Emil Ochotta

I'm tech lead at Google for privacy engineering within display ads.

Here's a statement of interest and brief topic description:

Cookies have are a general purpose data storage and communication mechanism
between client and server.  As a general purpose mechanism, cookies are
used in several ways for identification.  For example, they have been the
traditional mechanism used to send&store unique device identifiers to 3rd
party advertising systems.  However, there are pressures on this use of
cookies, including some browser blocking 3rd party cookies by default and a
general negative impression of cookies in the popular press.  For mobile
devices, device identifiers have become part of the device OS itself, with
identifiers such as IDFA on iOS.

Similarly, in the first party space, cookies are also used to store user
login credentials.  Because of the general nature of cookies, this usage is
not standardized, making such use susceptible to security attacks.

With the pressures on cookies, what does the future hold for
identification?  Both in the 3rd party and 1st party space.  What is the
role (if any) of fingerprinting and other passive identifications
mechanisms?
Should we develop new standards that are tailored specifically for
identification?  If so, what should they look like?​