Google recently announced plans to get rid of all third-party cookies across the Chrome web browser. The company hopes that this will “develop a set of open standards to fundamentally enhance privacy on the web.” Google said these changes will take place gradually over the next two years, with the first changes starting next month.
What are Cookies?
Whenever you visit a site that uses cookies, a snippet of information is created and stored on your computer or device. Websites can then use these “cookies” to track your browsing session, help you resume where you left off last time, and remember your passwords and other preferences.
There are two kinds of cookies: first-party and third-party cookies. First-party cookies are created by the web site that you are visiting, and they can only be accessed by that site. If you disable first-party cookies, websites will not be able to save your language preferences, passwords, and other settings. For example, if you visit an online shop, you would not be able to add more than one item to your shopping cart because each item would be treated as a new order.
On the other hand, third-party cookies are created by a different site than you are visiting, and they can be accessed by other companies. This allows advertisers to track your activity across multiple websites.
For example, if you search for flights to New York with third-party cookies enabled, you might start to see ads for hotels in New York. This has become a privacy issue that Google wants to solve with its changes to Chrome.
However, enabling third-party cookies in Chrome doesn’t mean sites store personally identifiable information now. Even so, users may be vulnerable to cookie theft. This happens when a hacker uses the information in cookies to steal information from your log-in sessions. The attacker can then gain access to sensitive data such as your bank details and more.
Why is Google Phasing Out Third-Party Cookies?
Google claims it is implementing the changes to “make the web more private and secure for users, while also supporting publishers.” In a blog post, Google Director for Chrome Engineering Justin Schuh noted the need for greater user privacy. He said users should have “transparency, choice, and control over how their data is used.” Schuh believes that these privacy concerns should spur changes in how tech companies develop the web.
Currently, users can block third party cookies and site data in Google Chrome. However, some developers work around this through “fingerprinting.” This technique allows websites to collect generic data about a user, including the user’s operating system, time zone, active plug-ins, and more. Through fingerprinting, websites can identify or re-identify a user. They can also correlate a user’s browsing activity or make inferences about a user.
Chrome’s Alternative to Third-Party Cookies
To address these concerns, Google has been working on its Privacy Sandbox. Since August 2019, they have been developing tools for users to personalize their privacy settings. This way, you can control what your web browser knows about you. Google also plans to roll out anti-fingerprinting measures later this year.
If you want to find out what your browser knows about you, check out our blog here.
The Privacy Sandbox has a host of APIs (application programming interfaces) that will soon replace Chrome’s third-party cookies. With APIs, advertisers can still track ad performance while respecting user privacy.
For example, one API would enable tracking based on interest groups. This approach avoids intrusive one-on-one ad targeting. Another API will set a privacy budget for advertisers. The API limits the information websites can access on a single person. Once the site reaches the cap, the advertiser loses access to the API.
The sandbox will also change the way Chrome handles user data. This is the most significant change the sandbox will bring. Google plans to store and process user data on the browser. Since user data stays on the device, websites will be more privacy-compliant.
Google will get feedback on the Privacy Sandbox from standards participants. The company encourages people to take part in the process by submitting feedback on GitHub or by emailing the W3C working group.