Checklist 385: Leaving Cookies on the Table

Google Scraps Plan to Phase Out Third-Party Cookies: Privacy Implications and User Impact

This week, Google reversed its widely-publicized plan to eliminate third-party cookies from its Chrome browser, a move initially aimed at enhancing user privacy. This decision follows a series of delays and has significant implications for users and advertisers.

Google announced in 2020 its intention to phase out third-party cookies by 2022, later postponing this to 2025. Third-party cookies enable advertisers to track users across different websites, raising privacy concerns. Google’s decision to abandon this plan marks a significant shift.

Cookies 101

Cookies are small text files stored in browser directories. There are two primary types: first-party cookies, set by the website you are visiting, and third-party cookies, set by domains other than the one you are visiting.

First-Party Cookies

Authentication: First-party cookies help authenticate users, ensuring secure access to sensitive information without repeated logins.

Session Management: These cookies remember user activities, allowing for a seamless browsing experience by keeping track of user preferences and activities on a site.

Convenience: They enable functionalities like maintaining a shopping cart on e-commerce sites, even if the user navigates away and returns later.

Third-Party Cookies

Tracking: These cookies track users across different websites, helping advertisers build detailed user profiles for targeted advertising.

Privacy Concerns: While tracking can enhance user experience by personalizing content, it also raises significant privacy issues. Cookies can be used for malicious purposes, acting as spyware by storing and transmitting user browsing history.

Privacy and Security Measures

User Control: Users can customize their browser’s cookie settings to balance convenience and security. Options include setting long expiration times for personal access information or clearing browsing data after each session.

Protective Measures: Regularly updating antivirus/antispyware software and keeping browsers up to date are crucial for protecting against cookie-related vulnerabilities.

Google aimed to replace third-party cookies with a new system that still supported advertisers while enhancing user privacy. However, achieving this balance proved challenging. By contrast, Apple has taken steps to limit third-party tracking in its Safari browser.

Google’s decision to maintain third-party cookies reflects the complexities of balancing user privacy with the needs of advertisers. As privacy concerns grow, users must remain vigilant and proactive in managing their cookie settings and overall digital security.

Sources: AdNews Australia, Computerworld, All About Cookies, The Wall Street Journal via MSN

Apple’s WebKit Team Implements Tracking Prevention Policy to Protect User Privacy

In 2019, Apple’s WebKit team, responsible for the technology behind Safari on iPhone, iPad, and Mac, introduced a robust Tracking Prevention Policy. This policy was designed to enhance user privacy by minimizing covert and cross-site tracking without requiring users to adjust their settings manually.

Key Highlights of the Tracking Prevention Policy

Default Settings: By default, third-party cookies were disabled. Users had the option to enable them if they chose to do so, promoting a privacy-first approach.

Commitment to Prevent Tracking: WebKit aimed to prevent all forms of covert and cross-site tracking. This included known tracking methods and potential future techniques. If certain tracking methods couldn’t be entirely blocked without harming user experience, WebKit would limit their effectiveness, such as reducing the time window for tracking or the amount of unique data points available for identifying users.

User Consent: For tracking methods that couldn’t be adequately limited, WebKit required informed user consent. Some user actions, like logging into multiple websites using the same account, were considered implied consent but needed to be noticeable and not hidden from the user. For example, logging into Facebook should not automatically log users into other Meta properties without their awareness.

Potential Impacts on Businesses

While the WebKit team clarified that their intention was not to disrupt businesses, they acknowledged potential challenges:

• Funding websites through targeted or personalized advertising could be affected.
• Measuring advertising effectiveness and using federated login services might face difficulties.
• Single sign-on systems for multiple websites under the same organization, embedded media respecting user preferences, social widgets, fraud prevention, bot detection, and analytics for individual websites might also encounter issues.

Despite these potential challenges, the WebKit team emphasized their commitment to prioritizing user benefits over preserving current website practices. They believed this was the essential role of a web browser.

The stringent privacy measures by Apple’s WebKit team raise questions about Google’s recent decision to back away from phasing out third-party cookies in Chrome. While Apple remains steadfast in prioritizing user privacy, Google’s reversal highlights the complexities and potential trade-offs involved in balancing privacy with business and advertising needs.

Apple’s Tracking Prevention Policy underscores the company’s dedication to enhancing user privacy by limiting tracking capabilities. By defaulting to stronger privacy settings and requiring informed consent for tracking, Apple sets a high standard for user protection, even if it means facing potential disruptions for businesses.

Source: All About Cookies

Google Abandons Plan to Block Third-Party Cookies in Chrome, Opts for Privacy Sandbox

In a notable shift, Google has decided not to phase out third-party cookies in its Chrome browser, a plan it initially committed to in 2020. Instead, the company will focus on its Privacy Sandbox initiative, aiming to balance user privacy with the needs of the ad-supported internet.

Apple took a significant step in 2019 by blocking third-party cookies in its Safari browser to prevent tracking. Google planned to follow suit, aiming for 2022, then delaying to 2025, and now, abandoning the plan altogether. Critics argue this move prioritizes Google’s financial interests over user privacy, but the company presents a different perspective.

Anthony Chavez, VP of Google’s Privacy Sandbox, explained the goal is to:

“…find innovative solutions that meaningfully improve online privacy while preserving an ad-supported internet that supports a vibrant ecosystem of publishers, connects businesses with customers, and offers all of us free access to a wide range of content.”

Over the past five years, Google gathered feedback from various stakeholders, including regulators, publishers, web developers, civil society, and the advertising industry. The UK’s Competition and Markets Authority (CMA) was particularly concerned that Google’s plans could distort competition by concentrating advertising spend within Google’s ecosystem, prompting an investigation and subsequent commitments from Google to address these concerns.

Google faced technical setbacks and regulatory pressure, contributing to delays in phasing out third-party cookies. The CMA’s intervention aimed to ensure that Google’s Privacy Sandbox did not harm competition.

The Electronic Frontier Foundation (EFF), a vocal critic of Privacy Sandbox, expressed disappointment with Google’s decision. Lena Cohen, EFF staff technologist, stated:

“Safari and Firefox have blocked third-party cookies by default since 2020 and Google has been pledging to do the same since then. This reversal, after years of delays, highlights Google’s commitment to their own profits over users’ privacy.”

Google’s Privacy Sandbox will coexist with third-party cookies in Chrome. Chavez emphasized that early testing showed potential for Privacy Sandbox APIs to achieve desired privacy outcomes while improving over time with increased industry adoption. The new approach will offer users the choice to manage their privacy settings in Chrome.

While Google frames its decision as elevating user choice and balancing privacy with the needs of the ad-supported internet, critics argue it prioritizes profit over privacy. Google’s Privacy Sandbox will continue to evolve, but the decision to keep third-party cookies has sparked significant debate about the company’s commitment to user privacy.

Source: The Register