Hackers Stealing Cookies May Become Last Straw In Google’s U-Turn
Cookie stealing has become a problem in the digital advertising industry — as have the attempts to prevent it from happening.
So why are advertisers and app developers still using them?
Google introduced a security protection for Google Chrome 127 to help prevent stealing of credentials, but now a newly released hacking tool has broken the protection.
Stealing cookies — especially session cookies — is a popular way to accomplish this, as it means the hacker can bypass protections because they are already logged in to someone’s apps and devices. David Winder, veteran cybersecurity writer, hacker and analyst at Forbes, is an expert on this topic.
Cookie stealing is one very good reason that the industry should move away from cookies.
Google started this type of protection with cookies in Chrome, but has since expanded the strategy to protect passwords, payment data and other authentication tokens. The company released its cookie tool in July, but by September many of those hackers stealing information found a way to bypass its security feature and get into apps and devices.
Cybersecurity researcher Alexander Hagenah launched his own tool to bypass Google’s app encryption cookie-theft defenses to secure the data after he noticed others were figuring out how to Google’s security efforts.
So would it be best to do away with cookies altogether?
ID5 released the 2024 State of Digital Identity Report Thursday, which that analyzes how companies have responded to how Google’s changes in adoption of identity resolution technology have affected industries across channels.
Among survey participants, 36%, tested Privacy Sandbox — and of those, 71% were disappointed or very disappointed with the test result.
The report shares insights into the opinions and strategies of 202 respondents worldwide and across industries including advertisers, publishers, and ad-tech platforms.
The report examines how these participants have responded to Google’s July 2024 announcement that it would not remove third-party cookies but allow users to opt-out.
Many believe Google’s decision to reverse its plans was due to poor Privacy Sandbox results and the ongoing investigation by the Competition and Markets Authority (CMA) in Europe, which may be a correct assumption.
It could have been an idea well ahead of its time in terms of the readiness of technology. It may not have been mature enough to compete with even an outdated tool like browser cookies to achieve the same results.
Whatever the reason behind the change in plans, 75% of respondents to ID5’s report said Google’s shift won’t derail their transition from cookies. It’s important to consider that 76% of respondents have already adopted a cookieless alternative, with 15% planning to adopt some type of cookieless solution.
Universal IDs are the most favored solution, with 85% of respondents saying they deploy them to address cookieless traffic. Some 60% of brands believe it is their tech partners’ responsibility to solve identity challenges, and 80% of those responding to the study believe their tech partners are prepared to help.
The survey also found that advertisers are shifting toward other channels such as connected TV (CTV), audio, mobile, and gaming — which explains why Google DeepMind has spent so much time on audio and artificial intelligence.
When asked to cite other channels that require addressability, 53% identified CTV as the top priority with mobile following at 26%.
In the 2023 edition of the report, 66% of respondents believed CTV environments did not give users transparency or control over their data, compared with 80% of respondents this year.
Some 38% of respondents believe opt-out rates will be higher than Apple’s App Tracking Transparency (ATT) on iOS, which is estimated between 60% and 80%. Thirty one respondents believe on Google the opt-out rate will be between 40% and 60%.
It’s not all about the browsers. While cookies in Chrome have been the main topic, conversations are shifting to new channels such as CTV, mobile, audio, and gaming.
I wouldn’t be surprised to learn that cookie stealing will soon come to those media.
(1)