Google Will Disable Third-Party Cookies For 1% of Chrome Users in Q1 2024

Catch up on stories from the past week (and beyond) at the Slashdot story archive

binspam dupe notthebest offtopic slownewsday stale stupid fresh funny insightful interesting maybe offtopic flamebait troll redundant overrated insightful interesting informative funny underrated descriptive typo dupe error

Do you develop on GitHub? You can keep using GitHub but automatically sync your GitHub releases to SourceForge quickly and easily with this tool so your projects have a backup location, and get your project in front of SourceForge's nearly 30 million monthly users. It takes less than a minute. Get new users downloading your project releases today!

Sign up for the Slashdot newsletter! or check out the new Slashdot job board to browse remote jobs or jobs in your area

An anonymous reader shares a report: Google's Privacy Sandbox aims to replace third-party cookies with a more privacy-conscious approach, allowing users to manage their interests and grouping them into cohorts based on similar browsing patterns. That's a major change for the online advertising industry, and after years of talking about it and releasing various experiments, it's about to get real for the online advertising industry. Starting in early 2024, Google plans to migrate 1% of Chrome users to Privacy Sandbox and disable third-party cookies for them, the company announced today. Google's plan to completely deprecate third-party cookies in the second half of 2024 remains on track.

In addition, with the launch of the Chrome 115 release in July, Google is making Privacy Sandbox's relevance and measurement APIs generally available to all Chrome users, making it easy for developers to test these APIs with live traffic. Google doesn't plan to make any significant changes to the API after this release. Deprecating third-party cookies for 1% of Chrome users doesn't sound like it would have a major impact, but as Google's Victor Wong, who leads product for Private Advertising Technology within Privacy Sandbox, told me, it will help developers assess their real-world readiness for the larger changes coming in late 2024. To get ready for this, developers will also be able to simulate their third-party cookie deprecation readiness starting in Q4 2023, when they'll be able to test their solutions by moving a configurable percentage of their users to Privacy Sandbox.

Do you have a GitHub project? Now you can sync your releases automatically with SourceForge and take advantage of both platforms.
Do you have a GitHub project? Now you can automatically sync your releases to SourceForge & take advantage of both platforms. The GitHub Import Tool allows you to quickly & easily import your GitHub project repos, releases, issues, & wiki to SourceForge with a few clicks. Then your future releases will be synced to SourceForge automatically. Your project will reach over 35 million more people per month and you’ll get detailed download statistics.
Sync Now

›

Does google simply not care about 3rd party cookies because they can track on the server side with their search monopoly, or do they put tracking in the query parameters for the ads or what?
- Re:
  
  I this is clearly an experiment for them to find out how well their systems work without their 3rd party cookies. I've not enabled 3rd party cookies in Firefox for well over a decade and the web works just fine.
  - More like an experiment to see what happens LEGALLY when they essentially disable 3rd party tracking and become the monopoly tracker on Chromium based browsers....
  - Re:
    
    I'm sure they can easily test their own applications with 3rd party cookies disabled. In fact I'm sure they have it as a part of their automated testing suite, since it's been a supported option in Chrome for as long as I can remember.
    To see why they are doing this look at how they did the same thing with non-HTTPS websites. The idea is that websites broken by this will notice and fix themselves before it rolls out to everyone. Or not; there are still lots of HTTP websites that now show warnings in Chrome.
    - Re:
      
      I mean... how does their ad business work around not being able to track people.. or is this just performative and there are still ways to track everyone.
      - Re:
        
        IIRC, the change is built around buckets of interests instead of outright per-user/per-site tracking.
      - Re:
        
        Tracking is just a means to an end, it's not the goal. If they can target ads some other way, they can head off a lot of regulatory and other hassles, as well as giving customers what they want.
        
        Re:
        
        As well as widening their moat if the targeting is technically challenging enough to implement;)
      - Re:
        
        If I understand correctly, Google Analytics adds a first party cookie.
  - I've not enabled 3rd party cookies in Firefox for well over a decade and the web works just fine.
    The web works fine with Firefox because they did implement it right. Third party cookies are segregated by top level domain, so an iframe on site A can drop a cookie with no problem. The same iframe will not find its cookie when invoked from side B, but can drop a new one. That addresses the privacy issue and still allow an iframe to drop a session cookie.
    Chrome (and Safari) just disallow cookies in iframe entirely now (and other http requests for that matter), effectively breaking the web.
    - Re:
      
      I browse without Thirdparty-Cookies for longer than this feature exists. If you don't need like buttons you won't notice many problems. There are very little legitimate use-cases.
  - Re:
    
    Safari has also blocked them by default for quite a few years. Firefox has *always* provide excellent cookie handling (not just blocking third party cookies... you can tell it to not allow persistent cookies at all for example, and then whitelist individual sites that can).
    Google and Microsoft are strange bedfellows, but both would really like everyone to be on a Chrome-based browser so they can slurp up that sweet, sweet tracking data. So I think you're exactly right, but I suspect this is only stage one.
    - 1 hidden comment
- Re:
  
  They are moving their ad logic into the browser [9to5google.com]. Basically, the browser tells the website what "topics" you are interested in, and serves you ads based on that.
- Re:
  
  The first one. They are tracking you through Chrome, so they will use their monopoly cut off any other ad tracking networks ability to track. This makes their tracking product relatively more unique in the market.
  - The first one. They are tracking you through Chrome, so they will use their monopoly cut off any other ad tracking networks ability to track. This makes their tracking product relatively more unique in the market.
    Incorrect.
    
    Google is trying to move to a world in which they don't track users at all. Google doesn't actually want to know about you. It's bad for PR, creates legal liability and causes them to have to deal with an endless stream of subpoenas and warrants for user data (which governments do not compensate Google for). It also enables targeted advertising, which is what Google does want to do, but they believe they have a scheme where the browser can do all of the tracking and analysis itself and then it will tell the ad networks (all of them, not just Google's) what sorts of ads to show, but without given them any user identity information.
    
    In other words, rather than the servers figuring out that user 3824337234 is interested in monster trucks and pink tutus (oh, and incidentally that his name is John Smith, he lives at 125 Elm Street in Springville, Indiana, is an assistant manager at Wal-mart, occasionally buys weed on the dark web and is cheating on his wife and contemplating arranging a deadly accident for her), the user's browser will carefully de-anonymize all web requests, making it impossible to track the user across sites... and will tell the ad servers that he's interested in monster trucks and pink tutus, and nothing else.
    
    This gives Google what they want, the ability to target ads, but without all of the negatives associated with tracking people online.
    - 2 hidden comments
    - It also gives people a single opt-out
      
      Google also clearly knows targeted surveillance advertising is bunk but does not want to upset stupid, short-sighted shareholders. I am all in favour of their new system, since itâ(TM)s pretty much an open secret that this, combined with their other anti-tracking plans, will effectively centralise our ability to opt-out of targeted advertising altogether. A similar feature is available on Safari, known as privacy-preserving ad measurement and it is only a single toggle to disable it. The same should be
Chrome attempts to present the cohorts tool as a feature to users. It's disgusting. It monitors user browsing behavior, plain and simple. Find me somebody who actually wants this (and understands that they don't have "nothing to hide").
- I was one of the people involved in getting the previous iteration, FLoC, shit-canned. To be fair, the current implementation does resolve the worst of the issues.
  It's far from perfect, but it's also better than the current situation with third party cookies and extensive tracking. Very easy to disable or block too. The main two problems are:
  1. It's opt out for websites. Every site needs to add code to opt out of its content being used to determine topics of interest.
  2. Some of the topics are potentially dangerous for some people, e.g. LGBT people in places where that is illegal, or pregnant women who need to keep their pregnancy a secret.
  Topics isn't the only thing they are working on. Both Google and Apple are proposing to change the way pingbacks work. Pingbacks let an advertiser know when an ad was clicked on, so they can pay the website displaying it. Basically the plan is to store the pingbacks for a random amount of time between a day and a couple of weeks, before sending it. That makes it much harder to link the site the user was on with their identity, but neither proposal is perfect.
  The real issue is that the web is largely ad funded. I know, lots of people here would be happy if ads went away, but realistically that a) won't happen and b) would be bad for many users who would have to pay for services they currently get for free. So it's worth trying to make ads pay while also preserving as much privacy as possible.
  - Re:
    
    They have gone away.
  - Re:
    
    What current situation are you talking about? Sensible browsers have prevented this for years by default. There is no problem presently in need of solving other than Google catching a clue and getting with the program.
    The issue isn't ads its big data assholes like Google stalking everyone on an industrial scale.
    You don't need cross site tracking to serve ads and you sure as heck don't need to be inventing any schemes to help those same big data assholes to stalk everyone.
    - Re:
      
      The point of this is to allow advertising networks, including Google, to make money with targeted ads without stalking everyone on an industrial scale.
      - Re:
        
        I know this may seem like a crazy idea - you could simply ASK users what sort of ads they want to see.
        If they don't want to say do what advertising industry has always done target content. This is all advertisers are entitled.
        I think there should be anti-trust laws preventing just this sort of vertical integration. Advertising companies especially ones with such a dominant market position should not be allowed to also produce browsers with a dominant market position containing features designed explic
        
        Re:
        
        You could ask, but they mostly wouldn't bother to answer.
    - Re:
      
      Very few browsers defend against tracking well out of the box. Mullvad Browser is the only one I'd recommend.
      So by the "currently situation", I mean how most people are tracked. Even the ones canny enough to install uBlock.
      The whole point of Topics is that it's not stalking. It moves everything to the local browser. Ad servers can only request general topics of interest, and you can send them an empty list if you like. That's why the rest of the ad industry is so upset about it. They like to laser focus ads
      - Re:
        
        Firefox's cookie protection is enabled by default. It silos all state to the top site.
        I don't agree. It's derived from recent browsing history which users may not wish even to indirectly share digests of.
        It's amazing ML classifiers and ad auctioning all running in the browser for the purpose of leaking information to sites while the user remains completely oblivious.
        The industry was never entitled to the deal it had before. It should have learned years ago to live with the fact easy cookie based global c
        
        Re:
        
        Oh, has Firefox made that default? That's good.
        Look, I'm not saying it's good that the internet is built in this stuff. I also don't want to see people who rely on free services get cut off. I think with some tweaks there might be a half decent solution here. As I said, the main issue is the list of topics has some sensitive ones.
        Google can't really go further though. Regulators won't let them. Even Topics is controversial, with calls for an investigation from other companies. The EU already banned or made
  - Re:
    
    Do you have a link to this info? When the time comes, I want to be sure every site I'm involved with is opted out.
    - - Re:
        
        Thank you for the link!
        It's beyond annoying, though, that opting out requires we return an extra HTTP header with every damn webpage. I can do that with my sites, but not everyone is going to have that as an option.
        
        Re:
        
        Indeed. Not as bad at the WiFi opt out where you somehow need to have half a dozen different suffixes in your SSID.
  - Re:
    
    There was an advertisement industry before we had trackers, web bugs, ad networks and the whole lot. Yeah sure, it wasn't so "targeted". But that's a huge pile of bullshit anyways. It mostly benefits Google and Facebook, etc. and not the people buying ads.
    Throw it out. Buy ad space the old fashioned way. No tracking needed. Pay for impressions. Don't trust the website to honestly track impressions? Don't advertise with people you don't trust.
    Google became big by replacing obnoxious banners with non-obnoxiou
    - Re:
      
      That would make it very hard for smaller sites to get by.
I'm sorry but did you just say Google was doing "blah blah blah for privacy" ? Pardon me but they have ZERO credibility. They are censors and assholes. They have a terrible track record related to anything regarding privacy. They sell you out. They peddle tons of MSM lies via their "news" portal (read: propaganda redistribution). Their engine has built-in censorship algos I could clearly see in action during the pandemic. FUCK them. I don't care what they do with Chrome. I won't use it. I won't even instal
I read a few Google pages on it but it's all marketing spew.
Are the identifiers stored locally or on G's servers?
Even if stored locally it wouldn't be hard to also store those identifiers on G servers to bust through any privacy provided but -only- for G and those paying G for that "private" information and correlation to a real person.
- Re:
  
  So its just saying that Chrome tracks you 100% and now we are cutting off the ability of anyone ELSE to track you, so our tracking of you can be sold for a higher price.
  
  Any privacy discussion of this is just window dressing to sidestep the uneasiness you feel of Google knowing everything about you at all times.
  - Re:
    
    I assume that's the case but couldn't readily find anything technical on it. There was junk about various working groups and other bullshit and a 4 page list of company logos but no hint as how it actually works.
So are they going to then fix google drive not being able to download files without 3rd party cookies enabled?
Cookies are so yesterday. What they need to block now are third party everything. Or at least third party url arguments or queries or whatever they are called, hell just block everything after the first slash /
If you are not using Firefox or Safari then you are just as bad as being an Internet Explorer user back in the 2000s.
- Re:
  
  A mix of one-person maintained and so insecure outdated shit, and stuff like crypto-scam browser Brave, any of which could disappear at a moment's notice and most of which are based on Google code anyhow.
  No thanks.
  I'll stick with the only *real* alternative to Chrom* outside of Apple's (pretty crappy) Safari.
  Firefox.
Foxes guarding hen-houses state better, more secure fences, will be erected by 2024. News at 11.
- Re:
  
  Foxes say, starting 2024 1% of the hens will each get a fox assigned as their personal safeguard, who will monitor their health by taking a little test bites now and then. All of course to protect them from the outside wolves.
Why are people keeping hold of their cookies? Get rid of them. When you start browsing in the morning, clear everything. Start fresh so everyone thinks you're someone new. At some point during the day delete a bunch of cookies from advertisers and whatnot.
This isn't difficult. Well, for Chrome users it probably is. For everyone else there's script blockers.
- Re:
  
  There is CookieAutoDelete plugin https://chrome.google.com/webs... [google.com]. Available in all browsers. Does all the things you mentioned and more. I have to use Chrome at work but the plugin works well in Chrome. It works well in Firefox on my home machine. You can also enable 3rd party cookies and they do not matter as they would be deleted as soon as you close the tab.
Fuck these advertisers and their categories. Fuck advertising. I want to pay for a browser that does not data rape me.
I had no idea cross site cookies were still even a thing. Assumed everyone went with cookie isolation by default years ago.
As for rolling out new privacy destroying malware with your browser unsurprising to see Google living up to its reputation for sleazy behavior.
If you are waiting for an opportune moment to ditch Chromium, this is it.
Look, I don't trust Google as far as I can throw them, but this change? It's a good one.
Setting aside cohorts and other Chrome-specific aspects to this that most of us find objectionable—which are entirely avoidable if you change browsers—realize what's happening here: the maker of the largest browser in the world is saying that they will drop support for the most widely-adopted, easiest to implement tracking method available to advertisers today.
That's a win.
And with Chrome paving the way, any
- Re:
  
  I don't trust Google at all, regardless of their claims of "improved privacy", because they've continually abused people's privacy in the past (almost as much as FuckedBook, which isn't exactly how anyone would want to be compared to) - in other words, "too little, too fucking late" for them in my book.

Recommend

About Joyk