Private State Tokens
Private State Tokens (formerly Trust Tokens) are a Privacy Sandbox API that lets a site vouch for a user as likely-genuine on one site and redeem that trust on another, using blind-signed cryptographic tokens, without exposing a cross-site identifier. This page explains the anti-fraud purpose and the privacy properties the design preserves.
What the API does
A token issuer (for example a site that has assessed a user as likely human) issues blind-signed tokens to the browser. Later, on a different site, the browser can redeem a token to prove the user carries that prior trust signal. Because the signature is blind, the issuer cannot link issuance to redemption, and the redeeming site learns only that a valid token exists — not who the user is.
- Tokens are blind-signed by an issuer
- Redeemed on another site to convey trust
- No cross-site identifier is exchanged
What it deliberately does not reveal
The design separates conveying a boolean-like trust signal from identifying a person. It is intended for anti-fraud and abuse-fighting use cases — distinguishing likely-genuine users from automated abuse — rather than for measurement or audience building. Limits on how many tokens can be issued and redeemed, and the unlinkability of the blind signatures, are what keep it from becoming a cross-site tracking vector.
How it appears in analytics and logs
A Private State Token redemption conveys a trust signal, not a user identity — it cannot be read as a cross-site user ID for analytics.
Diagnostic use case
Understand how trust or anti-fraud signals can move between sites without an identifier, so you do not mistake Private State Tokens for a tracking mechanism.
What WebmasterID can help detect
WebmasterID measures first-party and does not need cross-site identifiers; Private State Tokens are relevant as anti-fraud context, not as an analytics identifier.
Common mistakes
- Treating Private State Tokens as a cross-site user identifier.
- Assuming redemption reveals who the user is.
- Using anti-fraud tokens as an analytics signal.
Privacy and accuracy notes
This page is educational and not an endorsement of fingerprinting. Private State Tokens are designed to convey trust without re-identifying users across sites.
Related pages
- Chrome Privacy Sandbox and analytics
The Privacy Sandbox is a set of Chrome web-platform APIs intended to support advertising and measurement use cases without cross-site tracking of individuals. It includes interest-based targeting, conversion measurement, and anti-abuse APIs that return aggregated or noised results rather than per-user identifiers. This page maps the pieces and what they mean for analytics.
- Fingerprinting and why to avoid it
Fingerprinting combines device and browser characteristics — fonts, screen, headers, hardware hints — into a quasi-identifier that can recognise a returning visitor without a cookie. Because it is hidden, hard to refuse, and resistant to clearing, browser vendors and privacy regulators treat it as a tracking technique to discourage. Privacy-first analytics deliberately does not fingerprint. This is educational, not legal advice.
- The Topics API for interest signals
The Topics API is a Privacy Sandbox proposal that lets a browser share a handful of coarse interest topics, inferred on-device from recent browsing, with sites and their ad partners — without revealing the underlying browsing history. This page explains the mechanism, its deliberate limits, and why it is not a replacement for per-user analytics.
- Bot intelligence
Distinguish genuine visitors from automated abuse.
Sources and verification notes
- Google — Private State TokensAPI design, issuance and redemption, and privacy properties.
Last reviewed 2026-06-24. Facts are checked against primary/official sources where available; uncertain specifics are marked “Data not yet verified” rather than guessed.