Google Chrome is increasing its privacy controls for users and will scramble efforts by third parties to identify users via fingerprinting, making it the last major browser to strengthen its privacy protections for users.
The changes, formally unveiled during the Google I/O event Tuesday, will roll out in coming months.
Chrome will make it easier for users to block or clear third-party cookies without losing sign-in information. In order to make that change, it will require sites to mark all their cookies as first-party or third-party.
Additionally, Chrome will make it harder to do browser fingerprinting, where details used to make a page display correctly in the browser – like the user’s language, operating system, fonts and IP address – are instead used to uniquely identify the user.
Unlike Google’s new cookie controls, which are opt-in, the limits on fingerprinting will be turned on by default.
Safari is setting increasingly short expiration dates to cookies with each ITP release, but Chrome is not imposing any such time limits on the life of a cookie.
In addition to blocking or clearing cookies, users will be able to download a browser extension to see what data is being used to target ads they see. Google will supply that data, and provide an API for other ad tech companies to show their ad targeting information in the same extension.
Chrome has been a privacy laggard among browsers, during an era when data collection becomes a more critical issue for tech companies. The tech company also faces added scrutiny about how it architects privacy protections. For instance, if a new privacy feature in Chrome ends up positively impacting or preferencing Google’s ads business, even inadvertently, those actions could run afoul of antitrust rules. A browser, after all, is what got Microsoft in trouble 20 years ago.
Google said it is moving carefully in light of these issues.
“User experience and privacy is at the core of our mission,” said Chetna Bindra, Google product lead for user trust and transparency for advertising. “We are thoughtful because we know our policies are important to users and have a broad impact on the ecosystem.”
How Chrome’s privacy protections work
Google already offers the ability to clear cookies but keep login information. But it doesn’t work that well, and users who clear cookies usually lose some login information too.
Those controls will improve in coming months because site owners must mark their cookies as first-party or third-party, which in turn makes it easier for users to properly block or clear them.
Once the new policies are implemented, all cookies on a site will be classified as first-party cookies by default, according to Ben Galbraith, senior director of Chrome, meaning they will only be readable by a website owner. In order to enable cross-site tracking and pass data to partners, sites will have to reclassify some of those cookies as third-party cookies to provide Chrome a “clear signal” of cross-site tracking.
One possible outcome of this policy change will be that sites re-engineer their setups so that a cookie is classified as first-party but functions in such a way that impression data can be passed to third parties.
Safari, in contrast, uses machine learning on a user’s device to determine if a cookie is a “tracker” or not. Every device running Safari might define a tracker slightly differently.
Galbraith declined to say whether Google Analytics would be considered a first-party cookie or third-party cookie – or if it would be up to individual site developers to decide.
“Part of the reason why we are making these changes is so Google Analytics and other infrastructure providers can have a look and [we can] give them guidance,” Galbraith said.
Update: After publication of the story, Google confirmed that Google Analytics would be treated as a first-party cookie, and will not be blocked if users block third-party cookies in Chrome.
How Google Analytics works in a restricted cookie environment is important. With GDPR, Google Analytics has emerged as a privacy-safe, persistent place for marketers to track users and do attribution, and many marketers have changed their integration with Google Analytics specifically to protect their ability to track and market to customers.
Chrome plans to make it difficult to passively identify users through the observation of browser attributes, also known as fingerprinting. Instead, companies must demonstrate they have a legitimate need to collect such parameters.
This approach allows proper use of the data to customize how a site loads while putting up additional guardrails against fingerprinting.
Beyond those broad outlines, Google wouldn’t share its approach to fingerprinting, in part because doing so makes it easier to outsmart fingerprinting techniques. But Galbraith indicated that Chrome would value user experience highly. Techniques that Firefox plans on using, in contrast, would affect how users view content, which may be too high of a trade-off for privacy.
As Chrome increases its privacy protections and masks details used to fingerprint users, it’s focused on guiding its partners through the current set of changes.
“We want to make it clear to developers how it works, so they can predictably decide the right thing for them moving forward,” Bindra said.
This story has been updated to reflect new information from Google.