

Ask HN: Why are cross-domain cookies and referrers allowed? - MzHN

It seems to me that web browsers are increasingly addressing all kinds of security&#x2F;privacy issues from CSS history hacks to almost anti-virus-like heuristics for XSS protection.<p>Maybe the most controversial example on the privacy side is the &quot;Do Not Track&quot; HTTP header.<p>What I don&#x27;t understand however, and what my question is about, is why in the world do browsers first send identifying, personal information about the user(&#x27;s browsing habits), without consent from the user, across sites that may not even be affiliated in any way and _then_ tell that site &quot;please, ignore this data&quot;.<p>Why send it in the first place? If the browser vendors don&#x27;t care about privacy, why did they implement the &quot;Do Not Track&quot; header? If they do, why did they implement the &quot;Do Not Track&quot; header?<p>Why are cross-domain cookies and referrers still allowed by default?
======
unreal37
It's no coincidence that the leading browser (Chrome) is produced by the
world's largest advertising network (Google).

And so you ask, why isn't cross-browser cookies disabled by default? Well...
why would a company do something to their free product that reduces the amount
of revenue that they earn on their other products.

