Escaping the Privacy Sandbox with Clientside Deanonymization Attacks

Name: Escaping the Privacy Sandbox with Clientside Deanonymization Attacks
Description: Google's Privacy Sandbox is the industry's most ambitious attempt to replace third-party cookies with privacy-preserving alternatives for the web advertising ecosystem. Conceived as a way to maintain

Eugene Lim

DEF CON 33 · Day 2 · Main Stage

Google's Privacy Sandbox is the industry's most ambitious attempt to replace third-party cookies with privacy-preserving alternatives for the web advertising ecosystem. Conceived as a way to maintain

AI review

Eugene Lim demonstrates that Privacy Sandbox APIs — specifically the Attribution Reporting API and Shared Storage API — can be misused to perform cross-site user tracking and data exfiltration, the exact behaviors they were designed to prevent. The selectURL covert channel enables iterative exfiltration from Shared Storage; source_event_id encoding in attribution reports enables persistent cross-site user correlation.

Watch on YouTube