DEV Community

Cover image for Why blocking 3rd party cookies won't stop adtech
Patryk Kalinowski
Patryk Kalinowski

Posted on • Originally published at patrykkalinowski.com

Why blocking 3rd party cookies won't stop adtech

There are lot of misconceptions how 3rd party cookies affect website analytics and if marketing teams should be worried when they are being blocked.

I tried to explain inner workings of all this fuss as simple as possible.

Behold, 3rd party cookies for dummies:

3rd party cookies

When you visit WebsiteA.com which has Adtech.com tracking code, this code asks Adtech.com domain for cookie (VisitorID: 123). Since you are on WebsiteA.com, Adtech.com is third party domain and adtech cookies are third party cookies.

Tracking script then gathers some data on you and sends information to Adtech.com server:

event_type: pageview
url: websiteA.com/X.html
visitorID: 123

Adtech.com knows that user with VisitorID = 123 visited page X.html on WebsiteA.com

Next, you go to WebsiteB.com which is part of the same Adtech.com network. Script takes third party cookie from Adtech.com and sends back this information:

event_type: pageview
url: websiteB.com/Y.html
visitorID: 123

Adtech.com knows that user with VisitorID = 123:

  • visited page X.html on WebsiteA.com
  • visited page Y.html on WebsiteB.com

And so on, and so on...

What is Adtech.com, you ask? It's Facebook, Google, Twitter, LinkedIn and thousands of others. Tracking code is a Like button, Follow button, Retweet button, Adwords ads - basically everything which originates from those servers.

What happens when we block 3rd party cookies

You visit WebsiteA.com and tracking code asks Adtech.com for VisitorID cookie, but the request is blocked by browser. Tracking code is unable to get global unique visitor ID, so now it has to set up a first party cookie belonging to domain WebsiteA.com

This is being sent to Adtech.com:

event_type: pageview
url: websiteA.com/X.html
visitorID: AAA

Adtech.com knows that user with VisitorID = AAA visited page X.html on WebsiteA.com

Next, you go to WebsiteB.com and again, tracking code can only create VisitorID cookie specific to WebsiteB.com only: BBB on image above. What's important, that cookie will be different from the one on WebsiteA.com

event type: pageview
url: websiteB.com/Y.html
visitorID: BBB

Now, Adtech.com instead of having one user with ID = 123 visiting two websites, knows about two separate users visiting two different websites. Privacy saved once again.

Why it won't really work

Cookies are very easy and reliable solution to pass data between domains. They require almost zero computing power and are part of network protocols themselves.

Since cookies will be blocked, Adtech companies will start using different solutions to identify users. One of those is fingerprinting.

Fingerprinting uses the fact that no computer is the same. You can have 100 users on Chrome, but 30 of them are on Macbooks, 20 on Android phones and 50 on Windows.

All those people have different screens with different resolutions, different fonts installed. They are in different cities and countries, too. IP address is different for every user.

In short, every visitor is unique anyway. Now, instead of setting up a third party cookie within 1ms and zero computing power, adtech companies will deploy various fingerprinting solutions generating unique IDs anyway, but for the price of slower loading times, increased computation (which burns through your battery) and less pleasant experience in general.

Adtech is worth billions of dollars, so we can expect more and more nasty tactics.

Will it affect my Google Analytics?

No. All analytics tools use first party cookies, as there is no need to know if users from WebsiteA visit other websites. First party cookies are enough to track every activity on one website.

Top comments (1)

Collapse
 
_fones profile image
Wojtek Grześkowiak

Google says it will block fingerprinting as well. There will be random noise injected into web components fingerprinting is run at. So there will be no other way to follow users across domains.