Google Plans To Eradicate Cookies

Uploaded on 2021-05-25 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Regulators and rivals have raised concerns about Google’s grand plan to rewrite the rules of online advertising. Google is to restrict the number of advertising cookies on websites accessed via its Chrome browser, in response to calls for greater privacy controls. It said that it would phase out third-party cookies within the next two years, 

Millions of people are already part of a global experiment to delete cookies once and for all. Since last month, Google has been testing new browser-based technologies in Chrome that could turn the global advertising industry upside down.

Cookies are small text files that are used to track users across the web. Cookies are used to collect user data, which can be on both an aggregate and anonymised level, such as clicks on page, pages viewed, engagement elements, and also on a PII (personal identifiable information) level, such as device IDs, names, addresses, passwords and credit card numbers. Most of the people involved in the process may not even notice, but as the project gains momentum, critical voices sound the alarm.

While Safari and Firefox both block third-party cookies by default, the user has the ability to turn them on. Google will not have such a feature. Third-party cookies will be blocked with no method of allowing users to turn this feature on.

 In addition to the elimination of third-party cookies, factor in that Google Chrome is by far the most popular web browser with an estimated global market share of 62.8%. The closest competitor is Apple’s Safari with a mere 15.8%. The supervisory authorities in Germany, France and Belgium are examining Google’s proposals. At the same time, some of the world’s largest websites have decided to skip Google’s trials entirely. A number of companies have already developed ways that people can evade the system.

The system, known as Federated Learning of Cohorts (FLoC), is part of Google̵7;s larger Privacy Sandbox plan that will end third-party advertising cookies in early 2022. There are generally three ways that websites choose which ads to show you. You may see an ad for a pair of sneakers because you put them in a shopping cart last week. If you’re reading an article about cars, the ads may also refer to cars. or the ads you see may be based on your interests. Like third-party cookies, FLoC deals with advertising based on your preferences.

Currently, advertisers can use cookies to serve ads that are specific to you as they are based on your individual browsing history. FLoC was developed to eliminate this individual targeting by broadening the network.

When you use FLoC, Chrome gathers your web history and compares it with the habits of others. You will then be placed in a group or cohort with thousands of other people like you. Advertisers can then target entire groups of people and not specific people.

It’s not just the extent of the change, it’s also who is behind it. Google, whose parent company Alphabet  dominates the global advertising industry. The regulators are understandably suspicious.

“The FLoC technology leads to several questions regarding the legal requirements of the GDPR,” says Johannes Caspar, Data Protection officer for the German state of Hamburg... "The implementation of users in the FLoCs can be seen as a process of processing personal data. And this requires freely given consent and clear and transparent information about these processes. Google needs to ensure that users actively choose to use FLoC instead of enabling the system in Chrome by default." Caspar adds that there are risks in how cohorts allow “inferences” about people’s surfing behavior and how specific the cohorts of FLoC will be.

Not only German regulators are concerned about FLoC. A spokesman for the French National Information Commission and the Libertés (CNIL), France’s data regulator, says it is “paying particular attention” to technologies that could replace cookies as they may require access to information already on people’s devices are stored.

It is clear to the CNIL that such a system would require “specific, informed and unambiguous consent”. If Google doesn’t do this, it can prove costly. In December 2020, the French regulator fined Google $ 120 million for failing to obtain user consent before using cookies. Other regulators are more concerned about antitrust law. In Belgium, officials are keen to understand how competitive future systems are and how they comply with data protection laws.

  • In the UK, the Competition and Market Authority and the Data Protection Authority, the Information Commissioner’s Office, have been investigating Google’s proposals since January.
  • The Irish Data Protection Commission, which is responsible for many large technology companies with European headquarters in Dublin, has, according to its own information, consulted with Google on the proposals.

Google is aware of the potential pitfalls of FLoC. In this case, the technology has yet to be tested in the European Union. “The EU data protection law sets high standards for the transparency and control of the users. This is what we envision for FLoC,” says Marshall Vale, Chrome product manager at Google. “We know input from data protection authorities is key to getting this right, so we started discussions early on about the technology and our plans.”

Google has already announced that it will introduce tools that will not allow users to be classified in FLoC cohorts.

AIthority                Wired:       HiTech Glitz:          Deloitte:        TheTechTrack

You Might Also Read:

Social Media & The New Advertising Model (£):

 

« Cyber Security For Small Business
Maritime Shipping Is An Ideal Target For Ransom »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ICS2

ICS2

ICS² is the first cyber security company focusing on protecting the control system of power, oil, gas, and petrochemicals plants.

Ideagen

Ideagen

Ideagen provides information management, safety, risk and compliance software solutions that allow organisations to achieve operational excellence, regulatory compliance and reduce risk.

CodeSealer

CodeSealer

CodeSealer provide invisible end-to-end user interface protection with a unique web security solution to eliminate Man-in-the-Middle and Man-in-the-Browser vulnerabilties.

Cynerio

Cynerio

Cynerio develops cybersecurity protections for medical devices, comparing network behavior with a database of medical workflows.

redGuardian

redGuardian

redGuardian is a DDoS mitigation solution available both as a BGP-based service and as an on-premise platform.

Get Safe Online

Get Safe Online

Get Safe Online is a leading source of unbiased, factual and easy-to-understand information on online safety.

Hacken

Hacken

Hacken provide a range of cybersecurity services including security assessments, blockchain security audits, and secure software development.

MassMutual Ventures

MassMutual Ventures

Mass Mutual ventures backs companies building category-defining businesses in markets including enterprise software, digital health, cybersecurity, and fintech.

Q6 Cyber

Q6 Cyber

Q6 Cyber is an innovative threat intelligence company collecting targeted and actionable threat intelligence related to cyber attacks, fraud activity, and existing data breaches.

OWN

OWN

OWN (formerly SEKOIA) is a major French player in cybersecurity providing tailor-made, informed and adapted cyber support thanks to its DNA of passionate and committed experts.

BreachLock

BreachLock

Breachlock delivers the most comprehensive Penetration Testing as a Service (PtaaS) powered by Certified Hackers and AI.

Symmetry Systems

Symmetry Systems

Symmetry Systems is a provider of data store and object-level security (DSOS) solutions that give organizations visibility into, and unified access control of, their most valuable data assets.

National Security Services Group (NSSG)

National Security Services Group (NSSG)

National Security Services Group (NSSG) is Oman's leading and only proprietary Cybersecurity consultancy firm and Managed Security Services Provider.

Artjoker

Artjoker

Artjoker is a full cycle software development partner specialized in Blockchain projects and smart contract development including full cycle information security of all projects.

Prescott

Prescott

Prescott acts as your guiding light in the preparation for your CMMC assessment and long after by governing your cybersecurity practice.

Avatar Managed Services

Avatar Managed Services

Avatar offers proven, process driven IT support to companies who want to utilize their technology to their best advantage.