The fate of third-party cookies is arguably the ad tech story of the 2020s, particularly how the industry’s most popular web browser (Google Chrome) will permit third parties to track its three billion-plus users.
However, the online behemoth’s recent policy update, particularly around the timings of its rollout of a much-anticipated user consent prompt, hints at the continuation of the status quo for much of the remainder of the decade.
Of course, an undercurrent to this has been device fingerprinting, an issue that has generally been frowned upon by the sector, given concerns over the ethics of collecting user attributes such as a device’s operating system, language setting, and (more pertinently) IP address — see video below.
A recent proposal from Google Chrome — a unit that works parallel to its Privacy Sandbox initiative — moots further protection measures for those using the web browser incognito by limiting the use of IP addresses in a third-party context.
“To that end, this proposal uses a list-based approach, where only domains on the masked domain list (MDL) in a third-party context will be impacted,” reads a Github update outlining the measures.
What is the new policy proposal?
Per the policy update, the aim is to minimize disruption to the normal operations of servers, including the use of IP addresses for anti-fraud and anti-spam use cases, “until there are alternative mechanisms in place when users are signed into their Google account in the Chrome browser before starting an Incognito session.”
What does this mean for third parties?
Destination origins on the MDL, i.e., third parties such as demand- and supply-side platforms, don’t see the client’s original IP address. Ergo, the IP addresses of the proxies cannot be used for cross-site identification.
The latest Github update reads, “We are using a list-based approach, and only domains on the list in a third-party context will be impacted.” This further clarifies that companies that serve, target, or measure the effectiveness of ads, i.e., “the collection of user data for ads, commerce or marketing related activities,” will be prohibited.
Here is a full list of the identified MDLs or companies impacted by the above update. The fact there are multiple Google entries on said list has been interpreted by some as part of the organization’s orchestrated to ward off any additional antitrust charges.
A mixed stance
Will Harmer, chief product officer at Utiq, a European-based telco-backed company in the ad targeting space, points out that the above proposal only applies to incognito sessions. He maintains that this reflects the increasingly obfuscated approach taken by the various teams within Google and how it simultan