Google Will Disable Third-Party Cookies For 1% of Chrome Users in Q1 2024 (techcrunch.com) 70
An anonymous reader shares a report: Google's Privacy Sandbox aims to replace third-party cookies with a more privacy-conscious approach, allowing users to manage their interests and grouping them into cohorts based on similar browsing patterns. That's a major change for the online advertising industry, and after years of talking about it and releasing various experiments, it's about to get real for the online advertising industry. Starting in early 2024, Google plans to migrate 1% of Chrome users to Privacy Sandbox and disable third-party cookies for them, the company announced today. Google's plan to completely deprecate third-party cookies in the second half of 2024 remains on track.
In addition, with the launch of the Chrome 115 release in July, Google is making Privacy Sandbox's relevance and measurement APIs generally available to all Chrome users, making it easy for developers to test these APIs with live traffic. Google doesn't plan to make any significant changes to the API after this release. Deprecating third-party cookies for 1% of Chrome users doesn't sound like it would have a major impact, but as Google's Victor Wong, who leads product for Private Advertising Technology within Privacy Sandbox, told me, it will help developers assess their real-world readiness for the larger changes coming in late 2024. To get ready for this, developers will also be able to simulate their third-party cookie deprecation readiness starting in Q4 2023, when they'll be able to test their solutions by moving a configurable percentage of their users to Privacy Sandbox.
In addition, with the launch of the Chrome 115 release in July, Google is making Privacy Sandbox's relevance and measurement APIs generally available to all Chrome users, making it easy for developers to test these APIs with live traffic. Google doesn't plan to make any significant changes to the API after this release. Deprecating third-party cookies for 1% of Chrome users doesn't sound like it would have a major impact, but as Google's Victor Wong, who leads product for Private Advertising Technology within Privacy Sandbox, told me, it will help developers assess their real-world readiness for the larger changes coming in late 2024. To get ready for this, developers will also be able to simulate their third-party cookie deprecation readiness starting in Q4 2023, when they'll be able to test their solutions by moving a configurable percentage of their users to Privacy Sandbox.
umm how is google going to deal with this? (Score:3)
Does google simply not care about 3rd party cookies because they can track on the server side with their search monopoly, or do they put tracking in the query parameters for the ads or what?
Re: (Score:3)
Re:umm how is google going to deal with this? (Score:5, Interesting)
More like an experiment to see what happens LEGALLY when they essentially disable 3rd party tracking and become the monopoly tracker on Chromium based browsers....
Re: (Score:2)
I'm sure they can easily test their own applications with 3rd party cookies disabled. In fact I'm sure they have it as a part of their automated testing suite, since it's been a supported option in Chrome for as long as I can remember.
To see why they are doing this look at how they did the same thing with non-HTTPS websites. The idea is that websites broken by this will notice and fix themselves before it rolls out to everyone. Or not; there are still lots of HTTP websites that now show warnings in Chrome.
T
Re: (Score:2)
I mean... how does their ad business work around not being able to track people.. or is this just performative and there are still ways to track everyone.
Re: (Score:2)
Re: (Score:2)
Tracking is just a means to an end, it's not the goal. If they can target ads some other way, they can head off a lot of regulatory and other hassles, as well as giving customers what they want.
Re: (Score:2)
As well as widening their moat if the targeting is technically challenging enough to implement ;)
Re: (Score:2)
If I understand correctly, Google Analytics adds a first party cookie.
Re:umm how is google going to deal with this? (Score:5, Informative)
I've not enabled 3rd party cookies in Firefox for well over a decade and the web works just fine.
The web works fine with Firefox because they did implement it right. Third party cookies are segregated by top level domain, so an iframe on site A can drop a cookie with no problem. The same iframe will not find its cookie when invoked from side B, but can drop a new one. That addresses the privacy issue and still allow an iframe to drop a session cookie.
Chrome (and Safari) just disallow cookies in iframe entirely now (and other http requests for that matter), effectively breaking the web.
Re: (Score:2)
I browse without Thirdparty-Cookies for longer than this feature exists. If you don't need like buttons you won't notice many problems. There are very little legitimate use-cases.
Re: (Score:2)
There are a lot of legitimate use cases, such as white label integration of a sister site in an iframe (with or without SSO). In business software, this exists a lot. Or should I say "used to exist a lot" since Apple and Google killed it flat with their incompetence.
Re: (Score:2)
As said, there's no use-case that ever broke something for me in the last 10-15 years. I know that like buttons and similar stuff require third-party cookies, but I do not need like buttons. And sites manage to keep their logins working without 3rd party cookies.
Re: (Score:3)
I this is clearly an experiment for them to find out how well their systems work without their 3rd party cookies. I've not enabled 3rd party cookies in Firefox for well over a decade and the web works just fine.
Safari has also blocked them by default for quite a few years. Firefox has *always* provide excellent cookie handling (not just blocking third party cookies... you can tell it to not allow persistent cookies at all for example, and then whitelist individual sites that can).
Google and Microsoft are strange bedfellows, but both would really like everyone to be on a Chrome-based browser so they can slurp up that sweet, sweet tracking data. So I think you're exactly right, but I suspect this is only stage one.
Re: (Score:3)
Does google simply not care about 3rd party cookies because they can track on the server side with their search monopoly
They are moving their ad logic into the browser [9to5google.com]. Basically, the browser tells the website what "topics" you are interested in, and serves you ads based on that.
Re: (Score:2)
Re:umm how is google going to deal with this? (Score:5, Insightful)
The first one. They are tracking you through Chrome, so they will use their monopoly cut off any other ad tracking networks ability to track. This makes their tracking product relatively more unique in the market.
Incorrect.
Google is trying to move to a world in which they don't track users at all. Google doesn't actually want to know about you. It's bad for PR, creates legal liability and causes them to have to deal with an endless stream of subpoenas and warrants for user data (which governments do not compensate Google for). It also enables targeted advertising, which is what Google does want to do, but they believe they have a scheme where the browser can do all of the tracking and analysis itself and then it will tell the ad networks (all of them, not just Google's) what sorts of ads to show, but without given them any user identity information.
In other words, rather than the servers figuring out that user 3824337234 is interested in monster trucks and pink tutus (oh, and incidentally that his name is John Smith, he lives at 125 Elm Street in Springville, Indiana, is an assistant manager at Wal-mart, occasionally buys weed on the dark web and is cheating on his wife and contemplating arranging a deadly accident for her), the user's browser will carefully de-anonymize all web requests, making it impossible to track the user across sites... and will tell the ad servers that he's interested in monster trucks and pink tutus, and nothing else.
This gives Google what they want, the ability to target ads, but without all of the negatives associated with tracking people online.
It also gives people a single opt-out (Score:1)
Re: (Score:1)
Google is trying to move to a world in which they don't track users at all. Google doesn't actually want to know about you. It's bad for PR, creates legal liability and causes them to have to deal with an endless stream of subpoenas and warrants for user data (which governments do not compensate Google for). It also enables targeted advertising, which is what Google does want to do, but they believe they have a scheme where the browser can do all of the tracking and analysis itself and then it will tell the ad networks (all of them, not just Google's) what sorts of ads to show, but without given them any user identity information.
We live in two different worlds in your world is a fucking saint that doesn't track anyone.
In my world Google wants to know everything including real-time location data of countless millions of people resulting in associated legal challenges costing Google hundreds of millions of dollars. There have also been publically disclosed price lists for law enforcement requests.
In my world GPS infested "Android" platform is completely entangled with Google malware and dark patterns where absolutely everything incl
Re: (Score:2)
Google doesn't actually want to know about you.
But if they do -- totally by accident -- they may be slapped with a $500K fine. You know, kind of how like companies allow you to opt out of telemetry, but they "accidentally" keep turning it back on after every software update.
Be realistic. Companies break laws all the time and can just toss a few pennies around to buy their way out of responsibility. As long as the reward is greater than the risk, they will do it. Even banks skimp on security if they feel enforcing best practices is too costly.
NO!!! No disable any cookie!!! (Score:1)
cohorts are disgusting (Score:1)
Chrome attempts to present the cohorts tool as a feature to users. It's disgusting. It monitors user browsing behavior, plain and simple. Find me somebody who actually wants this (and understands that they don't have "nothing to hide").
Re:cohorts are disgusting (Score:5, Informative)
I was one of the people involved in getting the previous iteration, FLoC, shit-canned. To be fair, the current implementation does resolve the worst of the issues.
It's far from perfect, but it's also better than the current situation with third party cookies and extensive tracking. Very easy to disable or block too. The main two problems are:
1. It's opt out for websites. Every site needs to add code to opt out of its content being used to determine topics of interest.
2. Some of the topics are potentially dangerous for some people, e.g. LGBT people in places where that is illegal, or pregnant women who need to keep their pregnancy a secret.
Topics isn't the only thing they are working on. Both Google and Apple are proposing to change the way pingbacks work. Pingbacks let an advertiser know when an ad was clicked on, so they can pay the website displaying it. Basically the plan is to store the pingbacks for a random amount of time between a day and a couple of weeks, before sending it. That makes it much harder to link the site the user was on with their identity, but neither proposal is perfect.
The real issue is that the web is largely ad funded. I know, lots of people here would be happy if ads went away, but realistically that a) won't happen and b) would be bad for many users who would have to pay for services they currently get for free. So it's worth trying to make ads pay while also preserving as much privacy as possible.
Re: (Score:3)
I know, lots of people here would be happy if ads went away,
They have gone away.
Re: (Score:3)
It's far from perfect, but it's also better than the current situation with third party cookies and extensive tracking. Very easy to disable or block too. The main two problems are:
What current situation are you talking about? Sensible browsers have prevented this for years by default. There is no problem presently in need of solving other than Google catching a clue and getting with the program.
1. It's opt out for websites. Every site needs to add code to opt out of its content being used to determine topics of interest.
2. Some of the topics are potentially dangerous for some people, e.g. LGBT people in places where that is illegal, or pregnant women who need to keep their pregnancy a secret.
The real issue is that the web is largely ad funded. I know, lots of people here would be happy if ads went away, but realistically that a) won't happen and b) would be bad for many users who would have to pay for services they currently get for free. So it's worth trying to make ads pay while also preserving as much privacy as possible.
The issue isn't ads its big data assholes like Google stalking everyone on an industrial scale.
You don't need cross site tracking to serve ads and you sure as heck don't need to be inventing any schemes to help those same big data assholes to stalk everyone.
Re: (Score:2)
The issue isn't ads its big data assholes like Google stalking everyone on an industrial scale.
The point of this is to allow advertising networks, including Google, to make money with targeted ads without stalking everyone on an industrial scale.
Re: (Score:2)
In other words, rather than the servers figuring out that user 3824337234 is interested in monster trucks and pink tutus (oh, and incidentally that his name is John Smith, he lives at 125 Elm Street in Springville, Indiana, is an assistant manager at Wal-mart, occasionally buys weed on the dark web and is cheating on his wife and contemplating arranging a deadly accident for her), the user's browser will carefully de-anonymize all web requests, making it impossible to track the user across sites... and will tell the ad servers that he's interested in monster trucks and pink tutus, and nothing else.
...
The point of this is to allow advertising networks, including Google, to make money with targeted ads without stalking everyone on an industrial scale.
I know this may seem like a crazy idea - you could simply ASK users what sort of ads they want to see.
If they don't want to say do what advertising industry has always done target content. This is all advertisers are entitled.
I think there should be anti-trust laws preventing just this sort of vertical integration. Advertising companies especially ones with such a dominant market position should not be allowed to also produce browsers with a dominant market position containing features designed explic
Re: (Score:2)
Re: (Score:2)
pay them answer. Offer them a $5 visa gift card you'll get responses. You don't even need to give them 'real money'
If you Microsoft or someone it becomes 'Complete you Edge ad preferences and get $5 your next o365 subscription period, or an extra 2GB of 1 drive storage!"
Re: (Score:2)
Very few browsers defend against tracking well out of the box. Mullvad Browser is the only one I'd recommend.
So by the "currently situation", I mean how most people are tracked. Even the ones canny enough to install uBlock.
The whole point of Topics is that it's not stalking. It moves everything to the local browser. Ad servers can only request general topics of interest, and you can send them an empty list if you like. That's why the rest of the ad industry is so upset about it. They like to laser focus ads
Re: (Score:2)
Very few browsers defend against tracking well out of the box. Mullvad Browser is the only one I'd recommend.
Firefox's cookie protection is enabled by default. It silos all state to the top site.
The whole point of Topics is that it's not stalking.
I don't agree. It's derived from recent browsing history which users may not wish even to indirectly share digests of.
It moves everything to the local browser.
It's amazing ML classifiers and ad auctioning all running in the browser for the purpose of leaking information to sites while the user remains completely oblivious.
Ad servers can only request general topics of interest, and you can send them an empty list if you like. That's why the rest of the ad industry is so upset about it. They like to laser focus ads and Topics doesn't allow that.
The industry was never entitled to the deal it had before. It should have learned years ago to live with the fact easy cookie based global c
Re: (Score:2)
Oh, has Firefox made that default? That's good.
Look, I'm not saying it's good that the internet is built in this stuff. I also don't want to see people who rely on free services get cut off. I think with some tweaks there might be a half decent solution here. As I said, the main issue is the list of topics has some sensitive ones.
Google can't really go further though. Regulators won't let them. Even Topics is controversial, with calls for an investigation from other companies. The EU already banned or made
Re: (Score:2)
1. It's opt out for websites. Every site needs to add code to opt out of its content being used to determine topics of interest.
Do you have a link to this info? When the time comes, I want to be sure every site I'm involved with is opted out.
Re: (Score:2)
https://developer.chrome.com/e... [chrome.com]
Re: (Score:2)
Thank you for the link!
It's beyond annoying, though, that opting out requires we return an extra HTTP header with every damn webpage. I can do that with my sites, but not everyone is going to have that as an option.
Re: (Score:2)
Indeed. Not as bad at the WiFi opt out where you somehow need to have half a dozen different suffixes in your SSID.
Re: (Score:2, Flamebait)
The real issue is that the web is largely ad funded. I know, lots of people here would be happy if ads went away, but realistically that a) won't happen and b) would be bad for many users who would have to pay for services they currently get for free. So it's worth trying to make ads pay while also preserving as much privacy as possible.
There was an advertisement industry before we had trackers, web bugs, ad networks and the whole lot. Yeah sure, it wasn't so "targeted". But that's a huge pile of bullshit anyways. It mostly benefits Google and Facebook, etc. and not the people buying ads.
Throw it out. Buy ad space the old fashioned way. No tracking needed. Pay for impressions. Don't trust the website to honestly track impressions? Don't advertise with people you don't trust.
Google became big by replacing obnoxious banners with non-obnoxiou
Re: (Score:2)
That would make it very hard for smaller sites to get by.
Re: (Score:2)
> That would make it very hard for smaller sites to get by.
Why? You can still group up.
Re: (Score:2)
First, your post above doesn't deserve the flamebait mod. I absolutely understand that ads are the worst possible solution, except for all the other ones.
Targeted ads pay out a lot more than billboard style ones, that are at best related to the content of the site being viewed. That's not much help for something like a news website, where many of the topics are unlikely to be of much interest to advertisers.
Established websites, especially networks of sites all owned by the same parent, can get around the l
Re: (Score:2)
> Targeted ads pay out a lot more than billboard style ones,
This is the point I'm making. All this "targeting" primarily serves FB and Google. Do they actually work better than billboard ads? Are there studies proving that which are not paid for by those who profit?
> can get around the lack of 3rd party cookies and still profile the user
I'm saying: "What about just NOT profiling the user?"
Re: (Score:2)
b) would be bad for many users who would have to pay for services they currently get for free.
That wouldn't be as much of a problem if there were more options. Most of the time a subscription isn't available at all. Increasingly, if we do have the ability to pay, we still get ads anyway.
Preserving privacy is simply not in the cards if the ad industry insists on being scummy, broken, and unreasonable.
Re: (Score:2)
1. It's opt out for websites. Every site needs to add code to opt out of its content being used to determine topics of interest.
Which is enough reason alone to consider the entire thing to be hostile. It would trivially easy say something like you need to send a response header (once for the host) like 'AdTopicsEnable: yes' to turn it on. They could even do an HSTS like pre-roll thing for sites that want to make sure they don't miss ad revenue on that very first page load...instead we get opt-out..
Re: (Score:2)
A good way to do it might be tit-for-tat, as in if you access the Topics API then your website contributes to the topics.
Zero trust in Google. They can go fuck themselves. (Score:1)
How does it work? (Score:2)
I read a few Google pages on it but it's all marketing spew.
Are the identifiers stored locally or on G's servers?
Even if stored locally it wouldn't be hard to also store those identifiers on G servers to bust through any privacy provided but -only- for G and those paying G for that "private" information and correlation to a real person.
Re: (Score:1)
Re: (Score:2)
I assume that's the case but couldn't readily find anything technical on it. There was junk about various working groups and other bullshit and a 4 page list of company logos but no hint as how it actually works.
Re: How does it work? (Score:2)
doesnt that break google drive? (Score:1)
So are they going to then fix google drive not being able to download files without 3rd party cookies enabled?
Didn't every tracker go to scripts and bugs? (Score:2)
Welcome to the Chrometernet (Score:2)
Re: (Score:1)
A mix of one-person maintained and so insecure outdated shit, and stuff like crypto-scam browser Brave, any of which could disappear at a moment's notice and most of which are based on Google code anyhow.
No thanks.
I'll stick with the only *real* alternative to Chrom* outside of Apple's (pretty crappy) Safari.
Firefox.
In other news (Score:2)
Foxes guarding hen-houses state better, more secure fences, will be erected by 2024. News at 11.
Re: (Score:2)
People keep cookies? (Score:5, Interesting)
Why are people keeping hold of their cookies? Get rid of them. When you start browsing in the morning, clear everything. Start fresh so everyone thinks you're someone new. At some point during the day delete a bunch of cookies from advertisers and whatnot.
This isn't difficult. Well, for Chrome users it probably is. For everyone else there's script blockers.
Re: (Score:2)
Re: (Score:3)
Whitelisting. Clear all cookies except for the sites I've whitelisted.
I seriously cannot believe this feature doesn't exist as standard in every browser. Blacklisting does not work and never has. Have we learned nothing from the failure of antivirus software?
Re: (Score:2)
People are lazy and like to keep their settings like logins. :(
Chrome now Brave (Score:2)
Fuck these advertisers and their categories. Fuck advertising. I want to pay for a browser that does not data rape me.
Update your flash plugin while your at it. (Score:2)
I had no idea cross site cookies were still even a thing. Assumed everyone went with cookie isolation by default years ago.
As for rolling out new privacy destroying malware with your browser unsurprising to see Google living up to its reputation for sleazy behavior.
This seems like a good time to say it (Score:2)
Can't come soon enough (Score:2)
Look, I don't trust Google as far as I can throw them, but this change? It's a good one.
Setting aside cohorts and other Chrome-specific aspects to this that most of us find objectionable—which are entirely avoidable if you change browsers—realize what's happening here: the maker of the largest browser in the world is saying that they will drop support for the most widely-adopted, easiest to implement tracking method available to advertisers today.
That's a win.
And with Chrome paving the way, any
Re: (Score:2)
Look, I don't trust Google as far as I can throw them, but this change? It's a good one.
I don't trust Google at all, regardless of their claims of "improved privacy", because they've continually abused people's privacy in the past (almost as much as FuckedBook, which isn't exactly how anyone would want to be compared to) - in other words, "too little, too fucking late" for them in my book.
Re: (Score:2)
I agree with all of that. It’s still the case that switching off third-party cookies is a good thing. Cohorts are a separate issue, which I addressed later in my comment.