Apple’s New Cookie Policy Looks Like a Potential Disaster for Users

UPDATE (September 15, 2017): Google’s Stake Through the Hearts of Obnoxious Autoplay Videos

– – –

Apple wants to play Big Brother. Really Big Brother. Big Brother who knows oh so much more than you do about what you want from your web browsing experience. Apple’s plans for this hostile takeover were actually laid out publicly last June, but the you-know-what is just starting to really hit the fan now.

This is going to eventually sock you in the face if you use Apple’s Safari browser, or even other browsers like Google’s Chrome on iOS 11 devices such as the iPhone (those non-Apple browsers still must use Apple’s WebKit framework on iOS). 

This gets very technical very quickly, so I’m going to try leave the techie part aside for now as much as possible, and lay out in broad strokes the mess that Apple is about to create for its users — and for the broader Internet.

In a nutshell, Apple has created a nightmarish witch’s brew of a system to ostensibly protect users from web cookies. In the process, they’re going to breaking stuff left, right, up, down, and in directions you’d need more than three dimensions to describe.

Most of us (except for European Union bureaucrats) are long since past abject and unreasoning fear of web cookies. While they can be abused, they’re also critical for routine operations at most sites, including such basic functions as persistent logins and a long list of other crucial functions. 

Up until now, it has been generally the case that “first-party” cookies — cookies sent by the same site that you’re browsing — are generally considered to be safe. “Third-party” cookies — coming from other sites — may be completely safe as well (delivering images, enabling cross-site logins, and much more), though they can also have a more checkered reputation when used for tracking purposes (so various controls on third-party cookies have become relatively common).

But now Apple, in a move that clearly seems to be based more on their public relations needs then on genuine concerns about user privacy, will apparently also be taking default control of first-party cookies as well, in a manner that could unleash vast collateral damage across the Internet.

Advertising groups are livid, fearing that the new system will decimate even user opt-in ad personalization systems, and end up favoring ads via sites like Facebook and Google where users tend to stay logged in perpetually.

And indeed, an examination of Apple’s specs for their new cookie control system — even after multiple readings — is enough to give you a headache for the ages. Since we hopefully can agree that consistent rules regarding cookie management are important to making modern websites work, then we should also be able to agree that a plan to throw a unilateral monkey wrench into that paradigm is a recipe for user confusion across the board.

Apple’s plan is basically to use an enormously complicated (and basically opaque) system to “mystically divine” whether particular cookies are good or evil, irrespective of how they were served to the user, and then apply Apple’s own rules about how those cookies may be used and how long they may persist, based on (for example) whether you’ve visited a site in the last 24 hours for one classification, or in the last 30 days for another. (Why 24 hours? Why 30 days? ‘Cause Apple says so.)

I don’t have any love for abusive Web ads or secretive tracking — but we also must understand that ads are what pay for most of the Web sites that we expect to use for free. Apple’s approach is incredibly heavy-handed and primed for all manner of creepy undesirable breakages and other negative side-effects affecting honest sites. 

Contrast this with Google’s much more sensible plan to by default block some particular classes of ads in Chrome (obnoxious autoplay videos for example), rather than tampering with the underlying cookie mechanisms on which the foundational structure of most websites now depend.

In the end of course, the real bad players that Apple claims are its focus will figure out ways to work around Apple’s system, leaving the good websites to deal with broken cookies and confused, upset users.

Back to its earliest Steve Jobs days, Apple has always been a control freak. “Our hardware! Our OS! You’ll pay through the nose — and you’ll convince yourself that you like it!”

As far as I can discern right now, Apple’s new cookie control scheme is much less about user privacy than it is about Apple trying to take control over basic Internet functionalities — everyone else be damned.

–Lauren–