How Google will be able to track you without cookies

Google is already busy imagining a world without cookies—and preparing for it.
Google is already busy imagining a world without cookies—and preparing for it.
Image: Reuters/Shannon Stapleton
We may earn a commission from links on this page.

As users have become both more aware and wary of cookies—the technology that tracks browsing activity for advertising purposes—Google has started experimenting with new tracking methods that don’t use cookies. People want more control over the advertising they see and what companies know about them. Cookies can often feel creepy; it can feel like the Internet knows you too well. Example:

Many people, therefore, avoid cookies, either by turning them off or using services that block them. Firefox and Safari block cookies to varying degrees. (Firefox’s default setting turns cookies off; Safari blocks them altogether.) And, smartphone browsers and apps don’t use cookies. Google, of course, loses revenue when that happens: Fewer people see their relevant ads. Therefore, it’s no surprise that the company wants to figure out a different way to serve its ads sans cookies, as USA Today’s Alistair Barr reports. But how might that work?

Google did not clarify the exact technology it was working on. “We and others have a number of concepts in this area, but they’re all at very early stages,” a spokesperson told Barr. One of those “concepts” includes fingerprinting a technique that “allows a web site to look at the characteristics of a computer such as what plugins and software you have installed, the size of the screen, the time zone, fonts and other features of any particular machine,” as Forbes’s Adam Tanner explains it. Your browser transmits all sorts of information that has nothing to do with cookies. All of those things put together form a unique identity that can be assigned an identifying number and then used just like a cookie. (You can check out how unique your browser is and the kind of information it is sharing over at this Electronic Frontier Foundation site.)

The benefit of fingerprinting for advertisers is that it’s a lot harder to ditch than a cookie, which expires, can be cleared, or blocked entirely. Fingerprinting is device specific. Changing browser or software settings only makes your device more unique and identifiable. The EFF has already raised concerns with the privacy implications of this technique. “Policymakers should start treating fingerprintable records as potentially personally identifiable, and set limits on the durations for which they can be associated with identities and sensitive logs like clickstreams and search terms,” concluded the paper “How Unique Is Your Web Browser?” (pdf).

Fingerprinting can also be combined with other information from third party companies to serve even more relevant ads. For example, one advertising company AdStack works with Rapleaf to match its fingerprinting data with Rapleaf’s e-mail address database to gather age, gender, and other information about its potential consumers. “We have data on at least tens of millions of people,” AdStack CEO Evan Reiser told Tanner.

The privacy issues don’t concern Resier. “There is a pretty fine line between cool and creepy. And for anything that I think is really great technology I can guarantee there is someone out there who thinks it’s horrible and we shouldn’t do it,” he says. But he runs a relatively small company when compared with Google. If and when the king of online ads chooses this new tracking tool, you can bet it will mention the privacy of its users. In fact, it already has: “We believe that technological enhancements can improve users’ security while ensuring the web remains economically viable,” a Google spokesperson told Barr. See Google cares about your “security.”

This originally appeared at The Atlantic Wire. More from our sister site:

Early iPhone 5C preorder signs point to Apple sales disaster

Will science find the next “Twilight”?

Norman Mailer is going digital