Google’s Plan for Cookies
Google laid out its plan for phasing out cookies in a post titled “Building a more private web: A path towards making third party cookies obsolete”. In this post, Justin Schuh – Director, Chrome Engineering, explains that Google has been looking at increasing user privacy for some time.
The work apparently started last year in August when Google announced their new privacy initiative called the “Privacy Sandbox”. This initiative looks at developing standards to fundamentally enhance privacy on the web while still allowing for an ad-supported web. The new initiative is expected to provide alternative solutions that will render third-party cookies obsolete within the next two years.
The Privacy Sandbox Initiative
Ideally, the Sandbox initiative would allow advertisers to show relevant advertisements to users while protecting their data and browsing history as much as possible. Google has an advertisement-driven revenue model. Therefore, the proposed standard needs to allow advertisers to deliver more relevant advertisements without allowing them to track individual users.
In a post dated August 2019, Shuh says: “We’re exploring how to deliver ads to large groups of similar people without letting individually identifying data ever leave your browser – building on the Differential Privacy techniques we’ve been using in Chrome for nearly 5 years to collect anonymous telemetry information.”
Reason for Google’s Objections to Blocking Third-Party Cookies
Google has always insisted that blocking support for third-party cookies without providing an alternative would undermine the web’s health. Furthermore, according to Google, blocking third-party cookies in its Chrome browser – like Apple has done with Safari and Mozilla with Firefox – would just encourage the use of alternative tracking methods such as browser fingerprinting.
“…we believe this [blocking cookies] has unintended consequences that can negatively impact both users and the web ecosystem. By undermining the business model of many ad-supported websites, blunt approaches to cookies encourage the use of opaque techniques such as fingerprinting (an invasive workaround to replace cookies), which can actually reduce user privacy and control,” says Shuh.
Browser fingerprinting collects small characteristics of a browser to uniquely identify the person using it. Unlike cookies, fingerprinting is harder to detect, and user fingerprint profiles can’t easily be deleted.
What are Cookies and What are they Used for
Cookies are a small piece of data sent from a website. They are stored on users’ computers by web browsers while the user is browsing. There are two types of cookies:
- First party cookies – these are created by the site an individual may be visiting
- Third party cookies – these are created by other sites who own some of the content on the site. Examples include advertisements and images
First-party cookies are used by companies to make people’s online experience easier by saving browsing information. With cookies, sites can keep individuals signed in, remember site preferences and provide locally relevant content.
Third-party cookies are used by companies to track individuals’ activities on the internet as well as browsing habits. Web publishers and advertising companies use this information to determine what advertising to target to a particular person.
Cookies are core to the advertising industry. They allow advertisers to target people with advertisements for websites they previously visited. Cookies also make it easier for companies to determine the effectiveness of certain advertisements in getting internet surfers to buy.
Use of Third-Party Cookies
It is the use of third-party cookies that privacy advocates object to and have long since criticized companies for using. Google’s privacy initiative plans to phase out these third-party cookies. However, in the meanwhile, Google intends to implement some techniques to limit third-party cookies’ capabilities.
“As we previously announced, Chrome will limit insecure cross-site tracking starting in February, by treating cookies that don’t include a SameSite label as first-party only, and require cookies labeled for third-party use to be accessed over HTTPS. This will make third-party cookies more secure and give users more precise browser cookie controls,” says Shuh.
From February onwards, SameSite rules will require developers who wish to use third-party cookies to explicitly label them as such. Furthermore, this change means that third-party advertisement sellers will need to go through Google to get information about internet users.
Some critics say that this gives Google an advantage and actually makes the market less fair and safe. “This presents a core problem from a competition perspective. It is yet another example of Google diminishing ad rivals’ access to data for the stated purpose of protecting users’ privacy,” said Dina Srinivasan, a lawyer focused on competition issues.