Google pencils in limited third-party cookie purge for January
One percent of Chrome users will experience the web as if using Firefox or Safari
Starting January 4, 2024, Google says it will begin blocking third-party cookies by default in Chrome for one percent of users, only three or four years after rival browsers implemented similar privacy protections.
Expect some websites and services to break.
Third-party cookies – files for ad tracking, analytics, and other functions that get stored in the browsers of website visitors by website partners – have been a known privacy problem for years. They allow those running web page scripts to track people across different websites and to compile dossiers of interests and activities.
Mozilla and Brave announced the blocking third-party cookies by default in 2019 for their respective browsers. Mozilla's Firefox was fitted with an improved version called Total Cookie Protection in April 2023, which suggests the initial version, dubbed Enhanced Tracking Protection, had some gaps.
Google has been slow to respond to rivals due in part to its Privacy Sandbox project, a suite of technologies intended to enable targeted advertising – a significant source of revenue – without the privacy risks of third-party cookies. Before disavowing third-party cookies, it needed a replacement.
The Privacy Sandbox has been bitterly opposed by ad tech rivals, who argue that they will be deprived of valuable data that improves ad performance while Google will continue to have access to such information because, among other advantages, Chrome users identify themselves to the company by being signed-in to their Google Accounts while browsing.
The complaints from concerned marketers have been such that the UK's Competition and Markets Authority (CMA) decided to hold Google to a set of commitments to implement its Privacy Sandbox transition even-handedly. The CMA's goal is to prevent Google from moving fast and breaking things in a way that harms competition.
Thus, as we reported in November, Google has been public about its plans to test the removal of third-party cookies, before extending the cookie cleanse to a wider audience. And now its purge has a name: Tracking Protection, a more modest take on Apple's Intelligent Tracking Protection and Mozilla's Total Cookie Protection.
"On January 4, we'll begin testing Tracking Protection, a new feature that limits cross-site tracking by restricting website access to third-party cookies by default," said Anthony Chavez, VP of Google's Privacy Sandbox project, in a blog post on Thursday. "We'll roll this out to 1 percent of Chrome users globally, a key milestone in our Privacy Sandbox initiative to phase out third-party cookies for everyone in the second half of 2024, subject to addressing any remaining competition concerns from the UK’s Competition and Markets Authority."
- Google Chrome coders really, truly, absolutely ready to cull third-party cookies from 2024
- Google dragged to UK watchdog over Chrome's upcoming IP address cloaking
- Google - yes, that Google - testing proxy scheme to hide IP addresses for privacy
- Online tracking is alive and well in link decoration
Behind the scenes, Google has been preparing for problems. In a post last month to the mailing list for Chrome's Blink rendering engine, Chrome engineering leader Rick Byers characterized the risk of website breakage when third-party cookies get disabled as "moderate."
Byers observed that while most sites already function with Safari and Firefox, which disable third-party cookies by default, there are still plenty of websites that tell users they need to enable third-party cookies to function.
"So I think we have to say that there are a non-trivial number sites where the severity is total site breakage – necessitating all the mitigations, even if most impacted sites have non-visible breakage," he wrote.
An IT consultant posting to the thread echoed Byers's concerns, noting that his firm provides clients with embedded analytics capabilities through dashboard interfaces, which often rely on iframes and cross-domain third-party cookies for authentication. These may malfunction when third-party cookies get disabled, the consultant suggested.
Byers said he hopes this technical transition will lead to better browser interoperability and will not become a reason people shift to Chrome or another Chromium-based browser like Microsoft Edge to maintain website functionality.
"The other two major engines have disabled 3PCs [third-party cookies] by default for some time," he wrote. "I'm personally uncomfortable with 3PC-related breakage being a reason why developers might encourage users to use Chromium-based browsers. Restoring interoperability across browsers seems like strong motivation for accepting some risk here." ®