Menu
EN

Microsoft Edge is getting rid of third-party cookies. What about their replacement?

Following in the footsteps of Google Chrome, Microsoft Edge has announced that it would be phasing out third-party cookies. In the upcoming months, Microsoft said it plans to begin trials with discontinuing Edge’s use of third-party cookies, starting with 1% of users. These cookies, once the linchpin of targeted advertising, have been instrumental in crafting intricate user profiles.

Historically, third-party cookies — tiny data files placed on your browser by sites other than the one you’re visiting — have enabled advertisers to track your visits across all the platforms where they advertise. That’s why the role of the “tracking” cookie in spawning a surveillance economy where user data is treated as a commodity they have no control over can hardly be overestimated.

But as users have become more privacy-conscious, and regulators — primarily in the EU and California — began scrutinizing the handling of personal data, the third-party cookie has been on a steady retreat. Google Chrome’s move earlier this year to finally, after multiple delays, embark on phasing out third-party cookies was a significant blow, effectively sounding the death knell for this tracking technology. Given Chrome’s dominance in the browser market, it’s unsurprising that Microsoft Edge has followed suit. Meanwhile, browsers like Apple Safari and Mozilla Firefox, along with privacy-centric browsers such as Brave, have already been proactively blocking third-party cookies by default.

What is coming in place of cookies

In lieu of cookies, Google proposed the Protected Audience API, a part of its Privacy Sandbox initiative. The stated goal of the Privacy Sandbox is to keep ad targeting as effective as before but make it more privacy-respecting. In other words: Google wants to appease regulators and not throw advertisers under the bus either, since ad revenues are its bread and butter. To cater to both sides is a tall order, and our analysis of the proposed API shows that despite what Google says about it, it is far from being a private solution. If anything, it turns the browser itself into an ad auction tool. Our Protected Audience API demo illustrates the shortcomings of the new mechanism, which we believe can still be misused to achieve functionality similar to that provided by third-party cookies.

Unlike Google, Microsoft is not dependent on advertising profits. The lion’s share of its total revenues (about 60%) comes from Office and cloud computing. So, in theory, Microsoft’s hands should be free to come up with something really private.

As Microsoft announced the gradual deprecation of third-party cookies, it also unveiled a new technology, called Ad Selection API, that is meant to replace them. There are uncanny parallels between this API and the one proposed by Google as you can see from the table below.

table

Our concerns about Microsoft’s new API

While the APIs are not identical, and there are many minor differences between them, we believe that most of them are negligible. But one difference that stands out is that while Google leaves two options for the location of the ad auction, either in the TEE or on the device, Microsoft wants to run it only in a Trusted Execution Environment (TEE).

So, what is TEE?

A Trusted Execution Environment (TEE) is a secure area within a server’s central processing unit (CPU) and memory. It’s designed to keep sensitive code and data safe from unauthorized access, including from those with high-level privileges or direct access to the hardware. Essentially, it’s a protected space where private computations are performed, ensuring they can’t be tampered with or spied upon.

Microsoft’s rationale for conducting ad auctions exclusively within a Trusted Execution Environment (TEE) stems from concerns about the current scalability of on-device auctions and potential operational hurdles. At the same time they say that on-device auctions “provide a lot of value in enabling effective enforcement of privacy constraints.”

Whatever the reasoning behind Microsoft’s decision, we believe that its refusal to effectively turn the browser into an ad network is a step in the right direction. However, the robustness of this system hinges on a critical assumption: that the TEEs will remain bulletproof against unauthorized access and that no one will be able to take a “sneak peek” inside.

The server-side auctions will be run by individual ad tech companies. In Microsoft’s view, these companies can “leverage well-worn patterns for scaling, deployment, and management.” And while that’s true — indeed, these ad tech behemoths have enough resources to run these auctions efficiently — we can’t trust them by default. By designing the system this way, we will always run the risk of these companies potentially accessing users’ confidential data.

Finally, perhaps the biggest problem we have with Microsoft’s cookie replacement is that a lot of things in the specification are taken for granted. We are supposed to believe that the mere fact that user data is encrypted eliminates the possibility of unauthorized access, that the TEEs are secure environments that no one can penetrate. And if even one of those assumptions turns out to be not entirely true, or riddled with holes, then that shiny, grand vision will come crashing down. As much as we’d like to, it’s hard to believe that Microsoft, or anyone for that matter, will manage to implement such a complex mechanism with so many variables and have it work like a charm on the first attempt.

Final thoughts

Microsoft’s plan to phase out third-party cookies in favor of a novel ad targeting mechanism is quite ambitious. But there are just too many pieces of the puzzle that need to fall into place for it to work smoothly. Finding an adequate replacement for a system that has been entrenched for years is undeniably a formidable challenge, but is it insurmountable? Time will tell.

On the other hand, browsers like Safari and Firefox have long since gotten rid of third-party cookies without causing the ad tech companies to go under. Which begs an important question: How vital were these third-party cookies for the ad tech businesses, and is it truly necessary to find a replacement, or could they simply be discarded?

The answers to these questions will largely depend on Microsoft’s implementation of the new API. However, the fact that its Ad Selection API resembles Protected Audience API to such an extent raises concerns about the potential implications for user privacy.

Since we believe that Protected Audience API is not as private as Google claims it to be, AdGuard has already blocked this API for users who have AdGuard’s Tracking Protection filter enabled. In the meantime, we are working on more advanced ways to disable it. As for Microsoft’s Ad Selection API, which we believe bears uncanny resemblance to Google’s API, our approach will be the same — as soon as Microsoft implements it in Edge, we will start blocking it as well.

Liked this post?

AdGuard for Windows

AdGuard for Windows is more than an ad blocker. It is a multipurpose tool that blocks ads, controls access to dangerous sites, speeds up page loading, and protects children from inappropriate content.
User Reviews: 13024
4.7 out of 5
By downloading the program you accept the terms of the License agreement
Read more

AdGuard for Mac

AdGuard for Mac is a unique ad blocker designed with macOS in mind. In addition to protecting you from annoying ads in browsers and apps, it shields you from tracking, phishing, and fraud.
User Reviews: 13024
4.7 out of 5
By downloading the program you accept the terms of the License agreement
Read more

AdGuard for Android

AdGuard for Android is a perfect solution for Android devices. Unlike most other ad blockers, AdGuard doesn't require root access and provides a wide range of app management options.
User Reviews: 13024
4.7 out of 5
By downloading the program you accept the terms of the License agreement

AdGuard for iOS

The most advanced ad blocker for Safari: it makes you forget about pop-up ads, speeds up page loading, and protects your personal data. A manual element-blocking tool and highly customizable settings help you tailor the filtering to your exact needs.
User Reviews: 13024
4.7 out of 5
By downloading the program you accept the terms of the License agreement

AdGuard Browser Extension

AdGuard is the fastest and most lightweight ad blocking extension that effectively blocks all types of ads on all web pages! Choose AdGuard for the browser you use and get ad-free, fast and safe browsing.
User Reviews: 13024
4.7 out of 5

AdGuard for Safari

Ad blocking extensions for Safari are having hard time since Apple started to force everyone to use the new SDK. AdGuard extension is supposed to bring back the high quality ad blocking back to Safari.
User Reviews: 13024
4.7 out of 5
App Store
Download
By downloading the program you accept the terms of the License agreement

AdGuard Home

AdGuard Home is a network-wide software for blocking ads & tracking. After you set it up, it’ll cover ALL your home devices, and you don’t need any client-side software for that. With the rise of Internet-Of-Things and connected devices, it becomes more and more important to be able to control your whole network.
User Reviews: 13024
4.7 out of 5

AdGuard Content Blocker

AdGuard Content Blocker will eliminate all kinds of ads in mobile browsers that support content blocker technology — namely, Samsung Internet and Yandex.Browser. While being more limited than AdGuard for Android, it is free, easy to install and still provides high ad blocking quality.
User Reviews: 13024
4.7 out of 5
By downloading the program you accept the terms of the License agreement
Read more

AdGuard Assistant

A companion browser extension for AdGuard desktop apps. It offers an in-browser access to such features as custom element blocking, allowlisting a website or sending a report.
User Reviews: 13024
4.7 out of 5
Assistant for Chrome Is it your current browser?
Install
By downloading the program you accept the terms of the License agreement
Assistant for Firefox Is it your current browser?
Install
By downloading the program you accept the terms of the License agreement
Assistant for Edge Is it your current browser?
Install
By downloading the program you accept the terms of the License agreement
Assistant for Opera Is it your current browser?
Install
By downloading the program you accept the terms of the License agreement
Assistant for Yandex Is it your current browser?
Install
By downloading the program you accept the terms of the License agreement
Assistant for Safari Is it your current browser?
If you can't find your browser, try the old legacy Assistant version, which you can find in AdGuard extension settings.

AdGuard Temp Mail β

A free temporary email address generator that keeps you anonymous and protects your privacy. No spam in your main inbox!
User Reviews: 13024
4.7 out of 5

AdGuard for Android TV

AdGuard for Android TV is the only app that blocks ads, guards your privacy, and acts as a firewall for your Smart TV. Get warnings about web threats, use secure DNS, and benefit from encrypted traffic. Relax and dive into your favorite shows with top-notch security and zero ads!
User Reviews: 13024
4.7 out of 5
Downloading AdGuard To install AdGuard, click the file indicated by the arrow Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, drag the AdGuard icon to the "Applications" folder. Thank you for choosing AdGuard! Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, click "Install". Thank you for choosing AdGuard!
Install AdGuard on your mobile device