Google will join Safari and Firefox in blocking third-party cookies in its Chrome web browser. However, unlike those browsers (which have already started blocking them by default), Google intends to take a phased approach. Justin Schuh, the director at engineering for Chrome, writes that Google’s “intention is to do this within two years.”
In those cookies’ place, Google is hoping that it can institute a new set of technical solutions for various things that cookies are currently used for. To that end, it has proposed a bunch of new technologies (as have other browser makers) that may be less invasive and annoying than tracking cookies have become.
These new technologies are supposed to make it easier for advertisers to target certain demographics without laser-sighting down to specific people, ensure that the infrastructure many sites use for logins don’t break, and help provide some level of anonymous tracking so advertisers can know if their ads actually converted into sales.
If it all came to pass, it would radically shift the way ad tracking and privacy work on the web. It could also open up entirely new vectors of tracking we have yet to imagine.
The rhetoric between browser makers is getting sharper
The context for Google’s cookie-killing proposal is that there’s a pitched battle being waged between browser makers to remake the future of privacy on the web. On the one hand are browsers like Safari and Firefox, browsers with code that increasingly take an absolutist stance against cross-site tracking. On the other is Google and Chrome, whose developers are trying to cut down on tracking without kneecapping revenue for websites.
The difference between them all isn’t just whether and how to implement that tech, but when. Google wants to wait a bit, Apple and Firefox believe the crisis is already too big and have already started blocking third-party cookies — perhaps before there’s a viable replacement for some use cases (and in some cases, they may not want there to be one).
The battle is big and the rhetoric is getting sharp. People accuse Apple of wanting to smother the web in favor of a walled-garden App Store. Others accuse Google of wanting to maintain an ad-tracking dystopia. Google worries that cutting off cookies now will encourage bad actors to switch to harder-to-stop fingerprinting methods, but then everybody notices that it’s awfully convenient that Google doesn’t want to stop ad tracking until later.
But because these are web people, the fights are happening in places you’re probably not really watching: email lists, github, and W3C panels and working groups. Compared to other tech fights, it probably looks relatively tame and — like all standards bodies — moves quite slowly. But the stakes are sky high: a huge proportion of the ads you see on the web are driven by third-party cookies and part of an infrastructure that tracks and trades on your data and even your identity.
The technical replacements for cookies are complex, political, and not finished yet
The specifics of the proposals get very complicated very quickly, unfortunately, and make explaining third-party cookies seem elementary by comparison. At a high level, Google wants to create a “privacy sandbox,” where websites are able to gather some information but ultimately hit a wall where the browser cuts them off. Apple has proposed an API for helping retail websites track conversions that Google seems to like, but the two companies don’t agree on how much information should be allowed. There are proposals for grouping people into large demographic “flocks” and replacement mechanisms for logging in with third-party services.
These ideas and more are getting hashed out — and hopefully they will be, because failing to do so will mean a further fracturing of how different people experience the web. There’s unlikely to be anything like 100 percent agreement, but the hope is that we’ll get some kind of consensus on what should replace third-party cookies.
Those cookies were never really meant to do as much work — or contain and share as much information — as they currently do. The list of things that third-party cookies do is very long and finding agreement on how (or whether!) to replace them is going to take a long time.