New Year, Old Sins

Three decades after the fact, it's time to come to terms with the third-party cookie zombie

Jan 04, 2024

It’s 2024. We still haven’t gotten rid of third-party cookies. And I am surprised, like, not at all.

Digital media’s disrespect for user privacy is just about as old as the web itself. In fact, the guy who invented the cookie at Netscape was actively trying to avoid cross-site tracking while trying to solve a problem that was more complex than it looked.

Try to imagine a static website in the early 90s. You come to this site and log in. You read a page of the site – say it’s a description of a product. You go back to look at another product and the website forgets who you are or that you logged in at all. That’s the problem Lou Montulli wanted to solve with cookies – your favorite sites forgetting who you are between visits, or even between pages.

It’s a Bug, Not a Feature

It was very deliberate that cookies could be read or written only by the server that had put them there in the first place. Its inventor didn’t foresee the development of centralized ad servers and wanted to ensure gm.com’s cookie couldn’t be read by ford.com and vice versa.

The timeline for third-party cookies in the article I linked above glosses over some very important history. It jumps from the invention of the cookie for Netscape to the founding of DoubleClick in 1995 and then to DoubleClick getting bought by Google in 2008. That’s a lot of history to gloss over.

In fact, many groups made a big fuss about cookie tracking. (And there were a great many more firms engaging in it other than DoubleClick.)

What Would Be Lost?

The first I can remember happened in the late 90s and was spearheaded by Mozilla, which threatened to remove cookies from Netscape Navigator. I remember because executive management at the ad agency I worked at from 1996 to 1999 asked me for a list of what paid media campaigns would lose, were cookies to go away.

Though not as long as the list compiled by our analytics division at the time, I remember telling management that we would lose a lot of targeting options, the ability to attribute leads and sales back to the ads that referred them, the ability to frequency-cap ads, the ability to do sequencing (showing ads in a series, like Burma-shave billboards) and a number of other capabilities.

This has been hanging over our heads since a year or two after the commercial explosion of the web. In fact, I remember being absolutely frustrated at the length of time it was taking to solve the cookie problem by the time I wrote an overview article about it in March of 2001, when I was openly asking why web marketing hadn’t yet learned its lesson.

We Swear This Time…

It’s 2024. We’ll be done with third-party cookies by the end of the year. We swear this time. Never mind that we’ve understood the privacy problem brought about by the abuse of third-party cookies for the better part of three decades. Never mind that various companies have threatened to get rid of the third-party cookie over almost the entire history of the web, and they’re still not dead, despite Mozilla and Apple actually making good on their threats.

Devices, whether you’re talking about smartphones, tablets, IOT devices or some guy running Pi-Hole on his home network, are doing more of the heavy lifting of getting rid of the cross-site tracking than Google is. And Google controls something north of two-thirds of web browsing via Chrome. They also stand to make the most from an ad business that is flirting with $1T in spending over the coming years. Nothing like giving yourself a soft landing over the course of the entire history of your company’s existence, no?

Can We Kill Surveillance Capitalism?

And we still haven’t talked about the abuses of the walled gardens or the technology that will undoubtedly become a surrogate for the third-party cookie – things that will replace its functionality instead of addressing the basic objection to surveillance capitalism. We haven’t talked about the things that are designed to make that landing yet softer – Data Clean Rooms, digital IDs, Customer Data Platforms or the distributed data horse-trading that goes on behind the scenes of the digital advertising landscape.

Even the jokes are tired at this point. It’s been 20-plus years of my friends and family lamenting that they looked at a pair of shoes online once, and a pair of hightop Chuck Taylors has been stalking them across the web ever since.

Ever wish there was an easier way? Next week, we will discuss a set of principles that can enable ethical digital marketing without surveillance capitalism.

Digital Marketing's Seven Deadly Sins

Discussion about this post