Google's Plan To Kill Cookies

Google Nexus 7, Chromecast: Visual Tour

Google is floating a plan to cease tracking Internet users with cookies, which are bits of code stored in browsers that allow third-party advertising and marketing firms to track consumers' browsing habits.

Instead, Google is proposing a new system that would use an anonymous identifier for advertising -- or AdID -- to collect information on users, USA Today first reported. Advertisers and advertising networks that agreed to abide by Google's code of conduct -- which has yet to be detailed -- would then be given access to AdID. Theoretically, that code of conduct would enshrine some basic privacy protections for consumers, including the ability to opt out, or to assign different AdID policies to different sites, but any such details have yet to be released.

Asked to comment on the report, a Google spokeswoman emailed the following statement: "We believe that technological enhancements can improve users' security while ensuring the web remains economically viable. We and others have a number of concepts in this area, but they're all at very early stages."

[ Here's how Google is personalizing its answers to your questions: Google Search: 5 New Ways To Get More Personal. ]

Google reportedly plans to meet with consumer groups, government agencies, industry groups and anyone else with a stake in the $120 billion online-advertising industry, which Google dominates. In addition, according to Net Market Share, Google's Chrome browser also enjoys a 16% share of the browser market. Although less than IE (58%) and Firefox (19%), that still gives Google added leverage.

Advertisers, however, have responded in a lukewarm manner to Google's suggestion, because it would largely consolidate advertising power in the hands of Google, as well as Apple, which last year introduced a unique Apple Advertising Identifier for all iOS devices, together with prohibitions on developers or marketers using a device UDID to directly track users. "There could be concern in the industry about a system that shifts more of the benefits and control to operators like Google or Apple," eMarketer's Clark Fredricksen, who tracks the digital ad industry, told USA Today. Perhaps not surprisingly -- given the amount of revenue Google derives from online advertising -- the Chrome browser has never blocked cookies by default. By contrast, Apple Safari, first introduced in 2003, has always blocked all third-party cookies by default. Mozilla, meanwhile, plans to follow suit this year with its Firefox browser, despite strong protests from the Interactive Advertising Bureau (IAB). Internet Explorer 10 also ships with a Do Not Track (DNT) setting activated by default, indicating that users don't want to be tracked. Advertising networks, however, don't have to abide by that request.

Would Google's move benefit consumers? So far, the company has released scant details publicly, making any analysis purely speculative, said Stanford University professor Jonathan Mayer, who studies online advertising and privacy, and who until recently was working on the W3C's DNT standard. But one question Google will no doubt face is this: "From the consumer privacy perspective, how is AdID an improvement?" said Mayer via email. "Consumers can -- and increasingly will -- see Safari and Firefox defaults outright block third-party cookies." Accordingly, might Google's AdID push actually drive privacy-conscious consumers to adopt other browsers?

Furthermore, how exactly does AdID differ from DNT, which advertisers -- including trade groups to which Google belongs -- have actively resisted? "Google still doesn't support Do Not Track, despite participating in an industry announcement a year and a half ago," said Meyer. "Instead of starting from scratch, why doesn't Google support the consumer control technology that's already in every major Web browser? Twitter and Pinterest already do, in fact."

We also can expect Google's claims of anonymity for consumers via AdID to face strong scrutiny, especially given the vast quantities of data the company already can and does collect from people's searches and YouTube viewing habits, as well as through its Admob mobile advertising and DoubleClick online advertising divisions.

"Google needs to demonstrate this isn't merely a PR ploy designed to give increasingly privacy concerned users reassurance that they have nothing to fear," said Jeffrey Chester, executive director of the Center for Digital Democracy (CDD), via email. "The reality is Google is addicted to gathering our data -- that's the source of its revenues. The AdID will likely help them expand their surveillance of online users, especially as it focuses on monetizing our mobile phone and location activities."

Also expect any formal AdID proposals from Google to have to pass muster with the Federal Trade Commission. That's thanks to Google's 2011 privacy settlement with the agency, stemming from privacy violations associated with the 2010 launch of the now-defunct Buzz social network, which lead to the search giant agreeing to submit to regular reviews of its privacy policies. "The FTC will need to review AdID to determine whether it triggers a violation of Google's 20-year privacy consent decree," Chester said.

Interestingly, Google already has violated that settlement once, and triggered a record-setting $22.5 million FTC fine, after Stanford's Mayer discovered that the company was bypassing Safari privacy settings and placing tracking cookies directly on the computers of Safari users.