Google's 'Cookies-less' Rollout AKA the Privacy Sandbox Explained

For a while, Google has been touting its Privacy Sandbox, basically doing away with third party cookies to ‘enhance privacy’ for the end user, while vowing not to replace them with another technology that does the same thing.


What is the Google Privacy Sandbox?

The Privacy Sandbox is an initiative that is attempting to ‘build new internet privacy standards’, primarily by removing the use of third party cookies.

It all sounds very altruistic and not-evil but of course it isn’t. Google can still track you, any website you visit can still store your behaviour and data and of course it allows them (and a certain few others) to strengthen their position at the expense of their rivals and what little competition there is in the marketplace for search, advertising and data collecting. 

The plan has been in the works for some time, but concerns over what it means and scepticism in the industry have slowed (but not halted nor prevented) its roll-out.


What Does the Google Privacy Sandbox Mean in Practice?

What this policy means in practice is that their suite of browsers (ie. Chrome on the desktop, mobile devices, smart home devices, Chromebooks etc) will stop allowing websites to access third party cookies. This change has already been partially rolled out and full deployment now seems inevitable. 

Previously if you went to a website with adverts, these would generally be sold by companies other than the owner of the site you are on (ie. a third party), either the owner of the item being sold or more commonly an intermediary (such as Google or Quantcast) who manages ad placement and measurement on the advertiser’s behalf. 

The power here is that you can then be tracked across different sites by the same advertiser and your actions measured. This is also linked to your search history on search engines but also stores such as Amazon, Very, eBay etc and increasingly your interactions on social media and with personal devices.

So, if you search for a mattress on the web, ask on a local community group if anyone has one going, or use the map on your phone to find a mattress store, you will very likely start seeing adverts for mattresses everywhere you go. This is the power of third party cookies – to find out what you want and to hound you relentlessly until they have sold you a lead and made a few quid commission out of you.

By preventing third party cookies, that power is taken away. Or so you thought.


Can Websites Still Track You Without Third-Party Cookies?

Website owners can still use cookies and other technologies (especially if you are logged in

with an account) to carry on doing the same thing, but the data is now restricted to that website and to any other website who has access to their data. 

You can see this is obviously far more advantageous to large websites, or ones that are part of a large group of sites or sites that are very good at collecting accurate intentional data and then selling that off to non-affiliated sites (with the exact details of who is interested in what. 

Generally, this is all legal because you haven’t read the essay of T&Cs that you blindly agreed to when you signed up. Massive advantage to the big boys, massive disadvantage to those without market penetration.


Will Google’s Privacy Sandbox Affect Federated Logins?

At this point, it is unclear how this will affect sites that use federated logins – like using your Google Account, Facebook Account, Microsoft account etc to sign in to websites. Again, this was an attempt at data collection but can also be used for gaining access to paywalled content on multiple sites with one subscription – the enemy of the purveyors of ‘free content’. And again, Google wants a piece of that pie.

More importantly, the device or application you use to browse the web can store your browsing habits, what makes you interact, when you do it and where. Even in incognito. Again, this is in the T&Cs and can be even more invasive as they have access to a good deal more information than even cookies. Generally, only the device / software vendors have access to this information but again they will be exploiting that for every last penny – free software is very rarely free, and you the user are not the customer.

Google claims that they will be ‘anonymising’ data and put people into groups for profiling known as Federated Learning of Cohorts (FLoC if you want the contrived acronym) and then use these for data capture and ad targeting, and they claim the conversion rate is 95% of what it currently is with cookies. 


Is This Unique to Google?

It would be naive to think the other major browser vendors – Microsoft and Apple – aren’t also doing this and will continue to do so with even more vigour. Firefox – which used to have a relatively healthy market share – is the only browser that doesn’t actively do this but has been mismanaged and fumbled so much by the Mozilla Foundation – the open source organisation that oversees it – that it is barely relevant any more and most people have either forgotten it or never heard of it. 

The twist in the story here is that 90% of the donations to Mozilla come from…Google. Yes, they pay for their search engine to be the default.

Building a web browser from scratch is not practical either – they are pretty much the most intricate pieces of software used by the masses – so a modern alternative would seem off the cards. Virtually all ‘alternatives’ that didn’t exist ten years ago are just reskins or forks of existing browsers, usually Chrome. The browser market is doomed.

With Google’s Privacy Sandbox, once again, the balance of power has shifted even closer to the big boys and away from any chance of independence, choice or regulation. The irony of all this is that I am writing this in Google Docs, the best office suite available. Greed can be good.