Internet cookies are a controversial topic that involves technical, ethical, and law aspects. There’s so much at stake. Privacy, sensitive data, and users’ security are not minor things.
In the previous articles, “I have accepted all cookies, am I in trouble?” and “HTTP cookies FAQ. All you need to know about the HTTP cookies“, we have already explored them but still, a few questions are in the air. What’s the future of Internet cookies? Can we live without them?
Well, let’s answer these questions.
Why are they called Internet cookies?
Originally, the term cookies came from popular fortune cookies with an embedded fortune message within.
In the late 1970s, in the Unix environment, the term ‘magic cookie’ appeared to point out a short data packet or token exchanged between communicating programs. These small files contained necessary data to activate a specific function and they were passed between the involved programs without being modified. Magic cookies or cookies at that time were used to identify a specific event, a sort of transaction ID, identifier, or token.
Years later (1994), Internet cookies were created. Their purpose is different from the ones used in Unix but the technical concept was pretty much the same (a little text file containing data), so they were called HTTP cookies, Internet cookies, or simply, cookies.
Why were Internet cookies created? The history of the cookie
A dive into history makes it easy to understand the original need that triggered the Internet cookies’ creation, their relevance, and their risks.
Think about how successful the e-Commerce currently is. Well, in the early 1990s, developers were still working on the necessary functionality to make e-shops possible.
The main issue was that websites then, could not memorize the identity of customers. No matter whether a client visited the same website ten times per day, they were treated like a new client every time. Preferences (language, currency, theme, etc.) couldn’t be remembered.
Besides, the idea of the nowadays common shopping cart was stuck by a big obstacle. Websites didn’t have the functionality to track the visitors through the different web pages and to store (remember) the information they produced during their visit.
For instance, if they chose a sweater in the category of clothes and then, they changed to technology to buy a mobile, there was no way to store (remember) the previous sweater.
Buying was possible, but it was clunky if they wanted to buy more than one single item. An individual transaction per purchased item was slow and annoying and didn’t feel like the best experience a website could offer.
Netscape Communications Corporation, an American computer services company, was working on these matters at that time. The pros and cons of different solutions were considered. For instance, there was a choice of assigning a permanent, unique ID number to every user. This ID number would be provided to every website the users visited by their browser. The idea was discarded due to the worry that third parties could track the browsing activity of the users.
In 1994, Lou Montulli, a Netscape web browser programmer, created Internet cookies (small text files). To review how Internet cookies work, you can read “I have accepted all cookies, am I in trouble?” Since the information was saved on the users’ computers, Netscape and Montulli considered the solution safe at that point.
But soon, advertisers and others realized the potential of cookies for tracking and getting people’s information. Only two years after their creation, people understood how to hack Internet cookies, and not long after, advertisers developed the cookie-based ad targeting system. Tracking risks and privacy violations became real threats for users. But during these early years, regular users didn’t know about Internet cookies and their risks.
Cookies became part of the Internet machinery. They made the shopping cart possible’ they solved the previous issues making the user experience more agile, and they massively boosted e-Commerce.
The law around Internet cookies
Early on, advanced users expressed their concerns about possible violations of their privacy and risks to their data security. But the use of Internet cookies increased fast, both, first and third-party cookies.
These third-party cookies worried them the most because clearly, they didn’t follow the original purposes for which cookies were created. To get the difference between first and third-party Internet cookies, you can read HTTP cookies FAQs. All you need to know about the HTTP cookies.
Efforts from authorities to protect users’ security were truly weak. Rumors and confusion arose. It was said that cookies were executable programs, so once installed on your computer, they could scan and access all the sensitive data stored in your hard drive. The debate intensified but not enough to stop the unrestrained users’ data collection.
Tech giants jumped the fence tracking users deeper. They were getting details like location, marital status, gender, age, income, preferences, health concerns, purchases, and all their online behavior. The “gold value” of users’ data was clearly established, and the concept of users’ privacy was almost deleted.
Finally, after several scandals, the Federal Trade Commission (an independent government agency in the United States in charge of protecting the public against unfair and deceptive business practices), and the European Union acted.
In 2002, the ePrivacy Directive (EPD) was passed and it became a legal instrument to protect users’ privacy in the digital age. Regulation of cookie use, data minimization, unrequested e-mails, and more topics are included within it. Then, Internet cookie policies popped up all across the Internet. The EPD was amended in 2009 and by 2011, it was already illegal to place third-party cookies on the users’ devices without their explicit consent.
In 2018, the General Data Protection Regulation (GDPR) was put into effect.
Is there an alternative to Internet cookies?
Yes, there are different alternatives, but their pros and cons are still under analysis.
It looks for users to willingly provide information. By filling out a form or getting subscribed the agreement is submitted. There’s no need to track users’ online behavior or to operate in the shades to collect their data.
Data clean rooms or Data pools
They are repositories to store users’ data managed by independent entities, neither publishers nor advertisers. Publishers upload information obtained from their first-party cookies, and advertisers do the same. By matching information, advertisers can get the audience’s insights to enable their targeted ads.
Identity solution or Universal ID
To create the ID, two identifiers are required. The first-party cookies of a website and a permanent user’s identifier, like the phone number or e-mail. A user visits a website, his or her personal data get collected and sent to an ID provider. This last match the user to an existing ID or creates such ID, and the user’s information gets encrypted.
It means to display ads on relevant pages defined by the analysis of content, phrases, and keywords of the pages. It does not use third-party cookies, because it does not search for personal data or user behavior. When to target specific web pages can be decided via machine learning.
Google’s Privacy Sandbox
It’s a set of interfaces of applications (APIs) that will provide data obtained through cohort analysis of browsing history instead of individual user data. Its development is still ongoing.
A fingerprint for every user is created using information related to their device. Time zone, IP, screen size, plugins, OS, browser, etc. Then, through specific scripts running on websites, this information (fingerprint) can be read, and users can be identified and tracked.
These alternatives are getting enhanced because some still can represent a risk for the users’ privacy or don’t fully comply with the current law. For instance, fingerprinting doesn’t need to store data on the user’s browser or device. This makes it hard to detect and block. This technical advantage can wake up privacy concerns. Just remember the history of Internet cookies. A tech creation can have a positive or negative impact based on who’s behind its use (purposes).
Will Google stop third-party Internet cookies?
In 2020, Google announced the plan to stop using third-party Internet cookies on Chrome. The company’s plan was a gradual reduction that would result in the change of cookies technology for an alternative solution in 2022. But this has been postponed to 2023 and now, to 2024. According to Google, it will take longer for adopting an alternative technology and for it to get the necessary traction among all the Internet players.
Tracking Internet cookies and the violations of privacy and people’s sensitive data have been hot topics almost since Internet cookies were created in1994. The law is toughening up and restricting the use of third-party cookies. Google’s decision seems a way to attend to the already strong users’ demand for security for their data and privacy.
Back in 2019, Google shared that the company was looking for safer and more private ways to track and get information from online users. Google’s Privacy Sandbox was announced as the axis to reach the goal of powering advertising without using tracking cookies.
What’s the future of Internet cookies?
They won’t disappear, at least not soon, not totally. You don’t need a crystal ball to see it. Remember why the Internet cookies were created. Those original websites’ needs still have to be solved to offer an optimized online experience to users and Internet cookies have been demonstrated to be an effective solution. The real issue is the ethics of using them.
Third-party Internet cookies are much more controversial. They have become a “golden” tool for brands, marketers, and shady entities to get users’ information. Removing such an ingrained cookie practice won’t be easy, mostly because the use of Internet cookies has meant huge profits for all of them.
Strong complaints from users and a tough worldwide law can push websites and companies to replace third-party cookies with another technology. But is this new solution (whatever it is) going to be used according to ethics? Or is the same Internet cookies story going to be repeated?
Can we live without Internet cookies?
There’s no unanimous answer to that question. Different players are involved in the Internet game.
Let’s start by saying yes, we can live without Internet cookies. They were created almost three decades ago. For sure, a new solution that complies with the security demands and the law can replace them. Technology evolves very fast nowadays.
Talking from the users’ side, there’s division. For many, their privacy and security are the priority. They prefer to live without cookies than experience unscrupulous practices through this resource.
But for others, a fast, easy and comfortable online experience is more important. The fewer formats or login blanks they have to fill in, the better. They don’t like to search for products on the large e-shops’ menus or to compare prices. They prefer to buy based on the targeted ads they receive. They don’t support a cookieless life.
Then we have brands and marketers. They can’t live without Internet cookies or an alternative resource to get information from users. Being a bit in their shoes, yes, the market has changed a lot. The idea of the mass market is obsolete. Today, you have many different niches (segmentations) and that means ads thrown without targeting the precise niche are a waste.
Even before the Internet existed, brands’ and marketers’ strategies have been driven by clients’ information. Surveys, one-to-one interviews, focus groups, and observational research were common tools. The Internet turned out to be a more efficient tool to get their goal. The issue is that to get such information without consent and at any cost is neither acceptable nor fair.
Now you have a more complete picture of Internet cookies, their past, and future. There are challenges for everybody. Websites must operate with ethics. To comply with the law is one thing, but ethics means keeping clients’ trust. Users must incorporate safe online practices and value their information and online security. Law will have to evolve as the rhythm technology advances.