Cookies have long stood at the center of controversy, and now, as we move through the 2020s, they are on their way out. This prompts a significant question: What is it about this decade that has branded cookies as a dark, evil force in need of eradication from our digital society?
The answer lies largely in the third-party nature of cookies. These tools, particularly as they are used in various AdTech strategies, have come under intense scrutiny and regulation recently. Governments and regulatory bodies are increasingly viewing them as invasive to privacy, leading to strict controls being implemented. Major web browsers are actively cutting off support for third-party cookies, a move that signals a seismic shift in digital advertising norms.
The AdTech industry, which has built an empire on the foundations of cookie-based tracking, is now, albeit reluctantly, being forced to abandon this cornerstone and explore new, supposedly less intrusive methods of reaching consumers. This transition marks a pivotal moment in the balancing act between effective digital marketing and the safeguarding of user privacy.
Why Are Cookies So Valuable in Today’s Web?
Cookies helped solve the monetization problem of the internet. Back in the early 90’s, the web didn’t have a way to “remember.” By storing a cookie in someone’s browser, the internet gained a massive advantage over other advertising methods.
If you visited a site that sells shoes, but got interrupted and ended up closing your browser, you could be shown advertisements across the web from that site that sells shoes. Personally, this is far better than seeing random ads that are of little to no significance to me. I’m not interested in seeing ads for women’s clothing, but I wouldn’t mind seeing ads for something relevant to my interests, such as aviation or technology-related items. Cookies solved that by allowing the advertising networks to remember users and assigning them a unique, non-personally identifying user ID number like 4a128670d1f4554fe79c13aaa2a57708.
What Are Cookies Really Used For?
A Simplified Real-World Example
You visit a shoe ecommerce site that advertises their items online. Since they advertise online,
they likely have a small piece of “remarketing” code on their site. This generates a random string of letters and numbers to “remember” you.
You are now “visitor 4a128670d1f4554fe79c13aaa2a5770”. Your browser now has a small bit of data that only that advertising network can access that looks similar to this: “user_id = 4a128670d1f4554fe79c13aaa2a57708”. That’s the cookie. It’s now been set in your browser.
Later that day, you closed your web browser for whatever reason (maybe the dog needed to go for a walk) and ended up forgetting about those shoes. The next day, you’re engaged in your morning routine of reading the day’s news online, and notice that those shoes are “creepily” following you across the web!
This is the publishers’ side of the coin, and the part of the equation that made the internet effectively “free” for a lot of things, especially news websites, forums, etc. In this case, the publisher has placed ad units on their website from a particular advertising platform that allows them to generate revenue by showing the visitor an advertisement.
In this scenario, the visitor is being shown a remarketing ad — specifically tailored for user 4a128670d1f4554fe79c13aaa2a57708. The news publisher doesn’t know who you are and is not allowed to intercept or interact with that data at all. All they’re doing, in this case, is allowing the ad platform the ability to show an advertisement — the platform itself is the only party in this case that knows you’re Mr. or Ms. 4a128670d1f4554fe79c13aaa2a57708. If you click that advertisement, and end up purchasing the pair of shoes, the publisher will be paid a small amount, and that advertiser will pay the ad platform for that click that resulted in a sale.
Embrace the Chaos of a Cookieless Future
For this example, I’ll use an aviation reference because, as a pilot, I love to fit those in wherever I can. Imagine all of the air routes and procedures for managing safe and efficient global air traffic are scrapped one day, or completely redone in a new configuration. As a result, the aircraft and pilots relying on those established procedures are now left to figure it out on their own.
Trying to ascertain what should happen next after cookies is like this scenario. The state of advertising after cookies will likely be legitimately chaotic for some time.
We’ve already seen the fallout when Apple got rid of the ability to obtain the Identifier for Advertisers(IDFA), as targeted ads on iOS devices, as described above, will lose their edge. Fewer device-specific ads mean less impact, less relevance, and fewer conversions. The IDFA was key in tracking how well ads converted in iOS apps, and without it, we see serious gaps in measuring ad success.
We know some chaos has already occurred in this realm. Google has already pushed back the “Cookiepocalypse” multiple times and abandoned several replacement technologies that were slated to replace the cookie for the purpose of tracking users’ activity and interests.
Cookie Alternatives and the Potential “Illusion of Privacy”
Let’s remove the rose-colored glasses and see what’s happening behind the scenes. While getting caught up in the idea of “Goodbye cookies, hello privacy!” hype is easy, the reality is not that simple.
Transparency: One of the issues at hand with the seismic shift in tolerance for cookies is that the replacement could (and will likely be) much less transparent, even disallowing the consumer/web browser the ability to peek into what data is stored on your behalf.
The Fingerprint: A technology I’ve spent time researching in the past, called “browser fingerprinting,” is one of those alternative methods for “remembering” the user as a cookie would. With sophisticated fingerprinting techniques, storing information in your browser (such as in a cookie or local storage) is unnecessary. Even worse, you’ll never know it’s happening. An ad platform could perform fingerprinting on its own array of servers in the cloud, identify you, and continue to track you without any knowledge — or consent.
Local Storage: Think of local storage as a digital diary that lives in your browser. Sure, it’s on your device, but that does not mean it’s locked away from prying eyes. Just like cookies, local storage can track what you’re up to on the internet. But here’s the kicker — it can hold much more data and doesn’t get cleared out as easily as cookies.
Consider the shoe store example above — now it can keep tabs on every single item you’ve eyeballed, creating a detailed profile of your shopping habits and preferences. This information can also be used to tailor specific ads to your online experience, just like those pesky evil cookie-based ads. Furthermore, as local storage is a newer player in the game, regulations and user controls aren’t as tight as cookies.
TLDR: The Bottom Line on Cookies
While we’re all cheering the end of cookies, we may just be welcoming a more capable and less understood tracking tool into our lives. While the privacy hype sounds great, when tracking moves to the “backend” (out of the browser and into the hands of servers that you have no control over), there will be zero transparency whatsoever — and almost no control over what’s being tracked and stored on your behalf.
At least today, when you’d like the internet to “forget,” you can just clear your cookies and move on. When a robot is tracking you without your knowledge, that ability will likely be long gone.