23 Feb 2020

Privacy on the Web – The End of Third-Party Cookies

Privacy on the web is a growing concern for everyone operating in today’s digitally-driven society. As technology dominates almost every aspect of modern communication, commerce, and personal interaction, ensuring your cyber personas remain secure is now more vital than ever. The information age may have unleashed an unprecedented wave of innovation, collaboration, and universal access, but it has come at a personal cost. As our interaction with online services increases at an exponential rate, whether it be for personal or professional reasons, tracking software observes and records each mouse click and every site or service we visit.

What are Cookies?

Cookies have always been a core component of the modern web. They are a vital element in any online service as they provide context for every user interaction. As HTTP is a stateless protocol, cookies allow a web service to track a user’s activity. Without cookies, basic functionality, such as determining a user’s logged on status, would not be possible. This fundamental element creates the seamless experience we expect of advanced web applications. It utilizes a few kilobytes of data sent from the website that is then stored by the user’s browser on their computer. Each time you revisit a site or service, or even navigate to another page on the same website, the saved cookie on your device provides the webserver with the information it needs to retain the state of your session.

As you navigate across the Internet, your browser stores cookies that provide the information needed for online services. Most cookies are useful, if not essential, to ensure you can interact with a site’s functionality effectively. Storing data such as your login information, what is in your shopping cart, or what language you prefer, is vital for many modern web platforms. However, not all cookies are harmless. Some cookies remain active after you have left the site that stored them on your device, continuing to track your movements. Named third-party persistent cookies as they do not originate from the website or service you are actively visiting, these digital tracking devices monitor your online activities.

Types of Cookies

There are fundamentally two types of cookies. These can be categorized as either session or persistent.

Session Cookies

Session cookies, as their name suggests, only exist for the duration of your session on a particular website. They remain in temporary memory, and your device deletes them when you close your browser. A shopping cart on an eCommerce website would use a session cookie to ensure the cart is empty the next time you visit the site.

Persistent Cookies

Persistent cookies remain on your device after you close your browser and typically have an expiry date. Websites use persistent cookies to enhance the quality of your user experience. For example, they can keep you signed in, so you do not need to enter your login credentials each time you visit the site. They can also remember all the pages you have visited, keeping a history you can refer to while navigating sites with multiple pages and offerings.

The Difference Between First and Third-Party Cookies

Persistent cookies can be categorized further into first and third-party cookies. First-party cookies originate from the site you intentionally visit and enhance your user experience. Third-party cookies originate from external sites or services. As most modern web applications render content from a variety of sources in real-time, third-party cookies often accompany them. Advertisements on websites, social media widgets, and web analytics are all examples of external services that have the potential to install a third-party persistent cookie on your device.

How Third-Party Cookies Track You

Although there may be some valid use cases for third-party cookies, the overwhelming majority of these files track your activity as you navigate across the Internet. The majority of these tracking cookies use the data they gather to target you with advertisements based on your Internet browsing profile. The process that allows third parties to track you in this manner starts with you picking up a tracking cookie when you visit a site that hosts an external service such as a social media widget or external ad. After you visit that site and navigate to a different website that hosts the same advertising platform, the persistent cookie you picked up then targets you with adverts that align with your tracked browsing profile.

Limiting your Exposure to Tracking Cookies

Since tracking cookies are pervasive across the Internet, they have an impact on your privacy as they gather a vast amount of information about the sites you visit. Continuously deleting your cookies is a proven way to prevent this behavior but does have its disadvantages. As mentioned previously, first-party cookies enhance your user experience and improve the usability of the sites you visit often. Deleting all your cookies will require you to log into your account each time. It can also impact the seamless functionality you expect of modern web applications detrimentally. The clear solution to this challenge is only to delete third-party persistent cookies. However, manually deleting these cookies can be complicated and time-consuming. You would need to identify the relevant cookies and remove them individually.

Google Chrome to end Support for Third-Party Cookies

As individuals demand greater privacy on the web, browser developers, and global technology organizations have started to implement features to align with the needs of their user base. Google recently announced that they would phase out support for third-party persistent cookies in their Chrome browser in the next two years. In addition to this announcement, they have also stated that they will implement techniques to limit cross-site tracking by enforcing SameSite rules. Chrome currently has the largest share of the browser market at 69%. These shifts by Google will have a far-reaching impact on multiple industries that have built their business on tracking user behavior and monetizing that information.

Privacy on the Web –Governments and Companies Act

Privacy on the web has been a growing concern for many users, organizations, and governments over the past few years. Legislation such as the European Union’s General Data Protection Regulation (GDPR) and the recent enactment of the California Consumer Privacy Act (CCPA) are reactions to incidents that have highlighted the disregard many organizations have for the privacy of individuals. Initiatives such as ‘The Contract for the Web’ are further examples of the growing concern the Internet community has on personal privacy. The recent announcement by Google that support for third-party persistent cookies will come to an end in two years will increase privacy on the web even further.

It will be interesting to see how the industry reacts to this change. Competitive browsers such as Mozilla’s Firefox and Apple’s Safari have already implemented radical changes that limit the tracking ability of third-party cookies. With Google coming on board, it exponentially increases the impact on the online tracking industry due to their lion’s share of the browser market. With their financial interests heavily invested in online advertising, it will be interesting to see how they balance the demand for privacy on the web with the need to keep the advertising ecosystem healthy.