If you use the Facebook tracking pixel, you’ve probably seen this headline at least once already: Important Facebook Pixel Update. It starts like this:

On October 24, Facebook will begin offering businesses a first-party cookie option with the Facebook pixel. This change is in line with updates made by other online platforms, as use of first-party cookies for ads and site analytics is becoming the preferred approach by some browsers.

This update seems to be following me everywhere. I got a notification in Facebook, received emails in more than one account, and have been asked so many times what the heck this means, I suppose it warrants a blog post!

*Nerd Warning*

In this post, I’m going to write in-depth about cookies. If you don’t care about all that technical stuff and just want to know what you need to do in response to Facebook’s pixel announcement, I’ve got you covered: Don’t worry about it. The default settings that Facebook is rolling out are already optimized for tracking your visitors. No further action is required on your part.

Want to know what’s really going on now? Great — let’s talk about cookies. 🍪

Regardless of “Party,” What the Heck is a Cookie?

Before I delve into the specifics of the change from third-party cookie to first-party cookie, I want to review what a cookie actually is.

Google defines a cookie as:

A small file saved on people’s computers to help store preferences and other information that’s used on webpages that they visit.

Cookies are quite simple. They consist of little more than a name, a value, a domain, the date it was set, and how long until it expires. Despite their simplicity, the impact of cookies on the Internet is huge. These little files are how Facebook, Google, Bing, and others track you as you navigate the Internet.

The domain value on a cookie is an important one here. It’s not referring to which website made the cookie, but rather which domain the cookie was made on behalf of. The domain value is the cookie’s owner.Cookies that belong to the main website are first-party. Cookies that are owned by a domain other than the main website are third-party.

So on the 9clouds.com website, a cookie owned by 9clouds.com is first-party. A cookie owned by google.com is third-party.

Want to see which cookies are set on a website you’re visiting? In Chrome, it’s as easy as clicking the lock 🔒 icon to the left of the URL, then clicking “Cookies.” Warning: you may be shocked at how many cookies are used on most websites. You may not really want to know.

Why the Cookie Party Matters

Again, a first-party cookie is one that is set and owned by the website itself. For example, 9clouds.com may set a cookie on its own behalf to differentiate between logged-in employees, returning visitors, and new visitors. Since we also have the Facebook pixel installed on 9clouds.com, Facebook also sets cookies on our site to track user activity.

Historically, when the Facebook pixel set a cookie, it assigned itself as the owner. Since this cookie is being used on 9clouds.com but is owned by facebook.com, it was considered a third-party cookie.

Consumer tracking has become more invasive with time, in no small part due to these ubiquitous third-party cookies. As a result, online privacy has been an important conversation growing in prominence in the media. Search engines and even entire web browsers have emerged with privacy and non-tracking practices as their main selling points.

More importantly, some big companies have made significant changes to how they handle your privacy by default. Safari is now actively blocking third-party cookies to try to limit the extent to which advertisers can track you. As a user of the Internet, this is a good thing. But for Google, Facebook, and other companies that are selling ads, limited tracking is a threat to how they do business.

Advertisers Aren’t Giving Up on Tracking You

The catch with cookie domains is that they operate on the honor system. Once a script like the Facebook pixel or Google Analytics is installed on your website, there’s nothing preventing it from using your domain as the owner. In response to Apple’s taking away third-party cookies, Google, Microsoft, and other big ad vendors have already switched to using first-party cookies.

The big announcement from Facebook is just that Facebook is joining the pack.As of October 24, even if someone accessing your website is using a browser that blocks third-party cookies, Facebook will still be able to continue tracking them using “first-party” cookies.

To Illustrate This as a Metaphor…

At the 9 Clouds cookie store, we sell a bundle of cookies that includes 9 Clouds cookies that we bake in-house (first-party) as well as Facebook cookies that Facebook provides us (third-party). Facebook has learned that some people don’t like its cookies . . . but Mark Zuckerberg wants people to continue bringing his cookies home.

So, starting October 24, Facebook is encouraging us to sell cookie bundles that are all branded as 9 Clouds cookies, even though secretly some of them are actually Facebook cookies.

Reassurance for Advertisers

If you’re an advertiser concerned that user privacy could get in the way of your ability to reach an audience, don’t worry about it. The companies that want your ad spend are going to make sure you can track and reach your audience. They’re winning the war over privacy online.I don’t see that changing.

Less Than Reassurance for the Rest of Us

If it seems disingenuous to you that the most pervasive cookies — including (but not limited to) Google Analytics, Google Ads, Bing, and now Facebook — are transitioning to use first-party cookies, you’re in good company. What’s the point in even distinguishing between first- and third-party cookies anymore? I don’t know.

If you want to reduce the extent to which you’re tracked, you can start by using a web browser and search engine that don’t track you and by educating yourself on online privacy.

The Concerned Consumer + Advertiser

If you’re both a concerned consumer and an advertiser, we’re in this together. I know it’s not possible to take a moral stand against Google and Facebook — we’d just be giving our competition the edge. It doesn’t do the industry any good for folks who care the most to go out of business on principal while those with fewer scruples thrive. So what can you do?

I spoke with Vivaldi co-founder and CEO Jon Stephenson von Tetzchner about what the Facebook pixel update means for user privacy, and his response was grim:

By doing this, they’re making it harder to avoid the tracking. The user should be able to make the decision to block or allow third-party cookies.Moving over to first-party cookies is taking away the ability for the user to make that decision. Regulation is needed on this. The level of tracking overall is crazy, and it needs to be stopped.

The only thing that’s going to protect consumer privacy is legislation limiting consumer tracking. It’s reassuring to know there are people like Jon with influence in the industry who are pushing for change, but change doesn’t happen overnight. In the meantime, it’s up to us as conscientious marketers to use the tools and data available to us responsibly.

At 9 Clouds, we strive to stay on the cutting edge of advertising and marketing technology — but we also deeply respect the privacy of consumers, both in our internal marketing and in the marketing we do on behalf of our clients. We value transparency, and as we see more changes in the digital landscape going forward, we’ll continue to share our thoughts.

If you’d like to learn more about our company ethos or how we ethically track leads online, please reach out.