Making Sense of Security

Securing your Digital World.

Making Sense of Security

Why Google plans to cut off support for third-party cookies in Chrome

Google is aiming to phase out third-party cookies in Chrome in two years, but that will have to prove palatable to users, publishers, and advertisers.

Cookies are one of those aspects of the Web that can be both helpful and harmful. Using a first-party cookie directly on a website can save you time and effort by remembering your login information, preferences, and other details.

But third-party cookies are typically employed by websites and advertisers to track your activities as you hop from one site to another. As such, third-party cookies have raised privacy concerns among people who don’t want to be followed online for the purpose of receiving targeted ads. That’s why Google now wants to completely close the door on such cookies, according to a blog post published on Tuesday.

SEE: How to protect against 10 common browser threats (free PDF) (TechRepublic) 

In its post, the search giant said it plans to phase out support for third-party cookies in Chrome within the next two years. But therein lies a challenge.

Chrome already offers users a way to block third-party cookies as do Firefox, Safari, and other browsers. But as Chrome itself warns if you try to block such cookies: “Some sites may not work properly.” That’s because some websites legitimately use third-party cookies for specific features and functionality. To get past this problem, users who want to block third-party cookies are forced to selectively whitelist legitimate sites, a time-consuming process.

block-cookies-chrome.jpg

To resolve this Catch-22, Google said that blocking third-party cookies will be part of its ongoing Privacy Sandbox initiative, which was announced last August as a way to create open standards to enhance privacy on the web. The trick here is to try to satisify the needs of all parties. Users are demanding greater privacy, but websites and advertisers rely on cookies and targeted ads to generate revenue. How do you make everyone happy?

“We are confident that with continued iteration and feedback, privacy-preserving and open-standard mechanisms like the Privacy Sandbox can sustain a healthy, ad-supported web in a way that will render third-party cookies obsolete,” Google said in the blog post. “Once these approaches have addressed the needs of users, publishers, and advertisers, and we have developed the tools to mitigate workarounds, we plan to phase out support for third-party cookies in Chrome.”

More about cybersecurity

To work toward its goal of preserving privacy on an ad-supported Internet, Google said it will start to limit insecure cross-site tracking (aka third-party cookies) in February. The company will treat cookies that don’t include a SameSite label as first-party only and require cookies labeled for third-party use to be accessed over HTTPS. The idea is to make third-party cookies more secure and give users more precise control over them.

To further the cause of privacy and security, Google said it is developing ways to detect and mitigate covert tracking by launching new anti-fingerprinting measures, which it hopes to launch later this year.

“We are working actively across the ecosystem so that browsers, publishers, developers, and advertisers have the opportunity to experiment with these new mechanisms, test whether they work well in various situations, and develop supporting implementations, including ad selection and measurement, denial of service (DoS) prevention, anti-spam/fraud, and federated authentication,” Google added.

However, certain affected parties are already chiming in with concerns and complaints about Google’s intention to cut off third-party cookies. The Association of National Advertisers and 4A’s (American Association of Advertising Agencies) have collectively issued the following statement in response to Google’s plan:

“Google’s decision to block third-party cookies in Chrome could have major competitive impacts for digital businesses, consumer services, and technological innovation. It would threaten to substantially disrupt much of the infrastructure of today’s Internet without providing any viable alternative, and it may choke off the economic oxygen from advertising that startups and emerging companies need to survive. 

“We are deeply disappointed that Google would unilaterally declare such a major change without prior careful consultation across the digital and advertising industries. We intend to work with stakeholders and policymakers to ensure that there are effective and competitive alternatives available prior to Google’s planned change fully taking effect. We will also collaborate with Google in this effort, so we can all ensure the digital advertising marketplace continues to be competitive and efficient.

“In the interim, we strongly urge Google to publicly and quickly commit to not imposing this moratorium on third party cookies until effective and meaningful alternatives are available.” 

Finally, Google is encouraging all interested parties to submit their feedback on its developing web standards community proposals. You can also file issues through GitHub or via a message to the W3C group.

This article was updated on January 16, 2020.

View Original Source Article HERE