Last year saw a number of big developments in the world of cookies, privacy and tracking. In this article, we look back at the key events and consider their implications.

Google punished for hacking Safari cookie settings

The year started with renewed concerns over cookies and privacy. In February, it came to light that Google had been ignoring user-defined settings in Apple’s Safari browser, circumventing protections built into the software and setting third-party cookies during 2011 and 2012. It was duly fined $22.5 million and a further $17 million settlement in compensation claims. The search giant also has to maintain a special page devoted to cookies for the next five years, and stop making misleading statements about its tracking.

Firefox blocks third-party cookies by default

In July, Firefox followed the lead set by Safari when it announced plans to block third-party cookies (cookies from advertisers whose ads appear on sites visited by the user, rather than from the sites themselves). Third-party cookies were blocked by default from Firefox version 22 onwards.  

The move tends to favour larger ad networks such as Google and Facebook, since they have established first-party cookie relationships with their users and can therefore sidestep the ‘From Visited’ cookie policy adopted by Firefox and Safari. Smaller networks, however, were directly affected, and the move sent shockwaves through the online display advertising industry.

Backtracking on Do Not Track

Since it was first proposed in 2009, Do Not Track (DNT) has been touted as the answer to everyone’s privacy concerns, but it failed to materialise during 2013.

If enabled, the DNT option allows users to request web applications not to track their activities. However, few browsers have added the feature, and those that did (Microsoft Internet Explorer 10+) implemented it in a way that went against the principle of the user making an informed decision.

There are no legal or technological requirements for the use of DNT, and it remains unclear whether it should apply to on-site or cross-site tracking. In May 2014, early adopter Yahoo stepped away from DNT, citing its desire to personalize user experiences and the fact that a single standard had failed to emerge. The loss of such a high-profile backer leaves DNT all but ‘dead in the water’.

Towards a standard for cross-platform tracking

Use of mobile and web apps took another leap forward during 2013. As a result, we also saw big increases in mobile advertising, led by companies such as Facebook, which reached a milestone as mobile advertising revenue reached 53% of its total revenues – up 25% year-on-year.

With little new technology emerging to accurately tie together tracking across both web and mobile app environments, fingerprinting (a method of uniquely mapping a device) is increasing its share of the online tracking world. The technology is certain to reopen arguments around privacy. As with cookies, it’s essential that consumers are better informed about the choices they have and the implications.

In 2012, with the launch of iOS 6, Apple opted to move away from UDIDs (unique identifiers) and implement their own Advertiser ID, a cross-app/publisher identifier. Google followed suit late in 2013 by introducing its own Advertising ID for Android, released in KitKat. The result was an increase in the use of Advertiser IDs across the board for app-based tracking.

More recently, the rumour mill suggests that Google has enabled Advertiser ID in Chrome on Android by tying their Google ID to an Advertising ID. This raises the tantalising prospect of a potential new, cookieless standard for tracking users across both mobile apps and websites, across multiple devices.