Cookies: Half-baked tracking technology

RIP to the internet’s least useful spy The web is watching you. Almost everywhere you go online, advertisers follow, gathering data and using it to show you ads for products you might be persuaded to buy. Since the mid-1990s, that surveillance infrastructure has relied on tracking technology called third-party cookies. But soon, third-party cookies are going to die. Safari and Firefox, the world’s second and third most popular web browsers, already block third-party cookies by default as a privacy measure. Google Chrome—the most popular browser, which accounts for two-thirds of all internet traffic—has announced it will follow suit by 2022. When Chrome pulls the plug, the era of cookie-based tracking will be over. That doesn’t mean the web will take its eye off you. Advertisers, publishers, and Google are racing to develop new tracking methods. The alternatives they come up with will define the next era of data snooping. Clear your cache—it’s time to talk about cookies. 🐦 [Tweet this!]( 🌐 [View this email on the web]( Sponsored by [Quartz Weekly Obsession] Cookies June 02, 2021 RIP to the internet’s least useful spy --------------------------------------------------------------- The web is watching you. Almost everywhere you go online, advertisers follow, gathering data and using it to show you ads for products you might be persuaded to buy. Since the mid-1990s, that surveillance infrastructure has relied on tracking technology called third-party cookies. But soon, third-party cookies are going to die. Safari and Firefox, the world’s second and third most popular web browsers, already block third-party cookies by default as a privacy measure. Google Chrome—the most popular browser, which accounts for two-thirds of all internet traffic—has announced it will follow suit by 2022. When Chrome pulls the plug, the era of cookie-based tracking will be over. That doesn’t mean the web will take its eye off you. Advertisers, publishers, and Google are racing to develop new tracking methods. The alternatives they come up with will define the next era of data snooping. Clear your cache—it’s time to talk about cookies. 🐦 [Tweet this!]( 🌐 [View this email on the web]( Illustration by Charlie Le Maignan Membership Our field guide on [the end of third-party cookies]( will take you even deeper down this rabbit hole, and, just a heads up, we link to it a lot in this email. If you haven’t signed up yet, treat yourself to a week, free, by hitting the button below. [Never enough cookies!]( By the digits [$336 billion:]( Valuation of the digital advertising industry [72%:]( Americans who worry that what they do online is being tracked by companies [2.7%:]( Increased likelihood that a person will buy something from an ad that uses cookies compared to one that does not [40%:]( Decrease in third-party cookies since Apple and Firefox made changes to their browsers [769:]( Number of third-party cookies found on a single website (although this is an extreme example) [58:]( Different ways the digital ad industry uses cookies to track people Sponsored by Code42 Risks of the New Hybrid Workforce --------------------------------------------------------------- Collaborative, remote, and hybrid workforce culture creates Insider Risk. What should you do about it?[Learn how to stop data leaks, not collaboration.]( Giphy EXPLAIN IT LIKE I’M 5! What is a browser cookie? --------------------------------------------------------------- A cookie is a small text file that a website saves on your computer. It [helps the website remember information]( about you—often for benign reasons, like remembering your login credentials or making sure the items in your shopping cart will still be there even if you close the page and come back later. When cookies come directly from a website you chose to visit, they’re called first-party cookies. For example, if you go to a weather website and type in your zip code to get your local forecast, the site might save a cookie on your device. That way, it will remember your location—and offer the right forecast more quickly—the next time you visit. (First-party cookies aren’t used for ad tracking and they aren’t going away.) When cookies come from someplace other than the website you chose to visit, they’re called third-party cookies. For example, if you go to a website that displays an ad, that ad might save a cookie on your computer that reports back to the advertiser. The cookie then marks you as the person who saw this particular ad at this particular moment. If at some point later you visit the advertiser’s website and buy something, the company can infer that its marketing campaign influenced your decision and was effective. Advertisers use third-party cookies to measure how well their campaigns are performing, gather data on your interests, and target ads to specific audiences. There’s [no conclusive evidence]( that all this tracking actually gets consumers to spend more money on products—but it does get companies to spend more money on advertising. That extra spending has propped up a thriving industry dedicated to harvesting your data through third-party cookies. Quotable “I’m not particularly sad about the demise of third-party cookies because they were never really that accurate, never really that useful, and in fact I think this whole thing has helped us all to rethink what data matters.” —Stephan Pretorius, chief technology officer at UK-based WPP, the world’s biggest ad agency, [sums up the general consensus among advertisers]( who have turned against third-party cookie tracking. Brief history [1994:]( Lou Montulli, a 23-year-old engineer at the world’s then-leading web browser, Netscape, invents the cookie. [1995:]( DoubleClick is founded. Its engineers realize they can exploit cookies to track users across the web; the company [pioneers and comes to dominate]( the world of ad targeting. [1996:]( The press starts reporting on cookie tracking in advertising, prompting public backlash. [1998:]( The US Department of Energy Computer Incident Advisory Capability issues a bulletin assuring the public that “the vulnerability of systems to damage or snooping by using Web browser cookies is essentially nonexistent.” [2007:]( Google buys DoubleClick for $3.1 billion and expands its advertising business from search pages to programmatic ads on websites. [2016:]( The EU passes the General Data Protection Regulation (GDPR), which requires websites to get users’ consent before tracking them with cookies. [2017:]( Safari starts blocking some third-party cookies through the first iteration of its Intelligent Tracking Prevention (ITP) protocol. [2018:]( Firefox rolls out “Enhanced Tracking Protection” features that block third-party cookies. [Aug. 2019:]( Google Chrome announces its “Privacy Sandbox” initiative to develop and test new browser features that would boost user privacy. [Sept. 2019:]( Firefox blocks all third-party cookies by default. [Jan. 2020:]( Google announces it will block all third-party cookies by default, writing, “Our intention is to do this within two years.” [March 2020:]( Safari blocks all third-party cookies by default. Giphy QZ&A The father of the cookie has some regrets --------------------------------------------------------------- We talked to cookie inventor Lou Montulli ([read the full interview](). QZ: What was your goal when you were creating the cookie? We designed cookies to exchange information only between users and the website they visited. The founders of Netscape and many of the other denizens of the internet in that age were really privacy-focused. So we wanted to build a mechanism where you could be remembered by the websites that you wanted to remember you, and you could be anonymous when you wanted to be anonymous. How did you feel when you started seeing advertisers exploit cookies to track people? It was certainly very surprising and alarming to us. But we were simultaneously fighting a [knock-down, drag-out battle]( with Microsoft [[for dominance of the browser market](] and basically getting our clock cleaned. So there were a lot of other problems going on within Netscape besides just cookies. So it just fell to me to figure out what to do. People were like, “Well I don’t have time to deal with this. Can you deal with this?” And, you know, I’m just a lowly engineer. I don’t really have any experience dealing with policy. Why didn’t you kill third-party cookies then? Advertising at that time was really the sole revenue stream of websites. By turning off advertising cookies, it would severely diminish the ability for revenue to be made on the web. We as a company believed very strongly in the future of the open web. We felt like having a revenue model for the web was pretty important, and we wanted the web to be successful. So we made the choice to try to give cookie options to the user, but not disable them. Giphy Pop quiz What percentage of people decline cookies when they see a privacy pop-up on a website? 0-1%20-30%80-90%50-60% Correct. Most privacy pop-ups don’t include a button to decline cookies—visitors have to hunt that option down on a separate settings page. Almost no one bothers, according to privacy compliance firm CookieLaw. Incorrect. If your inbox doesn’t support this quiz, find the solution at bottom of email. MILLION-DOLLAR QUESTION What comes after cookies? --------------------------------------------------------------- There are [three major proposals]( for how the ad industry can continue to show consumers relevant ads and measure the effectiveness of marketing campaigns without relying on third-party cookies. These solutions aren’t mutually exclusive, and in the short term we’ll see the industry experiment with all three. 👯‍♀️ Google’s Federated Learning Cohorts (FLoC) model: The browser tracks users and groups them into cohorts alongside thousands of peers with similar online habits. Every time you visit a website, your browser tells the site which cohort you belong to, and advertisers show you ads tailored to people with similar interests. 🗞️ First-party data tracking: Publishers and advertisers each collect their own data about their audience and consumers respectively. If a brand and a publisher have the same piece of information about you, like your email address, they can team up to match your spending habits on the brand’s site to your reading habits on the publisher’s site and target ads even more effectively. 🔑 Identity-based tracking: A central authority would assign every web user an advertising ID that advertisers could track every time you log into a website. Ad tech companies would once again be able to monitor your browsing habits, serve you targeted ads, and measure whether you went on to buy the advertised product after seeing an ad. Giphy PLAYLIST Digital privacy jams --------------------------------------------------------------- Whether you’re baking a batch of [fancy chocolate chip]( cookies ([recipe here]() or clearing your browser’s cookie cache ([instructions here]() we have a playlist for you. An honorable mention goes to the far-sighted 1985 disco deep cut “[Don’t Let Computers Grow](” by German band Nature, which is worth a listen even though it isn’t available on Spotify and couldn’t be included in this list. [Listen up!]( take me down this 🐰 hole! Mobile monitoring --------------------------------------------------------------- Cookies allow advertisers to track people on laptops and desktop computers. But there’s another set of identifiers advertisers use to track people on their smartphones and tablets. Many of the same questions surrounding browser cookies are beginning to swirl around Apple and Google’s mobile device IDs—and the ad industry is once again [struggling to figure out how to respond](. Apple and Google are moving at different speeds to bring privacy protections to their mobile users. Apple has been quick, which is [great for wealthier consumers]( who can afford to buy an iPhone or iPad. But Google has slow-walked privacy changes on Android, leaving hundreds of millions of people—[especially in Africa and Asia](—waiting for the same privacy benefits the rest of the world is already experiencing. Giphy Poll Which cookie alternative would you feel most comfortable with? [Click here to vote]( Google’s FLoC modelFirst-party data trackingIdentity-based trackingWhat! Trust no one! 💬 let's talk! In last week’s poll about [cicadas](, an overwhelming majority of you deemed the bugs cute, not gross. ✉️ Shreya shared a poignant anecdote: “I am fascinated by these creatures. Only a few days back, after a warm shower, one of them must have somehow gotten into my room. As I turned in, he set up a brave cacophony, music, no doubt, to his ears. I didn’t know how to shut him up and after a few unsuccessful attempts, went to sleep with a pillow over my ears. In our current lives of lockdowns and social isolation, even a cicada is company.” That’s the spirit! 🤔 [What did you think of today’s email?]( 💡 [What should we obsess over next?]( 🎲 [Show me a random Obsession]( Today’s email was written by [Nicolás Rivero](, edited by [Annaliese Griffin](, and produced by [Jordan Weinstock](. [facebook]([twitter]([external-link]( The correct answer to the quiz is 0-1%. Enjoying the Quartz Weekly Obsession? [Send this link]( to a friend! Want to advertise in the Quartz Weekly Obsession? Send us an email at ads@qz.com. Not enjoying it? No worries. [Click here]( to unsubscribe. Quartz | 675 Avenue of the Americas, 4th Fl | New York, NY 10011 | United States