Is it too soon to announce the death of the cookie? Not quite, but on the 4th of January 2024, Google introduced Tracking Protection for its Chrome browser. This new feature signals the beginning of the end of third-party cookies. As with many recent changes to the browser, these changes will be incremental, with third-party cookie support being removed for 100% of Chrome users by the end of Q3 2024.
Microsoft’s Edge browser uses the Chromium browser engine and is expected to follow suit. Some years ago, both Firefox and Safari removed support for third-party cookies, but Chrome is by far the most popular web browser. Without support in any major browser, this removal from Chrome will render third-party cookies obsolete at a stroke.
First-party cookies are unaffected. What’s the difference? Find out more here …
Table of Contents
Why is Google Getting Rid of Third-Party Cookies?
For years, cookies have allowed developers, marketers and internet professionals to track the behaviours of users without consent. GDPR and other privacy regulations have helped, but the debate has not been resolved. Human ingenuity coupled with technical advances have allowed agencies, both good and bad, to find record an enormous amount of data about an enormous number of people.
- This has led to huge improvements in software and interface design. By analysing user behaviour and desires, computers and the internet have become much more seamless and user-friendly.
- This has allowed marketers to gain profound insights into the attribution of their conversions. The ability to monitor all the ‘touches’ that create the sale has allowed marketers to optimise their sales funnels and target audiences better than ever before.
- It has allowed sinister agencies to identify the fears and prejudices of their potential audiences. They have then, it is alleged, returned content that exploited those fears and pandered to those prejudices to the extent that presidential elections and national referenda have been suborned.
Your behaviours online reflect your interests, desires and beliefs. Tracking data is collected as you use your phone, not just your computer. Much of this information has been gleaned unwittingly: much of it is extraordinarily personal. Tech can sometimes work out more about you than you know yourself.
This is powerful stuff, the need for privacy and protection of the individual has never been greater.
The Death of the Cookie: What Does This Mean for You, The User?
In all honesty, probably not that much. Most third-party cookies are about tracking for marketing and advertising. You may notice fewer adverts ‘following’ you around the internet, but generally, the internet will look much the same.
You’ll probably continue to ‘OK’ your way past the consent banners to get to your content as you did before.
What Does Death of the Cookie Mean for Internet Professionals?
Whether a marketer or a developer, the death of the third-party cookie offers significant challenges. Google recognises this and has implemented several methods to permit controlled cross-site analysis:
- CHIPS (Cookies Having Independent Partitioned State) allows developers some level of cross-site tracking – useful when, for example, a site uses a chat widget hosted by a third party (most are).
- Storage Access API – allows embedded content some user data while minimising the data available for tracking. Embedded content my require a login (for example, to leave a comment on a web page) and the Storage Access API should permit this.
- Where a single company uses a number of websites (e.g. little-fire.com and little-fire.digital), Google allows the creation of Related Website Sets. These sets allow the sharing of a certain amount of cookie-related data to smooth the journey around a company’s extended online presence.
- Finally, to enable “Sign in with …” type requests, the Federated Credential Management API is being developed. Although specified and support exists from both Firefox and Safari (in theory), at the time of writing, the API is not fully developed.
What is Replacing Third-Party Cookies?
Cookies are not the only way a website can recognise and track a user. They may be the most explicit but you can expect to see more of the following:
- Device Fingerprinting – already widely used for Multi-Factor Authentication, the device fingerprint is a short string (or hash) generated from the many specific attributes relating to your browsing session (browser used, operating system, screen resolution, fonts enabled etc.). On desktop devices, this created a near-unique value; on phones, much less so.
- Contextual Targeting – this is not a new technique, people have been placing holiday adverts in travel supplements since the 1950s. It’s simple and it works.
- Device IDs are the easiest way to identify mobile users, allowing you to track individual devices. A device ID is a unique, anonymized string of numbers and letters unique to every smartphone or tablet. Since the rollout of iOS 14.5 in April of 2021, and the introduction of Apple’s App Tracking Transparency (ATT), developers must request permission to access a user’s device ID.
- There has been a move towards a Universal ID, which enables the identification of a device across several digital spaces but contains no data.
All the methods above are, to some degree, anonymous. The intention is to enable the analysis of aggregate user data without exposing the individual to scrutiny. In truth, though, you should expect the boundaries to be porous.
Unless you are far more diligent than me, at some point you’ll offer consent without reading the conditions. Without knowing it, your actions may yet give you away.