If you’ve ever wondered why the ad you saw for sunglasses on your phone suddenly appears again on your laptop, third-party cookies are likely the culprit. Now, after four years of false-starts and backpedaling, Google is finally making good on its promise to phase out pesky third-party cookies. Starting this week, some 30 million people, or around 1% of global Chrome browser users, will have the notoriously persistent trackers turned off by default. That could adversely affect advertisers’ ability to collect sensitive information about those users and to serve them ads for products that seem to ravenously follow them from site to site. Google’s eventual cookie phase-out could mark one of the single greatest disruptions to the online economy in memory.
Google’s limited cookies phase-out, which it’s calling a “Tracking Protection” test, is the first step in a massive plan to phase out the trackers for all Chrome users by the second half of 2024. The search giant wants to replace cookies, long a major point of concern for privacy advocates due to their invasives, with a series of more privacy preserving tools within its “Privacy Sandbox.” Google has held off on emptying the cookie jar for years due in large part to concerns for marketers and advertisers who feared a sudden switch away from the 30-year-old industry standard could gut their profitability. Ready or not, Google is moving forward.
“With the Privacy Sandbox, we’re taking a responsible approach to phasing out third-party cookies in Chrome,” Google’s VP of Privacy Sandbox Anthony Chavez said in a blog post.
What are cookies anyway?
Cookies, which are small snippets of text sent to Chrome or other browsers from websites you’ve visited, are the primary trackers underpinning much of the modern internet. Every time you load a website, it will check to see if it’s previously left a cookie with you.
These trackers can help users stay logged into a site or help a site remember what users leave in their shopping carts. But other, more personal details like your phone number and email address may also be stored in cookies, which can essentially function like unique identifiers following you as you surf the web.
The 1% of Chrome users selected for Google’s “Tracking Protection” should receive a notification when they log onto Chrome with the title “browse with more privacy.” Users will also see an eyeball logo tucked away in their URL search bar to signify that the new tracking protections are on. If a site repeatedly fails to load because it can’t work without the banned cookies, users may be prompted with an option to temporarily re-enable the trackers. Some of this, Google admits, is still a work in progress.
“As we work to make the web more private, we’ll provide businesses with tools to succeed online so that high quality content remains freely accessible,” Chavez added.
Big Tech’s clash over cookies
Privacy advocates have long criticized third-party cookies due the amount of highly specific personalized data they can include. Large tech firms like Facebook, and Google itself, have faced pushback for letting advertisers direct ads to users who’ve expressed racist sentiments. That coincided with a growing public uneasiness over the types and amount of data governments and private companies are able to siphon up. To that point, a whopping 81% of US adults surveyed by Pew Research this year said they were concerned about how companies use data they collect about them.
Some browsers, like Apple’s Safari and Firefox, already moved to block third-party trackers by default years ago. Apple went a step further in 2022 with the release of its App Tracking Transparency feature, which prompts iOS users with a notification when an app attempts to track their activity. That tool alone, which is part of a larger societal shift away from cookies, reportedly cost Facebook around $10 billion in lost advertisement sales in 2022.
Google’s ‘Privacy Sandbox:’ Privacy preserving or tracking with another name?
When cookies are finally eliminated for all Chrome users by the end of 2024, they will be replaced by an initiative Google calls its “Privacy Sandbox.” In a nutshell, Google says the new initiative will use a variety of application programming interfaces (APIs) that send anonymized signals stored in a user’s Chrome browser to send information to advertisers. The sandbox aims to reduce cross-app tracking while still allowing ads to support free access to online services.
One of the more important of those APIs, which Google calls “Ad Topics” works by placing Chrome users into certain categories based off of all the websites they’ve viewed. Advertisers, and even Google itself, won’t be able to see any specific user’s exact browsing history of personal identifiers. Instead, they will know a certain user is interested in a specific topic. Those topics include categories with names like “Fan Fiction,” “Early Childhood Education,” and “Parenting.” In theory, this new framework should still give marketing firms access to valuable user data necessary to generate effective targeted ads while bolstering personal privacy protections.
“The most significant item in the Privacy Sandbox is Google’s proposal to move all user data into the browser where it will be stored and processed,” Permutive Marketing Director Amit Kotecha said in a previous interview with DigiDay. “This means that data stays on the user’s device and is privacy compliant. This is now table stakes and the gold standard for privacy.”
Naturally, many marketers aren’t thrilled about losing one of their most valuable pieces of online tracking technology. US broadcasters alone, according to a recent report from the National Association of Broadcasters (NAB), estimate they may lose $2.1 billion annually as a result of the change. Others wished Google had provided a longer transition period.
“The timing remains poor,” IAB Tech Lab CEO Anthony Katsur said in a recent interview with The Wall Street Journal. “Launching it during the industry’s greatest revenue-generating part of the year is just a terrible decision.”
A Google spokesperson told PopSci they were confident companies could effectively adapt to the changes.
“We are confident the industry can make the transition in 2024 based on all the tremendous progress we’ve seen from leading companies, who have indicated publicly they’ve either started testing or plan to do so in January,” the spokesperson said in an email.
On the other side of the coin, some consumer privacy advocates who’ve long called for an end to cookies worry Google’s replacement still falls short and ultimately amounts to a similar form of online tracking with a different name.
“Google referring to any of this as ‘privacy’ is deceiving,” Electronic Frontier Foundation Security and Privacy Activist Thorin Klosowski wrote in a recent blog post. “Even if it’s better than third-party cookies, the Privacy Sandbox is still tracking, it’s just done by one company instead of dozens.”
Klosowski went on to say tech firms like Google should work towards creating a world completely free of behavioral advertisements.
How will browsing the web change without cookies?
Google’s decision to phase out cookies essentially rewrites the rules for advertising on the internet and may amount to one of the single greatest disruptions to the online economy in recent memory. It also won’t really mean all that much for the vast majority of everyday users. If the switch away from cookies works as intended, Chrome users can continue browsing the web in much the same way as they did before, albeit with an underlying layer of stronger privacy. The bulk of the noticeable changes here will fall on developers, not users.
Cookies aren’t really being purged entirely either. First-party cookies–the type that help you stay logged into certain websites–shouldn’t go away as a result of the changes. Still, the elimination of third-party cookies does amount to a tectonic shift in the way the internet works which means some sites are likely to break or experience issues during the transition. Maybe more importantly, the shift could leave the internet devoid of possibly the most disarmingly cute name possible for a pervasive surveillance tool.