FLEDGE is a Privacy Sandbox proposal to serve remarketing and custom audience use cases, designed with the intent of preventing third-parties from tracking user browsing behavior across sites. The browser will provide protection against microtargeting, by only rendering an ad if the same rendering URL is being shown to a sufficiently large number of people. We will require a crowd of 50 users per creative within the past 7 days before the ad can be rendered. This also helps protect users from cross-site tracking by preventing reporting rendered URLs that don't meet the minimum threshold.
This protection is referred to as 𝑘-anonymity, and is enabled by a centralized server operated by Google that maintains global counts. Once a creative meets the minimum threshold, it is cleared to be rendered to users. You can check out our explainer for further details on the 𝑘-threshold, and how the 𝑘-anonymity service is designed within FLEDGE.
While the 𝑘-anonymity service provides a key privacy protection, it also could expose sensitive user data to this centralized server, such as IP address and the browser's User-Agent string. This is why we are improving Chrome’s privacy measures by partnering with Fastly, an edge cloud platform that provides content delivery, edge compute, security, and observability services, to operate an Oblivious HTTP relay (OHTTP relay) as part of FLEDGE’s 𝑘-anonymity server.