This episode of Security Now covered Google’s plan to deprecate third party cookies and the reaction from advertising organizations and websites.
The articles and the opinions of the show hosts are that it may have negative or unintended consequences as rather than relying on Google’s proposed ad selection scheme being run on the client side (hiding information from the advertiser), instead they are demanding first party information from the sites regarding their user’s identification.
The article predicts that rather than privacy increasing, a majority of websites may demand user registration so they can collect personal details and force user consent to provide that data to advertisers.
What’s your opinion of website advertising, privacy, and data collection?
- Would you refuse to visit websites that force registration even if the account is free?
- What’s all the fuss about, you don’t care?
- Is advertising a necessary evil in fair trade for content?
- Would this limit your visiting of websites to only a narrow few you are willing to trade personal details for?
- Is this a bad thing for the internet experience as whole, or just another progression of technology?
- Is this no different from using any other technology platform that’s free (If it’s free, you’re the product)?
- Should website owners just accept a lower revenue model and adapt their business, rather than seeking higher / unfair revenues from privacy invasive practices of the past?
I don’t quite understand the leap from “No third party cookies” to “You need to create an account”.
If you’re visiting a site and they drop a cookie, that’s a first party cookie. You don’t need to log in for that to happen, and they can track you all the same. Taking identifiers from a first party cookie and passing them to advertisers will still be a thing, it’ll just require closer coordination between the site and the advertiser than if the advertiser dropped their own cookie.
Now yes, that first party cookie won’t follow you around to other websites and track your behavior there, but creating an account wouldn’t enable this anyway. Besides, Google’s Privacy Sandbox product suite is intended to fill this role in a less granular way (associating k-anonymized ids with advertising topics across websites).
If you use your email address, they can follow you everywhere. Unless you create tons of throw away emails.
Despite what the length of their privacy policies might suggest, first party sites are a lot stingier with their user data now than they’ve been in the past. The value of knowing who someone is and what they want is derived when you convince them to pull out a credit card, at which point you need to collect their data anyway.
Thus, I think we’ll see two tiers of data collection: Deep first-party info shared between retailers and data brokers to target advertising on their first party site, and less granular banner advertising based on privacy sandbox, taking the place of drive-by cookie drops. If privacy sandbox is as good for random blogs as industry is expecting (ie, not as perfect as third party cookies, but less impactful than Apple’s ITP was), I don’t think we will see a wave of email signups.
posted February 13 2024
“Google recently announced that its dominant Chrome browser will phase out support for third-party cookies by the end of 2023”
“AI Written Human Edited”
We can tell
This is great news! But I’m sure Google is probably using it as a way to get all the cookies for themselves and then sell that data to these companies.
The companies will still get their data but they’ll have to buy it from Google only as Google will probably be considered a 1st party cookie vendor.
If any site wants me to sign up to use it, I’ll just not use it. No big deal.
Someone else that listens to SN!
So, internet users may soon need to create accounts on sites they currently access for free. As Laporte worries, “We thought those cookie permission popups were bad, but things may be getting much worse” regarding being forced to hand over personal information just to browse sites.
Good way to kill your site, this is the one thing everyone hates, from the enthusiast to the casual user, making an useless account for 1 service that you barely use.
If they need permission for third party cookies and those are now no longer possible, the popups can go already.
And if a site doesn’t want to serve people that do not accept data hoarding, an account with terms and conditions is the only logical way to go.
Belgium forced facebook to not track users without an account and they reacted by doing this exact thing (requiring an account to even read pages). It made it a lot easier for me to not having to deal with Facebook at all. If some store or organization only had the info on Facebook, I’ll just tell them I can’t access it 🤷♂️
Slap Google SSO on that and you’re good. Honestly that’s worse than regular registration.
Yeah, if I see a “register an account on this random website” I roll my eyes or close it/back out. If I see “sign in via Google/fb” I recoil with a “fuck no”.
Yeah, I initially was ok with it, but as I have watched these companies I have become less and less ok. I have been contemplating making dummy accounts full of erroneous data so all of the metrics are wrong as a giant middle finger. Sure, I’m a 72-year-old woman in Des Moines, or am I an 80-year-old man in DC? Maybe a 22-year-old in LA? Who knows.
On mobile it is pretty common to force the user to create an account before being able to use the app, so people may already be trained on it.
