Surprised?
- Follow the money
- Follow the power
- Follow the crimes
The World Wide Web Consortium (W3C) has published a blog criticizing Google's climbdown over the deprecation of third-party cookies, declaring that the move "undermines a lot of the work we've done together." Google announced that it no longer intends to drop third-party cookies last week, a decision that came after a five- …
The death of 3rd party cookies in Chrome has been pushed back so many times at this point, that Google giving up on it isn't that surprising to me. They've been trying and failing for years to actually make their tracking stack make sense without third-party cookies make sense.
However: killing third-party cookies directly benefits Google (and the other big players in the tracking market), assuming they can make their stack play nice. This is because killing third-party cookies puts all the hard work of stitching user journeys together onto the tracking provider and requires the provider to have an existing large install base - something very few providers actually have (realistically we're talking Alphabet and Meta), and actively prevents new tracking providers from getting that install base. That is especially true for remarketing providers (the ads that follow you around the web, of which Google (natch) is currently the dominant provider). People complain about not needing to be shown ads for a fridge after just buying one - this is partly due to lazy marketers - but without third-party cookies, we aren't going to see a new provider in the market that can stop that happening. We become reliant upon Google to do something useful for a change.
Blocking cookies does not stop people tracking you. I'm certain that there will be a response below this post talking about how uBlock and NoScript successfully prevent tracking, and you're *probably* correct, but for the vast majority of users, the statement is fundamentally true - all killing third-party cookies does is ensure that we're dealing with Google and Facebook forever.
> all killing third-party cookies does is ensure that we're dealing with Google and Facebook forever.
My browser broadcasts a fake "no cookie support" to reduce cookie churn. I notice that many sites just fall back to adding session IDs to POST or GET requests. I imagine more sites will just start doing this. Yes, it won't persist across reboots or sessions but that isn't a bad thing IMO.
Cookies really are just bits of text, loaded from a file that get added to your HTTP request headers. There are many ways to work around their disappearance.
Who is benefited by allowing the third-party cookies you're advocating for?
In my experience it's mostly marketing and sales departments that are in favor of adding tracking and targeting to websites. The question of whether Google, et al. have a monopoly, is technically separate from the actual question of "do we really want random 3rd-party tracking firms (unknown to, and possibly untrusted by, the user) to have access to this data?"
Honestly I just want Google to die in a hole.
My perspective is skewed here, because I need to deal with their unfathomably bad multi-levelled sheer incompetence across five separate tools on a daily basis and I'll be damned if Google gets a locked-in monopoly/duopoly position in any aspect of their business under the guise of pretending to give the slightest crap of user privacy.
I'm not going to go into depth here, because it's 11AM and I don't want to be still writing this comment tomorrow with all the ways they (seemingly) maliciously want to make everybody who works directly with them's life worse, but I think you see where I'm coming from!
Yep. It's been fine for years.
I've already turned off 3rd party cookies on every instance of Chrome that I haven't been able to convince clients to delete yet. (I've also turned off graphics acceleration on it, doing my best to convince them to delete that mess.)
> A lot of small e-commerce sites don't work without 3rd-party cookies, as the checkout process hangs.
Ah!! I had not made that connection. Many 'small e-commerce sites' do work in FireFox, but my state motor vehicle re-registration page hangs HARD at the point where it must trade data with another back-end (IIRC, the point it takes my money, a 'checkout' as you say).
I suppose 'small e-commerce sites' have to care, and fix it; but of course a State doesn't care and sure can't be bothered, it is MY responsibility to get my vehicle paperwork done.
> I find often that payment pages tend to run scripts from third parties which are generally blocked at my browser (the ones I know about are allowed) which can bring a shopping spree to a sudden and unexpected halt.
Snap!
Actually I usually find those 3rd parties (i.e. payment processor) also chain/redirect to other 3rd parties (i.e. VISA/Mastercard/individual banks).
It is hard to whitelist sites that you're unaware of and that only "appear" (often they're actually invisible as a brief part of a multiple redirect chain) partway through payment processing. And of course after whitelisting any such sites and trying the payment again yet another one shows up, whitelist it, repeat.....often finding that the purchase/payment times out or otherwise doesn't go though and you have to start again from scratch...
Small e-commerce sites may also not have the development resources to ensure compatibility for browsers & setups that make lots of intrusive (from the site's point of view) decisions on what's kosher and not.
E-commerce site dev teams tend to be stretched pretty thin at the best of times, even for major retaillers.
I occasionally run into a site which can't perform some of its functions without third-party cookies. Local- and state-government sites seem to be prone to this, and those for small utility companies. Basically where there's a natural monopoly and so very limited resources go into site creation, and therefore the sites make use of various third-party services.
"No tracking, ever" is perfectly acceptable to me, and I'm sure many others.
I guess you mean it's unacceptable to advertisers, but their ancestors managed fine for decades if not centuries without the tracking of today's web, so the current lot can go fuck themselves as far as I'm concerned.
"...their ancestors managed fine for decades if not centuries without the tracking of today's web"
“Half the money I spend on advertising is wasted; the trouble is I don't know which half.” - John Wanamaker
I completely understand where you're coming from, but while old media advertisers may have managed, they certainly weren't able to do a good job.
The laziness present in all too much of the industry is also an issue, and even discounting my professional judgement of people wasting marketing budget, that laziness is where a lot of the more annoying marketing/tracking things from a consumer's perspective approach.
And the new media advertisers are doing a good job, or are in fact able to?
With tracking enabled, we get ads for big-ticket items we've already purchased, ads for things we looked up out of curiosity, ads for stuff somebody borrowed a machine to check on real quick, ... Not counting the 90% of ads which appear to be outright scams.
The only ads I've actually clicked on in the past few years have been in mobile games, for other mobile games. Most of those I took one look at the privacy policy and noped right out. Note that that application doesn't need tracking - the viewer is already playing a mobile game, so clearly they have some level of interest!
"With tracking enabled, we get ads for big-ticket items we've already purchased, ads for things we looked up out of curiosity, ads for stuff somebody borrowed a machine to check on real quick, ... Not counting the 90% of ads which appear to be outright scams."
For me at least, "ads for big-ticket items we've already purchased" is a subset of "ads relevant to a page I recently visited when I have mentally moved on to something else." Excluding the specific case (where it is obviously useless), there may be some level of subconscious effect but it's surely much, much less than when the product/service being advertised is relevant to the page I'm currently looking at, and the sort of thing I may be thinking about.
Is the tracking enabled by third party cookies, which create all the privacy issues, as beneficial as it is purported to be? Or is it, like some ads, just another scam?
We do a good job where I work, but that's because we're good at our jobs and work for good clients.
We also work primarily on Paid Search, not Display (Sponsored ads at the top of Google search pages), so it's much less obnoxious than content farm sites that are 10% clickbait and 90% ads (Not that Google's SERP is much better these days, but that's not on us!)
The ads you describe are remarketing, because it is the case that somebody who looked up the specs of e.g. a specific laptop is objectively more likely to buy that laptop than somebody who hasn't. That *is* new media advertisers doing a good job (with caveats. You can and should limit the number of times that a specific user should see a remarketing ad as an example - don't want to waste 100 impressions on a single user) - we just can't read your mind on why you searched.
That being said, there is a lot of laziness, I'm inclined to think that this is from the big agencies.
In short, I will say that new media has the tools to do a good job but Sturgeon's law still applies (which also applies to old media and every other field)
The existing track and trace mechanisms are really just kludges which are not only imperfect but waste incredible amounts of processing power and network bandwidth. Its no wonder that Google and others would love to come up with a mechanism that not only rationalized this code free-for-all but also (likely) tipped the scales ever so slightly in their favor. Finding an alternative should be easy but it would have to at least give the semblance of privacy while preventing some rouge browser supplier (or add on writer) from nullifying it (or worse, gaming it) is likely an impossible task.
(Either that or they've found a really neat way of gaming the existing system and don't want to let on about it!)
An obvious way of gaming the system - prevent anyone else from tracking, while having the browser itself track the user and report home. It's not so much tipping the scales in Google's favor as trying to saw off their competitor's side of the scale.
Mind you, I'd far rather NEITHER side track!
It's already a bad idea to rely on third party cookies because lots of people have them turned off in their browsers. Privacy-focused browsers such as Brave turn them off by default. And over the last year or so I've seen sites which open up a small redirect window to flow you over to an authentication provider and then back to the site, knowing that the third party cookies won't work a lot of the time.
Of course, the easiest thing to do is just block Alphabet and Meta at the network level. Meta is easy to block because they provide zero legitimate services. Alphabet, not so much.
... they should change the specs to make third-party cookies invalid:
"Browsers should ONLY honour cookie settings from the URL of the main page - not embeded content, images, iframes etc."
Sure, this won't stop google, but at least it will be on record that they are in violation of the spec.
Maybe, even, it will make it easier for regulations to be made against third party cookies.
This is a perfect example of where a monopoly (or near monopoly) controls the market.
I've been watching this play out on the W3C mailling lists over the last few years.
In the red corrner, James Rosewell, a man with an advertising business who tracks users and monetises the data, and is trying to gloss over this by using phrases like freedom, choice and level playing field. In the blue corner, Google the 900lb gorilla. 'Nuff said.
My considered opinion on this after reading more than a few emails is: a plague on both their houses, but if forced to I'd actually choose Google. This is less an endorsement of Google than a recoil from Rosewell and his "Movement", who's approach to the consensus-driven W3C reminds me very much of the way Farage carried himself in the European Parliament. A personal opinion formed from email only - I've not met him and don't work in web-advertising.