For more than two decades, websites and their owners have leveraged 3rd party tracking techniques to gather data to sell it to marketers and advertisers at a price so that those organisations can design targeted ads and marketing campaigns designed to convert users.
Earlier this month, however, the Supreme Court of Appeals in the District of Mozilla laid it down solid with a shocking dissent, departing from precedent and delivering a landmark ‘breach’ ruling in relation to a long-standing (& sacred) contract with pop music’s immortal, ephemeral prince, Rick Astley...
Third-party tracking- We might just have to give you up.
The changes in Firefox continue Mozilla’s strategy — announced a year ago — of pro-actively defending its browser users’ privacy by squeezing the operational range of tracking technologies, marks a significant shift in the status-quo motivations of tech companies. “Even Google has responded to growing pressure around privacy — announcing changes to how its Chrome browser handles cookies this May. Though it’s not doing that by default yet.”
So. Many. Questions. Why now? What does all of this mean? What does this have to do with privacy? Well, as stated by Michael Wlosik, Author at Clearcode:
“Understanding the role of cookies in marketing is crucial to (an) understanding of marketing and subsequent privacy concerns”.
What does it mean that in 2018 we saw data overtake Oil as the world’s most valuable resource? Now more than ever, what is arguably the greatest incentive for the gamification of it is playing out before our eyes- data is money, and more data is more money. Whereas entire nation-states fought over oil-rich territories, nowadays we are seeing big tech chop down all manner of shrubbery to establish and maintain their dominance of this new water-well of value: user data.
While data privacy and security are closely related (and often conflated) there are important differences. Privacy more or less is about controlling the flow of personal information.
Data security takes the concept of privacy a step further by focusing on the safeguarding measures of user information. For users, these are often one and the same: Information must be kept safe and secure. Security is necessary to maintain privacy, but for companies, data security carries a wider connotation: it’s about keeping customer & company data safe.
Before we drive too far down this dirt road, let’s take care of a few basics…
Cookies are little tidbits of information that websites store on your computer when you visit them. They can help websites “remember” things about you. A website might use a cookie to store your Currency or Language preference.
Cookies remember website configuration, log in details, and products added to the shopping cart, even after a user leaves the site, but because cookie files are widely used to collect certain pieces of information, they can also be used to carry out advertising processes like behavioural profiling and retargeting.
A first-party cookie is set by whichever website you are actually using at the time. A “third-party” cookie is set when you are using one website, but that website has embedded javascript from a different website and the javascript sets a cookie.
“There’s actually nothing inherently different about a first or third party cookie, it really just depends on the context you are relating to that cookie. For example, a cookie set by Facebook -when you’re using facebook.com- is a first-person cookie, but if you are on a different website which has a Facebook Like! button; that button will access the same cookie; but in this context, it would be considered a third-party cookie.”
It can be said that different types of users, use different browsers depending on how tech-savvy or privacy-conscious they are. It is relatively safe to say that those who see this latest move by Safari and Firefox as a positive, are more likely to care about their data privacy and the subsequent uses of their third-party data.
Naturally, Firefox does make it easier to check things like cookies and tends to tailor more to the technical crowd (who don’t want to use TOR), indicating that there is a certain expectation amongst that community.
However, I wouldn’t say that Mozilla has made this move just for their users. We have to consider that browsers are just vessels for cookies and data, they do not receive any cash benefit from the data that the 3rd parties are producing. As a business, they would want to make it harder for 3rd parties to take the data as it only has positive benefits to their user base as far as privacy is concerned.
For the sake of context, see the below breakdown of usage data of the most popular web browsers.
Source: Wikipedia.
In the interests of privacy, browsers have begun to employ their own methods to stop tracking through 3rd party tools (any site that isn’t the site you’re on) starting with ITP for Safari in 2017. Now, Mozilla has started to add to this consideration introducing ETP (Enhanced Tracking Prevention).
It’s quite unlikely, the reality is that Google has such a large market that the Mozilla team have come out to say the basic Google products like Google Analytics will not be affected.
Both ITP and ETP are able to block third-party cookies by preventing them from being stored in the browser, and, to close the loophole exploited by advertisers, they can also prevent third-party cookies from being recorded as first-party cookies. Apple’s ITP2 in Safari takes it a step further by cutting the first-party cookie lifespan from seven days to one day. These blockers are active by default in both Safari and Firefox. “
GDPR is a regulation in EU law on data protection and privacy for all individual citizens of the European Union (EU) and the European Economic Area (EEA). … The data subject has the right to revoke this consent at any time.
Since the approval of the EU’s GDPR bill in 2016 the internet community’s attention has honed in on exactly what data each website, service and app is storing. Currently, the GDPR continues to stand as the most bespoke ruling for what is ‘ethical’ as far as tracking is concerned.
Is this a response to the monopolisation of these respective markets? Possibly. the formula now appears to be, in order to achieve market dominance, big tech knows they have to temporarily blind themselves to conventional morality as well as deploy obfuscation tactics in the early stages of growth in order to achieve the market dominance necessary to be the only company left when all their competitors run out of steam.
After all is said and done, however, they don’t remove their blindfolds.
Another problematic aspect is the ad-based growth model which drives these companies. Many sites (in particular, digital news media) implore you to disable Ad Blockers using pleas like the one below…this hammers home the idea that the ad-based economic model is one which encourages and allows dubious tracking methods to proliferate on the web. And by changing to opt-in tracking, Firefox & Safari are attempting is to circumvent this profit model by placing privacy at the forefront of their concerns.
Privacy is now a distinguishing factor between titans like Google and other browser providers. Google’s somewhat disingenuous efforts to hit at serious privacy concerns- now more than other- appear to be at the forefront of users minds, Mozilla seems far more genuine in its quest to protect users from unwanted tracking.
In contrast, Google’s tardy privacy pronouncements and long term proposals look more like an attempt to kick the issue into the weeds and buy time for Chrome to keep being used to undermine web users’ privacy — “instead of Google being forced to act now and close down privacy-hostile practices that benefit its business.”
If you’re running 3rd party scripts on your site, you will likely see a blip in your statistics where Firefox is concerned. For Google products, we would highly recommend using the opportunity to move your tracking tags to something like Google Tag Manager to update your tags. If you would rather keep things in line, just ensure you are using the most up to date tracking scripts (gtag.js).
Interestingly, we are seeing companies choose to be privacy-conscious instead of waiting for legislation to kick in. Laws relating to technology have been implemented and discussed at a snail’s pace; where this used to be an opportunity for big tech, the outcry and privacy concerns of users are becoming a bigger factor.
In preparing to write this article, I thought it an interesting experiment to explain the machine and motivations behind third-party tracking to my uncle, who is on his best day, a neo-Luddite who voraciously consumes mainstream news media at a rate only seen when observing ravenous North American Brown Bears emerging from prolonged hibernation.
Once all the mechanisms were adequately explained, my uncle asked me a rather pertinent question. Looking at me after a long, pensive pause (similar in intensity to the countless glances of disappointment he has shot me over the years), he said, with a pained exhale:
Over the resulting hours and days, my thoughts in response to my uncle’s question evolved with a similar trajectory to the morphing complexity of Steely Dan’s pièce de résistance: Can’t Buy A Thrill.
Facebook, Google and other tech Moloch’s (Ginsberg FTW) might not know exactly who you are, but data garnered from 3rd party tracking can give organisations a staggering amount of information about you, gathered purely from observing your purchasing behaviour, location, preferences and site interactions. Even your political leanings can be inferred from observing data of what sites a user tends to visit, the regularity of those visits can paint an astonishingly specific picture of who the user is, and this data can be used by marketers and advertisers to inform surgical marketing campaigns designed to maximise conversions.
Blaring through the speakers inside my skull: Are we ok with all this?
(featured on freecodecamp.org)
To me, the problem isn’t so much that big tech is gathering the data and selling it, nor is the problem the type and/or specificity of that data- rather, it is the lack of choice in engaging with systems that operate in this way.
But times are changing.
In a post published in May this year by Prabhakar Raghavan, the Google engineer announced changes or ‘improvements’ to cookie controls on its flagship browser, Chrome. Although the tech giant stopped short of implementing a default-off switch – what Mozilla and Apple have deployed with their Firefox & Safari browsers, Raghavan stated:
“When a user opts out of third-party tracking, that choice is not an invitation for companies to work around this preference using methods like fingerprinting, which is an opaque tracking technique. “ Sourced.
The tech Gargantua (Google) is painfully aware of a burgeoning user sentiment; “that tracking techniques should be opted in to, not out of”. However, simply being aware doth butter but few parsnips for the privacy-conscious user. And for those more cynical, these changes will carry with them- the persistent aroma of ahead of the curve PR crisis aversion, and not so much-the wafting spices of the honest & hearty goulash of transparency we thought we had ordered.
The overarching problem appears to be how the internet economy has raced towards the point we are currently in- in the rat-race for market share, big tech has played a dubious game with users- and played hooky with their data. For so long, users figured they were the customer, in a traditional purchasing relationship. They are not.
It’s important to remember that none of these sites are actually free; it’s the troves of data that they acquire and sell that bestows upon them their value. And, it is the opinion of this lowly writer that it’s our privacy they are selling.
Sources + Citations
https://marketingland.com/the-third-party-browser-tracking-cookie-is-dead-whats-next-263804
https://www.emarketer.com/content/digital-marketing-in-todays-privacy-conscious-world
https://news.ycombinator.com/item?id=20987628
https://nlong.org/marketing-good-evil/
https://blog.hubspot.com/marketing/psychology-marketers-revealing-principles-human-behavior
https://clearcode.cc/blog/difference-between-first-party-third-party-cookies/
https://www.wired.com/story/privacy-browsers-duckduckgo-ghostery-brave/
Sign up to get insights & inspiration in your inbox.
3892 people are reading this newsletter every week
