The death warrant of Third-Party Cookie: the beginning of cookieless tracking era

Yubraj Ghimire
Etribes Tech
Published in
5 min readDec 4, 2020
Photo by Vitaly Vlasov from Pexels

Have you ever thought of why internet cookies are called cookies? đŸ€” Actually, it was coined from the term ‘magic cookies’ that derived from a fortune cookie đŸȘ; a cookie with an embedded message, just like the real cookie with some embedded crumble on it. It’s interesting, isn’t it?

What is a Third-Party Cookie?

There are different kinds of cookies, third-party cookie is one of the kinds which is set by a domain that is not the one that you see in the address bar, mostly they collect information from users for analytic purposes. This has been essential to advertisers for online marketing and much more stuff. These small pieces of data stored on the user’s browser are only temporary storage, they get instantly transformed into a cross-site tracking tool that became the spine of most online advertising models. And now they are dying. đŸ˜±

Photo by Arminas Raudys from Pexels

How browsers are phasing out Third-party cookies?

Firefox already has a built-in solution, by default, it blocks the cookies that track browsing activity across multiple websites. It includes cross-site tracking cookies set by an ad, social media, and analytics companies.

Apple releases major updates to its Safari Intelligent Tracking Prevention (ITP), the privacy feature that allows the browser to block cookies and prevent advertisers from snooping on web habits.

Chrome’s team announced that they are going to drop support for third-party cookies before 2022. According to the “Browser market Share Worldwide (Nov 2019 — Nov 2020)”, Chrome has 66.12% of market coverage, now you can imagine how much impact it would bring on online marketing.

Photo by Valeriia Miller from Pexels

How advertisers benefited from Third-party cookies?

Let me make up something here, lets say you dream of going on vacation, maybe Vai Beach, Crete. So, you looked up some vacation rentals in Crete. You browsed a couple of websites, checked out some lovely photos of the sunsets and beaches, and then you realized oh shit! I am on lockdown, can’t travel at the moment 🙈. So, regardless of your bizarre situation where you are currently in but still you would start seeing ads for Crete vacations on many websites, you would visit. And that’s hell no coincidence, it’s called targeted advertisements. And this has been all possible via a third-party cookie which has been used to track all user’s behavior. It’s creepy but it is what it is.

Photo by Erik Mclean from Pexels

Now what? Am I not going to be tracked by online marketers?

Hell no! One thing ends which led to the beginning of something else. There are already quite some alternatives to third-party cookies. Methods such as Device fingerprint tracking, ID graph, ETags can be also used to track users but they require the active consent of the website users.

Photo by Andrea Piacquadio from Pexels

Device fingerprint tracking

It is a way to combine certain attributes of a device such as what operating system it is on, the type and version of web browser being used, the browser’s language setting, and the device’s IP address, which helps to identify it as a unique device. This style of tracking even works on a private surfing mode, and even deletion of the data by the user doesn’t have any influence on the tracking.

ID graph

It is a tool that is used to get a single customer view, which connects all data on individual users across channels and devices. The data includes all the data transmitted by the user as well as IP addresses, browser, cookie information, browsing history, past transactions and with all this information gathered, it helped to create a customer profile which is ultimately a standpoint to better understand and target customers.

ETags

It is a web cache validation technique for identifying resources visiting a website. It is an identifier for a specific version of a resource. This mechanism enables websites to track users across sessions by sending the ETag data in the HTTP-header. It let caches be more efficient and save bandwidth, as a web server does not need to resend a full response if the content has not been changed. Changing IP address, disabling JS, altering cookies / local storage doesn’t have any impact on the functioning of the ETags since it’s entirely based on the ETag data in the HTTP-header.

Besides all these alternatives, google has also initiated the Privacy Sandbox project with a mission to “Create a thriving web ecosystem that is respectful of users and private by default.” It introduces a set of privacy-preserving APIs to support business models that fund the open web in the absence of tracking mechanisms like third-party cookies. It will be really interesting to witness how this will be evolved.

Photo by Caio from Pexels

Ultimately the choice of an alternative to the third-party cookies entirely depends on one’s use cases, but cookieless tracking is definitely the way to go.

Some interesting references:

Interesting article by cookiebot on “Google ending third-party cookies in Chrome”

Digging into the Privacy Sandbox

--

--