Chrome Browser Sticks with Third-Party Cookies as Privacy Risk Remains

chrome-cookies
Share article
twitter linkedin medium facebook

Updated on January 8th, 2025

What changes did Google announce?

On July 22, 2024, Google announced that it would no longer be deprecating third-party cookies, effectively ending a long-running saga that began when it unveiled their proposed replacement, the Privacy Sandbox initiative, in August 2019. Privacy Sandbox VP, Anthony Chavez made the announcement in a blog post.

Initially, Google planned to phase out third-party cookies to enhance user privacy, but the move faced significant backlash from privacy advocates, regulators, and advertisers. Critics argue that this reversal leaves billions of Chrome users vulnerable to online surveillance, but

according to Chavez, Google now aims to offer them more control over their privacy settings while still supporting third-party cookies for those who want them.

Speculation about what this extra control will look like suggests that the company plans to introduce something similar to Apple’s App Tracking Transparency, which asks users for explicit permission before tracking them. For the moment, though, the world’s most popular browser, with 3.45 billion users worldwide and 63.45% of the global market, is still using third-party cookies, and Google is currently leaving privacy choices in the hands of those users, who can choose to allow or block all third-party cookies via Chrome’s settings.

What are third-party cookies?

In case you weren’t sure, third-party cookies are small pieces of data placed on a user’s device (typically the browser) by a website other than the one the user is currently visiting. For example, suppose your website hosts ads on behalf of an ad network such as Google AdSense. In that case, when a visitor opens your site, it’s AdSense that will place its cookie in their browser, use it to track their browsing behavior around the web, build up a profile of them, and use it to serve them relevant ads whenever they visit another site that hosts AdSense ads.

It’s this ability to track users so well that has always been the problem with third-party cookies. If they aren’t configured to obtain proper consent before tracking what users are doing, or if they leak data after being compromised by malicious actors, it is the website owner who bears the responsibility. They are the ones who will be fined by privacy regulators and pursued through the courts by data breach victims.

What are first-party cookies?

First-party cookies are generated by the website that the visitor is currently visiting. So, when they visit your website, your first-party cookies keep track of things like their login status, shopping cart contents, and user preferences, as well as analytics. These cookies aren’t going anywhere either.

What would the changes have meant for advertisers?

Without third-party cookies to report on visitors’ movements, third-party advertisers would have found it harder to track website visitors as closely as before, and identifying their browsing behaviors and serving them highly personalized ads would have been trickier. However, some critics of the Sandbox initiative have pointed out that advertisers may have been able to piece together a picture of users’ browsing behaviors anyway using first-party cookies.

What would the changes have meant for website owners?

Website owners may have been spared the challenge of dealing with Chrome cookies but no doubt would’ve shifted their concerns to other popular third-party tracking technologies like the Meta and TikTok pixels. These are equally at risk of leaking user data due to misconfigurations or compromised by malicious actors.

Google’s Privacy Sandbox tools were intended to circumvent these sorts of data protection problems by using techniques such as grouping users with shared interests without sharing any of their individual data. It ran into various problems, as we mentioned, and some of its critics have suggested that even had it not, the approach it takes merely moves privacy concerns “in-house,” i.e., shifts the sharing of private user data to Google alone. This would arguably help consolidate the monopoly of its all-conquering AdSense network, which is something that the company might be keen to avoid, given that regulators sometimes choose to break up monopolies.

As it stands, these tools are still available, but entirely optional.

How Reflectiz Can Help

Reflectiz offers a powerful security solution that helps reduce the risks of using online tracking technologies. With real-time monitoring and analysis of all website components, this user-friendly platform gives website owners clear oversight of what’s being collected, where it’s being sent, and how it’s being used. Reflectiz features advanced monitoring that detects and identifies the potential security vulnerabilities and privacy threats posed by online tracking technologies, including unauthorized tracking and data leakage. Reflectiz also gives you the actionable recommendations and controls you need to comply with data privacy legislation. It’s a powerful solution that helps you avoid the expense and reputation damage that data breaches bring.

Conclusion

Advertisers will no doubt be cheering the decision to keep using third-party cookies in Chrome, but website owners will need to remain vigilant in the face of the privacy concerns associated with these and other tracking technologies. It still falls to web threat management solutions like Reflectiz to provide the comprehensive visibility, privacy protection tools, and ultimately the peace of mind that website owners need.

Subscribe to our newsletter

Stay updated with the latest news, articles, and insights from Reflectiz.

Your Website looks great!

But what’s happening behind the scenes?

Discover your website blind spots and vulnerabilities before it’s too late!

Try for free