Google was supposed to kill off Chrome’s devilish little tracking cookies by now, but instead it’s been delayed again and again. Google’s latest update suggests, but doesn’t promise, that the so-called “cookie phase-out” will start “early next year.” That’s 200 days from now. That means Chrome’s user tracking, which should have been phased out years ago, will continue for at least another 200 days.
When those cookies go away, they will be replaced with ones that, according to Google, “protect people’s privacy online and give companies and developers the tools to help their digital businesses thrive.” This so-called Privacy Sandbox “helps keep online content and services free for everyone while reducing cross-site and cross-app tracking.”
But the new risk for users is that these cookies could actually lead to something much worse in terms of privacy, security and tracking.
Now, Google is engaged in bitter negotiations with regulators over how to phase out tracking cookies while also dismantling the entire online marketing industry that relies on them. Simply put, this Privacy Sandbox puts users into like-minded groups to serve targeted content to advertisers, rather than creating or buying individual profiles based on digital fingerprinting.
And now, more than 200 days later, there’s hope that the cookie will be phased out and replaced by something else. But there’s a lot of work to be done between Google, regulators, especially the U.K.’s Competition and Markets Authority (CMA), and other advocates for the industry who argue that Google is tilting the playing field in its favor and further entrenching itself as the world’s most valuable marketing machine.
But before we celebrate the bright future, there’s a big catch: AI. We know that search will likely be reinvented by AI-based search, which is itself a threat to Google’s dominance. We also know that Google is, of course, retrofitting AI onto a range of its platforms and services, and Chrome is no exception.
Reports say Android Police“we, [Google] We’re adding new AI-powered features to make your browsing history more searchable. The recent involvement of AI has sparked a debate about how much of your usage history you want the AI to see and learn from.
As we’ve noted, with regards to Messages and Gmail, Google’s proposed search of user data archives to clarify the context of its generative AI and tighten the parameters of its marketing machine carries significant privacy risks, made worse by the fact that AI privacy policies are complex and ignored by a user base more excited about a new toy than a spoiled child at Christmas.
As Android Police “With great convenience come great concerns… Like cloud backup, which entrusts your precious memories to random servers on the internet, leveraging AI to make your history searchable carries similar privacy risks as tech companies may refine their AI models against your data,” they warn.
As they say, this is a one-way street that should be carefully considered now, and not left unchecked until it’s too late. The site reports a disclaimer in the beta code that “states that Google and its human reviewers may have access to user data. Specifically, Google states that it will collect best-match content from users’ history search terms pages, as well as generated model outputs.” Be careful.
Once this AI is fully operational, Google will no doubt offer various tweaks, opt-outs, revised privacy policies, and in-app notifications, most of which will likely be ignored. No one, not even the industry, let alone regulators, has yet figured out the impact of this rapid change. There’s a lot of catching up to do.
If the future prospect of Google’s AI storing and processing users’ entire search histories wasn’t enough to give you food for thought, another major blow to the company’s Privacy Sandbox has potentially given Chrome users more immediate concerns.
In response to a tongue-in-cheek take on Google’s “incognito mode,” European privacy advocates have filed a complaint with regulators, accusing Chrome of “being too strict.” “Users have been gradually tricked into enabling ‘ad privacy features’ that actually track them. The so-called ‘Privacy Sandbox’ is touted as an improvement over highly intrusive third-party tracking, but the tracking is currently simply done in the browser by Google itself.”
Noyb has filed a complaint with Austria’s GDPR regulator, alleging that to do this Google “in theory needs to obtain a similar informed consent from users, but instead Google is deceiving people by pretending to ‘turn on ad privacy features.'”
The allegations are based on Google’s use of language and the way it presents itself, and that the company is trying to “trick” users into agreeing to the privacy practices of its users into believing them to be private, when in fact that is not the case at all.
On the other hand, Google ( Registry) stated that “the complaint fails to recognize the important privacy protections built into the Privacy Sandbox APIs, including the Topics API, and the significant improvements in privacy over today’s technologies, including third-party cookies.”
The Topics API is an effort to anonymize groups of like-minded users based on their preferences and interests and provide that information to advertisers, preventing them from identifying or following specific individuals.
Google said, “The Privacy Sandbox is designed to improve user privacy and provide the industry with privacy-protecting alternatives to cross-site tracking. We work closely with privacy and competition regulators around the world and will continue to do so to reach a balanced outcome that works for users and the entire ecosystem.” The problem is that a “balanced outcome” is still far from being achieved.
I reached out to Google for comment on Noyb’s claims and its AI plans.
No doubt this is very confusing for Chrome users, and to be fair, it’s a lot going on at once and difficult to keep up with. Meanwhile, the irony for over 3 billion users is that even the promised land of a cookie-free future will mean less privacy than what other browsers like Safari, Firefox, Brave, and DuckDuckGo currently offer.
At least for now. But AI will have unknown effects across the board. The industry and its regulators will need to provide guidelines and a set of standards. There may need to be a traffic light system for tracking, data storage, model training, human review, etc. Users may read privacy policies, but they are not going to be subject to continuous monitoring.
None of this was clear when Google first promised to phase out tracking cookies, but it is now clear. The debate needs to be freshened up before the proposed start date of early 2025, 200 days from now, or things risk getting even worse.