Google has contracted Fastly to operate an Oblivious HTTP Relay (OHTTP Relay) as part of its “FLEDGE” Privacy Sandbox initiative, ahead of the planned phase-out of support for third party cookies in 2024.
OHTTP is a lightweight application-layer proxy protocol built for transactional interactions, to protect against IP address tracking. It proxies application messages rather than network-layer connections.
It will be used to help deliver Google’s new model for serving adverts to users andthe contract appears to be a significant step forwards for Google in its delayed bid to end the use of third-party cookies.
FLEDGE stands for “First Locally Executed Decisions over Groups Experiment.”
As Google describes it: “If the call is successful, the browser records:
- The name of the interest group: for example, 'custom-bikes'.
- The owner of the interest group: for example, 'https://dsp.example'.
- Interest group configuration information to enable the browser to access bidding code, ad code, and realtime data, if the group's owner is invited to bid in an online ad auction.
OHTTP contract with Google a big win for Fastly
The OHTTP contract is a major win for content delivery network (CDN) or “edge cloud” provider Fastly, which will provide the protocol to billions of Chrome users. The company said in a March 15 press release: “EDGE is a Privacy Sandbox proposal for remarketing and custom audience advertising use cases that is designed to choose relevant ads without allowing cross-site tracking. Using Fastly’s OHTTP Relay, FLEDGE can privately count k-anonymous ads cohorts, making FLEDGE, and the infrastructure that supports it, more private.”
Fastly VP Jana Iyengar added in a canned statement: “We are thrilled to play an important role in Google’s ecosystem-driven approach to preserving privacy and improving performance across the web.”
In response to our emailed questions, Fastly told The Stack that its OHTTP Relay is available in beta now.
In terms of rollout "Google is enabling traffic for additional Chrome users over time according to their launch requirements. We anticipate that Fastly will provide OHTTP service for every Chrome user who is enabled for the FLEDGE service, which we expect will eventually include all Chrome users" the company said.
In response to questions about the demands this might place on its infrastructure (Chrome, after all, has billions of users) the company added: "We have engaged in discussions with Google during the spin up of this project to ensure that we have the necessary details about their expected traffic volumes and patterns. Between this capacity planning and the strength of Fastly's edge compute platform, we are confident that it will not negatively impact our infrastructure."
Cloudflare, which also provides an OHTTP relay, describes it as a simple protocol in which encrypted requests and responses are forwarded between client and server through a relay, decoupling who from what was sent.
“Clients generate encrypted requests and send them to a relay, the relay forwards them to a gateway server, and then finally the gateway decrypts the message to handle the request" it says.
Or as Fastly has also blogged: "The double-blinded nature of the OHTTP service is essential for enabling user privacy: one layer handles end user identifying metadata (the Relay) while another handles the end user's request data (the Gateway). These two layers communicate but do not collude."
“Keeping users’ data private and safe is critical to the future of online business. And with Fastly, we’ve achieved the best of both worlds, giving users robust privacy protections, while continuing to deliver high quality and personalized experiences” said Google’s Victor Wong of the Fastly OHTTP contract.