Disagreements continue between the advertising industry and privacy advocates as advertisers point to potential weaknesses in the “Cookie Clearinghouse” project that Mozilla, maker of the Firefox browser, and the Stanford Center for Internet and Society’s have unveiled.
The Cookie Clearinghouse promises to create two lists of domains: one for those that browsers would permit to set cookies and another for those that would be blocked. Mozilla has embraced the project because it would solve challenges within the company’s own third-party cookie solution, according to Mozilla’s CTO Brendan Eich.
Mozilla’s third-party cookie patch has two problems: It fails to associate subdomains with primary domains even if they belong to the same party (e.g., foocdn.com vs. foo.com) and does not block cookies on sites that users may visit by accident. “The only credible alternative [to these problems] is a centralized block-list (to cure false negatives) and allow-list (for false positives) service,” wrote Eich in a blog post.
Unsurprisingly, advertisers are highly skeptical of the project.
Even though Aleecia McDonald, director of the Cookie Clearinghouse, has pledged to support opt-out cookies set by the Digital Advertising Alliance’s AdChoices Program, the DAA’s managing director, Lou Mastria, dismissed the effort as “cherry-picking.”
“As I see it, they’re cherry-picking which pieces of the [AdChoices] program they’ll honor,” Mastria said. “What’s troubling here is this is taking away user choice and replacing it with some sort of court that decides what business models will be supported on the Net and which won’t be.”
While it is still unclear which criteria will be used to determine which domains land on the lists, small publishers and, ultimately, consumers will bear the brunt of the Clearinghouse’s effect, Mastria predicted.
“The business model that all of us take for granted is that advertising will be there to support whatever new services or content is created,” Mastria said. “And right now an advertiser can shop around for the best audience in an efficient way to deliver the best ad to consumers. [The Cookie Clearinghouse] will force advertisers to pay more to find relevant audiences, making it more difficult for small publishers … and cut off innovation.”
Andrew Casale, VP of strategy at Casale Media, agreed.
“The content that we all love to consume costs money to produce and there has been zero mention of how this program will support the publishers of those websites,” Casale said.
Another problem, he noted, is that a program that allows only first-party domains to set cookies could lead to a “more intrusive style of advertising that users hate so that ad tech platforms can get that first-party cookie set.”
Casale pointed to interstitial ads as an example. “In an interstitial ad, if you’re on a publisher’s website and you click somewhere,” he said, “you could be suddenly directed to an ad that takes over your entire screen. When you’re in that environment, you’re still in the first-party domain of the ad server. And, under [the Cookie Clearinghouse] program, you will then be eligible to receive a first-party cookie that could remain persistent.”
The Cookie Clearinghouse could also affect areas outside of targeted ads, suggested Mike Ouellette, who directs real-time bidding for ad network Chitika.
“The real conundrum of third-party cookies is in terms of how browsers are going to deal with more benign cookies around site analytics, site optimization, etc.,” Ouellette said. “That’s a different use of cookies for different purposes, but those types of cookies could still get caught up in this net that Mozilla is casting.”
Noting that the program is still in a nascent stage, Mozilla and the Cookie Clearinghouse board of advisors have announced plans to collect feedback from the public about its project next month. Even so, Casale noted, unless the team spearheading the project can strike a balance with the ad industry, all that will be achieved “is a program that can be worked around by ruining the user experience an,d in the end, will not solve any privacy issues.”