 Hi, I'm Andrey Lipatsev from the EMEA Privacy Sandbox Partnerships team. My job is to help companies and organizations that rely on Chrome to deliver their products and services, and specifically right now, to help them understand the implications and prepare for the changes to Chrome's handling of cross-site cookies. Before we dive into today's topic, I wanted to share a quick story with you. Back in 1994, I wanted to build a treehouse, so I asked my granddad for help. With a bit of planning, some plywood, nails, and pluck, we put it up. It was amazing. The dream. I loved it. My friends loved it too, and over time as we spent more and more time in the treehouse, we kept adding to it. With every new addition, we loved it even more. What we didn't love was planning, so we kind of kept piling things up. Before we knew it, the beams supporting the treehouse could no longer hold it up, and the whole thing sort of collapsed. That's sad. You know what else happened in 1994? Lulm Antulin, a web browser programmer at Netscape Communications, created WebCookies. They completely transformed what webpages were able to do. You could store sessions, so now you could sign in, shop, come back to where you were in any user journey imaginable. Magic. Unfortunately, over the past 30 years, we've all been sort of collectively piling things on to the treehouse, I mean cookies, and now we need to reimagine how webpages can continue doing all the amazing things that we love them for, but without relying on cookies quite so much. Cue Chrome's Privacy Sandbox Initiative that you can learn more about in our other videos and this playlist, and the deprecation of third-party or cross-site cookies in Chrome that we're going to talk about today. Everything we talk about today is covered in more detail at good.glecookiecountdown. So make sure to click that link in the description once you're done with the video to get access to all the reference materials and tooling. First off, a reminder of what we even mean by third-party cookies. Third-party or cross-site cookies are simply cookies set or sent by a different site. It doesn't matter who that site belongs to. If it's a different site, it's third-party for our purposes today. And it is these cross-site cookies that Chrome is deprecating. When is this deprecation happening? As of the time we're recording this in December 2023, it's about to begin. And if you're watching us in the future, it's probably happening just as you're watching. Chrome will start the process gradually with a 1% of users and pending input from regulatory bodies like the UK's CMA, we are aiming to be done by the end of 2024. There are four main steps you need to take to prepare and we'll cover each of those in a little bit of detail. They boil down to see what's happening, see what's breaking, make the changes you need to make yourself, and ask those you're working with and relying on to make them too. Step number one, understand what's going on with your site or service. We have a whole video on this, so check that out separately and I'll cover the basics here. Check your code for cookies with the same site none attribute. These are intended for use across sites. If they are yours, why are you setting them with this attribute? If they aren't, these are your prime candidates to dive deeper into. You can now also see block cookies as issues in Chrome DevTools. In future versions, they will start being displayed as errors. And because we know you love extensions, we built one for you, but don't tell anyone. This is a sneak preview of a Chrome DevTools extension coming later in 2024. As of the time we're recording this, it's in developer preview, so grab it at the link in the description and please provide feedback. It's meant to make your cookie debugging easier, so let us know if it does and what else you'd like to see in it. Alright, clearly by now, you must be very keen to verify if cookie deprecation affects your site. Again, we have a whole detailed video on this, so be sure to check that out. But in a nutshell, we got you. If you're watching this sometime in late 2024, after full deprecation has been announced, you can simply open your site in Chrome. For now though, we have a flag you can use. Test your site side by side with and without cross-site cookies and run through some common scenarios, account creation, login, checkout, interacting with various embeds and so on. And if you find breakage on your site or on any other site you might be browsing, especially if the breakage on your site is not something you can fix by yourself, more on that in a second, please report it via this link. So we at Chrome can take a look and figure out how to deal with that. Now let's talk a little bit about the actions you and your development team can take on your own website or sites. First of all, you guessed it, we have a whole video on this at good.gl slash chips. Chip stands for cookies having independent partition states. Bit of a mouthful. The essence of it is pretty straightforward though. It is basically about adding a partition attribute to the cookies that your site or service is set in a cross-site setting. So any data flows remain restricted to that pair. And if your site or service I embedded or used on yet another site, that pairing would also be partitioned, and no info can be shared across these partitions. Check out the link in the documentation for more implementation details and patterns. Related website sets. This solution is very much what it says on the team. And yes, of course, we have a detailed video covering it too. It's at good.gl slash rws. If you or your organization own and run multiple sites, you can combine them in sets, within which cross-site cookies are treated as first party and certain other APIs like storage access operate with fewer restrictions. There are three types of sets. One, CCTLD for sites like example.com, example.refire.de, etc. The size is unlimited. Two, service sets for sites that are not actually indexable or intended to be directly viewed by users. This can be CDNs, for example, like CDN-example.com, from which your images or videos are served. This is also unlimited in size. Three, associated sets for domains whose affiliation with the set primary is clearly presented to users. For example, an about page, header or footer, shared branding or logo, or similar forms. Example a.com, example b.com, etc. This is limited to six sites in total, one main and five associated. You only really need to use related website sets if you set and expect to use your own cookies across them. Finally, there are a few new APIs you might want to take a look at, especially if you are running not only a site, but also a service used by other sites. We don't have time to go over these in detail today, so please check out the links in the description if you find the application relevant to your service. The important thing to remember is that these are not replacements for third-party cookies. They are a new generation of web technologies to take us on a new level of functionality while safeguarding user privacy. Experiment with them, try them out, combine them with each other and with other signals, and please do provide feedback and ideas. It's our web, so let's build it better together. And in that spirit, these days the majority of sites are composed of solutions provided by multiple organizations. Think of your social login buttons, your chatbots, your video and maps, and the list goes on. To make sure that your sites go through the transition to a post-third-party cookies web in top shape, you need to ensure that the products and services you're relying on are ready for it. Make a list of all the services that you're using, we talked about the tooling that can help you with that above, and start making some choices. Do you still need the service or is it redundant? If you need the service, is your provider ready to operate without unpartitioned cross-site cookies? If yes, are there updates you need to download, install, or otherwise integrate? If not, do you want to work with them as they pivot into the transition, or do you want to consider other available options in the market? Think of these choices as due diligence. You had a list of criteria when you first selected these services, right? Well, now, possible reliance on unpartitioned cookies is one criteria you can add to your due diligence list for peace of mind and a successful, sustainable, and privacy-forward website. Before we wrap, there's one more thing I wanted to make sure you're aware of. For a limited time, you will be able to request Chrome to continue allowing third-party cookie usage on your site. Be mindful that this is the last resort option and available if you have exhausted all the others and need extra time to find a solution. More details on that, you'll guessed it in the link in the description. Let's recap. To prepare for the upcoming or ongoing, depending on when you're watching this deprecation of third-party cookies in Chrome, you need to. Audit your third-party cookie usage. Test for breakage. Migrate to the relevant web APIs and related solutions. Analyze your cookie-based third-party service providers. With that, thank you for watching and please share your questions and ideas. Yes, in the comments below, but more importantly, in the GitHub repositories for the solutions that we have covered today. Don't forget to share this video with your network and your colleagues, and we'll see you in the next one.