The Goodbye That Never Came: Chrome Keeps Third-Party Cookies, Why?
The pain of parting is undeniable, and often leads to long goodbyes. Such was the case with Google’s planned phaseout of third-party cookies, the cornerstone of cross-site tracking and targeted advertising. After initially promising to eliminate third-party, or “tracking,” cookies “within two years” by January 2020, Google repeatedly pushed back the deadline.
We say “was” because Google just changed its mind. Instead of saying goodbye to third-party cookies for good, the company now plans to keep them around, possibly indefinitely.
In a blog post discreetly titled “A New Path for Privacy Sandbox on the Web,” Google Vice President Anthony Chavez quietly dropped a bombshell: He announced that while Google remains committed to implementing the Privacy Sandbox APIs (initially pitched as a more private alternative to third-party cookies), it will not eliminate the tracking cookie.
“Instead of doing away with third-party cookies, we would introduce a new experience in Chrome that lets people make an informed choice that applies to their entire web browsing, and they could update that choice at any time.”
The announcement, which was buried deep in the mail, came as a bolt from the blue. A Privacy Sandbox website still maintains a timeline that puts the third-party cookie phaseout as happening in Q2 2025. Currently, Chrome has already restricted third-party cookies by default for 1% of stable Chrome users, with 20% of Canary, Dev, and Beta users affected.
Informed choice
Rather than removing third-party cookies, Google says it will offer “a new experience” in Chrome that lets users “make an informed choice that applies to their entire web browsing.” Chavez was sparse on details about how this informed choice concept would be implemented. Since we don’t have much — or rather, none at all — in terms of details, we can only speculate.
An “informed choice” sounds good when implemented well. Ideally, users should be able to choose what data they want to share (for whatever reason) and what data they don’t want anyone else to spy on. The qualifier “informed” implies that users have all the information they need to make these decisions, understand exactly what data is being collected, how it is being used, who has access to it, and what the potential implications are for their privacy. This transparency ensures that users aren’t unknowingly sacrificing their privacy and can make informed decisions about their data.
When we dig deeper into what a third-party cookie does, the choice, if it is indeed well-considered, should seem like a no-brainer. Third-party cookies essentially have no other use cases than to help advertisers, data brokers, and others spy on users across the web. Unlike first-party cookies, which store useful site-specific data (like login information), third-party cookies track users across websites. This creates a detailed profile of a user’s browsing habits, interests, and online behavior.
Advertisers can then use this data to target users with ads that are eerily specific, often for products they happened to view but not necessarily purchase.
The question then is, with a clear understanding of what third-party cookies do, who would voluntarily allow them? Apple’s App Tracking Transparency (ATT) feature provides a real-world example. When given a direct choice to opt-in to app tracking, the vast majority chose to opt out. Gaming apps, generally known for their targeted advertising, were more successful in convincing users to allow tracking, but even in their case, the average opt-in rate for tracking was a paltry 37% in Q2 2023.
I’m taking a wild guess here, but it’s likely that if Google follows in Apple’s footsteps, third-party cookie adoption rates won’t be high. While details of Chrome’s “informed choice” are unclear, users who decline third-party cookies could be routed to Google’s replacement, the Protected Audiences API within the Privacy Sandbox initiative. The Privacy Sandbox offers a more private approach than third-party cookies, but only in isolation. When context is added, it hinders user tracking for smaller companies, but not necessarily for giants like Meta or Google itself, which benefit from vast portfolios of interconnected services.
Our doubts extend beyond the concept itself. Google’s history of using confusing interfaces, or “dark patterns,” raises concerns about the authenticity of this “informed choice.” For example, Chrome previously used a combination of settings to track users’ locations. Even if users turned off Location History, Google could still track them via the default “Web & App Activity” setting. Google didn’t announce this location-collection functionality of Web & App Activity until mid-2018.
Advertisers weren’t happy either
It wasn’t just privacy advocates who complained about Google’s replacement of third-party cookies, but advertisers themselves as well. Criteo, for example, reports that testing and feedback from publishers suggests that Google’s Privacy Sandbox, in its current form, falls short of the company’s stated goal of limiting publisher revenue losses to 5%. And that would be an understatement, as Criteo’s own analysis suggests that publisher revenue would “drop by an average of 60% for those who have fully integrated Privacy Sandbox” if third-party cookies were deprecated today and Privacy Sandbox were released in its current state.
It’s also no surprise that adoption rates for the new technology remained fairly low, at under 55%, according to Criteo. Criteo is far from alone: many more ad companies have reported similarly uninspiring results.
“We’re still seeing 30% revenue declines in the cookieless Chrome world, and that’s a huge amount of revenue that people could be losing,” the CEO of ad tech company Raptive recently told Marketing Brew.
What impact does this have on privacy?
Google’s decision not to ban third-party cookies is a blow to privacy, there’s no doubt about it.
Nearly all browsers block them by default, while others, like Microsoft’s Edge, are also on their way to phasing them out (though Microsoft may have some reservations in light of Google’s announcement). That means Chrome will eventually become the odd one out. At the same time, it remains the most popular browser with an impressive 65% market share. What that means is that the majority of internet users will be affected by this decision, and in a bad way.
No matter how you twist the language, third-party cookies are an inherently non-private tracking mechanism. Google’s tacit admission that its replacement failed shows that it’s hardly feasible at this point to have your cake and eat it too, protecting both privacy and advertisers’ interests, at least in the way Google intended. Ultimately, it failed to meet the expectations of either party, despite its stated intent to please both sides.
Today, the onus is on users to protect themselves from privacy intrusions, and ad blockers are one of many tools that can help them do just that. Relying on Google to protect their privacy always seemed like a far-fetched idea — and recent events have shown that Google is moving in the opposite direction.
We’ve highlighted the best business VPNs for you.
This article was produced as part of TechRadarPro’s Expert Insights channel, where we showcase the best and brightest minds in the technology sector today. The views expressed here are those of the author and do not necessarily represent those of TechRadarPro or Future plc. If you’re interested in contributing, you can read more here: