
Apple's Safari Browser Gives Search Marketers Headaches - lotusleaf1987
http://www.mediapost.com/publications/?fa=Articles.showArticle&art_aid=146801&nid=124777
======
geuis
I remember coming across the 3rd party cookie restrictions on Safari. I was
setting a cookie inside of an iframe for its own domain since it was for
internal state tracking for a check-in style button, not trying to set on the
iframe's parent page or anything like that. Imagine my surprise when I
discovered Safari even blocks 3rd party domains from setting cookies in
iframes _for their own domains_.

For a moment at first, I was kind of frustrated. Then I thought about it and
really, really was happy Safari was doing that. It might be causing me a
little headache, but its also stopping lots of ad trackers right in their
tracks.

This is something I wish _all_ browsers would start doing.

~~~
extension
Does that break Facebook comments and like buttons? (not that I'm complaining)

~~~
johnnygood
It doesn't break them. Safari doesn't _accept_ cookies from across domains (by
default). Safari still sends cookies to iframes across domains.

Even if Safari blocked sending cookies to other domains, it would still be
possible for both commenting and the like buttons to work. On a low-tech
level, rather than working by Ajax (which is how I assume they work - I
haven't actually used them), they would work as a standard link or form to
Facebook's site. Once not in the iframe and on Facebook's site, it would
realize that you were logged in and rather than asking you for your email and
password would record the like or comment. In fact, when you try to press a
like button not logged in, a small window pops up asking for your email/pass
so that it can log you in and do just that. It's easy to imagine that the
window would pop up, offer a little "thank you for your comment" confirmation
with a close button.

Facebook could also decide that it wanted to use Flash cookies which would
work if Safari blocked sending cookies to other domains. Safari isn't in
control of whether Flash is loaded in an iframe and a Flash cookie is
requested from another domain. This is part of the reason why it's more
significant on the iOS platform. Advertisers do use Flash a lot and that usage
can be used to set a Flash cookie that the browser doesn't control and Flash
doesn't have a setting to disallow Flash cookies from sites you don't visit.

------
app
This caused a bunch of headaches at Vimeo while working on our iframe embed
code a couple months back. If I remember correctly Safari (and now I believe
Chrome 10) will not send cookies in iframe POSTs unless a user specifically
navigates in that iframe. So for example clicking the "like" button in a Vimeo
video wouldn't work right away. There is a workaround: you programmatically
fake a POST right away, and the second POST works because the user has
interacted with it.

This might be a nice "headache" for marketers, but there are legit uses. As a
developer I'd prefer if browsers were consistent in their default handling of
cookies.

~~~
joebananas
Perhaps you guys should have taken this as a sign that Vimeo relys way too
much on cookies. You can't even search the site if you don't accept cookies,
no other site I've used fails that way.

------
benologist
Title should be prefixed with "Good news everybody: ".

~~~
arepb
At some point, hopefully not too far away, retargeting will be considered a
sin.

~~~
alextgordon
Honest question. Why?

~~~
robryan
I've found it mostly useless, sure I've visited these websites I'm getting ads
for everywhere but I already know the company exists and I'm basically just
getting a "we exist!" type ad.

An example would be hipmunk, I think they would probably be much better placed
try to use banners that offer deals through retargeting. I already know they
exist and have been to the site, the ad that I now see because of that doesn't
give me any further information.

------
Klonoar
I love watching people complain about how this should've been going on since
the dawn of time. You all do realize that this is, sadly, somewhat important,
right?

This is a huge industry that makes incredible amounts of money year over year.
You can't endorse fistfuls of free products with no clear revenue stream and
then complain about the efforts of an industry that actually handles some
revenue generation off of said products.

Apple, at least in the realm of Mobile, is pretty awesome in this regard: by
having a model where things have the expectancy of charging you up front, they
can safely say "fuck you" to advertisers/marketers like this. More companies
should realize this and run along the same tracks.

------
whakojacko
Honest question-is there really any decent uses for 3rd-party cookies that I,
a fairly technically savvy internet user, might benefit from? (and I don't
consider "more targeted ads" to be a benefit) Ive had 3rd party cookies
disabled in my primary browsers for a while without any seemingly meaningful
loss of functionality.

------
bioinformatics
When tracking was a good thing anyway?

~~~
whatusername
Bacause an ad for something I'm genuinely interested in isn't an ad -- it's a
useful link.

~~~
geuis
Then it should be shown in the context of being an interesting link. I would
ask also, when was the last time an ad was interesting to you? Was something
in a popup, interstitial, popover, popunder, popdown, sidebar link, video
preroll or post roll or inserted promo actually interesting? Was it something
that you purposely clicked to find out more?

~~~
fuzzmeister
I find AdSense ads (both on Google and on network sites) useful relatively
often, I'd say I click one a week or so.

~~~
anon808
so you're the guy

------
MichaelApproved
I don't understand why people hate ads so much when it makes so many products
available for free. I know many would _gladly pay_ but its not realistic to
pay for every site and every service.

Think about the forums you visit once because it had an answer to a question
you googled. Now imagine if that site wasn't able to make money off ads it
served you. Chances are it couldn't exist.

Ad tracking is good for the community because it helps the sites we use
everyday make more money. I want those sites to make money so they will
continue to exist. If we use a site, the operator of the site should make
money.

~~~
shantanubala
There must be a certain sweet spot between tracking a user's browser history
and having zero targeting in advertising. A niche community or site has things
simple -- they need to get direct advertising from businesses in their field.
A more generic web service (like Facebook) could use only the data a user
explicitly provides on their profile. A site with wide ranges of content could
use contextual advertising. All of these options only use data that's already
available on a company's servers, and do not require tapping into browser
histories through tracking cookies. The main problem with tracking is its
implicit nature -- most people don't realize just how much their browsing
history reveals about them, but they do understand the information they
explicitly reveal on Facebook or Twitter.

------
joebananas
Oh No!

------
petercooper
I'd be surprised if the ad companies aren't already giving the publishers who
run their ad units a script that allows data to be tracked through it
"locally" and which then proxies to/from the ad company. A minor headache but
probably worth it for them.

------
barredo
Question: Does Android Browser (does it has a name or it's just 'browser'?) or
Internet Explorer for Windows Phone7 do the same?

------
bkaid
This is one thing you will never ever see happen to Google Chrome or stock
Android browsers as Google is essentially a search marketing company.

~~~
gergles
<http://screencast.com/t/PKPkfdZc>

------
daakus
It's sad that Safari does this, especially considering there's a work around
using POST: <https://gist.github.com/586182> \-- it translates to complexity
and has performance hit, and doesn't actually add security.

~~~
robryan
Rather than allowing it because of this, wouldn't it be better to remove this
method. I kind of like the balance without the 3rd party cookies, I can write
a 3rd party script that people include on there website which stores cookies
on their own domain. From the point of view of a single website this is good,
from the point of view of a network of websites and those that want to
advertise on all of them I guess it is bad. Can always base things off IP, not
as good but a similar effect.

~~~
mishmash
>Can always base things off IP, not as good but a similar effect.

So trying to target an ad for the 150+ people in my company that share a
single IP?

~~~
robryan
Well its really only from an advertising perspective, the advertiser and the
network. From the end users perspective they get the choice, if they really
want targeted ads they can always turn the third party cookies on.

~~~
Stormbringer
Target the ad based on the site the user is visiting, not on trying to violate
the user's privacy. On a site to do with cars, show car ads. On a site to do
with Dell, show Dell ads.

It's not frickin' rocket surgery.

If no one has a site relevant to your ads, there's your hint that no one wants
your service/product. If you believe that I'm wrong... _start one_. Make a
site relevant to that interest, and then you can on-sell your product.
Build/find the community that believes in the same stuff you do, and engage
them.

