deleted by creator
The much better way is called “topics” btw:
[S]ites can ask Chrome directly what kinds of topics you’re interested in – topics automatically selected by Chrome from your browsing history – so that ads personalized to your activities can be served… Apple and Mozilla have rejected at least the Topics API for interest-based ads on privacy grounds.
In other words, it’s not helping privacy. Or in better other words:
Google’s definition of privacy is not the dictionary definition most might understand. Rather it’s the ad industry and legal definition where privacy is not so much a binary state – public or private – but a notionally consent-based trade of information to gain access to ad-supported content.
I feel fuckin dirty even reading that last paragraph. It’s so detached from any sane reality.
deleted
Browser fingerprinting is nasty and easy. There are ways to push back but it’s still awful.
deleted by creator
If you have Firefox, I would strongly recommend containers. To websites, they are like separate profiles for the same browser, but to you they visually occupy the same space and thus the same history, extensions*, etc. They also eat way less RAM because they’re not running a separate browser.
* which, to be fair, might be used for fingerprinting too, so YMMV
deleted by creator
I know people are passionate about their love / hated of Brave, but it along with LibreWolf (and Firefox) all offer strong fingerprinting protection out of the box. With Firefox, just make sure you add uBlock Origin.
deleted by creator
If you wanted a slimmer Firefox, a less confusing Arkenfox, or something like Tor but for everyday use, it might be perfect.
deleted by creator
Wait Firefox sends fingerprint info?
Why is there not an open source browser that doesn’t send this shit?
Yeah they analyze your browser history and then generate labels of things you’re presumably interested in and then share it with any website that asks. Privacy friendly alright.
What about all the other hidden cookies it sets for the right price? ;)
deleted
Right. The sandbox. Silly me. Don’t touch the sand though, it’s full of shit.
So what exactly are 3rd party cookies?
I’m on a.com, that is what’s shown in the address bar.
The page includes a resource a.com/image.png. A request the server will include cookies from a.com. That’s a 1st party cookie. Correct?
The page includes a resource b.com/image.png. The request will not include cookies from a.com; this was always the case. b.com can however set their own cookies. Since we are on a.com, cookies from b.com are ‘third party’. Correct?
It gets interesting when we navigate to c.com and c.com includes b.com/image.png, a tracking pixel we have seen before on a.com.
Without 3rd party cookie protection, b.com sees the cookie they set previously while on a.com. This will now be blocked. Correct?
Now explain this in a Javascript world.
Open up developer tools and look at the network requests just about any website you visit makes. Logged in to facebook.com and then went to visit a.com? Well, a.com has a Facebook like button and script delivered to your browser when you load their page that allows Facebook to figure out that your logged in Facebook user id visited a.com. Not only did you do that, but you hovered over a button to buy boots for 3 seconds and didn’t click. Now, Facebook calls home with the knowledge user 827027 is a potential boot buyer and can spam them with boot ads.
Interestingly, a.com also loads about 30 other scripts from other ad networks and trackers, including Google, and similarly lets them call home with info stored in their respective third party cookies.
You’re correct about first-party cookies being from the domain in the address bar, like a.com in your example. When a page from a.com includes a resource from b.com, and b.com sets cookies, those are considered third-party cookies.
In a scenario where you navigate to c.com, which includes a resource (e.g., tracking pixel) from b.com, without third-party cookie protection, b.com would indeed have access to the cookies it set previously while you were on a.com. However, with 3rd party cookie protection measures, the browser restricts this access. This can impact user tracking and privacy.
In the JavaScript world, this is often managed through mechanisms like the SameSite attribute for cookies and technologies like ITP (Intelligent Tracking Prevention) in browsers. Developers need to adapt their code to these privacy measures to ensure compliance and user privacy.
- GPT3.5
I am not sure, but I think browsers will block access to third party cookies from javascript. In your example, c.com/script.js will not be able to access b.com cookies. Now, when the browser sends the request to b.com/image.png, browsers will NOT send the cookies associated with b.com when visiting other domains than b.com. BUT, the request might contains a “referer” info set by the browser, hence b.com can still track you. This is something that some browsers block already, but as a web developer, I always see referers in the logs, so it’s either not working, or it is opt-in in the options, and normies don’t change it…
It would be nice to have the option to not just block your data from being accessible to a 3rd party but also feedback junk data into the system. Pollute the data stream until it’s no longer useful to the powers that be while still retaining functionality for the user.
One can dream.
This is the best summary I could come up with:
Chrome has finally announced plans to kill third-party cookies.
Google’s blog post calls the rollout “Tracking Protection” and says the first tests will begin on January 4, where 1 percent of Chrome users will get the feature.
The rollout comes with some new UI bits for Chrome, with Google saying, “If a site doesn’t work without third-party cookies and Chrome notices you’re having issues—like if you refresh a page multiple times—we’ll prompt you with an option to temporarily re-enable third-party cookies for that website from the eye icon on the right side of your address bar.”
Chrome’s Privacy Sandbox switch represents the world’s most popular browser (Google Chrome) integrating with the web’s biggest advertising platform (Google Ads) and shutting down alternative tracking methods used by competing ad companies.
Google says its choice to offer this privacy feature four years after its competitors is a “responsible approach” to phasing out third-party cookies.
Google’s position as the world’s biggest browser vendor allowed it to delay the death of tracking cookies long enough to create an alternative tracking system, which launched earlier this year in Chrome.
The original article contains 402 words, the summary contains 183 words. Saved 54%. I’m a bot and I’m open source!
