Why Blocking Third-Party Cookies Is Good For Google And Facebook

mitchweinstein“Data Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.

Today’s column is written by Mitch Weinstein, Senior Vice President of Ad Operations at UM.

In light of Mozilla’s announcement that it will block third-party cookies on an upcoming version of Firefox, the buzz around first-party data has skyrocketed. If more and more third-party cookies are blocked, first-party data will grow increasingly important, giving players with access to first-party data a distinct advantage — and potentially changing the way ads are served in the near future.

The definition of first-party data, of course, varies depending on one’s role in the industry. If you are a publisher, first-party data is the information collected on your site through visitor traffic and registrations.  If you’re an agency, first-party typically refers to the client’s data, sometimes collected through visitation to the brand site and sometimes through offline methods such as a CRM database.  And if you’re an ad network, exchange, or DSP, it could be either one.  When agencies and sales reps get together, they have to clarify what they mean by the term “first-party” to avoid misunderstandings.

Some agency ad platforms have been serving from a first-party perspective for several years now. In those cases, when ads are served into a publisher’s site, they are called from the client’s domain instead of the ad server domain (e.g. client.com vs. doubleclick.net or atlasdmt.com).  If ads are served from a client’s domain the user has previously visited, those ads are considered first-party content to that user, which means the ad server would be allowed to drop cookies on a future Mozilla browser without the user’s explicit permission. For advertisers that receive a high volume of traffic, this technique can be effective, but it doesn’t work as well for those with very little visitation. Ad serving platforms like TruEffect are basing their entire business model on this concept.

However, ads don’t necessarily have to come from the client domain to be considered first-party. Mozilla defines first-party as web content with which users have “meaningful interaction.” So as long as someone has visited a company’s site, or clicked on its link, that company’s URL would be considered first-party for that person.

Now think about two of the biggest agency-side ad servers:  DoubleClick and Atlas. Google owns one; Facebook recently bought the other. How many of us have visited a Google property and Facebook in the past 30 days (which constitutes “meaningful interaction”)? Pretty much the entire Internet universe, which means these two tech giants will get to consider almost everybody first-party. In this scenario, all DoubleClick and Atlas cookies would be allowed to pass through the browsers’ defenses, even if third-party cookies are blocked by default.

This gives DoubleClick and Atlas a distinct advantage to drop cookies (and thereby collect data) over all other ad servers and data providers. In contrast, few people would be considered first-party to Bluekai, Targus, Exelate, etc., because very few people have visited those sites. Those cookies would be blocked, and those companies would have no way of tracking and collecting the data that makes their businesses so valuable. But DoubleClick and Atlas could track all day long, without any hindrance from Firefox or any other browser that blocks cookies.

Currently, DoubleClick serves from a doubleclick.net domain, and Atlas from an atlasdmt.com domain.  In order for them to successfully engage in first-party ad serving, they would each need to change the domain name of their ad servers and run ads from Google.com and Facebook.com, respectively. This is obviously a nontrivial amount of work, both from a technical and a business standpoint, but it could pay off in a big way down the road and provide Google and Facebook with a huge advantage in terms of data collection, targeting, and analytics. Unless, of course, someone discovers a better way to track without using cookies.

Follow Mitchell Weinstein (@mitchellw) and AdExchanger (@adexchanger) on Twitter.

Enjoying this content?

Sign up to be an AdExchanger Member today and get unlimited access to articles like this, plus proprietary data and research, conference discounts, on-demand access to event content, and more!

Join Today!


  1. Joe Garis

    Good article. I think that Mozilla and privacy experts know that this loophole exists for Google and Facebook to still track everyone with first-party cookies. Their expectation is simply that Google and Facebook will handle the data responsibly. Many of these 3rd party data aggregation companies are not trustworthy with the way they link personal data and cookies together.

  2. I had to block third party cookies to stop Chrome and Firefox from crashing. It seemed to do the trick. It’d be awful nice NOT to have my location show up when I do a simple search for a restaurant online.