For two decades, behavioral advertising ran on a simple trick. A tiny resource — a pixel, a script, an iframe — loaded from a third-party domain on thousands of unrelated sites, and the cookie that domain set let it recognize you everywhere. Visit a running-shoe site, then a news site, and the ad network connecting both knew it was the same person. This is the third-party cookie, and it is the engine of cross-site tracking.
Browsers have spent years dismantling it. Safari and Firefox blocked third-party cookies by default. Google, which both makes the dominant browser and runs the dominant ad business, faced a conflict of interest: kill the cookie and you damage your own ad revenue. Its proposed resolution was the Privacy Sandbox — a suite of browser APIs meant to deliver the things advertising needs (interest targeting, conversion measurement, fraud detection) without per-user cross-site identifiers.
From FLoC to Topics
The first attempt was FLoC, Federated Learning of Cohorts, which sorted users into large interest "cohorts" computed in the browser. It was withdrawn after sharp criticism: researchers warned that cohort IDs could become a new fingerprinting surface and could leak sensitive inferences, and the format drew opposition from privacy advocates and other browser vendors. Its replacement is the Topics API, a deliberately coarser, more constrained design.
Old model: external trackers observe your browsing and build a profile on their servers. Topics model: your browser observes your browsing, derives interest labels locally, and hands a small, capped number of them to sites that ask. The profiling moved into the browser — it didn't disappear.
How the Topics API Works
The mechanism is more disciplined than the cookie it replaces. Periodically — on a weekly cycle — your browser looks at the sites you visited and maps them to a public, human-readable taxonomy of interest topics (things like "Travel" or "Fitness," deliberately excluding sensitive categories). It picks a handful of your top topics for that week and keeps them for a few weeks before they roll off.
When a site participating in the API calls it, the browser returns a small set of topics — drawn from recent weeks, and with a deliberate constraint: a caller generally only learns topics for users it actually observed visiting relevant sites. The design also mixes in a chance of returning a random topic, so a site can never be fully certain a given topic is genuinely yours. The stated goals are bluntly modest:
- Coarse, not precise — broad interest categories instead of a granular behavioral dossier.
- Capped and aging — only a few topics, only from recent weeks, then forgotten.
- Sensitive categories excluded — the taxonomy is curated to avoid health, sexuality, religion, and similar.
- User-visible and controllable — Chrome exposes the topics it has inferred and lets you remove them or turn the API off.
The Honest Criticisms
Topics is genuinely less invasive than third-party cookies on several axes. It is also not the privacy victory the name "Privacy Sandbox" implies, and several criticisms are worth taking seriously.
| Concern | Why it matters |
|---|---|
| Tracking is normalized, not removed | The browser still profiles you for advertising — it just does so more politely. The premise that ad networks are entitled to your interests goes unchallenged. |
| Topics can combine with other signals | A returned topic on its own is coarse, but joined with a login, an IP address, or a fingerprint it can re-attach to a real identity. |
| The taxonomy is a judgment call | What counts as "sensitive" is decided by the vendor, and coarse topics can still correlate with sensitive traits. |
| It does nothing about fingerprinting | Fingerprinting identifies you without any cookie or API at all, and Topics leaves that channel untouched. |
There is also the governance problem. The company designing the privacy mechanism is also the largest beneficiary of the advertising it preserves, and the proposal has drawn regulatory scrutiny over competition as much as privacy. Notably, after years of promising to deprecate third-party cookies in Chrome, Google announced in 2024 that it would not force the change and would instead leave the choice to users — a reversal that left the Sandbox's role uncertain and underscored how entangled the privacy story is with business strategy.
A more private way to do behavioral advertising is still behavioral advertising. The interesting question is not "is Topics better than cookies" — it usually is — but "should the browser be doing this at all." — The framing the marketing avoids
What You Can Actually Do
The practical options are straightforward, and they predate the Sandbox:
- Turn it off. In Chrome's ad-privacy settings you can disable ad topics, site-suggested ads, and ad measurement. It is opt-out, so you have to go looking.
- Use a browser that doesn't ship it. Firefox, Brave, and other privacy-focused browsers don't implement Topics and block third-party cookies by default.
- Block at the network layer. Tools like Pi-hole and tracker-blocking extensions cut off the ad and analytics endpoints regardless of which targeting scheme is in fashion.
- Send a legal opt-out. Global Privacy Control tells compliant businesses not to sell or share your data in the jurisdictions that recognize it.
Where Haven Fits
The Privacy Sandbox is a window into how the surveillance economy adapts: when one tracking method becomes unacceptable, the industry engineers a more palatable replacement rather than giving up the underlying goal. The data keeps flowing; only the plumbing changes. That pattern is exactly why we think privacy has to be built into the architecture of a service, not bolted on as a setting that can be re-engineered around.
Haven doesn't run ads, doesn't profile you, and has no business model that benefits from knowing your interests — your messages and email are encrypted on your device before they reach us, so there is nothing to mine in the first place. The most reliable defense against the next clever targeting API is choosing tools that never needed your data to make money.