Trail of Cookie Crumbs
To comprehend the importance of the debate, it’s vital to understand what cookies and tracking mechanisms are in the first place. Third-party tracking cookies are those incognito spies present in your devices that follow you and report back to advertisers. It’s essentially the technology that the worldwide targeted ad industry is built on. This hidden tracking on your phones, tablets and completely records your browsing and transactions and helps advertisers, publishers and data brokers profile you to help advertisers target ads toward you. Your identity is “fingerprinted” by humungous databases and that data is reaped by billion-dollar algorithms, and can influence interactions, purchases, voting patterns and your thought process.
Websites also are shifting to other tracking methods like requiring logins for free content. That delivers them a very specific identifier for profiling user behavior and essentially matching it to their activity on other sites that know it.
Browsers do not block first-party cookies. These are set by the operator of the website the user is visiting or advertisers contributing ads. First-party cookies assist with activities like remembering what’s in your e-commerce shopping cart or keeping you logged in for follow-up visits. One ad tech workaround for third-party cookie blocking, though, is to tie in with websites to use their first-party privileges.
Playing the Privacy Card
In 2020, Google said it would block the world’s most widely used browser, Chrome, from accepting the snippets of text called third-party cookies. For instance, this alteration would prevent an advertiser that recorded your visit to a gym website from subsequently showing you ads for exercise instruments on other sites that you browse. In March of this year this policy was announced to be rolled in early 2022 with two major implications:
Additional safeguards to ensure Android apps cannot track users who have opted out of sharing their “Advertising ID.”
To provide users with more control over their data.
The search monarch already allows Android users to limit ad tracking and also reset their Advertising IDs. However, developers can easily circumvent the current restrictions with the assistance of other device identifiers. Under the new policy, developers would have only received “a string of zeros instead of the identifier.”
FLOCing towards Greater Privacy
Moreover, to eventually phasing out third-party cookies, Google had started working on a technology called federated learning of cohorts, or FLOC, that pairs ads to large groups of people, rather than individuals. With FLOC, the browser monitors the user’s browsing history and groups the user with others with similar behavior into a cohort with a unique cohort ID. The idea is to present those IDs to websites and advertisers, undistinguishable individual users while enabling group targeting. Advertisers can then promote ads to the cohort upon noticing that a particular group is visiting a type of website.
The Way the Cookie Didn’t Crumble
Chrome Engineering Director Vinay Goel announced in a blog post, “We need to move at a responsible pace, allowing sufficient time for public discussion on the right solutions and for publishers and the advertising industry to migrate their services. This is important to avoid jeopardizing the business models of many web publishers which support freely available content.”
The internet giant said it had postponed the transformation as part of a collection of adjustments to what Google calls its Privacy Sandbox, to chart a better course for advertisers and everyone else on the web. FLOC was the first venture under Google’s Privacy Sandbox initiative. In an update, the company stated, “The Privacy Sandbox will provide the best privacy protections for everyone. By ensuring that the ecosystem can support their businesses without tracking individuals across the web, we can ensure that free access to content continues… We must take time to evaluate the new technologies, gather feedback and iterate to ensure they meet our goals for both privacy and performance.”
Nevertheless, Chrome’s competitor Brave cautions that “Privacy Sandbox is designed to serve advertisers as much as possible, with the hope that users will tolerate it, or not notice. This is antithetical to how privacy software should be designed, and incompatible with a user-focused web.”
In a Forbes article, researchers Tommy Mysk and Talal Haj Bakry state: “Google’s Privacy Sandbox blogs highlight that third-party cookies undermine user privacy, yet they’re allowed by default in Chrome. A more privacy-preserving approach would be to make third-party cookies opt-in immediately instead of waiting for a replacement, such as FLOC, to materialize.”
Into the Pressure Cooker
It’s startling to know that Google made this announcement roughly a month after Apple introduced “App Tracking Transparency” with its iOS 14.5 update with their Privacy above all messaging kept steadfast.
Moreover, FLOC is Google’s answer to a Google created issue. The U.K.’s Competition and Markets Authority (CMA) is presently inspecting “whether [FLOC] could compel advertising spend to become even more concentrated on Google’s ecosystem at the expense of its competitors,” and a similar inspection is examining into whether “Google has made it harder for rival online advertising services to compete.”
Additionally, the deferment comes amid greater pressure on Silicon Valley giants to fix the internet’s privacy problem. Legislation such as Europe’s GDPR and the California Consumer Privacy Act (CCPA) target the data collection that Google and other companies desire for better targeting the advertisements they deliver. The ad tech industry doesn’t have forever to change course because any particular entity is dissatisfied.
The broader issue though is the unrealistic one to resolve. FLOC works in isolation, in theory. If the site genuinely only discloses your cohort ID, then that could disguise you anonymously. Nevertheless, in reality, the website and the data brokers and trackers sitting behind it have other data points too. The user IP address, the identifiers associated with the browser and Operating System, clearly any information you give to the site or that it holds on you as a customer or registered user.
This increases the risk of users being fingerprinted worse, not improved. The cohort ID might present new data that would otherwise not have been available. And you can bet the data industry will find workarounds, new techniques to factor FLOC into its harvesting schemes, ensuring that the targeted ad gravy train continues to roll.
Google’s Game Plan
We know Chrome dominates the browser market, with an overwhelming 60-70% market share. Most of its revenues come from selling access to you and your data, targeting you with ads; not from apps or services. Chrome also harvests much more of your data than other browsers
First-party cookies also are a precarious issue for Google. Its own giant websites like search and YouTube let it set first-party cookies. Google’s expansive online advertising business can benefit from Google’s cookies and tracking information. Other advertising companies don’t have that privileged status.
As such, Google does admit the problem is out of hand. This “proliferation” of mined user data, it said back in March, has “led to an erosion of trust… 72% of people feel that almost all of what they do online is being tracked by advertisers, technology firms or others, and 81% say the potential risks from data collection outweigh the benefits.”
One angle of Google’s justification for pushing back its plan is that moving too fast will encourage tracking companies to use craftier tracking methods than cookies like fingerprinting.
Google believes blocking third-party cookies at this stage is actually bad for people using the web because it drives tracking companies to covert approaches such as fingerprinting. In a statement to CNET Chrome Director Goel mentioned, “Unlike cookies, users cannot clear their fingerprint, and therefore cannot control how their information is collected or used. We don’t think that’s a sustainable long term investment,”.
The question still persists: will this problem ever be resolved? Tracking is just part of Chrome’s problem. Google is a data business, struggling with many of the same issues plaguing Facebook as users become more aware of their privacy and personal data. Google’s business model relies on data and until it can fuel that business model with data in such a way that doesn’t compromise the user, it simply won’t be feasible.
As it stands, the 2.6 billion Chrome users are exposed to a serious privacy Catch-22. You can keep using Chrome—aware that you’re being tracked—in the anticipation that Google will resolve this issue at least two years later. Browser extensions like Ghostery, DuckDuckGo, Privacy Badger and uBlock Origin, are designed to block trackers. By contrast, all top rivals of Chrome, including Apple’s Safari, Mozilla’s Firefox, Microsoft’s Edge and Brave Software’s Brave, take more assertive measures at preventing tracking as opposed to Google.