I've been reading a lot about Google's AdID. Will this new technology really be able to replace third-party cookies?...
What repercussions can users and companies expect if this happens?
Ask the Expert
Have questions about application security for expert Michel Cobb? Send them via email today! (All questions are anonymous)
While plans by Google Inc. to introduce a new type of user-tracking technology to replace third-party cookies are still unconfirmed, the company hasn't denied the story, first reported in USA Today. The search giant's reported intent with AdID -- short for anonymous identifier for advertising -- is to replace the hundreds of cookies stored on users' devices and consolidate the data in one place. For advertisers, this would mean a much richer and more complete user profile that allows for better targeting of advertisements and content.
Cookies have always been a bone of contention with privacy-conscious users. In fact, most Web browsers today include a Do Not Track function that blocks tracking cookies automatically. No doubt if this new technology takes off, anti-AdID options will appear even though all Web users' identities will supposedly be anonymous through the AdID system. Also, advertisers who want to use AdID data must reportedly meet basic guidelines respecting user privacy. The proposal of a separate AdID for private browsing will recreate the equivalent of the existing incognito session, but remembering to select this option may be harrowing for many users.
Why is Google likely pursuing AdID? Google wants to track users across all of their devices and the services they use, such as Google+ and Gmail. AdID would even make it easy for Google to link a real identity to a Web activity identity if required. Unfortunately, the value of all this data would make it a prime target for cybercriminals and nation states alike. On the other hand, an option to opt out of AdID should be far more persistent and effective than current cookie-management methods and could even spread across all devices.
Any form of Web tracking technology must be fully understood by organizations and users alike. If AdID does become a reality, security policies covering Web surfing, browser settings and work personas will need to be updated, and security awareness sessions should be introduced that cover the new technology to bring users up to speed. Prior to a possible introduction of AdID, it may be worth demonstrating the Panopticlick tool from the Electronic Frontier Foundation during training sessions. It shows exactly what kind of information a browser reveals about users and their devices. I'm pretty sure the results will make users follow any safe surfing rules outlined in their organization's acceptable use policy.
Dig Deeper on Web Browser Security
Related Q&A from Michael Cobb
Is cookie encryption enough to protect sensitive information? Expert Michael Cobb explains how salted hashes can prevent attacks, and the secure way ...continue reading
A vulnerability was found in the Blackphone's Icera modem. Expert Michael Cobb explains how attackers could hijack the device, and if this would ...continue reading
Oracle is killing off the Java browser plug-in due to security risks. Expert Michael Cobb explains the next steps for enterprises with Java-based ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.