Both Apple and Mozilla have already made moves to block third party cookies. Google, on the other hand, has been a bit slower to wholesale block them. In part, this is directly related to the different business models and perceived approaches to privacy first solutions between the three companies.
Apple has a strong reputation for putting privacy first in its product offerings. In June they announced that the latest update to their Safari browser will automatically block third-party cookies, see our blog post here.
Last August, Google announced their Privacy Sandbox. The stated aim of this sandbox is:
“to develop a set of open standards to fundamentally enhance privacy on the web.” 1
Google has decided that until they have a suitable alternative to using cookies for delivering ads, they will not block third party cookies yet. Naturally as a major player in the digital advertising market, Google doesn’t want to restrict publishers funding methods. But, they claim that blocking third party cookies without a suitable alternative, will lead to developers looking to use more anti-privacy workarounds such as Browser fingerprinting.
What is Browser Fingerprinting?
Browser fingerprinting was originally created for security and authentication purposes, but with the restrictions around dropping cookies, it seems that many developers have moved to browser fingerprinting to track web users. It is a powerful method that can collect a significant amount of information about your browser type, version, operating system, active plugins, timezone, language, screen resolution to name a few. These bits of data are combined to create your digital fingerprint which according to Mozilla, cross browser fingerprinting is:
‘capable of successfully identifying users 99% of the time’ 2
Browser fingerprinting is not a transparent practice and largely hides any tracking from the web user. Fingerprinting cannot be controlled in the same way as cookies, so users do not have a choice to switch it off and their privacy is undermined.
What’s the latest from the Privacy Sandbox?
Last month Google announced the introduction of Trust Tokens. These will help improve digital advertising fraud by identifying real users versus bots. The trust tokens are cryptographically signed tokens that are created to identify a user without needing to know their identity. This solution is still in the sandbox and due to hit live testing later this year.
Mozilla have always pitched themselves as a privacy first company citing privacy as their USP compared with their peers. The Firefox browser started blocking third party cookies last September. At the start of this year, to further protect users, they updated the Enhanced Tracking Protection, this now protects their web users from cross site tracking, including browser fingerprinting.
The International Advertising Bureau (IAB)
The IAB is an association created to support the digital marketing and advertising ecosystem. They provide industry standards and research to members. In 2018, they created the Transparency and Consent Framework (TCF) to provide technical standards to enable advertising technology parties to pass GDPR level consent between players within the ecosystem. To ensure organisations are adhering to the framework, those that sign up as a consent management platform (CMP) must take and pass a Validator test before they are given a CMP ID.
Through the framework, CMPs provide a transparent mechanism to control how cookies are used on a website. Cookies are categorised and consent requested for different purposes. This consent for cookies is then made available to the vendors in the digital advertising ecosystem and where consent is provided can bid to provide targeted advertising.
The framework has recently moved to version 2.0, this has been built following feedback from the industry, including publishers and technology providers to further the goals of consumer transparency and choice.
The World Wide Web Consortium (W3C)
All of the companies mentioned are active members of W3C. An international community created to develop web standards. Tim Berners-Lee, the father of the internet, leads the group who have the goal to create a ‘web for all’. 3
A sub-committee of the group, the Improving Web Advertising Business Group, this year announced a new focus, to engage members from the web ecosystem to discuss what happens next with regards to the death of the third-party cookie.
So, for now, we watch the evolving world of web technology for the next instalment.