The end of third-party cookies
By the digits
$336 billion: Valuation of the digital advertising industry, according to one estimate
72%: Americans who worry that what they do online is being tracked by companies
40%-60%: The (rather low) accuracy rate when two companies try to match the cookie data they have on the same set of consumers
40%: Web traffic that comes from users who block third-party cookies
Explain it like I’m five!
How do third-party cookies work?
A cookie is a small text file saved locally on a user’s computer at the behest of a website they’ve visited. It helps the website remember information about them—often for benign reasons, like remembering their login information or making sure the items in their shopping cart will still be there even if they close the page and come back later.
When cookies come from someplace other than the website a user chose to visit, they’re called third-party cookies. They’re not a particularly effective way for digital advertisers to track potential customers, and the public fears the privacy implications of having their every move online surreptitiously tracked. In response to public pressure, lawmakers are passing legislation to protect internet users’ privacy, but the most effective move of all might be a voluntary one by web browsers that have said they will no longer support third-party cookies. Few will mourn the functional death of the third-party cookie, but there’s reason to be suspicious of what might rise in its place.
Charting where digital advertising money goes
Brief history of third-party cookies
1994: Lou Montulli, a 23-year-old engineer at the world’s then-leading web browser, Netscape, invents the cookie. His original goal was to create a tool that would help websites remember users—but couldn’t be used for cross-site tracking.
1995: DoubleClick, one of the world’s first adtech firms, is founded. Its engineers realize they can exploit cookies to track users across the web; the company pioneers and comes to dominate the world of ad targeting.
2008: Google buys DoubleClick for $3.1 billion and expands its advertising business from search pages to programmatic ads on websites.
2016: The EU passes the General Data Protection Regulation (GDPR), which expands requirements for websites to get users’ consent before tracking them with cookies.
Jan. 2020: Google announces it will block all third-party cookies by default, writing, “Our intention is to do this within two years.”
June 2021: Google revises that timeline to 2023.
What will replace the third-party cookie?
There are three major proposals for how the industry can continue to show consumers relevant ads and measure the effectiveness of marketing campaigns without relying on third-party cookies. We’ll see the industry experiment with all three.
👯♀️ Google’s Federated Learning Cohorts (FLoC) model: The browser tracks users and groups them into cohorts alongside thousands of peers with similar online habits. Every time a person visits a website, their browser would tell the site which cohort they belong to, and advertisers would show them ads tailored to people with interests like theirs.
🗞️ First-party data tracking: Publishers and advertisers each collect their own data about their audience and consumers respectively. If a brand and a publisher have the same piece of information about a particular user, like an email address, they can team up to match the customer’s spending habits on the brand’s site to their reading habits on the publisher’s site and target ads even more effectively.
🔑 Identity-based tracking: A central authority would assign every web user an advertising ID that advertisers could track every time a user logs into a website. Adtech companies would once again be able to monitor individual users’ browsing habits, serve them targeted ads, and measure whether a user who saw an ad went on to buy the advertised product.
Person of interest: Lou Montulli
When Lou Montulli invented the cookie in 1994, he was a 23-year-old engineer at Netscape, the company that built one of the internet’s first widely used browsers. He was trying to solve a pressing problem on the early web: Websites couldn’t remember who their users were or what they had done in previous visits.
He and his Netscape colleagues settled on the cookie as a way to help websites remember visitors without enabling cross-site tracking.
Almost immediately, advertisers learned ways to essentially hack cookies to do exactly what Montulli had tried to avoid: follow people around the internet. Over time they created the system of cookie-based web tracking we have today. Twenty-seven years later, Montulli has some misgivings about how his invention has been used—but he has doubts about whether the alternatives will be any better.
What if antitrust regulators forced Google to sell Chrome? (Quartz) If Google were forced to sell Chrome due to monopoly concerns, a new owner might jettison third-party cookies sooner, creating headaches in the digital ad world.
Google is done with cookies, but that doesn’t mean it’s done tracking you (Vox) Another take on FLoC and what information Google will still collect even after cookies are gone.
No need to mourn the death of the third-party cookie (The Next Web) The case for publishers, advertisers, and consumers being better off without cookie tracking.
Advertisers scramble for answers after Apple’s IDFA update (Digiday) Looming changes to Apple’s ID for Advertisers will be just as disruptive for the ad industry as Google’s deprecation of third-party cookies.