So what are Cookies?
Cookies are small pieces of code that are sent by the server to your browser when you visit a website. Any browsing activity you do generates a request to the server which will give you [a response + the cookie.]
Basic information contained in a cookie is a name-value pair, specifying what is being measured, and the value for what is being measured.
It can be as simple as this:
But there are more parameters that can be specified in a cookie like
setcookie(name, value, expire, path, domain, secure, httponly);
Expire - Specifies when the cookie will expire. Default value is 0 which means that the cookie will expire when the session ends.
Path – This denotes the path the cookie will be available. If it’s set to “/”, the cookie will be available throughout the domain. Default is set to the directory that the user is in, when the cookie is set.
Domain – Specifies the domain or sub-domain of the website that owns the cookie.
Secure – If this parameter is set to TRUE, the cookie will be transmitted over a secure HTTPS connection only. Default value is FALSE, which means that it can be transmitted over HTTP or HTTPS connections.
Httponly – Specifies that the cookie will be transmitted only over HTTP protocol and not any other scripting languages.
First and Third-party cookies
It is essential to understand the differentiation here, since Google Chrome is talking about blocking third-party cookies, and not first-party cookies.
So what are these:
These are owned, managed and placed on your browser by a website when you browse THAT SPECIFIC website.
For example, when you browse Amazon, they can place a cookie on your browser that helps Amazon identify your preferences, and browsing behavior. This will make your shopping experience on Amazon better, when you visit them again.
These cookies can only be read when you are on Amazon, and not when you are browsing other websites.
This code is inserted into your browser by some website, other than the one you are browsing, or by third parties that you have no connection with. It is usually used for advertising, retargeting, tracking, and analytics.
Third-party cookies follow your browsing pattern across multiple websites and relay that information back to the owner of the cookie, giving the owner a fairly good idea of who you are, what you do, what your preferences are, and your innermost secrets.
You know that feeling when Amazon follows you when you visit other websites, to show you ads for products you searched for.
Sometimes, you are thrilled that Amazon remembers what you want. And sometimes you are spooked that Amazon remembers what you want.
Privacy Concerns across the globe
The more people were retargeted and spied upon, the more concerned they grew about privacy.
GDPR (General Data Protection Regulation) was implemented in 2018 for the European Union and European Economic Area.
- Companies need to have strict guidelines on what would be done with the data collected from customers.
- No data can be collected without express consent from the customers. And that’s the reason why most websites ask you to accept cookies when you enter their website.
Who has blocked third-party cookies already?
- In 2019, Mozilla Firefox implemented Enhanced Tracking Protection blocking third-party cookies.
- On Feb 23 2021, Firefox 86 introduced Total Cookie Protection which allows cookies only on the sites that they were created, and cannot follow the visitor to any other site.
- Safari introduced Intelligent Tracking Prevention, ITP in 2017 that blocked cookies for cross-site resources.
- Safari 13.1 started blocking all third-party cookies by default.
- Google had announced in Jan 2020 that it would block all third-party cookies on Chrome from 2022.
- But in June 2021, Google announced that it would delay the plan to block third-party cookies till 2023.
This is significant because Chrome has over 65% of the global browser market share.
Advertising companies and associations have been accusing Google of trying to choke their competition, thus strengthening its already huge dominion in the world of online advertising.
What happens in a world without Cookies?
This is the most pressing question. As advertisers and analysts knew that this was coming, there have been many alternative suggestions, some better and some worse than cookies.
First-party cookies will continue to be relevant
As mentioned earlier, first-party cookies are the ones owned and generated by the website you are browsing. These will continue to make your browsing experience more customized. They will be refined and improved over time to better tailor the website for your requirements.
These will NOT BE BLOCKED or affected in any way.
This is interesting, but a more dangerous method to identify users on the web. Websites use small scripts that collect a lot of small but distinct information about you, like your screen resolution, fonts used, graphics card, browser, time zone, language, etc.
This information, when stitched together can give you a unique identity, that can be used to identify you among a sea of internet visitors.
Fingerprinting is more dangerous than cookies, since cookies are regulated, and fingerprinting is not. Users can disable cookies, but they cannot disable fingerprinting.
In August of 2019, Google launched the Privacy sandbox, a new set of standards for advanced privacy. Google is working with developers and web communities to refine these standards to improve user experience without infringing on privacy.
FLoC – Federated Learning of Cohorts
The meaning is not as complicated as the name – Google here plans to classify individuals into cohorts or groups based on their shared interests, previous actions, and browsing history.
Advertisers can then target these cohorts to reach their target audience. But they will have no personally identifiable information (PII) about their target audience.
FLoC is still in its initial stages with many experiments going on, to ensure that this classification is standardized and useful.
More innovative solutions
The market is still open, and the jury is still out on what would be the best solution to replace third-party cookies when they will be made obsolete sometime during the next couple of years.
Advertisers, analysts, and data engineers are burning the midnight oil to arrive at the best possible answer that balances privacy and customization for internet users.
What does this mean for a regular netizen?
Cookies, though they sound nasty and invasive are not all that bad. It’s what helps websites remember your login, preferences, and history when you visit them again.
And advertisements though they disturb you by popping up everywhere, actually keeps the web free and accessible.
So if somebody figures out a way to offer us the best of customization, without actually following our every move, isn’t that an advancement in the right direction?
So we, as netizens, stand up and say….Away with third-party cookies, and in with the newer, the more efficient, the less snoopy.