back to article W3C says Google's cookie climbdown 'undermines' a lot of work

The World Wide Web Consortium (W3C) has published a blog criticizing Google's climbdown over the deprecation of third-party cookies, declaring that the move "undermines a lot of the work we've done together." Google announced that it no longer intends to drop third-party cookies last week, a decision that came after a five- …

  1. b0llchit Silver badge
    Big Brother

    Surprised?

    • Follow the money
    • Follow the power
    • Follow the crimes

  2. ArrZarr Silver badge
    Boffin

    The death of 3rd party cookies in Chrome has been pushed back so many times at this point, that Google giving up on it isn't that surprising to me. They've been trying and failing for years to actually make their tracking stack make sense without third-party cookies make sense.

    However: killing third-party cookies directly benefits Google (and the other big players in the tracking market), assuming they can make their stack play nice. This is because killing third-party cookies puts all the hard work of stitching user journeys together onto the tracking provider and requires the provider to have an existing large install base - something very few providers actually have (realistically we're talking Alphabet and Meta), and actively prevents new tracking providers from getting that install base. That is especially true for remarketing providers (the ads that follow you around the web, of which Google (natch) is currently the dominant provider). People complain about not needing to be shown ads for a fridge after just buying one - this is partly due to lazy marketers - but without third-party cookies, we aren't going to see a new provider in the market that can stop that happening. We become reliant upon Google to do something useful for a change.

    Blocking cookies does not stop people tracking you. I'm certain that there will be a response below this post talking about how uBlock and NoScript successfully prevent tracking, and you're *probably* correct, but for the vast majority of users, the statement is fundamentally true - all killing third-party cookies does is ensure that we're dealing with Google and Facebook forever.

    1. karlkarl Silver badge

      > all killing third-party cookies does is ensure that we're dealing with Google and Facebook forever.

      My browser broadcasts a fake "no cookie support" to reduce cookie churn. I notice that many sites just fall back to adding session IDs to POST or GET requests. I imagine more sites will just start doing this. Yes, it won't persist across reboots or sessions but that isn't a bad thing IMO.

      Cookies really are just bits of text, loaded from a file that get added to your HTTP request headers. There are many ways to work around their disappearance.

    2. Not Yb Bronze badge

      Who is benefited by allowing the third-party cookies you're advocating for?

      In my experience it's mostly marketing and sales departments that are in favor of adding tracking and targeting to websites. The question of whether Google, et al. have a monopoly, is technically separate from the actual question of "do we really want random 3rd-party tracking firms (unknown to, and possibly untrusted by, the user) to have access to this data?"

      1. ArrZarr Silver badge

        Honestly I just want Google to die in a hole.

        My perspective is skewed here, because I need to deal with their unfathomably bad multi-levelled sheer incompetence across five separate tools on a daily basis and I'll be damned if Google gets a locked-in monopoly/duopoly position in any aspect of their business under the guise of pretending to give the slightest crap of user privacy.

        I'm not going to go into depth here, because it's 11AM and I don't want to be still writing this comment tomorrow with all the ways they (seemingly) maliciously want to make everybody who works directly with them's life worse, but I think you see where I'm coming from!

  3. Neil Barnes Silver badge

    It's amazing how badly the internet works without third-party cookies

    Oh, wait, it works fine for Firefox. <shrug>

    1. Anonymous Coward
      Anonymous Coward

      Re: It's amazing how badly the internet works without third-party cookies

      Yep. It's been fine for years.

      I've already turned off 3rd party cookies on every instance of Chrome that I haven't been able to convince clients to delete yet. (I've also turned off graphics acceleration on it, doing my best to convince them to delete that mess.)

      1. Missing Semicolon Silver badge

        Re: It's amazing how badly the internet works without third-party cookies

        A lot of small e-commerce sites don't work without 3rd-party cookies, as the checkout process hangs.

        1. PRR Silver badge
          Unhappy

          Re: It's amazing how badly the internet works without third-party cookies

          > A lot of small e-commerce sites don't work without 3rd-party cookies, as the checkout process hangs.

          Ah!! I had not made that connection. Many 'small e-commerce sites' do work in FireFox, but my state motor vehicle re-registration page hangs HARD at the point where it must trade data with another back-end (IIRC, the point it takes my money, a 'checkout' as you say).

          I suppose 'small e-commerce sites' have to care, and fix it; but of course a State doesn't care and sure can't be bothered, it is MY responsibility to get my vehicle paperwork done.

          1. Neil Barnes Silver badge

            Re: It's amazing how badly the internet works without third-party cookies

            I find often that payment pages tend to run scripts from third parties which are generally blocked at my browser (the ones I know about are allowed) which can bring a shopping spree to a sudden and unexpected halt.

            1. Anonymous Coward
              Anonymous Coward

              Re: It's amazing how badly the internet works without third-party cookies

              > I find often that payment pages tend to run scripts from third parties which are generally blocked at my browser (the ones I know about are allowed) which can bring a shopping spree to a sudden and unexpected halt.

              Snap!

              Actually I usually find those 3rd parties (i.e. payment processor) also chain/redirect to other 3rd parties (i.e. VISA/Mastercard/individual banks).

              It is hard to whitelist sites that you're unaware of and that only "appear" (often they're actually invisible as a brief part of a multiple redirect chain) partway through payment processing. And of course after whitelisting any such sites and trying the payment again yet another one shows up, whitelist it, repeat.....often finding that the purchase/payment times out or otherwise doesn't go though and you have to start again from scratch...

          2. ArrZarr Silver badge

            Re: It's amazing how badly the internet works without third-party cookies

            Small e-commerce sites may also not have the development resources to ensure compatibility for browsers & setups that make lots of intrusive (from the site's point of view) decisions on what's kosher and not.

            E-commerce site dev teams tend to be stretched pretty thin at the best of times, even for major retaillers.

  4. Dan 55 Silver badge
    Meh

    W3C now is little more than a rubber stamp for Chrome

    And Google can string them around as it likes.

    Exhibit A: This story.

    1. Mage Silver badge
      Thumb Up

      Re: W3C now is little more than a rubber stamp for Chrome

      The w3C lost the plot years ago and is under Google's thumb.

      Also a bad day when they took over epub.

      Finally, I've never found ANYTHING that needed 3rd part cookies. Been disabling them as long as I can remember.

      1. Michael Wojcik Silver badge

        Re: W3C now is little more than a rubber stamp for Chrome

        I occasionally run into a site which can't perform some of its functions without third-party cookies. Local- and state-government sites seem to be prone to this, and those for small utility companies. Basically where there's a natural monopoly and so very limited resources go into site creation, and therefore the sites make use of various third-party services.

  5. Missing Semicolon Silver badge
    FAIL

    The W3C is living in cloud cookoo land

    It's all very well to say "ban 3rd-party cookies" but the Big Beasts will only do so if they are replaced with something else. The idea of "no tracking, ever" simply is not acceptable, and will therefore never happen.

    1. really_adf

      Re: The W3C is living in cloud cookoo land

      "No tracking, ever" is perfectly acceptable to me, and I'm sure many others.

      I guess you mean it's unacceptable to advertisers, but their ancestors managed fine for decades if not centuries without the tracking of today's web, so the current lot can go fuck themselves as far as I'm concerned.

      1. ArrZarr Silver badge

        Re: The W3C is living in cloud cookoo land

        "...their ancestors managed fine for decades if not centuries without the tracking of today's web"

        “Half the money I spend on advertising is wasted; the trouble is I don't know which half.” - John Wanamaker

        I completely understand where you're coming from, but while old media advertisers may have managed, they certainly weren't able to do a good job.

        The laziness present in all too much of the industry is also an issue, and even discounting my professional judgement of people wasting marketing budget, that laziness is where a lot of the more annoying marketing/tracking things from a consumer's perspective approach.

        1. Anonymous Coward
          Anonymous Coward

          Re: The W3C is living in cloud cookoo land

          And the new media advertisers are doing a good job, or are in fact able to?

          With tracking enabled, we get ads for big-ticket items we've already purchased, ads for things we looked up out of curiosity, ads for stuff somebody borrowed a machine to check on real quick, ... Not counting the 90% of ads which appear to be outright scams.

          The only ads I've actually clicked on in the past few years have been in mobile games, for other mobile games. Most of those I took one look at the privacy policy and noped right out. Note that that application doesn't need tracking - the viewer is already playing a mobile game, so clearly they have some level of interest!

          1. really_adf

            Re: The W3C is living in cloud cookoo land

            "With tracking enabled, we get ads for big-ticket items we've already purchased, ads for things we looked up out of curiosity, ads for stuff somebody borrowed a machine to check on real quick, ... Not counting the 90% of ads which appear to be outright scams."

            For me at least, "ads for big-ticket items we've already purchased" is a subset of "ads relevant to a page I recently visited when I have mentally moved on to something else." Excluding the specific case (where it is obviously useless), there may be some level of subconscious effect but it's surely much, much less than when the product/service being advertised is relevant to the page I'm currently looking at, and the sort of thing I may be thinking about.

            Is the tracking enabled by third party cookies, which create all the privacy issues, as beneficial as it is purported to be? Or is it, like some ads, just another scam?

          2. ArrZarr Silver badge
            Boffin

            Re: The W3C is living in cloud cookoo land

            We do a good job where I work, but that's because we're good at our jobs and work for good clients.

            We also work primarily on Paid Search, not Display (Sponsored ads at the top of Google search pages), so it's much less obnoxious than content farm sites that are 10% clickbait and 90% ads (Not that Google's SERP is much better these days, but that's not on us!)

            The ads you describe are remarketing, because it is the case that somebody who looked up the specs of e.g. a specific laptop is objectively more likely to buy that laptop than somebody who hasn't. That *is* new media advertisers doing a good job (with caveats. You can and should limit the number of times that a specific user should see a remarketing ad as an example - don't want to waste 100 impressions on a single user) - we just can't read your mind on why you searched.

            That being said, there is a lot of laziness, I'm inclined to think that this is from the big agencies.

            In short, I will say that new media has the tools to do a good job but Sturgeon's law still applies (which also applies to old media and every other field)

  6. martinusher Silver badge

    Its not just privacy

    The existing track and trace mechanisms are really just kludges which are not only imperfect but waste incredible amounts of processing power and network bandwidth. Its no wonder that Google and others would love to come up with a mechanism that not only rationalized this code free-for-all but also (likely) tipped the scales ever so slightly in their favor. Finding an alternative should be easy but it would have to at least give the semblance of privacy while preventing some rouge browser supplier (or add on writer) from nullifying it (or worse, gaming it) is likely an impossible task.

    (Either that or they've found a really neat way of gaming the existing system and don't want to let on about it!)

    1. Anonymous Coward
      Anonymous Coward

      Re: Its not just privacy

      An obvious way of gaming the system - prevent anyone else from tracking, while having the browser itself track the user and report home. It's not so much tipping the scales in Google's favor as trying to saw off their competitor's side of the scale.

      Mind you, I'd far rather NEITHER side track!

  7. IGnatius T Foobar !

    Third party cookies are already unreliable

    It's already a bad idea to rely on third party cookies because lots of people have them turned off in their browsers. Privacy-focused browsers such as Brave turn them off by default. And over the last year or so I've seen sites which open up a small redirect window to flow you over to an authentication provider and then back to the site, knowing that the third party cookies won't work a lot of the time.

    Of course, the easiest thing to do is just block Alphabet and Meta at the network level. Meta is easy to block because they provide zero legitimate services. Alphabet, not so much.

  8. Jamie Jones Silver badge

    The W3C should...

    ... they should change the specs to make third-party cookies invalid:

    "Browsers should ONLY honour cookie settings from the URL of the main page - not embeded content, images, iframes etc."

    Sure, this won't stop google, but at least it will be on record that they are in violation of the spec.

    Maybe, even, it will make it easier for regulations to be made against third party cookies.

    This is a perfect example of where a monopoly (or near monopoly) controls the market.

  9. Anonymous Coward
    Anonymous Coward

    From a W3C member

    I've been watching this play out on the W3C mailling lists over the last few years.

    In the red corrner, James Rosewell, a man with an advertising business who tracks users and monetises the data, and is trying to gloss over this by using phrases like freedom, choice and level playing field. In the blue corner, Google the 900lb gorilla. 'Nuff said.

    My considered opinion on this after reading more than a few emails is: a plague on both their houses, but if forced to I'd actually choose Google. This is less an endorsement of Google than a recoil from Rosewell and his "Movement", who's approach to the consensus-driven W3C reminds me very much of the way Farage carried himself in the European Parliament. A personal opinion formed from email only - I've not met him and don't work in web-advertising.

    1. ArrZarr Silver badge
      Unhappy

      Re: From a W3C member

      Cards on the table, I work in marketing (specifically making sure that our marketing data is working)

      Have you considered: The only good Google is a Dead Google, so to hell with them?

      But yes. A plague on both of our houses is a sentiment I can't disagree with.

  10. IGotOut Silver badge

    Remember the good old days...

    when W3C decided the standards...now they just rely on Google to tell them what to do.

    1. stiine Silver badge
      Coffee/keyboard

      Re: Remember the good old days...

      Not quite. Google /ARE/ the W3C these days.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like