W3C Slams Google U-turn on Third-Party Cookie Removal (w3.org) 26
The World Wide Web Consortium (W3C) has expressed disappointment with Google's decision to retain third-party cookies, stating it undermines collaborative efforts. Google's reversal follows a five-year initiative to develop privacy-focused ad technology. While some advertising industry representatives welcomed the move, the W3C's criticism highlights the ongoing debate over online privacy and advertising practices. W3C writes: Third-party cookies are not good for the web. They enable tracking, which involves following your activity across multiple websites. They can be helpful for use cases like login and single sign-on, or putting shopping choices into a cart -- but they can also be used to invisibly track your browsing activity across sites for surveillance or ad-targeting purposes. This hidden personal data collection hurts everyone's privacy.
We aren't the only ones who are worried. The updated RFC that defines cookies says that third-party cookies have "inherent privacy issues" and that therefore web "resources cannot rely upon third-party cookies being treated consistently by user agents for the foreseeable future." We agree. Furthermore, tracking and subsequent data collection and brokerage can support micro-targeting of political messages, which can have a detrimental impact on society, as identified by Privacy International and other organizations. Regulatory authorities, such as the UK's Information Commissioner's Office, have also called for the blocking of third-party cookies.
The job of the TAG as stewards of the architecture of the web has us looking at the big picture (the whole web platform) and the details (proposed features and specs). We try to provide guidance to spec authors so that their new technologies fill holes that need to be filled, don't conflict with other parts of the web, and don't set us up for avoidable trouble in the future. We've been working with Chrome's Privacy Sandbox team (as well as others in the W3C community) for several years, trying to help them create better approaches for the things that third-party cookies do. While we haven't always agreed with the Privacy Sandbox team, we have made substantial progress together. This announcement came out of the blue, and undermines a lot of the work we've done together to make the web work without third-party cookies.
The unfortunate climb-down will also have secondary effects, as it is likely to delay cross-browser work on effective alternatives to third-party cookies. We fear it will have an overall detrimental impact on the cause of improving privacy on the web. We sincerely hope that Google reverses this decision and re-commits to a path towards removal of third-party cookies.
We aren't the only ones who are worried. The updated RFC that defines cookies says that third-party cookies have "inherent privacy issues" and that therefore web "resources cannot rely upon third-party cookies being treated consistently by user agents for the foreseeable future." We agree. Furthermore, tracking and subsequent data collection and brokerage can support micro-targeting of political messages, which can have a detrimental impact on society, as identified by Privacy International and other organizations. Regulatory authorities, such as the UK's Information Commissioner's Office, have also called for the blocking of third-party cookies.
The job of the TAG as stewards of the architecture of the web has us looking at the big picture (the whole web platform) and the details (proposed features and specs). We try to provide guidance to spec authors so that their new technologies fill holes that need to be filled, don't conflict with other parts of the web, and don't set us up for avoidable trouble in the future. We've been working with Chrome's Privacy Sandbox team (as well as others in the W3C community) for several years, trying to help them create better approaches for the things that third-party cookies do. While we haven't always agreed with the Privacy Sandbox team, we have made substantial progress together. This announcement came out of the blue, and undermines a lot of the work we've done together to make the web work without third-party cookies.
The unfortunate climb-down will also have secondary effects, as it is likely to delay cross-browser work on effective alternatives to third-party cookies. We fear it will have an overall detrimental impact on the cause of improving privacy on the web. We sincerely hope that Google reverses this decision and re-commits to a path towards removal of third-party cookies.
The W3C is irrelevent now. (Score:4, Informative)
Re: (Score:3)
They sat on their ass for years, letting WhatWG do the actual work on HTML5 and they refused to take action against Internet Explorer in the 90s. They did have a browser at one point (Amaya), but it was KDE that actually did the hard work in making a good browser engine that was adopted by nearly all subsequent browser makers. A lot of the rot started over 25 years ago now, and the W3C is just yet another organization that whines without actually doing anything about it. Like it or not Google is the real standards marker of the web, backed up by Cloudflare who locks out "bot" browsers.
Like it or not Google is the real standards marker of the web, backed up by Cloudflare who locks out "bot" browsers.
Particularly when it comes to cookies and analytics. So far as I can tell, W3C focuses their effort on code and rendering. Cookies that can be used for tracking, not so much. Imagine configuring your browser to 404 every page that uses google analytics and how different your world would be.
If you are concerned with being tracked, the EFF and the EU are your friends.
If you want to ethically measure your own website, try https://matomo.org/ [matomo.org]
W3C commented about this yesterday (Score:2)
Third party cookies have got to go. [w3.org]
Re: (Score:1)
We arenâ(TM)t the only ones who are worried. The updated RFC that defines cookies says that third-party cookies have âoeinherent privacy issuesâ and that therefore web âoeresources cannot rely upon third-party cookies being treated consistently by user agents for the foreseeable future.â We agree.
Its that 'treated consistently' part that tells you the w3c are f'ing sell outs. Its none of your business what my user-agent does with your sites cookies. If sends them back to you - great, if not I am new visitor, if it sends them to someone else, fine you can whatever integration you like, if not to bad..
That is what actual privacy looks like; what Google was building was basically a massive F-U to everyone not in the ad industry.
Re: (Score:2)
"Third party cookies have got to go."
Go go Mozilla?
Re: (Score:2)
My hosts file looks for Google Analytics on 127.0.0.2 and I haven't noticed that the web doesn't work.
Re: The W3C is irrelevent now. (Score:2)
Right!? I wonder who's that 3rd party that keeps putting cookies into everyone's browser.
(FWIW, I've long done away with those, too:)
Re: (Score:2)
W3C has been captured for ages. https://en.wikipedia.org/wiki/... [wikipedia.org]
Seems simple to me (Score:2)
Release plug-ins and add-ons and complete browsers all advertising the hell out of "blocking 3rd party cookies which are frequently used maliciously" and when said cookies are useless most of the time, Google will give up.
Not everyone uses a browser where you can't do something about it.
Then again, I have about zero experience in browser development and no knowledge of how much of the market Chrome owns. Maybe Google CAN force the market.
Re:Seems simple to me (Score:5, Interesting)
Google isn't doing this because they like 3rd party cookies. They are doing it because regulators are watching them.
Advertisers have been moaning about Privacy Sandbox since the start. If Google puts all their rivals out of business with an unproven alternative, regulators are going to take an interest.
Nobody else is helping either. You have a lot of people and even minor browser vendors saying just block it all, but again the regulators would never allow Google to do that.
Good (Score:3)
What are problems with 3rd party cookies (Really) (Score:2, Informative)
Either users agents are either so old as to be mostly broken as far as the 'web' goes anyway, I am separating that from HTTP more generally, and your non-interactive stuff like curl/wget, or they support Access-Control-* and Content-Security-Policy with its very cookie directives.
Between those things and the various CORS policy headers, I don't understand what problem you can't solve at least with a tiny amount to JS glue here and there to pass cookies with what ever set of rules, restrictive or not as need
Re: (Score:2)
Old man yells at a cloud (Score:1)
...how many divisions^Weyeballs does the W3C have?
W3C is just another entity that's been thoroughly taken over by activists and has no relevance to original purpose.
Naïve (Score:4, Interesting)
It's like when Amnesty International is asking China to release a politic prisoner.
The response is just the same: hahahaha.
Re: (Score:2)
Bingo.
W3C SLAMS Advertising Tracking, Surveillance, and Political Rigging Company for Backing Out of Pledge to Curtail Advertising Tracking, Surveillance, and Political Rigging.
The only thing more cringe is /. jumping on the
bandwagon of inappropriate high-emotion clickbait headlines like SLAMS.
If only Firefox, Brave, Konqueror, Safari, Vivaldi, or Arc were available!
Re: (Score:2)
Re: (Score:2)
Re: (Score:1, Troll)
I've got almost 30 years of web traffic data that conclusively proves what I wrote is factual.
Anything else?
Re: (Score:1)
Re: Huh? (Score:5, Insightful)
Nobody visits web sites any more
Ever since I got on Facebook and found everything I need right there, I don't use the internet anymore. /s
Re: (Score:2)
Privacy-focused ad technology :o (Score:2)
W3C Slams Google (Score:2)