy budget for that site. This prevents wholesale scraping of every piece of information available, which is usually only used to covertly fingerprint a user.

As with FLoC, this approach requires a careful balance. Access to certain information is vital to the correct operation of most websites. The appropriate amount of information to expose before penalising sites, and what that penalisation looks like, is still up for debate. Initial ideas include blocking further access to sensitive APIs, returning degraded or random data when they are called, or even blocking storage and network access to the site.

The Privacy Sandbox contains several other intriguing solutions to privacy problems on the web as it stands today. Although I won’t go into them further, you can investigate them for yourself and comment on the proposals from the links on

What does this mean?

It will be much harder (and ideally impossible) to identify individuals across sites as they browse the web. Building user profiles from browsing history and interactions will no longer be a thing. Advertising will be slightly less targeted - individuals will not have a unique advertising ID - but will be much more private, which can only be a good thing.

Personalisation of websites, especially retail sites, will be a lot more contextual. Unless a user signs in, most traffic will be anonymous, with only broader, cohort-based information available about an individual. Good recommendations will need to be based on the actions a user takes within a given session and the live interactions they make with a website. Rather than personalising and recommending based on stale information from previous visits, only using fresh interactions will mean that a user is shown what they want at that specific moment.

It is clear that web privacy is changing. In the next few years, we will see reforms across all major web browsers, which will put protection of user privacy at the forefront of web design. The browser is becoming more of an agent for the user and less a tool from which other entities extract information. Although it is not yet clear which of the changes being discussed from Privacy Sandbox proposals and beyond will be adopted as web standards, it is obvious that taking unique user identification for granted will no longer be the case.

If you’re a retailer looking to get ahead of the game, BOON already does this. We don’t base our recommendations on stale browsing data, or covertly track shoppers across the web. Instead, we provide a unique interactive question process, based on psychology research, to determine what a user wants there and then. We use the answers they give us to pick out the best products from your catalogue. When they close the window, we forget about them.

Click here to read the next post in the series.