Restrictions on how websites and advertisers track us around the web are coming, because web browsers — which already block the most invasive types of cookies by default — are cracking down.
A cookie is a little bit of code saved to your device that lets websites recognise you. It enables your favourite news site to always show you the weather for your region, to know not to prompt you to sign up for its newsletter every single time you open the site, to serve you the news topics you’ve indicated you’re interested in, and so on.
Cookies enable something else, though — targeted advertising. A certain type of cookie called a third-party cookie has gained the most notoriety: These aren’t actually served up by the sites you visit, but rather by the networks of marketers and data brokers that push ads to the site you visit. It’s because of third-party cookies that advertisers can know what you’re doing across multiple sites.
For some time now, browser extensions have given you the option to block third-party cookies, and more recently the browsers themselves have been offering the same controls. Blocking third-party cookies means your activities are less easy to track, while keeping more useful first-party cookies in place (so you still get your localised weather reports, for instance).
But simply squashing third-party cookies isn’t ideal for web publishers who rely on these labyrinth-like ad tech networks to earn some bucks against their content, which is why you might find certain sites refuse to load if you’ve got an ad-blocker turned on in your browser. No one is really happy with the current situation — except the marketers selling ads and targeting users — but real change is now happening. Here we’ll explain how your favourite browsers are trying to stamp out cookies, and what will emerge in their place.
Browsers vs. third-party cookies
Browsers — particularly Apple’s Safari and Mozilla Firefox — have been taking a dim view of third-party cookies for some time now. Safari uses something called Intelligent Tracking Prevention, or ITP, to look for and block third-party cookies, and it’s now smart enough to spot third-party cookies masquerading as first-party cookies (nice try, advertisers).
Firefox has its own version, called Enhanced Tracking Protection, or ETP — it’s essentially designed to do the same job, and like ITP, it’s getting smarter all the time. If you want to see the third-party cookies that have been stopped in their tracking tracks on the site that you’re currently viewing, click the little shield icon to the left of the address bar in Firefox.
Ultimately these moves make it almost impossible for advertisers to track you across multiple sites using the traditional methods, and because it’s built into Firefox and Safari, it just works automatically to keep your web activities more private, while keeping the most useful cookies in place (such as the ones that make sure your online shopping basket doesn’t vanish as soon as you click away from a retailer).
Google Chrome and Microsoft Edge are playing catch-up. Third-party cookies can be blocked in these browsers, but the feature isn’t enabled by default yet. Google, who makes the most used browser in the world, says it wants to eliminate third-party cookie from Chrome by the end of 2022, but is worried about the impact on sites that rely on advertising powered by third-party cookies.
Of course, what Google is also worried about is the billions of dollars that it gets from the way things currently operate. Unlike Apple, Mozilla, and Microsoft, its business is very much based on targeted advertising. Google won’t want to wipe away third-party cookies from the web until a proper replacement network is in place, and preferably one that makes Google as much money as before.
What comes next
Unsurprisingly, as it tries to encourage users to browse the web with Chrome and keep its lucrative ad business going, it’s Google that’s leading the search for a replacement for cookies. Perhaps we don’t need a replacement at all — some publishers that have stepped out of the targeted ad business, selling ads against content on a page rather than against user profiles, have seen digital revenues go up.
It would appear there are too many companies making too much money from targeted ads for the business model to be simply abandoned, however — even if the best case scenario would be ads based on what you’re reading rather than who you are, and more advertising money going to publishers who actually put content on the web rather than companies acting as go-betweens for advertisers and publishers.
Google’s latest push is for something called a Privacy Sandbox. It’s intended to fulfil a lot of the same functions as third-party cookies (which were never designed for large-scale ad networks anyway), while giving users more privacy — more user data aggregated and anonymised, and more user data kept locked on the local device. Ads would still be targeted, but the process would in theory be more transparent and respectful to user privacy (via tools like this one), while also cutting down on ad fraud at the same time.
Google needs help, though — from other browser developers, from advertisers, from publishers, and from everyone else involved. Right now it’s not clear exactly what will replace cookies, if anything, or if Google will be able to bring other browser developers, web publishers, and ad brokers along with it. Oddly enough, abandoning the current model may give Google even more power, as it has the ability to collect data on users (through Gmail, Google Maps, and so on) at a scale that smaller operations can’t match.
What is clear is that the user-tracking and ad-serving networks that have underpinned online life for decades are now being dismantled — and with governments now taking a keen interest in what happens next, we’re hoping that the future brings at least some extra privacy protections for users.