Cookies were not designed to spy on users, says creator

The famous cookies, which are at the heart of the current debate on protecting privacy on the Internet, were never conceived as a tool for digital espionage, their inventor assured in an interview with AFP.

Californian engineer and entrepreneur Lou Montulli said the first-party cookies he created decades ago were intended to make life easier online by allowing websites to remember visitors.

However, the technology has become a lightning rod, attacked for helping companies collect data on consumer habits, key to the web ad business, which generates billions of dollars a year.

“My invention is at the technological heart of many advertising schemes, but I had no intention of that,” said Montulli, who created the cookies in 1994 when he was an engineer at Netscape. “It’s just a core technology to enable the web to work,” he added.

Google this week joined a growing list of tech companies in announcing a new plan to block certain types of cookies, after the online advertising giant’s previous proposals came under fire.

Talking about his invention, Montulli said the software snippets that allow a website to recognize people have helped enable features like automatic login and remembering the contents of e-commerce shopping carts.

Without so-called “primary” cookies, which are also used by websites to directly interact with visitors, each visit by a user would be considered the first.

According to Montulli, the problems stem from so-called “third-party” cookies, those generated by websites and stored in visitors’ browsers, and ad networks that aggregate data from these fragments.

“Personalized ads are only possible thanks to the collusion between numerous websites and an ad network,” he argued.

Sites share visitor activity data with these ad networks, which use it to target ads based on each user’s behavior.

Online ads arms race

“If you look for some weird niche product and then you’re bombarded with ads for that product on various websites, it’s going to be a weird experience,” Montulli said.

“It’s natural within human reasoning to think that if they know I’m looking for blue suede shoes, that must mean they know everything about me and therefore want to get out of this system,” he added.

If a website on a network collects personal information, such as a name or email address, that data can be leaked in such a way that a browser can be associated with an individual.

“It’s a network effect where all these different sites are in cahoots with ad tracking tools,” Montulli summarized.

This month, French authorities fined Google and Facebook about $237 million for using cookies.

“Cookies were originally designed to provide privacy,” their creator pointed out.

For him, a possible solution would be to stop targeting ads and start charging subscriptions for online services, which are funded by advertising revenue.

Montulli also supports the phasing out of third-party cookies, but warned that phasing out these pieces of software altogether would lead advertisers to employ more stealthy tactics.

“Advertising will find a way” to adapt, he said. “It’s going to turn into a technology arms race. Given the billions of dollars at risk, the advertising industry will do whatever it takes to keep the lights on.”

Disabling third-party cookies can also unintentionally punish small websites by depriving them of targeted ads that generate money, giving even more power to tech giants like Apple, Meta (the parent company of Facebook) and Google.

Regulations that keep cookies in use, requiring controls like whether or not users can opt-in to sharing data, may be the only viable solution in the long term, Montulli said.

“It really wouldn’t be possible to use the web without cookies,” he noted. “But we’re going to have to find more nuances in how they’re used in advertising.”