Google: About that whole getting rid of third-party cookies thing – we're gonna need another year or so

Plan to reinvent advertising turns out to be more difficult than expected


Google, which makes the only major browser not blocking third-party cookies by default, has revised its commitment to phase out third-party cookies by 2022.

The super-corp's biscotticide is now scheduled to begin in mid-2023 and run through late 2023.

Third-party cookies refer to tracking files deposited in one's browser when visiting a website that includes code interacting with third-party domains. The firms associated with these domains, typically marketing and analytics businesses, check for the presence of their cookies across different websites and use this information to build marketing profiles and to target ads based on behavior.

In doing so, they deny people privacy, without much friction from Chrome, the window through which much of Google's web ad business operates. Some years ago, Apple, Brave, Microsoft, Mozilla, and Vivaldi began blocking third-party cookies by default in their respective browsers, sensing an opportunity to compete with Google by taking privacy seriously.

That said, Microsoft Edge's default might be called half-hearted, though it uses the term "Balanced" to reflect that Microsoft is okay with some third-party cookies to minimize application misbehavior)

Google's announcement in January 2020 that it would phase out third-party cookies showed that privacy – or at least the marketing of privacy – could no longer be ignored. But unwilling to abandon targeted advertising and ad analytics on the web, the ad giant threw itself into developing alternative ad tech that would provide similar data while ostensibly preserving privacy.

Since then, a series of these proposals – referred to as the Privacy Sandbox – from Google and other ad companies have been floated. The most notable of these has been FLoC or Federated Learning of Cohorts, a scheme to divide internet users into thousands of theoretically anonymous groups based on interests and demographics.

Initial testing, involving about 34,000 Cohorts, has not gone all that well. Doubts about Google's privacy claims for FLoC persist and other browser makers have distanced themselves from the still-developing technology or outright disavowed it.

Among those willing to give Google the benefit of the doubt, there's still hope that other incubating Privacy Sandbox proposals with bird-themed names like FLEDGE may prove less controversial. But hatching health technical specs that can survive intense scrutiny from security and privacy researchers, not to mention regulators, will take time.

Deadlines fly by

On Thursday, the Chocolate Factory said it doesn't expect to complete its third-party cookie transition until late 2023, almost two years beyond its initial target date. The problem is that the ad tech intended to take over where third-party cookies left off remains half-baked, there's not yet industry consensus on the way forward, and there are legal issues to resolve.

"For Chrome, specifically, our goal is to have the key technologies deployed by late 2022 for the developer community to start adopting them," explained Vinay Goel, privacy engineering director for Chrome, in a blog post.

"Subject to our engagement with the United Kingdom’s Competition and Markets Authority (CMA) and in line with the commitments we have offered, Chrome could then phase out third-party cookies over a three month period, starting in mid-2023 and ending in late 2023."

The UK CMA earlier this year said it had received complaints from marketeers that Google's Privacy Sandbox plan was anticompetitive. And its interest has since expanded to include Apple's App Store.

The timing of Google's cookie killing coincides with the time when California will begin enforcing the California Privacy Rights Act, July 1, 2023. Under the CPRA, Google will have additional privacy and data handling obligations.

Via Twitter, Ashkan Soltani, a privacy researcher and former Federal Trade Commission technologist, expressed disappointment with Google's decision to delay third-party cookie banishment.

"The greatest trick the devil ever pulled was convincing reporters [and] policymakers that you can only have competition by reducing privacy," Soltani said. "Blocking cookies is independent of half-baked ad tracking proposals like FLoC… Google can block cookies [without] the rest of 'Privacy Sandbox'."

Google can. But it has other plans. ®

Broader topics


Other stories you might like

  • Lonestar plans to put datacenters in the Moon's lava tubes
    How? Founder tells The Register 'Robots… lots of robots'

    Imagine a future where racks of computer servers hum quietly in darkness below the surface of the Moon.

    Here is where some of the most important data is stored, to be left untouched for as long as can be. The idea sounds like something from science-fiction, but one startup that recently emerged from stealth is trying to turn it into a reality. Lonestar Data Holdings has a unique mission unlike any other cloud provider: to build datacenters on the Moon backing up the world's data.

    "It's inconceivable to me that we are keeping our most precious assets, our knowledge and our data, on Earth, where we're setting off bombs and burning things," Christopher Stott, founder and CEO of Lonestar, told The Register. "We need to put our assets in place off our planet, where we can keep it safe."

    Continue reading
  • Conti: Russian-backed rulers of Costa Rican hacktocracy?
    Also, Chinese IT admin jailed for deleting database, and the NSA promises no more backdoors

    In brief The notorious Russian-aligned Conti ransomware gang has upped the ante in its attack against Costa Rica, threatening to overthrow the government if it doesn't pay a $20 million ransom. 

    Costa Rican president Rodrigo Chaves said that the country is effectively at war with the gang, who in April infiltrated the government's computer systems, gaining a foothold in 27 agencies at various government levels. The US State Department has offered a $15 million reward leading to the capture of Conti's leaders, who it said have made more than $150 million from 1,000+ victims.

    Conti claimed this week that it has insiders in the Costa Rican government, the AP reported, warning that "We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power, you have introduced an emergency." 

    Continue reading
  • China-linked Twisted Panda caught spying on Russian defense R&D
    Because Beijing isn't above covert ops to accomplish its five-year goals

    Chinese cyberspies targeted two Russian defense institutes and possibly another research facility in Belarus, according to Check Point Research.

    The new campaign, dubbed Twisted Panda, is part of a larger, state-sponsored espionage operation that has been ongoing for several months, if not nearly a year, according to the security shop.

    In a technical analysis, the researchers detail the various malicious stages and payloads of the campaign that used sanctions-related phishing emails to attack Russian entities, which are part of the state-owned defense conglomerate Rostec Corporation.

    Continue reading

Biting the hand that feeds IT © 1998–2022