Tag Archives: Tracking Cookies

News

Featured Article : Life After Cookies

With Google recently committing to phasing out third-party cookies as Firefox and Safari have already done, we take a brief look at the possible alternatives and replacements for using cookies to track and understand user behaviour.

Cookies

Cookies are pieces of code/small text files used for tracking and stored on the browser of someone who visits a website. First party cookies are generated when a person visits one particular website (domain) and are only used for finding out what that person did when they visited that particular site. This type of cookie does not record details about a person’s activities when they go on to visit other websites after leaving that website.

Third-party cookies are created by a third-party (e.g. an advertiser) and are placed on a visitor’s computer when that user visits a website.  The purpose of third-party cookies is to track a web user and gather data about their activities and preferences (e.g. websites they visit frequently, what they purchased online and what they show interest in). This enables the building of a visitor profile which, in turn, leads to them being shown ‘relevant’ targeted adverts. 

The Trouble With Third-Party Cookies

Google has recently joined other browser companies in committing to the phasing out (over 2 years) of third-party cookies. The reasons for phasing out third-party cookies are:

– Legislation. Improved and new data privacy laws. The introduction of GDPR, the California Consumer Privacy Act (CCPA) and Privacy Rights Act (CPRA) preventing tech companies from tracking everything that users do without permission and sharing the data with multiple other third parties.

– Privacy Campaigners. Many privacy campaign groups and others have challenged tech companies and advertisers over the years about privacy and tracking users. 

– High profile Criticism. Among other things, in January the UK Competition and Markets Authority started investigating whether restricting cookies on Chrome could help Google increase its dominance in the online ad industry. For example, some commentators have questioned Google’s motives for removing third-party cookies, suggesting that forcing a reliance upon first-party cookies may simply be a way for Google to get more of a grip on the ad market and receive the revenue that would have been spent on third-party platforms.

The Challenge

The challenge is to create an alternative that is compliant, acceptable to users and privacy groups, and enables advertisers, publishers, and owners of ad-supported websites to keep revenue streams.  For example, Google (Ad manager) data shows that when advertising is made less relevant by removing cookies, funding for publishers falls by 52 per cent on average.

Alternatives

With this in mind, here are some examples of the possible alternatives to cookie-based systems:

– Using machine learning systems (Google) to model user behaviour and to pursue a modelled, first-party approach. This means using first-party data and the data Google can gather from users who consent, integrated with tools like the Google Tag Manager. Consent Mode, for example (announced in September 2020), gives advertisers access to a new tag setting, dubbed “ad_storage”.  This controls cookie behaviour for advertising purposes, including conversion measurement. With Consent Mode, a website visitor is given the option to consent to the use of ads cookies (or not) on the cookie consent banner, thereby enabling Google tags to determine whether or not permission has been given for the site to use cookies for advertising purposes for that user. If a user consents, conversion measurement reporting continues normally. If a user does not consent, the Google tags are adjusted accordingly to not use ads cookies, but instead to measure conversions at a more aggregate level. Crucially, Google’s Consent Mode enables the use of conversion modelling for those who don’t consent, thereby recovering some 70 per cent of ad-click-to-conversion journeys that would otherwise be lost to advertisers. Google believes that Consent Mode, coupled with its Tag manager is a way for Google Ads, Campaign Manager, Display & Video 360, and Search Ads 360 to continue reporting conversions while respecting users’ consent choices for ads cookies. 

– Google’s Privacy Sandbox, which it originally announced last August, and touched upon again in January this year.  Google describes this as “a new initiative to develop a set of open standards to fundamentally enhance privacy on the web” and “a secure environment for personalisation that also protects user privacy”.  The idea of Sandbox is to move all user data into the Google Chrome browser where it can be securely stored and processed so that it stays on the user’s device and is, therefore, making it compliant with privacy laws. It is understood that the Privacy Sandbox may also include an algorithm to group people according to their common web browsing and thereby create ‘clusters’ of people (who can’t be directly identified) with similar interests. These clusters can then be targeted by adverts without affecting the privacy of the individuals in a cluster.

– Federated Learning of Cohorts (FLoC).  This is another Google idea that uses third-party data, doesn’t affect the ability of publishers to track their own visitors, and allows ads to be targeted at groups of users based on common interests (interest-based advertising). The FloC idea, however, has been met with criticism from the Electronic Frontier Foundation over privacy concerns and that it could be equivalent to a “behavioural credit score.”

– Microsoft’s PARAKEET proposal is an alternative to Google’s FLoC.   PARAKEET (Private and Anonymized Requests for Ads that Keep Efficacy and Enhance Transparency) places a proxy server between the user and the ad company, with users being given a unique ID, known only to the proxy server. This means that when a web page requests an ad, the request is routed via the proxy server and statistical noise is added to mask the user’s private data.  This system allows the PARAKEET gatekeeper service to provide aggregate reporting to ad networks.

– Systems made by rivals of Google Ads, such as Trade Desk Inc’s (open source) Unified ID 2.0 where people can protect their privacy by logging on to websites using encrypted copies of email addresses, i.e. the system creates an identifier for each person who logs in with their email address. Also, Criteo SA, an AdTech company is reported to have developed a possible alternative.

What Does This Mean For Your Business?

The ad ecosystem, which ultimately provides huge amounts of revenue for companies like Google also supports (and is very important in revenue terms for) ad customers, publishers, and owners of ad-supported websites. While new solutions must be found that provide acceptable levels of privacy (which is a task in itself), the way forward in terms of alternatives to cookies has generated a number of different options including the use of machine learning, proxy servers, and encrypted email logins, all of which are designed to provide smarter and more private and acceptable ways of still supplier data for advertising. With Google being the most powerful of the big advertisers and cookie users, it appears likely that its modelled, first-party approach using its machine learning resources is going to be the most prominent replacement for cookie-reliance. It is relatively early days though, and the important aspect for many businesses that rely heavily upon Google Ads is that any new system is still able to provide the same or better results in terms of conversion.

News

Featured Article – How To Browse Privately

This article takes a brief look at what private browsing actually means with popular browsers and software, and how genuinely private browsing could be achieved.

Why Browse Privately?

Over 80 percent of websites use one or more tracking tools (Epic) and reasons for private browsing may be to avoid having your browsing history recorded, perhaps being on a shared or public computer (to avoid being tracked by your browser), or to avoid downloading cookies (to avoid being tracked by websites), or to be able to sign into multiple accounts simultaneously.

Tracking

The different ways that you can be tracked include:

– IP address. This string of numbers, set by the ISP, is a way for each computer using the Internet Protocol to communicate over a network. The IP address is necessary for accessing the Internet so that web servers know where to send the information that’s being requested.

– Cookies. These are text files loaded into a folder on the user’s web browser by the sites they visit. Cookies record details such as users’ preferences, and the last time they visited the website. Session cookies are used when a person is actively navigating a website but tracking cookies can be used to create long-term records of multiple visits to the same site. From the user point of view, cookies can serve a useful purpose (e.g. for logins) or can be used for targeted advertising.  Google recently announced an end to its third-party (tracking) cookies within 2 years for its Chrome browser following similar, earlier announcements by Safari (Apple), Mozilla’s Firefox (Mozilla) and Brave.

– Signed-in accounts. The accounts a user is signed-in to (e.g. Google or Facebook) can also track what a user has viewed, liked and more.

– Agent strings. When a user sends a request to a webserver to view a website, the request comes with information about the user attached to the User-Agent HTTP header.  This ‘agent string’ contains information such as the browser (type and version) and operating system being used.

Browsers – Private Browsing / Incognito Mode

Different browsers have different names for private browsing mode, e.g. InPrivate browsing (Edge), ‘Private’ for Firefox (Mozilla) and Safari, and Incognito for Google Chrome. 

Switching to this browser mode loads a news private window. This means that the new window is not signed to any accounts so can’t be tracked by them, cookies are not used, and any browsing is not added to the browser history. In this mode, however, the user’s IP address can still be tracked.

Do Not Track

‘Do Not Track’ (DNT) is a web browser setting that requests/asks that a web application to disable its tracking of an individual user. For example, switching the ‘do no’ track’ setting sends a signal to websites, analytics companies, ad networks, plug-in providers, and other services a user encounters while browsing.  However, due to a lack of consensus (or enforcement) most sites still track users despite the request not to.

Extensions For Browsers

Another option for users to try and maintain private browsing is to use an additional private browsing extension/add-on.  Examples include:

– Privacy Badger. This is a free extension that gradually learns to block invisible trackers.

– Ghostery. This is a free, open-source privacy and security-related browser extension and mobile browser app that blocks ads and stops trackers.

– Cookie AutoDelete.  This is an extension for erasing cookies for a browser tab when it closes.

– HTTPS Everywhere.  This free, open-source browser extension automatically switches thousands of sites from “http” to secure “https” thereby protecting the user from many different types of tracking/surveillance and account hijacking.

Whole Private Browsers/Search Engines

Users can opt for a whole browser that’s designed to be private, anonymous and to guard against tracking. Popular examples include:

– DuckDuckGo. This search engine, which is also available as a Chrome extension, doesn’t save the user’s browser history, forces sites to use encrypted connections, blocks cookies and trackers, and stops a user’s searches being sold to third parties for profiling and advertising.

– Epic Privacy Browser.  This is a secure web browser that blocks ads, trackers, fingerprinting, crypto mining, ultrasound, signalling, and offers free VPN (servers in 8 countries).

– Tor.  This browser uses a distributed network (randomly selected nodes) to anonymise the user’s IP address. Tor also encrypts traffic.  This makes it incredibly difficult for a user’s web traffic to be traced and very difficult for users to be tracked unless they reveal their IP address by enabling some browser plugins, downloading torrents, or opening documents downloaded using Tor.

– Brave. This is a free, open-source web browser, based on Chromium that blocks ads and trackers and allows users to use a Tor in a tab to hide history, and mask location from the sites a user visits by routing a user’s browsing through several servers before it reaches its destination.

VPNs

Many users now opt for a virtual private network (VPN) to allow them to make a secure connection to another network over the Internet, encrypt traffic, and hide their IP address. Since a VPN routes a user’s internet through another computer, where many other users of the VPN are using the same IP address, tracking is made very difficult. VPNs, however, don’t protect a user from being tracked, from cookies, from user-agent strings, or through the accounts they’re logged in to (e.g. Google), or from any VPN’s that keep logs of user activity and could sell those logs to third parties. Also, some services discourage the use of a certain VPN, and VPNs can slow down the user’s Internet connection dues to the re-routing and encrypting through the VPN server.

What Does This Mean For Your Business?

What this all means depends upon what level of privacy, for what purpose, and when users require it.  For most daily use, Private/Incognito browsing functions provide a fast way to access a reasonable amount of protection from normal tracking. Additional extensions /add-ons may add a convenient route to greater privacy. For times when users may feel that more security is needed, they may decide to opt for a VPN or for a more complete private browsing solution such as the Tor browser. It may also be the case that some business users, as a matter of preference and security, may choose to only use the private services (e.g. DuckDuckGo, Brave, or Tor), thereby always working with a privacy level that they feel comfortable with.  For many businesses, it’s more likely to be a case of a combination of privacy solutions used as and when required in a way that is compatible with daily working practices, authorised, approved, and recommended by the company and other relevant stakeholders. With popular browsers now stopping tracking cookies and news that the next Apple iPhone software update, iOS 14.5 will include an AppTrackingTransparency requirement where whereby all apps will need to request permission to track a user’s activities across other companies’ apps, pressure is now mounting on advertisers to come up with other ways to track and target users and maintain revenue streams.