Google postpones Chrome's third-party cookie bonfire yet again
Construction delays for web giant's Privacy Sandbox keep these bickies on the menu
Google says it needs more time to build and test its ostensibly privacy-preserving ad technology, marketed as the "Privacy Sandbox." So the ad biz has delayed its previous plan to block privacy-pilfering third-party cookies in Chrome until 2024.
Back in January 2020, the internet search giant announced its intention to phase out support for third-party cookies by 2022, after cookie defenses implemented by rival browser makers amounted to a vote of no confidence in cookie-based tracking and lawmakers started paying more attention to privacy and competition concerns.
In the context of the web, cookies are files created by websites on the computers of their visitors. Third–party cookies are set to serve companies affiliated with the website publisher, and in addition to less objectionable uses can be used to track web users as they visit different websites, potentially violating privacy expectations.
Google recognizes the need to heed the call for online privacy but remains determined to preserve its ability to target ads, which the advertising behemoth self-servingly insists are necessary to keep the internet free. And so the Chocolate Factory has been devising Chrome browser APIs like Topics and FLEDGE as part of its Privacy Sandbox initiative "so that publishers and developers can provide free content and grow their business in a privacy-preserving way."
In other words, Chrome will drop third-party cookies but will still provide mechanisms under the Privacy Sandbox brand for website owners and publishers to use to get an idea of the netizens visiting their pages so that they can be targeted with ads.
Things haven't gone as planned. In June 2021, Google pushed its cookie phase-out back to 2023 due to objections from ad tech rivals that raised competitive concerns to regulatory agencies and to problems realizing its Privacy Sandbox vision.
The US mega-corp's Federated Learning of Cohorts (FLoC) API, for example, failed to provide promised privacy. Researchers found it could be used to track people. So Google reworked its code and created a successor called Topics, which began testing in April alongside the FLEDGE API. Other Privacy Sandbox APIs like the Fenced Frames API and the Federated Credential Management API are also currently being evaluated in a browser testing process known as origin trials. In August, Google expects to make these APIs more widely available and to continue testing into next year.
Accustomed to developing web technology at its own pace and leaving rival browser makers with little choice but to follow in order to maintain compatibility – a practice Facebook articulated as "move fast and break things" – Google now finds itself moving cautiously and braking while looking for approval.
- Tracking cookies found in more than half of G20 government websites
- Cookie consent crumbles under fresh UK data law proposals
- Big Tech loves talking up privacy – while trying to kill privacy legislation
- UK monopoly watchdog investigates Google's online advertising business
On Wednesday, Anthony Chavez, VP of Google's Privacy Sandbox, said developers, publishers, marketers, and regulators have asked for more time to evaluate and test Privacy Sandbox technology before the company removes support for third-party cookies in its Chrome browser. And having made commitments to the UK's Competition and Markets Authority that it will engage with concerned parties, Google has reason to comply.
"This deliberate approach to transitioning from third-party cookies ensures that the web can continue to thrive, without relying on cross-site tracking identifiers or covert techniques like fingerprinting," said Chavez.
Chavez said the Privacy Sandbox APIs should be generally available in Chrome by Q3 2023. "As developers adopt these APIs, we now intend to begin phasing out third-party cookies in Chrome in the second half of 2024," he said.
The Register asked Google whether its cookie decommission date might slip yet again, and a spokesperson said the company has nothing to add beyond its blog post. The Chocolate Factory's Privacy Sandbox FAQs, however, acknowledge that the dates published on its timeline may change.
In an email to The Register, Pete Snyder, senior director of privacy at rival browser maker Brave Software, rejected Google's effort to remake targeted advertising for the post-cookie era.
"For over two years, Google has been telling the web a false but comforting story: that tracking based advertising companies can continue operating mostly as-is, and that the changes the Web needs are minor and incremental," said Snyder. "Privacy-respecting companies led by Brave have been shouting the opposite: that real privacy requires fundamental change, and that Privacy Sandbox isn’t that."
"In short, Google has created an unsolvable dilemma for themselves; Google is addicted to tracking, but Google also knows that tracking on the Web is on the way out, for both legal and ethical reasons. Unfortunately, instead of making the hard changes needed to become truly private, Google has again (and again) kicked the can down the road. The result is that Google continues knowingly and intentionally to subject their users to flagrant privacy harm." ®