This is a new API for propagating a notion of user trust across sites, without using cross-site persistent identifiers like third party cookies.

Motivation

The web ecosystem relies heavily on building trust signals to detect fraudulent or spammy actors. One common way this is done is via tracking an individual browser’s activity across the web, usually via associating stable identifiers across sites. Preventing fraud is a legitimate use case that the web should support, but it shouldn’t require an API as powerful as a stable, global, per-user identifier. In third party contexts, merely segmenting users into trusted and untrusted sets seems like a useful primitive that also preserves privacy. This kind of fraud protection is important both for CDNs, as well as for the ad industry which receives a large amount of invalid, fraudulent traffic.

Documentation

Specification

Public discussion

Status in Chromium

A-N/A


Origin trial (tracking bug) in:

  • Chrome for desktop release 84
  • Chrome for Android release 84

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • No signal
  • No signal
  • Positive
  • Positive

Owners

Intent to Prototype url

Intent to Prototype thread

Comments

Process for registering as an issuer: https://docs.google.com/document/d/1cvUdAmcstH6khLL7OrLde4TnaPaMF1qPp3i-2XR46kU/ If you are trying to register as a developer to use the Trust Token APIs to issue/redeem, please follow the standard Origin Trial registration process: https://github.com/GoogleChrome/OriginTrials/blob/gh-pages/developer-guide.md To enable for local debugging, use --enable-features=TrustTokens alongside either 1. an origin trial token, to enable the feature on pages with the token present, or 2. `--enable-blink-features=TrustTokens,TrustTokensAlwaysAllowIssuance`, to enable the feature everywhere

Last updated on 2020-11-20