After BGH’s judgement on cookies as part of the Planet49 judgement, privacy in online application spiked again after GDPR in 2018.
But it is not all bad and the internet is not going to change overnight. Actually, end users are already protected very well by browsers, especially users of Safari and FireFox.
Since March 24th, 2020 Safari blocks all 3rd Party Cookies (Intelligent Tracking Prevention, ITP) and since February 19th, 2019 FireFox blocks (Enhanced Tracking Protection, ETP) selected ad cookies such as Google Ads, or Criteo. Chrome and all Chromium based browsers such as Edge, Opera or Brave, are planning to block 3rd party Cookies until 2022. (or earlier)
As a consequence, many 3rd party trackers (aka as Vendors to use the IAB term) start switching to a 1st party cookie. In this case, the cookie is not dropped by the host (server) of the tracking company, but by the website operator. Thus, vendors lose the possibility for cross-site tracking, whereas onsite tracking is still possible.
This direction brought up the domain of cookie matching. To match cookies from different sites, vendor use multiple parameters of a user browsing such as time, user agent, language settings, IP address and screen resolution (pp.) in order to determine a unique set parameters of the browsing entity. This is known as browser fingerprint. In combination with some statistics (“AI”) there is a good chance, to track users across websites. The other option is to pass parameters for the cookie as part of the URLs. But also, these domains are a dying breed, as the planned e-Privacy regulation also disallows these two methods.
Looks like thin air for tracking and cookies, right? But we are not yet there.