Google says it will not come up with new ways to track individual netizens as they browse the web once Chrome phases out third-party cookies, commonly used for loosely observing people's online activities.
In effect, the browser will not provide ad networks – and Google runs a very large one – alternative identifiers that can be used to follow individuals around the web, though it's not clear exactly how this will impact Google, which already has a variety of ways to shadow internet users.
Early last year, Google announced a plan to kill off third-party cookies, often used to associate you with the websites you visit so that adverts tailored to your interests can be shown on pages. Google made the move after other major browser makers decided to block third-party cookies by default because the little scraps of data can be abused to subvert privacy, and after regulators made it clear they had concerns about ad tech giants Google and Facebook.
Google aims to replace third-party cookies with its Privacy Sandbox, an umbrella term for a set of proposals from Google and other ad tech firms, to allow behavioral ad targeting to continue without individualized tracking identifiers.
Instead, the ad goliath intends to target broad groups of netizens defined by a common interest – eg, jazz fans – through a system called FLoC (Federated Learning of Cohorts), and at narrower groups defined by past interest-based interaction, through a scheme called FLEDGE (First "Locally-Executed Decision over Groups.")
Google plans to start testing FLoC-based cohorts publicly via origin trials in next month's release of Chrome and to make testing available for advertisers in Q2.
The idea has alarmed the ad industry, which isn't keen to give up the ability to track people and has proposed alternatives like a new identifier based on data like email addresses, normally classified as personal information.
- Euro privacy watchdog calls for end of targeted advertising plus a squeeze on the processing of personal info
- In a trial run, Google Chrome to corral netizens into groups for tailored web ads rather than target individuals
- What can we rid the world of, thinks Google... Poverty? Disease? Yeah, yeah, but first: Third-party cookies – and classic user-agent strings
Digital ad outfits, concerned that Google's cookie fast will blind them, have encouraged regulators to dig into the Google Privacy Sandbox for evidence the changes would increase Google's already considerable market power.
In a blog post on Wednesday, David Temkin, director of product management in Google's Ads Privacy and Trust group, acknowledged that the digital ad industry's data collection, largely gathered via third-party cookies, has "led to an erosion of trust."
Thus despite Google's Privacy Sandbox announcement and its claimed commitment to building an anonymity-preserving ad auction system that runs within the browser, rather than some ad company's server, Temkin said the Chocolate Factory still gets questions about whether it will implement alternative identifiers as other ad tech firms have proposed.
"Today, we’re making explicit that once third-party cookies are phased out, we will not build alternate identifiers to track individuals as they browse across the web, nor will we use them in our products," said Temkin.
Once third-party cookies are phased out, we will not build alternate identifiers to track individuals as they browse across the web, nor will we use them in our products
He also took a swipe at these proposed identifiers, like those based on email addresses.
"We don’t believe these solutions will meet rising consumer expectations for privacy, nor will they stand up to rapidly evolving regulatory restrictions, and therefore aren’t a sustainable long term investment," he said.
Temkin, however, did not disavow targeted advertising. As tech investor Paul Graham put it via Twitter, "What this news tells me is that Google has found a way to target ads just as effectively without using this data."
Expect targeted ads to rely more on first-party data, data that companies collect about their own customers. Temkin said Google will continue to support first-party relationships on its ad platforms, which works out well for Google because it has a first-party relationship with users of its own products and services.
Via Twitter, Steven Englehardt, privacy engineer at Mozilla, observed, "I'd love for Google to clarify how the browsing history data collected as part of Chrome sync will be used going forward. Committing to removing cross-site identifiers from the web is great, but less exciting if they collect that exact same data through Chrome."
Brave buys a search engine, promises no tracking, no profiling – and may even offer a paid-for, no-ad versionREAD MORE
In an interview with The Register, Diana Lee, CEO and co-founder of digital ad biz the Constellation Agency, expressed concern that Google's focus on data privacy will serve mainly to empower Google and other companies that have access to first-party data. Pointing to both Google's shift toward privacy and Apple's iOS 14 limitations affecting Facebook, she said the large tech companies still have the data, they're just not selling it, and that makes them more powerful.
"The problem is these data providers that are out there, like Oracle and IHS, all of the big giant ones, are worth billions of dollars already," she said.
"They have first party data. They also have data besides digital data. Because they have purchase data as well. They have consumer interest data. They have consumer behavior data. They've got all of it already. And we're not restricting them from using this data. We're restricting everybody else. So it's making all of the powerhouses even more powerful."
In short, Lee argues that the narrow focus on digital privacy is hurting small marketers without addressing the dominance of big tech companies.
Justin Brookman, head of tech policy for Consumer Reports, made a similar point via Twitter, noting that Google's Privacy Sandbox gives the company "exclusive access to cross-site data in Chrome, cementing its market position, and allowing it to charge higher prices and extract more surplus from each ad transaction."
Brookman contends platform access and use needs to be regulated. In the meantime, marketers may have to console themselves with CNAME tracking, a way of manipulating DNS records so third-party companies operate as if they were first-party. Problem solved. ®
- Black Hat
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Google AI
- Google Cloud Platform
- Google Nest
- Identity Theft
- Palo Alto Networks
- Tavis Ormandy