Skip to main content

Chrome, Cookies and Click Fraud

By Samantha Beavers

Google’s decision to scrap third-party cookies on Chrome – first promised for early 2022 but later pushed back to late 2023 – has come with a fit of frenzy. For many, the move is long overdue, with Chrome trailing far behind Safari and Firefox in retiring them. And while the proposal is, on one hand, good news in light of online privacy concerns, it also brings a host of other questions and concerns to the surface.

What is the value of these cookies and what will their demise mean? How will it impact marketers, small advertising firms and the economy? How does Google plan to track and target users moving forward? And – for less-savvy Chrome users – wait, what are third-party cookies?

Bill Rand, associate professor of marketing and executive director of NC State’s Business Analytics Initiative, weighs in on the discussion.

“Cookies are essentially these little pieces of code that websites install on your browser or device to track your browsing history and purchasing behavior. With first-party cookies, companies use cookies on their own websites in order to customize user experience – like when Amazon suggests it’s time to reorder a product you purchased a few months ago, for example,” Rand explains.

“Third-party cookies, on the other hand, involve companies tracking your behavior wherever you go on the web – even on websites they don’t own. And because Google owns the leading internet browser and controls one of the largest advertising networks in the world, it’s come under fire more than a lot of other companies for its use of them,” he continues.

Escalating privacy concerns

The use of cookies has become increasingly controversial in recent years, with the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) – among others – cracking down on the amount of tracking happening around the web.

But the concerns extend beyond companies tracking users.

“The issue isn’t only that there’s privacy invasion – but that there’s monopolistic privacy invasion,” Rand explains. “It isn’t that simple for smaller advertising networks to convince other websites to let them track their users. For Google, though, it’s quite easy – as so many of them are already using Google to sell their ads. So an even larger concern is that the top advertising networks, like Google, are using all this information to distort market value.”

With the pushback, Google plans to phase out third-party cookies in the near future – but in the meantime, it’s exploring alternatives through its Privacy Sandbox.

Implications for marketers

Some claim that Google’s impending plan will have dire consequences for marketers and smaller advertising networks, which depend on third-party cookies to target the right audiences and provide relevant ads.

Using these cookies, marketers can obtain a more holistic view of the customer and present ads to those they deem most qualified based on their interest in topics around the web – not just their behavior on one website.

“That’s the supposed benefit of third-party cookies, but we have to ask ourselves – are they even that beneficial? It’s a question that rarely gets asked,” Rand says. “And to answer it, you can kind of use Apple’s Safari as a proxy. Safari started banning third-party cookies back in 2013 but we still see people bidding for digital advertising on Safari. And it works. So, to some extent, this confirms that third-party cookies are not necessary for effective marketing.”

Determining value

While not necessary, the question still remains how valuable third-party cookies are – as the impact of their demise hinges on it.

And this, Rand says, is where things get really interesting.

In 2017, a few of his colleagues wrote a paper about the lifetime value of a cookie. At the time, different regulators in Europe had started thinking about restricting the lifespan of cookies, rather than eliminating them altogether, to protect user privacy. In order to evaluate the potential impact of these restrictions, they began to explore the average lifespan and value of cookies. They found that the average lifetime of cookies was just 278 days and the average value was roughly 1.5 euros.

“On the surface, this doesn’t sound all that valuable. But we have to remember that it costs very little, almost nothing, to put that cookie out there – and that the market is in the trillions for digital advertising,” Rand explains. “By limiting the lifespan of cookies, you also limit the ads that are displayed to target audiences – which limits the monetary exchange that comes when people click on those ads. In this case, they found that by limiting the lifetime of these cookies to one year, their value would decrease by 14% – which results in the loss of about 180 million euros.”

Evaluating Click Fraud

Because of click fraud, however, many argue that those numbers are inflated – and that they don’t take into account the number of bots that click on pay-per-click ads to generate revenue for fraudulent ad publishers.

To better understand their actual value, then, Rand recommends turning to the work of ad fraud researcher Augustine Fou.

In his recent study, Fou compared ads on iOS devices to ads on other devices, intentionally excluding publishers he knows are fraudulent to ensure there were as few fake clicks as possible. He found that iOS ads were in fact the most valuable for advertising companies among all the devices they advertised on.

“If that’s the case, it seems that there’s almost no value to third-party cookies – because there are no third-party cookies on iOS. Fou’s argument, then, is that eliminating click fraud is so much more valuable than the additional small benefit you get from third-party cookies,” Rand explains.

“Looking at these cookies from a pure financial standpoint, it’s not clear that they’re that valuable – so when we take the privacy concerns into account as well, we have to wonder whether they have much value at all,” he continues.

Google’s Path Forward

For Google, too, it’s unclear just how beneficial third-party cookies are. After all, Google already has a wealth of data on users from Google property, including Google Search and YouTube – which, by value, is the second largest search engine in the world.

But Google’s delay in retiring the cookies illustrates one important point: it’s still making money off of them.

“The biggest benefit, perhaps, is that Google can use them to sell people on the targeting benefits of their ad network. And so they want to make darn sure that their replacement still offers some of those targeting benefits after they do away with third-party cookies,” Rand says.

One of the proposals from its Privacy Sandbox that garnered a lot of attention was the Federated Learning of Cohorts (FLoC). Rather than tracking individual behavior around the web, it planned to place users in a cohort with similar types of behavior.

“Instead of seeing your activity on Etsy.com, marketers would see that you belong to a cohort of people interested in crafts,” Rand explains. “Many privacy experts complained about this, claiming that that’s still too much information. And because FLoC was to be algorithmically-generated, there were several concerns about the potential for gender-based, race-based and ethnic-based discrimination through it. Perhaps an ad for a high-paying job would be shown differently to white women than to black women because of algorithmic bias, for example.”

Now, to replace FLoC, Google has put forward a proposal called Topics API. With Topics, Google plans to develop a list of users’ five top interests – based on their browsing history from the previous few weeks – and then share these topics with its advertising partners. Google claims that the user has more control over Topics than cookies, and it also claims to exclude protected classes like race and gender.

Planning Ahead

As marketers await the final takedown of third-party cookies, Rand recommends that they take the time that’s left to plan accordingly.

“Because they’re not going away immediately, this provides some time for companies to test whether the ads they’re targeting using third-party cookies are more valuable than the ads they’re publishing without third-party servers,” Rand says. “Based on what they discover, they can determine whether Topics or other solutions are going to be good options for them – and what they might lose, if anything, with the end of these cookies.”

And more than anything, Rand hopes that this serves as a wake-up call to marketers.

Rather than relying on data that’s being collected via third-party cookies, he says, they ought to focus on understanding how consumers behave on their own websites – as it’s the most valuable, credible data that they have. 

Additionally, rather than depending on these cookies to identify potential customers interested in their products, companies should aim to diversify the source of customers coming in at the top of the marketing funnel by expanding their marketing portfolios – whether that includes social media campaigns, video advertising or email campaigns.

“What a lot of companies do to engage new customers is take it easy and buy Google ads – and that’s it. But this is really problematic. What if Google changes its algorithms? What if it gets hit by an antitrust lawsuit and loses half its ad network? We have to think about these things because if we rely on one source of customers as the entire source of revenue, then we’re left with nothing when that source dries up,” Rand explains.

“And again, I think it’s important to keep in mind that reducing click fraud is going to give marketers so much more bang for their buck going forward. It’s more worth their efforts to try to avoid advertising networks and publishers on advertising networks with fraudulent activity than it is for them to try to benefit from third-party cookies.”