Google today announced its plans to phase out support for third-party cookies in Chrome within the next two years. The fact that Google will drop support for these cookies, which are typically used to track users across the web, doesn’t necessarily come as a surprise, given Google’s announcements around privacy in Chrome, including its proposed “privacy sandbox.” But this aggressive timeline is new and puts the company on a track that will have repercussions for a lot of other industries, as well.
“This is our strategy to re-architect the standards of the web, to make it privacy-preserving by default,” Justin Schuh, Google’s director for Chrome engineering, told me. “There’s been a lot of focus around third-party cookies, and that certainly is one of the tracking mechanisms, but that’s just a tracking mechanism and we’re calling it out because it’s the one that people are paying attention to.” Preventing fingerprinting, among other things, is also something Google’s team is working on.
Starting this February, Google will also implement some techniques for limiting cross-site tracking by enforcing its new SameSite rules and by requiring that cookies that are labeled for third-party use can only be accessed over an HTTPS connection. The new SameSite rules, which Google has tested with a subset of users in Chrome over the last few months, are somewhat complex, but the overall idea here is that developers who want others to be able to use their cookies will have to explicitly label them as such.
Over the next two years, though, Google plans to go far beyond this and completely remove support for third-party cookies from Chrome. That, however, marks a massive change for the advertising industry and the publishers that often depend on marketers’ ability to (for better or worse) track users across the web. Google’s solution to this is the “privacy sandbox,” which would ideally still allow advertisers to show you relevant ads while also allowing you to share as little about you and your browsing history as possible.
What exactly this will look like still remains to be seen, though, as a lot of the ideas are still in flux. Schuh, however, noted that Google doesn’t want to go this alone, and that it plans to go through the web standards process for this. He noted that Google plans to start some trials over the next year or so and start migrating advertisers and publishers to some of the new systems it is working on.
This is a massive change, though, and Google will surely face some pushback. “I’m not going to say that everyone has been on board for all of our proposals,” Schuh admitted. “But in all corners, some of the proposals have been received very well. For the ones that haven’t, we’re open to alternative solutions as long as they have the kind of privacy and security properties — as long as they have the same kind of predictability that we expect — because we don’t want to put Band-Aid solutions on top of the web, we would rather fix the architecture of the web, […] we just don’t see any alternative but to fix the architecture of the web.”
Others, however, will have to get on board — including other browser vendors. Schuh seems optimistic that this will happen, in part because it is also in the best interest of the users. “We don’t want the web to be fragmented,” he said. “We don’t want people to have to figure out every different thing they have to do on every different browser. We want a level of consistency here, even if there are details that browsers choose to be different.”
Right now, a lot of Chrome’s competitors, like Mozilla’s Firefox, have taken pretty radical approaches to simply blocking many third-party cookies. Google argues that this will be to the detriment of the web and only drive the industry to find workarounds.
As with all of Google’s recent privacy proposals, it’ll be interesting to watch how the industry will react to this one. Given Google’s own role in the advertising ecosystem, Google has some clear financial interests in getting this right — and to keep the advertising ecosystem on the web healthy.