Browser cookies started as a means of streamlining the shopping experience. They allowed users to browse the shopping site while their items were retained in the shopping cart. Over two decades later, they have adopted many new functions, the main one being advertising.
Cookies are a part of a large browser tracking scheme that allows advertisers to do their jobs effectively. While some internet users appreciate the well-targeted ads, many raise their concerns about a possible threat they pose to online privacy.
Over the years, opinions on browser cookies have changed but the mistrust remained the same. The NewProgrammatic blog brings you the complete history of cookies, the changing of attitudes, and their effects on digital advertising.
Before 1995 it was not possible to know whether someone browsing the Internet has seen the same site twice. All kinds of transactions had to be completed in one go or started over again on the next visit. While the first online banner ad appeared in 1994, it was placed on one site only and had no other targeting than the visitors of said website.
Browsing the web was largely anonymous until 1995 when the first cookie was created. Lou Montulii, a programmer working for Netscape Communications, came up with the idea to track users by placing a cookie on their computer. The purpose of that new technology was to make browsing sites easier. The products stayed in the shopping cart for the user’s next visit and websites became ‘aware’ of who visits them, what action that user takes, and how often they come back.
Cookies were almost immediately adopted by Internet Explorer. Despite both the Microsoft browser and the Netscape browser keeping cookies under the table, those privy to the inner workings of the web had already become concerned about what cookies could be used for.
Cookies enter the world of online advertising
While cookies were designed to be working within the same site (and related sites), there was a simple loophole. Companies could easily agree to share these cookies with third parties. Actually, companies anonymously aggregating user information could easily do so for the purpose of advertising. It didn’t take long for the large Internet advertising companies to get a hold of that.
DoubleClick and Engage were the first companies to try it. They used a common cookie across the web to keep track of what the user was doing. By that point, banner ads were already scattered around the web. It was already possible to identify a potentially suitable audience. But it was only when cookies came about that tracking the performance of ads became feasible.
As reported by The Wall Street Journal, by 2010 some sites were using over 100 tracking cookies at a time. Among the surveyed sites “some two-thirds of the tracking tools installed—2,224—came from 131 companies that, for the most part, are in the business of following Internet users to create rich databases of consumer profiles that can be sold.”
Third-party cookies became a very popular media topic at the time. Tracking users and consumer privacy was a controversial issue. Nonetheless, despite multiple attempts to stop advertising companies from gathering user data for the purpose of targeting ads, all the directives and laws were either ignored or bypassed.
Since 2011, the ad tech industry has grown to insane proportions. Despite Google Ads and Facebook dominating the advertising industry, there were many smaller and bigger ad networks created. DoubleClick (later bought by Google), Yahoo!, Baidu, Criteo, and others were all working alongside social media platforms in filling the web with advertisements.
In fact, the online advertising market grew by 93% between 2011 and 2016 as reported by European Audiovisual Observatory. Additionally, in 2016, online advertising surpassed TV advertising in revenue. And thus the data collected about individuals browsing the web became worth its weight in gold.
However, to meet the rising consumer expectations and concerns, cross-site tracking had to be limited. This time… effectively.
The main reason for changes was that cookie consent notices established in 2009 were found to be largely ineffective. According to academic research on GDPR consent notices, most pop-ups didn’t fulfill their purpose. They failed to be informative, they offered pre-selected switches in favor of ad tracking, or they offered a single confirmation button with no visible option to decline third-party data.
Apple takes the stand against ad tracking
Apple was the company that took the first step towards limiting ad tracking and protecting the user identity on the worldwide web. In 2015, the release of iOS 9 brought many improvements along with one special functionality – to block ads in Safari. It then became possible to create all kinds of ad content blocking extensions for iOS devices.
The decision has not been met with enthusiasm from Google and the whole $70 billion mobile marketing business. Publications like the WSJ’s Apple’s Ad Blockers Rile Publishers, or Tech Times’ Ad-Blocking Feature In iOS 9 May Cripple Mobile Advertising Industry, and Techwalls’ Apple’s Anti-ads iOS 9 will Worry the Media Industry expressed the attitudes clearly.
Apple was doing the right thing. However, it was not the right thing for the advertising industry. Limiting the availability of ad spots could raise the prices for iOS publishers and make it generally more difficult to advertise on iOS devices. And while Google has already been in trouble once for circumventing the privacy measures in Safari, it was once again sharing tips on how to get around the new Apple security rules.
That was the first blow to mobile advertising. According to Statista, Apple has sold over 230 million devices all over the world, just in the year 2015. By giving that many users control over whether they want to see ads or not, Apple has caused anxiety to many web publishers relying on mobile audiences.
In 2017, Apple decided to go one step further by introducing Intelligent Tracking Prevention 2.0 (ITP 2.0). While this update made Safari one of the best web browsers when it comes to user’s privacy, it severely complicated the lives of performance marketers. Third-party cookies were no longer allowed unless extra steps were taken. The workarounds, however, often made it more difficult to accurately track data.
Apple’s decision to kill third-party cookies had, once again, a negative impact on companies like Google, Facebook, and Amazon. Ads could still be shared, however, since personal data and preferences were no longer recorded, the ads could not be properly managed.
The introduction of ITP 2.1 and 2.2 deepened the problem. As of May 2019, first-party cookies were filtered by functionality, and the analytical ones were deleted after 24 hours. And what does that mean for advertising? The workarounds no longer worked. Ad tech giants could no longer track user activity outside a 24-hour window in the Safari browser.
E-commerce advertisers who used the first-party cookie to save data about website visitors could no longer use that. It used to be possible to score a conversion after sending reminders to users who have abandoned their shopping carts or didn’t make a purchase after browsing the site. After Apple’s ITP (2.1, 2.2, and then 2.3) a user had to make a purchase within the same session. Otherwise, the funnel (displaying an ad – sending an email reminder – receiving a conversion) would be broken. An advertiser would still receive a conversion but without accurate data on where it actually came from (email campaigns vs. the original ad).
Firefox takes steps to improve user privacy
Starting in 2018, Firefox began to gradually improve its privacy policies. At first, third-party cookie blocking and tracker blocking became possible. In January 2019, Firefox 65 introduced options for handling third-party cookies.
In an opinion piece by What’s New in Publishing, the new options have been called a mere bump in the road. The author claims the Firefox update is most likely to affect only smaller and less trusted publishers. Additionally, Firefox’s insignificant global share of the market (under 5%) means not many businesses will be affected.
In further updates, third-party cookie blocking became a default (not only for the private mode as was the case before). By January 2020, Firefox added default blocking of crypto miners, device fingerprinting, social tracking protection, and a Facebook Container. That last feature made it very difficult for Facebook to collect data about what the logged-in users are doing on other websites.
As reported by Wired, Mozilla has acknowledged that there will be a negative impact on publishers, however, it’s only a matter of time before new technologies will replace third-party cookies. Finding alternative privacy-oriented solutions is a sustainable long-term investment, so rather than worrying about the revenue, publishers will find better ways to target ads.
The beginning of Google’s Privacy Sandbox
Finally, Google was forced to take initiative. In August 2019, Google announced the Privacy Sandbox. While acknowledging the issue of the invasiveness of the omnipresent third-party cookies, Google noticed that the attempt to replace them gave rise to another tracking technology, namely, fingerprinting. As a consequence, Google’s proposal was to create new web standards that would protect users’ privacy while retaining some form of individual user tracking and ad targeting.
In January 2020, Google announced plans to gradually phase out third-party cookies in Chrome. Their two-year plan included limiting cross-site tracking and giving users more control over third-party cookies. The announcement posted on the Chromium blog also criticized the actions of other browsers saying that blocking third-party cookies, […] has unintended consequences that can negatively impact both users and the web ecosystem.
Although third-party cookie data will no longer be used to track users, HubSpot reminds all those concerned about the integrity of the ad tech supply chain that this is not the end of online advertising. Google – the search giant – has stated in their blog post they will work with advertisers to ensure that targeting ads will be possible without infringing on user privacy.
Additionally, first-party cookies are still vital. They would remain an integral part of every user’s browser to ensure a smooth experience within the same site. Google’s Privacy Sandbox is also meant to include a replacement for third-party cookies in Chrome.
When in 2019 Europe’s high court ruled that pre-checked consent boxes for tracking were illegal, a large part of the advertising industry noted significant reporting losses. Tracking without explicit user consent was outlawed permanently. At that point, it was known that changes were coming.
As of March 2020, third-party cookies are automatically blocked in Safari. Apple was once again the first company to make another big move towards protecting the privacy of their users. Additionally, Apple also blocked fingerprinting, thus making it virtually impossible to track the same user across different sites in the Safari browser.
However, the popular misconception that Google Analytics will no longer work in Safari is not true. Yes, third-party trackers known to collect information about individual users will be blocked. However, as Google Analytics is not one of those trackers, it will continue to work as before.
One year later, in February 2021, Mozilla introduced total cookie protection in Firefox 86. In simple terms, Firefox will now not only block cookies left by popular tracking companies, but it will also keep all cookies separate. Meaning, no cookies can be used to track you from site to site as you browse the web.
At last, Google’s original plan to replace third-party cookies by 2022 had to be postponed to late 2023. The reasoning behind this decision was to give more time to advertisers and publishers to familiarize themselves with new ad technologies. The new cookie-replacing solutions are supposed to be integrated into the Chrome Browser before late 2022. This would give the digital advertising industry a long period to move and adapt before the final cut-off in late 2023.
Still, the ad tech industry is skeptical about some of the new third-party cookie alternatives, such as FLoC. Federated Learning of Cohorts (FLoC) is a newly invented type of web tracking developed as a part of Google’s Privacy sandbox. Instead of sharing user data with third-party companies, it would store the data inside the browser. It would also group people into ‘cohorts’ based on the demographic, their habits, and interests.
Soon after the announcement, The Wall Street Journal and many others have reported that both Mozilla and a lesser-known browser – Brave, are not planning to participate in using the system. The main argument against FLoC is that it harms user privacy in a different way than cookies did, possibly more severely. DigiDay points out that this particular method of targeting could enable discriminatory targeting or data use.
Furthermore, Financial Times says the delay along with the introduction of FLoC seems to be designed to benefit Google. They’re not only responsible for the design of cohorts but also for the effectiveness of the new system. The new developments have even sparked an antitrust investigation into Google’s practices.
As of October 2021, FLoC has already been rejected by all major browsers. As a consequence, Google has yet again pushed back the end of the testing phase from the end of Q2 to the end of Q3 2022.
While Google works to replace third-party cookies, advertisers can discover the blooming market of alternative advertising solutions and cookieless ad formats.
Although the invention of cookies has brought a lot of improvements to the way the web works, it’s also brought a lot of concerns in terms of Internet browsers handling personal data. The growth of the digital advertising industry fueled by a breakneck gathering of behavioral data has caused third-party cookies to be one of the most talked-about subjects of the previous decade.
Nonetheless, the rapidly evolving regulatory restrictions slowly brought back privacy for the web community but as a consequence weakened the ad tech industry.
As of now, Apple’s Safari and Mozilla’s Firefox are both blocking third-party cookies by default. They both have additional options to block first-party data from being shared across sites.
Opera and Edge don’t block third-party cookies by default, however, they both have certain options to increase privacy.
Google Chrome does not block third-party cookies by default although it does provide extensive options for managing privacy settings. As the most popular browser, it relies most heavily on the ad tech ecosystem. That’s also why instead of making drastic changes, Google announced they will be slowly phasing out third-party cookies in Chrome in the next two years.
As existing technologies are departing from their reliance on third-party data, digital marketers will have to adjust. The ad tech giants can rely on first-party data but brands and agencies will have other options to turn to.
You don’t have to feel powerless against the constantly changing cookie regulations. If you’re looking for an innovative cookieless way to advertise your brand, NewProgrammatic can help you achieve consistent results.