Stop spying on me: the end of the road for cross-site tracking cookies

You might have seen a few stories in the news lately about tracking cookies. If you haven’t been reading the news (and I don’t blame you if you haven’t) then you might have noticed content about cookies in other places. Like your antivirus software firing up with warnings about tracking cookies. Or if you have visited any websites based in Europe, you will have been bombarded with notices about how the website uses cookies and do you consent?

 

Unfortunately most people don’t really understand what cookies are and don’t really care. So I thought I would write a few words on the topics of privacy and digital marketing to let you know where things currently stand and what changes we can expect to see in the near future, especially regarding a major update to Google Chrome, the world’s most popular browser.

First of all, what is a cookie?

A cookie is a bit of code that a website puts on your computer when you visit it. The main reason is so that, if you leave the page and come back, the website knows it’s still you. This is incredibly important if you are logged in to a website. Without it, it would be impossible to stay logged in. The same goes for a website with a shopping cart: every time you visit a new page on the site, it needs to keep the same items in your cart. Some cookies persist for days or weeks – if you add something to your shopping cart today, it’s helpful if it is still there tomorrow when you are actually ready to buy it.

This simple type of cookie is called a ‘first-party cookie’. The cookie is put onto your machine by the website that you’re visiting. A real-world analogy might be a supermarket loyalty card, like Countdown’s Onecard or New World’s Club Card. At the supermarket, every time you purchase you scan your card and it enables the supermarket to build up a profile of how you shop, what you buy, how often you buy it, where you buy it, etc. We don’t mind supermarkets tracking us like this because a) it’s useful – they reward us with discounts, b) they are (probably) not sharing it with anyone else, and c) we are voluntarily participating in the scheme.

But there is another type of cookie which is far more controversial: the cross-site tracking cookie. This is a cookie placed on your machine when you visit a website – but it has been placed there by someone else: not you or the website owner, but a 3rd party. This might be an online advertising network who wants to track your behaviour so the sites you visit from now on can serve up ads that are ‘personalised’, i.e. relevant to your browsing history. We have all seen the ads for products that follow you around the web for days or weeks. Some of the most well-known users of 3rd party cookies are things like Facebook’s Pixel. Or Google’s Ad network.

What’s the problem with cookies?

It can be pretty unnerving to see that you are clearly being tracked (stalked) around the web, and over the last few years, internet users and governments have become increasingly concerned about their privacy and security online. The European Union has had the GDPR privacy law in place for nearly ten years – that’s the reason European sites all have cookie warnings on them. Since last year, Apple’s Safari and the Firefox browser have blocked 3rd-party cookies by default, and Google is planning to block them from its Chrome browser as soon as April this year. 

So the writing is well and truly on the wall for 3rd-party tracking cookies. They will soon be as obsolete as Hotmail, dial-up modems, and Myspace.

But what will replace them? How will websites track you around the web and keep showing you those annoying ads? No-one really knows yet. Google have just announced that they are not going to employ any tracking of individuals across websites. They will organise users into anonymous cohorts based on their interests with no individual tracking – except on their own sites, where they will happily use their own first-party cookies to track all your behaviour across Maps, Search, YouTube, Google Shopping, etc. Facebook won’t really be affected either, because Facebook users mostly just stay within Facebook.

The big losers here will be the smaller digital marketing tech companies who have built ad platforms based on 3rd-party tracking cookies. Their networks of advertisers will lose the ability to target ads at specific people based on their browsing history. But this change has been in the wind for a long time and they have had plenty of time to explore new business models.

Information brokers who make money by selling individuals’ browsing behaviour will also be affected. This is a shady business and it has always been a target for regulation, so again, these changes will not be news to them.

How do I stop being tracked online?

If any of this has made you a bit paranoid, you might decide that you don’t want websites tracking your behaviour like this. There are a few options:

  1. You could turn cookies off completely. Some privacy advocates recommend this, but I think it’s is too extreme. As I mentioned above, most sites would become useless.
  2. You could block all 3rd-party cookies. This is easy to do in Chrome and shouldn’t affect your experience of the web too much. Just go into your browser’s settings and choose to block 3rd-party cookies.
  3. If you’re using Safari or Firefox, you don’t even need to choose this option, because these browsers block 3rd-party tracking cookies by default.
  4. You can also choose to send a ‘Do not track’ request every time you visit a site. You should turn this on. Some sites won’t respect it, but a lot will.
  5. You don’t really need to worry about this stuff on your mobile device. Most smartphones block 3rd-party tracking cookies by default. Apple, especially, has been really big on privacy lately – probably as a way of differentiating themselves from the other big tech firms.

There is a lot more to come on this topic – the EU is leading the way with privacy regulation and have just got a lot tougher, Google is due to front up to the US courts in 2023 (which probably explains why they are doing this now), and many other countries are overhauling their privacy legislation.

A few FAQs about what will happen when Chrome blocks 3rd-party cookies.

When is it happening?

April 2021, with the release of Chrome 90.

Will I even notice any difference?

Some of those annoying ads that follow you around might disappear. Other than this, it’s hard to see how the typical web user will be affected. Maybe cross-site logins like Facebook and Spotify could be affected.

Will I still be able to do remarketing?

Yes, you should be able to show remarketing ads on Google or Facebook based on their browsing behaviour on those platforms. But you will no longer be able to show display advertising on third-party websites to users based on their individual browsing history on other websites.

Will Google Analytics still work?

We’re not sure. It still works for Safari, Firefox, and mobile users, so we can assume it will mostly still work. It’s only an analytics tool, so it has escaped most privacy concerns.

Will Google Ads still work?

Yes, because they rely on Google’s first-party cookies.

Will Facebook Pixel still work?

We’re not sure. To circumvent these blocking efforts, especially by Apple, Facebook changed Pixel to use a first-party cookie. We don’t know if this actually works in the real world, and we will soon find out if Chrome blocks it. Watch this space if you rely on Facebook Pixel!