Goodbye Cookies, Hello Trust Tokens? What Online Tracking Tech Could Soon Look Like

Efforts by Google to replace third-party cookies for tracking with new tools, such as “trust tokens,” could have a big ripple effect for digital marketers, including those at associations. But it might point at a bigger challenge for adtech in general.

I’ve had a problem in the kitchen recently. Over the past few months, I’ve been tasked to make chocolate chip cookies as part of a pandemic baking regimen, but for some reason I can never get them quite right.

Most of the time, the cookies turn out really puffy, like muffins, and cookies that were well separated before I put them in the oven end up as one giant lump on the baking sheet. Once, I tried changing the recipe a little and the cookies were flat, with a brownie-like texture. (If you have any advice for what I’m doing wrong, I encourage you to leave a comment. This post is about cookies, so it’s technically still on-topic.)

For this reason, cookies really frustrate me at the moment, which is why I pumped my fist in a modest amount of joy when Google announced details of its plan to kill the web cookie in its Chrome browser at the end of last month.

A Bad Batch

The demise of the cookie—that morsel of data that has long fed digital marketers’ appetites—has been coming for a while, in part because of what it represents. While it has been a fundamental tool for tracking user actions and serves important security and verification functions, its design has made it susceptible to abuse.

That concern has led to regulation in a variety of forms, such as the European Union’s General Data Protection Regulation (GDPR), which applies to associations, and the California Consumer Privacy Act, which has a specific carve-out for nonprofits but may affect you indirectly.

Apple’s Safari and Mozilla’s Firefox have already moved to block cookies by default, and Safari, matching Apple’s push to be more privacy-focused, has done so aggressively.

Enter Trust Tokens

Things are more complicated for Google, which, after all, is an advertising company at heart and therefore has a vested interest in offering an option for ad tracking. However, Google also sees the writing on the wall and announced in January—seemingly a million years ago, thanks to the pandemic—that it would look for an alternative to cookies for data needs.

What Google does next will be important to watch. Most web browsers are based on Google’s Chromium technology and will likely follow Google’s lead in whatever new solution they come up with.

The first proposed solution Google has announced thus far is something called a “trust token.” Unlike third-party cookies, which spread about the web every which way with not a lot of concern for the user’s privacy, trust tokens aim to connect a user between two separate sites while not revealing any personally identifying information about them.

“The web needs ways to establish trust signals which show that a user is who they say they are, and not a bot pretending to be a human, or a malicious third-party defrauding a real person or service. Fraud protection is particularly important for advertisers, ad providers, and CDNs,” writer Sam Dutton explains on Google’s blog. “Unfortunately, many existing mechanisms to gauge and propagate trustworthiness—to work out if an interaction with a site is from a real human, for example—take advantage of techniques that can also be used for fingerprinting.”

To put this another way, the goal of the trust token would be to bring the cookie back to its original purpose—to store information about a user—while preventing its aggressive use by third parties.

Maybe Cookies Don’t Need a Replacement?

Some observers have said a new approach to cookies will reshape how digital advertising works. “The tiny little text files known as cookies determine which ads get shown to whom. For now. Come next year, that’s all going to change,” according to a recent Bloomberg Businessweek article describing discussions among members of the World Wide Web Consortium to find a workable solution.

And some are looking beyond cookies and other forms of tracking technology entirely. Wired reported that a Dutch broadcaster, Nederlandse Publieke Omroep, ignored conventional wisdom and started selling advertising directly, without any tracking tools—a strategy driven by the GDPR rules.

The results were surprising: Despite dropping tracking entirely, the broadcaster found that revenue went up by more than 50 percent. This example might seem like the opening salvo in a move away from cookies—or any tracking technology—by some publishers. That might be a tough pill for many associations to swallow, given the way that adtech has been beaten into our heads over the years, but it might be the best solution for some.

Anyway, all this talk of killing cookies has me thinking: Perhaps I should try baking cakes instead.

(lionvision/iStock/Getty Images Plus)

Ernie Smith

By Ernie Smith

Ernie Smith is a former senior editor for Associations Now. MORE

Got an article tip for us? Contact us and let us know!