Google delays Chrome third party cookie sunsetting...again

Google delays Chrome third party cookie sunsetting…again

We’ve seen many examples of third-party cookies being tackled by browsers recently. It’s not so long ago that Firefox effectively locked down third-party tracking by isolating cookies into so-called jars. By doing so, their “Total Cookie Protection” seeks to prevent all those cookies on your PC communicating with one another. This means advertisers can’t fully build up shadowy profiles following you around the net.

Increasingly, more browsers are going down this same route. Google has a huge hand in online advertising. This role often sits uneasily alongside issues of privacy and security, for example rogue ad campaigns misusing Google’s own ads.

Despite this, Google has also talked about killing off tracking cookies for some time now (including a pilot effort to introduce a type of tracking technology called “FLoC” which would allegedly preserve privacy by categorizing users into “groups” of behavior sets). The hammer was supposedly falling sometime this year, with the basic idea being that traditional third-party tracking cookies would no longer be functional in Chrome. That slice of potentially invasive advertiser pie would shrink down just a little bit further.

However, we’re now faced with the second pushback of cookie tracking lockdown where Chrome is concerned. Did Google jump the gun on this allegedly privacy-enhancing announcement?

Delaying an inevitable sunset

You probably won’t see any sunsetting of third party tracking cookies until the second half of 2024. The reason is detailed in a recent Google Blog posted by Anthony Chavez, the VP of Privacy Sandbox.

The Privacy Sandbox Initiative aims to replace tracking across sites and apps. It also wants to limit how far your data can be shared. According to the company initiative, advertising IDs and third party cookies are out; more sophisticated technologies which block invasive tracking are in.

At least, they would be but for the constant delays and pushbacks. As the Privacy Sandbox site puts it:

Billions of people around the world rely on access to information on sites and apps. To provide this free resource without relying on intrusive tracking, publishers and developers need privacy-preserving alternatives for their key business needs, including serving relevant content and ads.

In other words: organisations still need to make money from adverts, so here’s a very wobbly tightrope which we’ll all be inching down. It seems this potentially contradictory aim is causing inevitable delays.

More time for advertisers means more time for advertising

The specifics boil down to advertisers needing more time to figure out the new technologies replacing third party tracking. From the blog:

Improving people’s privacy, while giving businesses the tools they need to succeed online, is vital to the future of the open web. That’s why we started the Privacy Sandbox initiative to collaborate with the ecosystem on developing privacy-preserving alternatives to third-party cookies and other forms of cross-site tracking.

He goes on to say:

The most consistent feedback we’ve received is the need for more time to evaluate and test the new Privacy Sandbox technologies before deprecating third-party cookies in Chrome. This feedback aligns with our commitment to the CMA to ensure that the Privacy Sandbox provides effective, privacy-preserving technologies and the industry has sufficient time to adopt these new solutions. This deliberate approach to transitioning from third-party cookies ensures that the web can continue to thrive, without relying on cross-site tracking identifiers or covert techniques like fingerprinting.

You can view a timeline of the Privacy Sandbox work, which details at length what is happening and when. Third party cookie phaseout currently says support will be phased out “over a two month period”. There is no further information available on this at time of writing. Of course, potentially invasive tracking and advertising techniques will still be in use until sunsets finally come into play.

Major platforms are trying whatever they can to make it harder for people to extricate themselves from tracking. Most recently, Facebook was seen to be altering links designed to track clicks. By the time Google finally sunsets tracking cookies and other potentially invasive technologies, we may find that the new normal is another entirely set of invasive technologies to contend with.


Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.