Further, servers are free to keep private information on identities, with the understanding that identities are so flimsy that any single identity profile is not worth data-mining. This won't prevent tracking from truly big players, like Google, AWS, or Cloudflare, but it greatly cuts down on their ability.
This reminds me of moot's concept of prismatic identity.
I use laptops for coding and ML (one of my laptops has a 1070 GPU). I use Firefox with containers, one for each major site (Twitter, Google properties, HN, etc.). I only delete all cookies in Firefox about once a month - probably not nearly often enough, even using containers.
I do most of my web browsing on an iPad Pro and I delete all cookies on Safari very frequently.
I pay Google for Play Music, buy books and movies, and use GCP - that is enough revenue for them, so I feel like they still make money from me. Twitter makes money by showing me ads. Anyway, I feel just fine about frequently nuking cookies.
I recommend Cookie auto delete if you haven't considered it before: https://addons.mozilla.org/en-US/firefox/addon/cookie-autode...
Also, I'm not sure how useful deleting cookies is today if the new cookie can immediately be re-linked with the old profile the moment you log into your Google account.
> Cookies are small text files stored in internet browsers that let companies follow users around the internet, gathering information such as which sites they visit and what ads they view or click.
Compare that to the definition from Wikipedia:
> An HTTP cookie (also called web cookie, Internet cookie, browser cookie, or simply cookie) is a small piece of data sent from a website and stored on the user's computer by the user's web browser while the user is browsing. Cookies were designed to be a reliable mechanism for websites to remember stateful information (such as items added in the shopping cart in an online store) or to record the user's browsing activity (including clicking particular buttons, logging in, or ...
It's a close enough approximation for laypersons reading a non-technical newspaper. It's also a definition that's more closely aligned with the article's subject.
So, in many ways WSJ did a superb job here in describing what the actual implications are.
I don't think Google is intentionally confusing that distinction, and I wouldn't accuse them of that. As much as I find their arguments on this subject disingenuous and distasteful, they haven't claimed anything on that scale.
However, whenever Google proposes a privacy/security change, HN has a habit of accidentally conflating their specific arguments with the broadest, most general terms. Debates about specific policies become debates about whether or not broad, sweeping statements are true: Statements like, "all cookies are bad", or "browser extensions should be able to do whatever they want."
Google's argument here isn't even really about cookies at all, it's about tracking and advertising in general. Google is arguing that whatever privacy improvements we add to browsers, we need to make sure that advertisers can still serve personalized ads that follow users around the web. They are proposing separate standards from Mozilla and Safari that they say would improve privacy while allowing them to continue their current business model.
Conceptually similar to using a private/incognito mode all the time?
Every problem has a solution.
But... you're describing 1st party cookies. You can already set Firefox to delete all cookies whenever the browser is closed. It's not just that this problem has a solution, the solution is already implemented and live today in every major browser.
It's also not 'conceptually' similar to private/incognito mode, it literally is private/incognito mode. Private mode is just Firefox storing all of your session/cookie data in RAM so that it will get deleted when the browser closes. The main difference is that private mode is more aggressive, because it includes downloads/history in the deleted session, and takes extra steps to make sure the data won't accidentally get cached even in temporary files.
The big reason browsers are getting more aggressive about 3rd-party cookies is that they can be used to track you across domains even during browsing sessions, so there's often a good reason to block known tracking cookies outright. Additionally, most ordinary users want cookies to persist between browser sessions, so to enable that behavior we have to be more creative about figuring out which cookies are harmful -- then we can remove them even for ordinary users. It turns out that blocking 3rd-party cookies can sometimes be a useful way to filter "good" and "bad" session data.
But if you don't fall into that category of user, and you're OK with needing to re-log into sites when you open the browser, then go wild. Switching to temporary cookies will definitely help with your privacy, and Firefox even includes ways for you to whitelist any sites where you do want cookies and localstorage to be persistent.
I discovered this because I use uMatrix and block first-party cookies by default.
> A cookie could store the session id from a load balancer or app server
These two are not mutually exclusive. The exact same cookie used for logging can also be used to store your session id for internal routing.