For years, Google promised to phase out third-party cookies in Chrome — the tracking technology that follows you across websites and fuels the targeted advertising industry. After multiple delays, reversals, and a dramatic pivot in 2025, the future of third-party cookies looks very different from what anyone expected. Here is what happened, what it means for your privacy, and what you can do about it.
What Are Third-Party Cookies?
Cookies are small text files that websites store in your browser. First-party cookies are set by the website you are visiting and serve useful purposes like keeping you logged in or remembering items in your shopping cart. Third-party cookies are set by domains other than the one you are visiting — typically advertising networks and data trackers.
Third-party cookies enable:
- Cross-site tracking: Ad networks follow you from site to site, building a detailed profile of your browsing habits
- Retargeting ads: You search for running shoes once, and shoe ads follow you everywhere for weeks
- Data profiling: Advertisers compile detailed profiles about your interests, demographics, health concerns, political views, and purchasing behavior
- Real-time bidding: Your browsing data is auctioned to advertisers in milliseconds every time you load a webpage
What Was Google Privacy Sandbox?
In 2019, Google announced the Privacy Sandbox initiative — a set of technologies designed to replace third-party cookies with privacy-preserving alternatives that would still allow targeted advertising to function. The key technologies included:
- Topics API: Instead of tracking you individually across sites, Chrome would assign you to broad interest categories based on your browsing history and share those topics with advertisers
- Attribution Reporting API: A privacy-preserving way for advertisers to measure whether their ads led to conversions without tracking individual users
- CHIPS (Cookies Having Independent Partitioned State): A way to partition cookies so they only work within the context of a single site
- FedCM (Federated Credential Management): A privacy-friendly alternative to third-party cookie-based login systems
- IP Protection: A proxy system to mask users' IP addresses from cross-site trackers
What Actually Happened
The Privacy Sandbox story has been a series of delays and reversals:
- 2019: Google announces Privacy Sandbox and plans to phase out third-party cookies in Chrome
- 2021-2023: Multiple delays push the cookie deprecation deadline back repeatedly
- July 2024: Google reverses course entirely, announcing it will not deprecate third-party cookies. Instead, it proposed a user prompt allowing people to choose whether to accept cookies
- April 2025: Google abandons the user prompt idea and announces it will simply maintain existing cookie controls in Chrome settings with no new changes
- October 2025: Google officially retires most Privacy Sandbox technologies, including Topics API, Attribution Reporting API, and IP Protection, citing "low levels of adoption"
The technologies that survived are CHIPS, FedCM, and Private State Tokens — all focused on security and fraud prevention rather than replacing the advertising model built on cookies.
Third-Party Cookies Are Here to Stay in Chrome
Despite years of promises, Google has effectively decided to keep third-party cookies alive in Chrome. This means the cross-site tracking infrastructure that powers targeted advertising will continue to function unless you take manual steps to protect yourself. Other browsers like Safari and Firefox have blocked third-party cookies by default for years.
Skip the manual opt-outs
One opt-out won't stop them — brokers relist your data. PrivacyOn removes your info from 100+ sites and keeps it removed.
See where you're exposed — free 60-second scanWhy Google Reversed Course
Several factors contributed to Google's decision to keep third-party cookies:
- Low adoption: Advertisers and publishers did not widely adopt Privacy Sandbox alternatives, making it impractical to remove the old system
- Regulatory pressure: The UK's Competition and Markets Authority (CMA) closely scrutinized Privacy Sandbox over concerns it would give Google an unfair advantage in advertising
- Revenue concerns: Google's advertising business, which generates the vast majority of its revenue, depends on effective ad targeting. Privacy Sandbox alternatives were less effective than cookies
- Technical complexity: Building privacy-preserving advertising technology that worked at scale proved more difficult than anticipated
What This Means for Your Privacy
The failure of Privacy Sandbox has important implications:
Chrome Users Are Still Being Tracked
If you use Google Chrome with default settings, third-party cookies continue to track your browsing activity across the web. Google's market-dominant browser — used by roughly 65% of desktop users globally — remains a tracking tool.
The Gap Between Browsers Has Widened
Apple's Safari and Mozilla's Firefox have blocked third-party cookies by default since 2020 and 2019 respectively. Chrome's refusal to follow suit means your privacy depends heavily on which browser you use.
Alternative Tracking Methods Are Growing
Ironically, the uncertainty around cookies has accelerated the development of cookie-less tracking methods like browser fingerprinting, device graphs, and first-party data collection — some of which are harder to block than cookies.
Switch Your Browser
The simplest way to avoid third-party cookie tracking is to use a browser that blocks them by default. Safari, Firefox, and Brave all block third-party cookies without requiring any configuration. If you prefer Chrome, you can manually disable third-party cookies in Settings, then Privacy and Security, then Third-party cookies.
How to Protect Yourself
Block Third-Party Cookies Manually
In Chrome: go to Settings > Privacy and Security > Third-party cookies and select "Block third-party cookies." This breaks some website functionality but significantly reduces cross-site tracking.
Use Privacy-Focused Browser Extensions
- uBlock Origin: Blocks ads and trackers at the network level
- Privacy Badger: Automatically learns to block invisible trackers
- Cookie AutoDelete: Automatically deletes cookies when you close a tab
Enable Global Privacy Control
Global Privacy Control (GPC) is a browser signal that tells websites you do not want your data sold or shared. Under laws like the CCPA, websites are legally required to honor this signal. Enable GPC in your browser settings or through extensions like DuckDuckGo Privacy Essentials.
Use a VPN
A VPN masks your IP address, which is another data point used for tracking. While a VPN alone does not block cookies, it prevents your IP from being correlated across websites.
Clean Up Your Data Broker Profiles
The data collected through cookies and other tracking methods often ends up in data broker databases, where it is combined with your real-world identity and sold. Removing your information from data brokers reduces the value of the tracking data that advertisers collect.
The Bigger Picture
The Privacy Sandbox saga illustrates a fundamental conflict: the company that profits most from online advertising is also the one building the browser used by most of the internet. Relying on Google to protect your privacy while its business model depends on tracking is a losing strategy.
PrivacyOn takes a different approach by removing your personal data from the places it ends up after being collected — the 100+ data brokers and people-search sites that aggregate and sell your information. Combined with dark web monitoring and 24/7 continuous scanning, PrivacyOn helps you take back control of your data regardless of which browser you use or what tracking technologies are in play.