- Prepare for phasing out third-party cookies | Privacy Sandbox | Google for Developers
The end of third-party cookies is approaching. Before we begin, let's briefly explain what third-party cookies are.
When we browse the web, we leave behind small pieces of data called 'cookies.' Just like Hansel and Gretel (the name 'cookie' actually originated from this fairy tale). We can use the cookie crumbs we leave behind to 'log in,' measure 'web traffic,' and deliver optimized 'ads.'
But what are 'third-party' cookies?
Let's take an example. Suppose we visit a website called 'example.com.' To measure where users come from and where they go, we can use an analytics tool like Google Analytics. We can also use Google Adsense to display ads. In this case, we use 'Google' cookies. Obviously, the domain will be different from example.com. These cookies from a 'different domain' are called third-party cookies.
Since cookies were first supported by web browsers in the early days of the internet, most browsers have been able to handle cookies regardless of the domain. However, as concerns about privacy violations grew and discussions surrounding them intensified, many web browsers, starting with Safari, began blocking third-party cookies.
Does this mean that all third-party cookies have disappeared? Of course not. They are still usable. However, it has become inconvenient, as users now generally have to go into the 'options' and manually enable cookies for them to be used. So, you can think of it as significantly reduced, to the point where it is rarely used in practice.
However, Chrome, Google's browser, continued to refrain from restricting third-party cookies, citing various reasons.
But as time went on, Google could no longer postpone blocking third-party cookies. Now, Google has announced that it will gradually restrict third-party cookies in the latest Chrome versions and block all third-party cookies after the third quarter of 2024, and has begun to implement it.
This is actually already well-known information. This means that advertising systems will change, and things like Google Analytics will change significantly in the future.
However, there's another fact that isn't widely known. It's about 'social logins.'
Basically, social logins are often based on third-party cookies.
This is often the Google login you see in the top right or bottom left corner as you browse many websites.
However, this social login part also causes problems with the end of third-party cookies. Previously, when Chrome and other browsers continued to support third-party cookies, user information would automatically appear, making it easy to trust and log in. However, once third-party cookies are gone, your information will no longer be displayed, making you potentially vulnerable to phishing (although it can be prevented with a little care).
Therefore, Google has come up with a new login technology called 'FedCM (Federated Credential Management).' If we translate it into Korean, it would be something like '연합 자격 증명 관리'.
FedCM can be understood as an integrated third-party login authentication management. This technology is not yet implemented in all web browsers, nor is it used by all companies. However, it is already implemented in Chrome on desktops, and Safari and Firefox are reportedly interested in it.
- Federated Credential Management API | Privacy Sandbox | Google for Developers
- A web platform API that allows users to login to websites with their federated accounts in a manner compatible with improvements to browser privacy.
First, let me briefly explain this technology.
First, do you see the slightly different window in the top right corner? It might seem like it's just a slightly rounded design change, but it's actually a completely different change.
If the old window was a single component or fragment 'above' the 'webpage,' the new window is a small window of the 'web browser' itself. In other words, it means an independent area that cannot be controlled or accessed using HTML or Javascript.
This is very significant.
If the old window allowed workarounds or phishing attempts using tricks, the new method makes it completely impossible.
Also, any website that provides social login services can use this technology. For example, services like Facebook, Naver, and Daum can also use FedCM to support logins. It's becoming a kind of standard technology.
While it's not a fully mature technology yet, once it is fully established in the future, users will be able to "securely" log in through FedCM from among the social logins provided when logging into a single site.
As mentioned earlier, this technology is currently only available for Google logins on computers using the Chrome browser. However, Google is actively developing this technology, so I expect it to be available on mobile Chrome soon.
Firefox is currently experimenting with implementing this technology.
- Federated Credential Management (FedCM) API - Web APIs | MDN
- The Federated Credential Management API (or FedCM API) provides a standard mechanism for identity providers (IdPs) to make identity federation services available on the web in a privacy-preserving way, without the need for third-party cookies and redirects. This includes a JavaScript API that enables the use of federated authentication for activities such as signing in or signing up on a website.
Apple has also expressed its interest in the technology.
Blocking third-party cookies will bring about major changes to the web environment. FedCM is a new technology that addresses these changes by providing a secure and convenient login system. The introduction of FedCM is expected to lead the future of web login systems.
This article is also published on byline.network and durumis.
- 서드파티 쿠키의 종말과 새로운 로그인 기술의 등장 - 바이라인네트워크
- 서드파티 쿠키(제3자 쿠키 , 타사쿠키)의 종말이 다가옵니다. 이야기를 시작하기에 앞서, 서드파티 쿠키가 뭔지 부터 간단히 설명을 하도록 하겠습니다.
Comments0