Risk
9/19/2013
04:47 PM
Connect Directly
RSS
E-Mail
50%
50%

Google's Plan To Kill Cookies

Google proposes anonymous identifier for advertising, or AdID, to replace cookies used by third-party marketers. Google would benefit -- but would consumers?

Perhaps not surprisingly -- given the amount of revenue Google derives from online advertising -- the Chrome browser has never blocked cookies by default. By contrast, Apple Safari, first introduced in 2003, has always blocked all third-party cookies by default. Mozilla, meanwhile, plans to follow suit this year with its Firefox browser, despite strong protests from the Interactive Advertising Bureau (IAB). Internet Explorer 10 also ships with a Do Not Track (DNT) setting activated by default, indicating that users don't want to be tracked. Advertising networks, however, don't have to abide by that request.

Would Google's move benefit consumers? So far, the company has released scant details publicly, making any analysis purely speculative, said Stanford University professor Jonathan Mayer, who studies online advertising and privacy, and who until recently was working on the W3C's DNT standard. But one question Google will no doubt face is this: "From the consumer privacy perspective, how is AdID an improvement?" said Mayer via email. "Consumers can -- and increasingly will -- see Safari and Firefox defaults outright block third-party cookies." Accordingly, might Google's AdID push actually drive privacy-conscious consumers to adopt other browsers?

Furthermore, how exactly does AdID differ from DNT, which advertisers -- including trade groups to which Google belongs -- have actively resisted? "Google still doesn't support Do Not Track, despite participating in an industry announcement a year and a half ago," said Meyer. "Instead of starting from scratch, why doesn't Google support the consumer control technology that's already in every major Web browser? Twitter and Pinterest already do, in fact."

We also can expect Google's claims of anonymity for consumers via AdID to face strong scrutiny, especially given the vast quantities of data the company already can and does collect from people's searches and YouTube viewing habits, as well as through its Admob mobile advertising and DoubleClick online advertising divisions.

"Google needs to demonstrate this isn't merely a PR ploy designed to give increasingly privacy concerned users reassurance that they have nothing to fear," said Jeffrey Chester, executive director of the Center for Digital Democracy (CDD), via email. "The reality is Google is addicted to gathering our data -- that's the source of its revenues. The AdID will likely help them expand their surveillance of online users, especially as it focuses on monetizing our mobile phone and location activities."

Also expect any formal AdID proposals from Google to have to pass muster with the Federal Trade Commission. That's thanks to Google's 2011 privacy settlement with the agency, stemming from privacy violations associated with the 2010 launch of the now-defunct Buzz social network, which lead to the search giant agreeing to submit to regular reviews of its privacy policies. "The FTC will need to review AdID to determine whether it triggers a violation of Google's 20-year privacy consent decree," Chester said.

Interestingly, Google already has violated that settlement once, and triggered a record-setting $22.5 million FTC fine, after Stanford's Mayer discovered that the company was bypassing Safari privacy settings and placing tracking cookies directly on the computers of Safari users.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
rradina
50%
50%
rradina,
User Rank: Apprentice
9/23/2013 | 1:21:09 PM
re: Google's Plan To Kill Cookies
I agree that share looks low. However I recently read that one statistic group recently changed its methods. Among other things, they stopped counting page hits rendered in the background but never viewed (how they know that...I have no idea). They claim hits that are never viewed skew the numbers. I believe the article claimed Chrome leverages background page rendering more than other browsers and thus took the biggest negative hit.
WKash
50%
50%
WKash,
User Rank: Apprentice
9/20/2013 | 9:19:46 PM
re: Google's Plan To Kill Cookies
While this seems like a potentially better way to deal with privacy issues, I wonder whether the advertising world will go along with letting Google create a new standard that inevitably will give Google an advantage in tracking online behavior.
Somedude8
50%
50%
Somedude8,
User Rank: Apprentice
9/20/2013 | 4:22:03 PM
re: Google's Plan To Kill Cookies
If one wants to advertise on the web, one would have to play by the rules of a single corporation? Yeah...
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Ninja
9/20/2013 | 2:02:39 PM
re: Google's Plan To Kill Cookies
Nice analysis - killing cookies only makes them 'not evil' if they don't replace with something equally snoopy. I'm somewhat surprised Chrome is only at 16% - doesn't seem like a half-baked idea like this is going to help that.
David F. Carr
50%
50%
David F. Carr,
User Rank: Apprentice
9/20/2013 | 1:55:15 PM
re: Google's Plan To Kill Cookies
I know they haven't released details, but any clue how this AdID code would be tracked, if not with a cookie? Would browsers have to build in support specific to tracking this other type of code?
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8243
Published: 2014-11-01
Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote a...

CVE-2014-8244
Published: 2014-11-01
Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote a...

CVE-2013-0334
Published: 2014-10-31
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

CVE-2014-2334
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2335
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.