In August, Google announced its “Privacy Sandbox” initiative to build a more private web through open standards. The Chrome developer today provided an update, including how its planning to end support for third-party cookies, timelines, and the response it’s been hearing from the community.
Google’s approach is driven by not entirely shunning advertising, given its importance to supporting businesses online, its own included. That said, it sees ad tracking as “now being used far beyond its original design intent” and not matching user privacy expectations.
Some browsers have reacted to these concerns by blocking third-party cookies, but we believe this has unintended consequences that can negatively impact both users and the web ecosystem. By undermining the business model of many ad-supported websites, blunt approaches to cookies encourage the use of opaque techniques such as fingerprinting (an invasive workaround to replace cookies), which can actually reduce user privacy and control.
Chrome plans to “phase out support for third-party cookies” within two years after ensuring a good solution for users, publishers, and advertisers, while mitigating workarounds. Google later this year will launch anti-fingerprinting measures to “detect and mitigate covert tracking and workarounds.”
Testing via browser origin trials on ending third-party cookies support in Chrome will begin by year’s end, starting with conversion measurement and then personalization.
The company today reiterated its belief in a standards-based approach after industry work on creating an alternative and phasing out Flash.
Fortunately, we have received positive feedback in forums like the W3C that the mechanisms underlying the Privacy Sandbox represent key use-cases and go in the right direction. This feedback, and related proposals from other standards participants, gives us confidence that solutions in this space can work.
Meanwhile, Google is continuing on other privacy and security work in the browser. Starting next month, Chrome will limit insecure cross-site tracking by treating cookies that don’t include a SameSite label as first-party only, and require cookies labeled for third-party use to be accessed over HTTPS. Besides increasing security, this will give you more precise browser cookie controls.
FTC: We use income earning auto affiliate links. More.