
Web Browsers Reject About Two-Thirds of Cookies - cpeterso
https://www.emarketer.com/content/web-browsers-reject-about-two-thirds-of-cookies
======
barnabee
"Cookies were originally designed to track users across the web on browsers"

No, they weren't. They were designed to store small bits of data (such as a
login or session token, or form data) between page requests within one site.
It was only later that they were repurposed to track users around the web.

~~~
teleclimber
Came here to say exactly that. Cookies are only capable of tracking users
across the web because giant companies have managed to dupe site owners into
adding code to their site.

~~~
plopz
I don't think anyone was duped into adding google analytics.

~~~
yuhong
Well, it was bought from Urchin and then they discontinued the original
software. I mentioned this in the essay too.

------
pmoriarty
I like a Firefox extension called "Self-Destructing Cookies".[1]

It will accept cookies, but then delete them when you close the tab.

Unfortunately, it (like many other useful extensions) was permanently broken
by recent changes to Firefox. I wonder if there are any good alternatives.

[1] - [https://addons.mozilla.org/en-US/firefox/addon/self-
destruct...](https://addons.mozilla.org/en-US/firefox/addon/self-destructing-
cookies/)

~~~
zeta0134
You can get close with a built in browser setting. Firefox can erase all
cookies as soon as you close the browser:

[https://support.mozilla.org/en-US/kb/enable-and-disable-
cook...](https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-
website-preferences)

You can also open up a Private Browsing tab if you want to visit a site you
don't trust, or simply maintain a separate environment from your main stuff.
Private windows have their own cookie store separate from the main store, and
also clear their history upon close.

~~~
hansen
> You can get close with a built in browser setting.

And you can still keep cookies from specific sites by defining an exception.
They should better document this feature. For me it would be a good default
behavior. There aren’t that many sites where I want to stay logged in.

------
IBM
#TBT to when Google bypassed Safari blocking third party cookies and paid an
immaterial amount to settle the case [1].

[1] [https://www.zdnet.com/article/google-pays-17m-to-settle-
safa...](https://www.zdnet.com/article/google-pays-17m-to-settle-safari-
cookie-privacy-bypass-charge/)

------
devmunchies
So if i have a product that uses 3rd party cookies to try and enhance the user
experience (saving user progress in a 3rd party service for user convenience),
whats the alternative to 3rd party cookies?

Bad actors are making it harder for people who want to use cookies for
enhancing the experience rather than analytics and marketing.

~~~
hansen
> enhance the user experience

Sorry, but this made me laugh.

> whats the alternative to 3rd party cookies?

Don't use a 3rd party service.

~~~
devmunchies
yes, saving user progress is enhancing their experience. you hear 3rd party
and immediately think its bad.

> Don't use a 3rd party service.

I knew someone would say this, as if I had unlimited dev time.

~~~
mcpherrinm
The third party service can provide you with some JavaScript you inject into
your website. It stores cookies on your domain instead of a third party one.

~~~
yetanother1980
Which of course begs the question should third party scripts be allowed to
run?

~~~
mcpherrinm
You don't need cross-origin scripts for this: you can host it yourself.

If you were to disallowed loading scripts cross-origin, everyone would just
end up creating subdomains for everything you wanted to load, which would be
worse security-wise I bet, as you'd lose some of the cross origin security
features we have today.

------
John_KZ
Man I wish we can go back to browsing the web without cookies.

