In our last blog DOH, DOT, QUIC and our stance on privacy and security we discussed how, apparent, good things introduced recently by certain parties have a completely different ‘hidden’ side effect. One of these parties, Google, has recently announced that they are going to save your privacy by 2022 by blocking 3rd party cookies and prevent browser fingerprinting.
Generally there are multiple types of cookies:
Technical cookies are cookies that are only used to solve a technical problem, such as determining which shopping cart belongs to which visitor. Without such cookies the entire contents of your shopping cart would have to be passed back and forth between your browser and the server for each and every page visited. With the cookie, the shopping cart can be stored on the server and only a unique identifier, the technical cookie, is passed with every request. We use such a cookie on our site. The cookie is only used when: a) you are a customer of ours, b) you’ve decided to login in to your ASK-Solutions account, and c) it’s removed as soon as you logout. The cookie is not used to identify you, track which pages you visit, it’s only used to be able to download your invoices, show your order history and verify and change your personal data that is on file with us. Therefore, we dont have to annoy all our visitors with a cookie announcement.
Tracking cookies are used to separate visitors from each other. For every visitor a new cookie is generated and stored on the computer of each visitor. This cookie is then sent back and forth with every request. Thus enabling to record which pages, images, and other resources have been requested by each visitor. In other words: a log of everything you’ve done is kept by the website. With 3rd party cookies this is not done on a per website basis, but this is done spanning multiple websites. Google Analytics is one such a use. Many website owners voluntarily install a piece of code from Google on their website. This piece of code uses a 3rd party cookie to track what you’re doing on the internet all day. This enables Google to build a profile about you; who are you and what are your interests. A small part of this information is given in return for installing the piece of code to the website owner, the bulk of the information is used by Google to present you with relevant personalized advertisements in the Google search engine, and is sold to 3rd parties.
However, cookies are a terrible method to accomplish this. It’s a nearly 30 year old concept. Lots of users have installed soft and/or hardware to block such cookies. Since 2016 there are changes in the HTTP protocol specifications to the way cookies should be identified and handled. Most browsers, except for Google’s Chrome browser, have been implementing these new specifications and already block 3rd party tracking cookies for years.
Cookies are almost irrelevant in modern day user tracking and personal data collection. So is browser fingerprinting through the data sent out by your browser following the RFC 1945, RFC 2068 and RFC 2616 HTTP specification. What is known is: your IP address, needed to sent back the page or image. For most users this address is constantly changing and only relevant for a short amount of time. The language that you prefer to read, very important data, to serve you a page in a language that you can actually read and understand. Some minor details about your browser which were needed in the past to serve a page that can be rendered correctly by your browser. This last information has become nearly obsolete with the HTML 4.01, CSS 2 and DOM standards we’ve helped to develop. Since those standards and their wide spread adaptation, all major browsers can successfully and without error render any standards compliant website, rendering details about your browser obsolete. Without the aid of scripts and user installed apps or toolbars, Google Chrome is the browser that sends out the most information about your device of all browsers. Information that is not necessary for the web to technically function properly, but is used to collect information about your device and identify you throughout extended periods of time.
As seen, 3rd party tracking cookies only work on older browsers and the Chrome browser. They are very limited in their use. The same goes for browser fingerprinting. Google has, finally, announced to start following the specifications that other browsers are already doing (or rather, not doing) for a long time.
When the changes in the Chrome browser are rolled out by Google, many companies that are currently tracking their users through cookies and browser fingerprinting are loosing out. Giving Google an even more prominent role in the data collection world. Google, Facebook, Amazon, Apple and Microsoft are currently the major parties that have invested big in tracking through other means than cookies and browser fingerprinting. Google is currently the most important party in collecting data through their search engine, Chrome browser, Google Analytics, Google DNS, Chromium, Android, the Google app store, Google Wallet, Google Play, Google Books, Google Assistant, Google Nest, Google Home, Google Fiber, Gmail, Google Documents, Google Drive, Google Maps, Google Calendar, Youtube, and their latest aquirement: Fitbit, a biometric data collection device.
The good thing is Google announcing to move away from selling detailed information on individuals to selling data about anonymous groups of people with similar interests; cohorts. They have to; because of EU privacy laws. But this does little in changing what Google knows about you, they're just no longer selling personalized data. This is good and bad. The good thing is that the parties Google is selling information to, know less about you. The bad thing is that those parties now remain dependent on Google in using the bought data. If a company buys personalized data, that company can directly reach the individuals with marketing either online or offline. With the cohort data, the bought information is more statistical and if the buyer of the data wants to reach their audience, they must do this through Google, giving them a monopoly.