Skip to main content
Privacy Sandstorm
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Privacy Sandstorm
  2. /
  3. Privacy Sandbox Proposals
  4. /
  5. Privacy State Tokens
Edit page

Privacy State Tokens

Important
This API is still being maintained by Google in Chrome, even after the deprecation announcement of most other Privacy Sandbox APIs.

Overview

Private State Tokens (previously named Trust Tokens) enable trust in a user’s authenticity to be conveyed in a cross-site manner in order to combat fraud and bots without the use of third-party cookies. The API conveys information about the user in a cross-context manner. For example, if the user solves a CAPTCHA on one site, information that the user can be trusted is then communicated to other sites that the user visits. The tokens are securely stored in the user’s browser and can be used elsewhere to confirm the user’s authenticity without revealing their identity. Trust established on one platform, like a social media site or email service, can be extended to other websites, such as publishers or online stores, without compromising user privacy or linking identities across platforms.

How does it work?

  • An issuer website verifies that a user meets some definition of trustworthiness through a challenge; e.g., solving a CAPTCHA, logging into an account, performing a transaction, etc. If completed successfully, the user’s web browser is issued a token that proves cryptographically that they are considered trustworthy by the issuer service.

  • On the redeemer side, the website can then confirm that a user is considered to be real by an issuer the redeemer trusts by checking if they have a valid and recently issued token. If so, they can redeem these tokens as needed without having to prompt users for another challenge.

  • API calls:

    • Check if trust token exists: document.hasPrivateToken()
    • Check if redemption record exists: document.hasRedemptionRecord()
    • HTTP headers: Sec-Private-State-Token, Sec-Private-State-Token-Lifetime, Sec-Private-State-Token-Version, Sec-Redemption-Record
    • Issuance and redemption can be performed with Fetch requests and by embedding iframes with the privateToken attribute.
    • Additionally, the mechanism includes multiple new “Sec-” HTTP headers that the browser includes automatically in outgoing network requests.
    • The issuance and redemption server needs to set up additional encryption and guarantee mechanisms to ensure that tokens are in compliance with the mechanism requirements.

  • Documentation

  • Explainer

  • Chrome Design Doc

Analyses

gdoc_arrow_left_alt Google WWW 2024 Paper NDSS 2023 Analysis gdoc_arrow_right_alt