Starting January 4, 2024, Google says it will begin blocking third-party cookies by default in Chrome for one percent of users, only three or four years after rival browsers implemented similar privacy protections.

Expect some websites and services to break.

Third-party cookies - files for ad tracking, analytics, and other functions that get stored in the browsers of website visitors by website partners - have been a known privacy problem for years. They allow those running web page scripts to track people across different websites and to compile dossiers of interests and activities.

Mozilla and Brave announced the blocking third-party cookies by default in 2019 for their respective browsers. Mozilla's Firefox was fitted with an improved version called Total Cookie Protection in April 2023, which suggests the initial version, dubbed Enhanced Tracking Protection, had some gaps.

Apple took similar steps with Safari in 2020, claiming to be "the first mainstream browser to fully block third-party cookies by default" while allowing that the Tor browser did so previously.

Google has been slow to respond to rivals due in part to its Privacy Sandbox project, a suite of technologies intended to enable targeted advertising - a significant source of revenue - without the privacy risks of third-party cookies. Before disavowing third-party cookies, it needed a replacement.

The Privacy Sandbox has been bitterly opposed by ad tech rivals, who argue that they will be deprived of valuable data that improves ad performance while Google will continue to have access to such information because, among other advantages, Chrome users identify themselves to the company by being signed-in to their Google Accounts while browsing.

The complaints from concerned marketers have been such that the UK's Competition and Markets Authority (CMA) decided to hold Google to a set of commitments to implement its Privacy Sandbox transition even-handedly. The CMA's goal is to prevent Google from moving fast and breaking things in a way that harms competition.

Thus, as we reported in November, Google has been public about its plans to test the removal of third-party cookies, before extending the cookie cleanse to a wider audience. And now its purge has a name: Tracking Protection, a more modest take on Apple's Intelligent Tracking Protection and Mozilla's Total Cookie Protection.

"On January 4, we'll begin testing Tracking Protection, a new feature that limits cross-site tracking by restricting website access to third-party cookies by default," said Anthony Chavez, VP of Google's Privacy Sandbox project, in a blog post on Thursday. "We'll roll this out to 1 percent of Chrome users globally, a key milestone in our Privacy Sandbox initiative to phase out third-party cookies for everyone in the second half of 2024, subject to addressing any remaining competition concerns from the UK’s Competition and Markets Authority."

Behind the scenes, Google has been preparing for problems. In a post last month to the mailing list for Chrome's Blink rendering engine, Chrome engineering leader Rick Byers characterized the risk of website breakage when third-party cookies get disabled as "moderate."

Byers observed that while most sites already function with Safari and Firefox, which disable third-party cookies by default, there are still plenty of websites that tell users they need to enable third-party cookies to function.

"So I think we have to say that there are a non-trivial number sites where the severity is total site breakage - necessitating all the mitigations, even if most impacted sites have non-visible breakage," he wrote.

According to Google's Chrome HTML and JavaScript usage metrics, about 47 percent of Chrome web page loads so far this month have tried to read third-party cookies.

An IT consultant posting to the thread echoed Byers's concerns, noting that his firm provides clients with embedded analytics capabilities through dashboard interfaces, which often rely on iframes and cross-domain third-party cookies for authentication. These may malfunction when third-party cookies get disabled, the consultant suggested.

Byers said he hopes this technical transition will lead to better browser interoperability and will not become a reason people shift to Chrome or another Chromium-based browser like Microsoft Edge to maintain website functionality.

"The other two major engines have disabled 3PCs [third-party cookies] by default for some time," he wrote. "I'm personally uncomfortable with 3PC-related breakage being a reason why developers might encourage users to use Chromium-based browsers. Restoring interoperability across browsers seems like strong motivation for accepting some risk here." ®

https://www.theregister.com//2023/12/14/google_schedules_limited_thirdparty_cookie/