Friday, November 22, 2024

Google’s cookie climbdown attracts W3C TAG criticism

Must read

The World Wide Web Consortium (W3C) has published a blog criticizing Google’s climbdown over the deprecation of third-party cookies, declaring that the move “undermines a lot of the work we’ve done together.”

Google announced that it no longer intends to drop third-party cookies last week, a decision that came after a five-year effort to build a technology stack that would keep ad revenues rolling in while giving a nod to privacy protection in the form of the Privacy Sandbox.

“If the W3C really believe that cookies are somehow bad then they should be advocating the removal of all cookies, not just those used by 3rd party, non-monopolist players….

While advertising industry critics were delighted with the move – James Rosewell, co-founder of Movement for an Open Web (MOW), declared that Google’s “plan had failed” – others, such as the W3C, were less than pleased.

Hadley Beeman, a member of the W3C’s Technical Architecture Group (TAG), has written a scathing post about third-party cookies, titled simply: “Third-party cookies have got to go.”

Beeman said that Google’s announcement “came out of the blue” and “undermines a lot of the work we’ve done together to make the web work without third-party cookies.”

Members of the W3C community had been working with Chrome’s Privacy Sandbox team for several years, attempting to devise an approach that would address the privacy concerns surrounding third-party cookies while keeping advertisers happy. Beeman said: “While we haven’t always agreed with the Privacy Sandbox team, we have made substantial progress together.”

Right up until Google appeared to abruptly pull the rug out from under them and opted to allow users to choose between its Privacy Sandbox and traditional third-party cookies.

While acknowledging some of the benefits of third-party cookies, such as shopping and single sign-on, the negatives far outweigh the positives, according to Beeman, who declared them “not good for the web.”

“They can also be used to invisibly track your browsing activity across sites for surveillance or ad-targeting purposes.

“This hidden personal data collection hurts everyone’s privacy.”

Tim Cowen, co-founder of Movement for an Open Web, said of the situation: “The role of standards bodies is to agree neutral technical standards that enable an open and interoperable web, not to advocate on behalf of monopolies for solutions that entrench their power.

“If the W3C really believe that cookies are somehow bad then they should be advocating the removal of all cookies, not just those used by 3rd party, non-monopolist players.

“Cookies are a neutral tool for interoperability and who owns them isn’t the issue, it’s what they’re used for that defines whether they cause harm or not – and that should be decided by regulators and legislators, not technical standards bodies.”

The Register contacted Google and the Movement for an Open Web for comment on Beeman’s post, but we have not received a response.

The W3C is a non-profit organization founded by Tim Berners-Lee to come up with standards and guidelines for the web. The “inherent privacy issues” of third-party cookies are noted in the RFC for cookies and HTTP state management, which also states that “third-party cookies are often used to correlate users’ activity on different sites” and warns that “resources cannot rely upon third-party cookies being treated consistently by user agents for the foreseeable future.”

The TAG has already published a finding highlighting the need to remove third-party cookies from the web, and Beeman worried that Google’s climbdown could result in a delay in cross-browser work on alternatives to the technology.

“We sincerely hope that Google reverses this decision and re-commits to a path towards removal of third-party cookies,” Beeman said. ®

Latest article