Great internet cookie crumble will leave risky morsels

By Dave Lee

Thanks to the humble cookie, our favorite websites can remember us, greeting our return visits like a conscientious barista. But it’s through these small files that some egregious privacy abuses have occurred. Cookies will disappear this year, though a problem solved may be a problem caused.

The cookie, invented by a 23-year-old Netscape engineer 30 years ago, was initially intended to act as an identifier so users didn’t have to keep logging in. It has long been co-opted, however, by the advertising industry as a way to snoop on what users are up to. Loading even the most basic web page these days means that dozens of tracking cookies are quietly placed on your computer. Suddenly, what had been a quick search for a one-off purchase ignites a frenzy, with every website coordinated in its determination to service what it thinks is your new passion for collecting mattresses or whatever.

Efforts to curb this tracking — most notably Europe’s General Data Protection Regulation — have only worsened the browsing experience. I could be knocked unconscious and still instinctively manage to click “accept all.”

The good news is that cookies are going away. But privacy isn’t returning, parts of the web could become even less user friendly, and Google seems poised to gain even more control.

Last month, Google siphoned off 1 per cent of Chrome users and disabled third-party cookies as a test ahead of plans to do the same for all users by the third quarter of this year, pending approval from regulators. Third-party cookies are those placed on your computer by companies not related to the website you’re visiting — often (though not exclusively) for the process of tracking your browsing to serve more relevant ads. That’s a win-win, advertisers say, but privacy advocates contend this is a gross intrusion that can be used to gather intimate details — such as visits to medical websites — and sell them to the highest bidder. (First-party cookies, like the ones used to remember that users have logged in, are not affected by Google’s changes.)

Apple and Mozilla have already taken this step, with the Safari and Firefox browsers respectively, but because of Chrome’s market share of browser use — 64 per cent worldwide — the panic for marketers has only now started to set in. It’s safe to say the ad industry isn’t handling it all that well. The “Great Cookie Crumble,” I’ve seen it called, as well as “Cookie Apocalypse” and “Cookiegeddon.”

From an advertiser’s perspective, or for companies whose business models rely on ad revenue, the panic may be understandable. It’s going to become much harder to track people around the internet, turning upside down the way many free sites and services sustain themselves. But the industry will adapt, causing several negative knock-on effects.

The end of cookies doesn’t mean advertisers and data brokers are going to give up harvesting data. A hint at a post-cookie future can be found with Amazon’s deal, reported Monday, with UK-based publisher Reach, owner of many titles, most famously the tabloid Daily Mirror and OK! magazine. Amazon, whose ad business is projected to bring in more than $55 billion in revenue this year, will pay Reach an undisclosed sum to gain access to data about what articles a person reads, using these insights to target ads.

That deal can be expected to be the first of many now that advertising companies and publishers know Google, after some dithering, is serious about its cookie depreciation plan. What users can expect is a degraded browsing experience as more sites force people to sign up just to read free articles so they can be identified and packaged for ad targeting. It risks turning publication websites, already some of the most clogged sites on the web, into an even deeper usability quagmire. Loading some of these sites already makes devices run hot enough to fry an egg — I dread to think what kind of pop-up-ridden mess readers will need to wade through soon.

Google, for its part, is offering other ways to fill in the gaps. Its Privacy Sandbox is a suite of tools website builders can use to make up for the lost functionality. For example, Google has been busy classifying 50,000 of the most popular websites (and will use machine learning to classify the rest) to infer what broad topics a person is interested in, such as “football” or “gardening.” This data — stored locally on the person’s device — can be used by website owners to run targeted ads.

Privacy rights campaigners such as the Electronic Frontier Foundation have serious misgivings about Google’s efforts to “reinvent” the cookie by putting in place what it sees as equally dangerous workarounds. They warn that, when cross-referenced, the new tools could reveal more data on a user’s browsing habits than the cookie ever did. “Google, please don’t do this,” it concluded.

The concern is justified. While the demise of cookies may feel like a step forward for privacy, think again. This is Google we’re talking about. Or, more to the point, this is the internet. Ads and data are its lifeblood. You’re still for sale, and the Cookie Apocalypse won’t change that.