Starting next month, Google will tighten the controls on its Chrome browser
by limiting cross-site tracking, and within the next two years, it plans on eliminating third-party cookies from the equation. These and other steps are part of a larger initiative Google is calling "Privacy Sandbox," which entails open standards to enhance user privacy
when surfing the web.
"Our goal for this open source initiative is to make the web more private and secure for users, while also supporting publishers," Google said.
On the surface, getting rid of third-party cookies may seem to go against the latter part of that statement, but Google
believes there is a better way of satisfying both users and publishers. It also sees its approach as a better alternative than blocking third-party cookies outright and calling it a day (as FireFox does), because if going that route, it can have "unintended consequences," such as encouraging the use of browser fingerprinting
and other unsavory workarounds.
Starting next month, Google will treat cookies that do not include a SameSite label as first-party only, and require cookies labeled for third-party use to be accessed over HTTPS. This is something Google has been testing with some Chrome users over the past several months.
"This will make third-party cookies more secure and give users more precise browser cookie controls. At the same time, we’re developing techniques to detect and mitigate covert tracking and workarounds by launching new anti-fingerprinting measures to discourage these kinds of deceptive and intrusive techniques, and we hope to launch these measures later this year," Google explains.
Looking a bit further down the line, Google will stop supporting third-party cookies altogether in Chrome. This is where the Privacy Sandbox initiative
comes into play. It represents a fundamental shift in web advertising, and some of the details are still be hammered out. However, the idea is to enable advertisers to still show relevant ads to users, but without the level of tracking that takes place currently.
What this basically entails is getting rid of third-party cookies and replacing user agent (UA) strings—somewhat detailed information browsers send to websites—with something called Client Hints
, which enables a website to request information about a user "while avoiding the historical baggage and passive fingerprinting."
This will inevitably be met with some resistance by advertisers who want to keep things the way they are. At the same time, Google says it has received positive feedback in forums like the W3C.
"We are working actively across the ecosystem so that browsers, publishers, developers, and advertisers have the opportunity to experiment with these new mechanisms, test whether they work well in various situations, and develop supporting implementations, including ad selection and measurement, denial of service (DoS) prevention, anti-spam/fraud, and federated authentication," Google says.
Google also hopes this will turn into an industry-wide thing, and not just applicable to Chrome. Time will tell.