Why Google plans to cut off support for third-party cookies in Chrome
Cookies are one of those aspects of the Web that can be both helpful and harmful. Using a first-party cookie directly on a website can save you time and effort by remembering your login information, preferences, and other details.
But third-party cookies are typically employed by websites and advertisers to track your activities as you hop from one site to another. As such, third-party cookies have raised privacy concerns among people who don't want to be followed online for the purpose of receiving targeted ads. That's why Google now wants to completely close the door on such cookies, according to a blog post published on Tuesday.
SEE: How to protect against 10 common browser threats (free PDF) (TechRepublic)
In its post, the search giant said it plans to phase out support for third-party cookies in Chrome within the next two years. But therein lies a challenge.
Chrome already offers users a way to block third-party cookies as do Firefox, Safari, and other browsers. But as Chrome itself warns if you try to block such cookies: "Some sites may not work properly." That's because some websites legitimately use third-party cookies for specific features and functionality. To get past this problem, users who want to block third-party cookies are forced to selectively whitelist legitimate sites, a time-consuming process.
To resolve this Catch-22, Google said that blocking third-party cookies will be part of its ongoing Privacy Sandbox initiative, which was announced last August as a way to create open standards to enhance privacy on the web. The trick here is to try to satisify the needs of all parties. Users are demanding greater privacy, but websites and advertisers rely on cookies and targeted ads to generate revenue. How do you make everyone happy?
"We are confident that with continued iteration and feedback, privacy-preserving and open-standard mechanisms like the Privacy Sandbox can sustain a healthy, ad-supported web in a way that will render third-party cookies obsolete," Google said in the blog post. "Once these approaches have addressed the needs of users, publishers, and advertisers, and we have developed the tools to mitigate workarounds, we plan to phase out support for third-party cookies in Chrome."
To work toward its goal of preserving privacy on an ad-supported Internet, Google said it will start to limit insecure cross-site tracking (aka third-party cookies) in February. The company will treat cookies that don't include a SameSite label as first-party only and require cookies labeled for third-party use to be accessed over HTTPS. The idea is to make third-party cookies more secure and give users more precise control over them.
To further the cause of privacy and security, Google said it is developing ways to detect and mitigate covert tracking by launching new anti-fingerprinting measures, which it hopes to launch later this year.
"We are working actively across the ecosystem so that browsers, publishers, developers, and advertisers have the opportunity to experiment with these new mechanisms, test whether they work well in various situations, and develop supporting implementations, including ad selection and measurement, denial of service (DoS) prevention, anti-spam/fraud, and federated authentication," Google added.
Finally, Google is encouraging all interested parties to submit their feedback on its developing web standards community proposals. You can also file issues through GitHub or via a message to the W3C group.