I don't really like this. I work in the advertising industry and retargeting is honestly one of the most exciting things to come out.
Sure there are ways of cookieless retargeting, but it is a hassle. I mean, everyone's heard of Samy's Evercookie right? Then there are TCP stack signatures, and other companies like a few European DSPs that use cookieless tracking to track a person (IMO it's quite easy to use a GET pixel to actually capture a person's TCP stack).
You can use 3rd party cookies for good and evil. For example, for my personal project, Fork the Cookbook (http://forkthecookbook.com) I'm working on using pixel drops to track how many people fork recipes from embedded recipes (how else would one measure success of an idea). Most analytics softwares like Google Analytics uses 3rd party cookies.
I'm not too sure about evil uses of 3rd party cookies. I do not consider retargeting to be evil. Other stuff like tracking browsing history can be done but it is extremely inefficient, and does not really return much for the amount of time and effort invested into it.
What about PII you ask? Start with drop sites, where people willingly submit their personally identifiable information, and then it's up to the DMPs to actually correlate the data, which can then be used as ad targeting information. As far as I can tell, even with the big hoohaa over companies like Rapleaf, the truth of the matter is that it's very very inefficient so far.
Privacy is simple IMO. Don't submit your information to websites that ask for anything more than what is needed. Banning third party cookies is like using a cannon to shoot a mosquito.
I'm interested in the culture implications of your willingness to comment on a story like this and openly admit that you work in this area of the advertising (surveillance?) industry.
Certainly, I don't think anyone would feel comfortable commenting on a story about SPAM mitigation techniques (without using a throwaway account) with text like "This sucks, I'm a spammer, and I'm really excited about it. Don't like SPAM? Don't share your email address!"
Is there really that much cultural acceptance of your field? I assumed this was the kind of thing you had to awkwardly talk around when someone asks "what do you do?" in a bar where others might overhear your response.
One of the things that shocked me most while working at Twitter was that nobody there uses an ad blocker. Like, I literally couldn't find a single person, and I've always assumed that anyone with the technical ability to install ABP immediately did so. So maybe I'm out of touch? Legitimately curious.
I did agonize for a bit when people say things like "the best minds of our century are working on people to click on ads", but I've made peace with myself. I chose advertising instead of finance because I deemed it to be less scumbaggy than finance (not really, online advertising is a shithole filled with mines and there are many many faces of online advertising ranging from the very clean to the very dodgy)
I thankfully work for a company that tries very hard not to work on the dodgy side of things, and we do actively work on tackling really dodgy stuff, so I don't think comparing online advertising to spamming is quite a valid point.
I don't think it's cultural acceptance. I'm just being open with my views. My views on online advertising is similar to my views on guns: advertising is not inherently bad neither is it inherently good.
Honestly yes you're out of touch, and it heartens me. It took me up until about 2007 to realize that all this talk of funding websites with ads referred to a working business model. Having continuously run adblock, I simply didn't know how much advertising had invaded everything.
I was getting ready for the top-voted HN comment to be something defending advertising, and was probably saved because this move by Mozilla isn't so bold. It seems most developers these days are happy to be on the take of advertising and DRM companies and will trot out all manner of justifications for why their code should run unhindered on your device.
The company I work for allows targeting of advertisements based on the video content on a page. We do track users by dropping a cookie (so that we can calculate GRPs) but make no attempt to identify or behaviourally target users - we don't believe either are very effective for brand-building, which is our target market; it's about having your brand associated with certain content, not patterns of browsing.
A lot of people at work use AdBlock - even the operations people who spend a lot of their time looking at (and for) ad-laden pages will often have one browser with and another without, or will browse in Incognito mode when they need to see ads.
Some programmers probably believe "I use ads for money but I block all the other ones because I have the intelligence to do so and anyone who doesn't is a sucker and it doesn't matter that I'm exploiting them because they don't care enough."
Agreed, but the problem is, it has been overused to the point that they have become nuisances. I really don't want to be a parasite, so I usually go disable abp on sites that I trust (which, ironically, makes all those "thanks for not using adblocker" messages on reddit rather counterproductive.)
I used to work in an advertising start-up, and I have no qualms about it. I think it's naive to consider it "unacceptable" or "evil" ... and there are two BIG reasons I say this: (1) Google and (2) Free Content vs Pay-walls
(1) Google essentially reads your emails and any searches you do, and provides ads based upon any/all data you provide to it (including Google+, Drive, etc.) Last time I checked Google was pretty popular and this business model was pretty well accepted...
(2) With so much free-content on the web, is it that much to ask that the people producing that content have a means to make a living? The fact that we can Google virtually ANY information in the world (even on our phones for crying-out-loud) is worth the small sacrifice that we see a few ads in the process
Personally I can't stand retargeting, if there is one turn-off I have when visiting websites it is being hounded from site to site by an ad. That signals to me to never ever buy that product. That it is 'exciting' to those in the advertising industry is a signal all by itself.
Once a while ago I googled for a bit around the time I was buying a car. For weeks afterwards I got hounded by car ads for some brand. Needless to say that brand is not on my short list for any future purchases.
Any advantage in advertising has turned out to be short lived. It's like building up a resistance to certain chemicals, at some point you need a harder variety to reach your goal. And then the resistance increases and so on. Retargeting will work for a while and then we'll be back to square one, more obnoxious ads and less content. Until all you see is ads.
My biggest annoyance with retargeting is also buying a car. I don't remember seeing any car ads leading up to my purchase, but ever since buying the car (over a year ago now) my browser is littered with Ford Focus ads. It's not going to do any good to show me ads for a Focus, i already bought one. It's just a waste of your ad buy to show me more ads. Retargeting seems to be, at this point, one of those technologies that has a high potential value but needs a lot of work to realize that value.
Or it could just be that the people who sell fords aren't very smart. Three days (!!!) after i bought my car, they sent me an email promoting a trade-in event they were having, telling me what a good deal i could get on a used toyota at my local dealership if i traded in my car.
For my case, I always see newrelic retarget ad. I need to check newrelic everyday for work. And after that every time I watch a youtube video it shows me a newrelic ad. I am already a Pro Annual user, I can't upgrade my plan anymore. They should not retarget current user.
My company runs some of the retargeting campaigns for New Relic. I just checked our setup and they're definitely excluding people who have converted or become customers already. New Relic works with a few providers though so it's very probably one of them is machine-gunning all visitors with ads.
There is a general rule of thumb that a person has to look at/interact with/be cognitively aware of an ad at least 7 times before any action can be taken.
Showing ads across sites is just one more way to do that. In fact I would rather have relevant ads show up than irrelevant ads.
I will admit that many companies out there do overdo their retargeting campaign though. That's what the company does that is mistaken, not the technology.
> That's what the company does that is mistaken, not the technology
The technology of low level internet surveillance in order to facilitate advertising? And you wonder why people don't like it?
I worked in advertising for quite a while and no longer do, I understand why you love retargeting and why you are sad to see it go. I'm sure that you were sad to see popup blocking become mainstream as well, popups and popunders had fantastic results. They were more hated but orders of magnitude less evil than 3rd party cookies.
You are expecting people to change their behaviour or preferences and make sacrifices solely in order to be easier to advertise to ... isn't learning never to fall into that trap day one of advertising 101?
Browsers are thinking about what their customers actually want, you are thinking about what makes it most efficient to control those customers ... of course you disagree. And of course you are wrong.
not the GP, but I highly doubt it's going to go anywhere. Mozilla's decision is just going to accelerate the arms race into more and more esoteric ways of tracking you... I'd heard about evercookie, but tcp-level analysis was news to me.
true, that type of tracking is too useful, especially now that big players are used to having it. The browser's have the advantage here in both available options and agility so accelerating the arms race is probably a good thing.
Me too, soo much. I was really counting on that until it never actually materialized.
Looking over my last few months of purchases, advertising could have struck a real coup by helping me find the lowest priced dry cleaner in my area, or by letting me know I could buy a USB device that lets me use an xBox controller in Windows.
Instead, all I hear is that when I drink a certain Vodka I'm on top, and that Budweiser loves horses. Also, everyone wants me to start using credit cards.
Yeah, I don't drink, and rotating credit with abusive APRs sounds like a criminal enterprise.
Maybe everyone else is getting the perfect ads right now, things that really help them decide what to buy. I've been let down. I don't think I'm the only one though.
Because giant companies from a select few high-margin industries are the ones buying the power ads. Hulu can only choose between ad spots for things I will never buy, there's no amount of profiling that fixes that.
There's just no relation between the amount of information a company has that would help me make a purchase and its advertising budget.
I'm sure what I am about to say is no great insight here on HN, but I like saying it so here it is:
There are two kinds of advertising:
1) Advertising that helps you find what you need
2) Advertising that convinces you to spend money you would not otherwise have spent
The lofty ideal has always been (1) but the reality seems to always turn out to be (2). We should stop giving lip-service to the lofty ideal.
Another way to look at it might be that #1 did happen, it's just called the internet.
Twitter, for example, has an entire team of people working on "search and relevance." This is essentially #1, but it's not advertising, it's just how Twitter works. The core concept of sites like Twitter, Facebook, and even HN is that you should be seeing the content that you find interesting.
What we call advertising in that context necessarily has to subvert #1. If it was the content that is already the most "relevant" to a user, there would be no reason for an advertiser to pay in order to make it visible to that user, since it would be what is naturally presented.
Mostly true, but #1 is still necessary. You just made a cool thing. You want people to know about it. How do you tell the world?
Ideally, it'd be nice to have a thriving community of independent journalists and reviewers covering just about every topic and using their experience to evaluate new things. Consumers would know where to go to get the information they need.
But reality is so much messier. It's February 2013 and I want to buy an X that does Y and Z. How do I truly make an informed decision to buy the absolute best product that meets my needs? Who the hell knows. The resources just aren't there, at least not in a convenient, comprehensive, and objective form. Consumer Reports does some of that, but they're limited in scope. Therefore, advertising and branding.
The psychological requirements to achieve that task and your personal preferences are irrelevant, it is underhanded and obscene.
I will not deny that this is a technological solution to a social problem, and yes it is mismatched, but web browsers need to be managed by responsible stewards that protect their users from abuse (it is abuse).
The nature of the global namespace is irrelevant, with that logic we might as well make every bit of personal information freely available to anybody that wants it. Ambitious and potentially useful? Absolutely, but it's also extremely dangerous.
Personally I will be suggesting Firefox to all of my non-savvy family and friends because I support the idea that their privacy should be respected by default.
I assume this is why I get ads for stuff I just bought on wildly different sites - the advertising network server asks for my cookie before serving the ad and so can identify me?
Yeah that's annoying. I will install adblock one day, but in defence of chewxy I just tend to avoid sites with that crap on them anyway.
It seems to me that every site is adopting this technology, so what, exactly, are you waiting for? The writing is on the wall.
Personally, I would suggest using a cookie management tool like cookie monster [1], and other tools like Request Policy [2] or Ghostery [3], depending on your browser of choice (i.e. RP doesn't have a Chromium/chrome extension, AFAIK). Adblock is great, but your reluctance up to this point suggests you would like to support some sites via their advertising efforts.
New Relic, I'm looking at you. I don't think I've seen a banner for anything other than New Relic for a month and I have New Relic and use it every day.
Would you rather see ads for the tanning salon or the hot waxing ads?? Really if you are a newrelic customer and only see their ads they are not running a very good campaign.. From a conversion perspective your are a waste of their money... But from the standpoint if getting you to come back and continue to use and talk about them - its working great
Frankly the data shows otherwise ... from my previous work in the industry the majority of people respond well to retargeting simply because it's relevant and useful. Hell it's been working for Google for years...
As an internet user, retargeting is honestly one of my #1 targets. I find it super-creepy that some websites show me things based on other websites I visit, and I want a way to stop it.
Why? You visit say... kogan.com.au, they know what fridges you look at. That's intent to buy. You're cookied as #12412214. In the backend, that cookie ID is labeled as FridgeLover.
The next website you go to that has an ad slot, when the ad call is made, your anonymized information is submitted, and if the advertiser wins the bid, the advertiser shows you ads of fridges, because the advertiser remembers that cookie ID 12412214 is a FridgeLover.
It's anonymous (though significant efforts can be expended for less anonymity). And most importantly, it helps users recall products they've seen.
It is relevant to the user (fun bits: buy retargeted ads on competitor sites!)
"It's relevant" is not a good excuse. Using pieces of my email (like google) or my own friends (like facebook) is the result of that line of thought and extremely invasive and creepy.
Would you rather see ads for things that are completely irrelevant? Relevance requires data.
Edit: I do believe the user should have more control over what companies are allowed to retarget with an easy opt out mechanism implemented by every ad network as well as a way to limit the frequency. I've experience companies going WAY overboard on their retargeting and it feels stalker-ish.
I'd like things relevant to the site I'm currently visiting, not based on an attempt to construct a personalized profile of me specifically. The former is reasonable contextual advertising (you visit a sci-fi site, you get ads for sci-fi books), while the latter starts feeling like someone compiling an FBI file on my preferences.
Apart from the creepiness, it also helps me mentally compartmentalize and context-switch better, when the ads on a site are relevant to the site, rather than to some other site I may have visited in the past which is not what I'm currently trying to concentrate on. Now maybe that's the point: to throw me off my current train of thought by reminding me of some previous train of thought. I was previously planning a trip, but now I'm trying to research something else and trying not to think about that trip I have to plan, so I can get something else done in the next hour. But the advertiser thinks maybe reminding me of that trip would be a good idea, which is maybe even statistically justified, because I do have to plan it in the next week, and a significant amount of money will be spent. But that's so mentally invasive that it's what will probably drive me to finally install AdBlock.
It's like having your own personal Troll Clippy following you around whispering "oh interesting research, but remember that trip you have to plan? LOL I knew you would!" To get things done in a modern workplace that has pervasive use of the internet and pervasive distractions, you have to block out things that are relevant to your interests but not to the current task. And retargeting does not help with that.
I see your point but it's hardly an effective usage of resources.
In my experience, retargeting ads produce higher CTRs than generic ads. This means that a publisher is able to derive 2-10x more revenue from the same ad space if they used retargeting ads instead of contextual ads.
I agree that some level of self-regulation is in order. Users should have a way to control the level of retargeting they experience and from whom, but to remove the entire mechanism that enables retargeting will only hurt the web because ROI on ad dollars will be lower. Lower ROI = less being spent on online advertising. Less spent on ads = less revenue for publishers. Less revenue for publishers = less investment from publisher to drive more revenue, which will likely mean lower quantity and quality of content created.
DVR usage isn't actually that prevalent, even after a decade. Generally the preference is to watch stuff live, and live with the ads. Which is a big part of why the ground hasn't fallen out from under broadcasters like it did with newspapers, and TV ads are still the priciest (and arguably most effective, commanding your attention in a way that banner ads cannot) form of ads.
Many ad networks[1] do already provide an opt out mechanism. You look for a blue icon[2] in the corner of the ad, which if you click it should take you to an opt out page.
I dug a bit further, and also found this: http://www.aboutads.info/choices/ which purports to allow you to opt out from any or all of the participating companies from that page.
why is that creepy? Both websites are related through a retargeter. One sends the data over to the other. It's just like they were the same websites or same corporation. If you don't like this then you can avoid theses websites that sell/buy your information. Although that's a good chunk of the Internet. Just make sure you send private information to trusted sites only.
If you don't like being filmed in public and face-tracked everywhere you go, just don't ever leave home. Can you picture yourself saying that in 10 years?
You are not identifiable from an ad cookie AFAIK and the country I live in has laws preventing companies to abuse in collecting personal data (like IP address)
This is far from being on video. And a lot of places have cameras now in addition to people with phones and maybe Google Glass in the future?
The face tracking could work anonymously too, and we'd have laws "preventing abuse". When you enter a shop the sales girl already knows exactly what you want because you looked at it on a competitor's store. Video is just a means. It's exactly like retargeting, just using different data sources; we can't let this become acceptable.
It's more correct to say that the ways to opt out are esoteric.
And it's also disingenuous. If the default is opt-in (and that's never OK, regardless of your rationalisations) and opt-out is hidden somewhere on the 8th subpage of a company you've never heard of or will likely never know about without view-source. I can count on one finger the number of times I've seen the source of a targetted ad... the middle one.
Self-governance does not work when the power of technology is asymmetric. Whether it's cookies, spam or nuclear weapons, deterrence is the only effective solution.
One big creepy part is that people share computers. Used to be that someone could try to dig through your history if they wanted to (but most people didn't), but now some of your history gets pushed right to them.
I'm looking at you, Amazon banner ads that feature products I browsed recently. (This is lots of fun because I often use Amazon solely to get info on a product that I may have no intention at all of purchasing.)
Evercookies and analyzing TCP stack signatures are ok but banning third party cookies is like "using a cannon to shoot a mosquito"?!
> Privacy is simple ... Don't submit ...
No it's not: ad companies aren't asking, they are grabbing what they can get. When users say "no" (eg by using adblockers or disabling cookies), these companies ignore that and try to find ways around.
No. In my experience it's not the ad companies that ask for them. It's usually the advertiser (i.e. the people advertising) that ask for them. Market forces (i.e. the demand) means that technologies will be made available to them if they're willing to pay high enough a sum.
As for evercookies and TCP stack analysis, I'm pointing out that the technologies to do cookieless tracking is already being used. And I feel it's a bad move. I would rather have cookied tracking where it's easier to control things, than to have cookieless tracking where it is generally grey area'd and difficult to see what advertisers are doing.
the difference is it's the website you're using and enjoying that is demanding this extra information. it's what they get in return for giving something to you for "free"...
I find my cannon (RequestPolicy and NoScript) to be the right size weapon for the target I am aiming at, which I do not believe is the size of a mosquito.
why do you consider it evil? it seems like a great way to reach back out to someone who was potentially interested in your service. if all retargeting is doing is showing you ads from a website you already visited. How is that evil? Are babies dead because of it? Or perhaps do you remember that you like that website and eventually signup because you got the extra reminder... that is just called advertising and it's what powers/pays for most of the free web... not a big deal really... the minority can and does block these ads big deal..
If walked into my office to browse or came into my retail store to browse I think you are it might be interested - but really this is the Internet so it's neither a stalker or an brick and mortor store... You can choose to block third party cookies - If we make them off by default you lose that choice
Firefox is blocking all third-party cookies, just ones from domains the user has never visited. So third-party widgets like Disqus and Facebook should still work. I suspect this move will penalize smaller ad networks and consolidate power to big players, like Google and Facebook, that are visited by users.
Third party cookies are not banned, they are turned of by default. In the same way you are asking users to make active choices about their information, a change in default is asking ad companies to only track users that want targeted ads.
I constantly see people on HN commenting that they like targeted ads. Those should be your customers. I and others who do not want targeted ads should be left alone. We did not ask for your data to be sent to our machines. We did not ask for your code to be run on our machine. We did not ask to be tracked and sold just because we happened to read a website. We are not your target audience, so stop trying to force us in taking up defense against you. We should not be forced to turn of all cookies, have anti-spyware installed, and going through settings to enable no-tracking cookies.
The advertising industry really need to grow up and start focusing on customers that want their services. With all their current data about who click on ads, this should not be such a hard move forward.
do you have more details about how to use "TCP stack signatures"... is that like using SYN Cookies? Keeping track of the opening packet request and associating it back to a user via a real cookie maybe?
Sorry, this is a good thing and it makes the web better.
Advertisers have been abusing users for years and it just keeps getting worse. Local Shared Objects (Flash Cookies) are only one example. Facebook's attempt at the Beacon project was another.
I blocked third party cookies in Chrome for awhile and finally gave up. It broke a surprising number of things, particularly Disqus embeds. Also the Instapaper bookmarklet although I admit that's a nerdy special case. Hopefully Firefox will have a way to let the user enable the few places where third party cookies are desired. That's a hard user interaction to get right.
Hopefully Firefox will have a way to let the user enable the few places where third party cookies are desired
They do. The title of the bug is "Block cookies from sites I haven't visited" and the blog post[1] explains that any site with 1st party cookies can set 3rd party cookies on other sites. Apparently this is how Safari works too.
This is the same behaviour as Safari has had by default for years. App developers that depend on 3rd-party cookies should in general already have the work-arounds in place to support Firefox 22 assuming they already support Safari.
To get sites like Disqus working while blocking third party cookies, just set an exception. I set exceptions for sites like google.com, disqus.com and evernote.com
Same here. I've been blocking third-party cookies in Chrome since the option was available, and have built up a list of exceptions that I'm comfortable with. I don't think it's reasonable that your average user would be able to figure that out though. Usually, it's not obvious at all that third-party cookie blocking is even responsible for feature breakage in the first place.
No extension necessary. Just open chrome://settings/content and check the "block third party cookies" option. Anytime you navigate to a page with blocked 3rd party cookies, a cookie with an X will show in the address bar. Clicking it will let you add an exception.
Blocking 3rd party cookies breaks surprisingly few things. Sure, a few services might not work but you can add exceptions if you want to use them. Overall it has almost no negative impact on your web experience.
You can use stuff like Ghostery or WidgetBlock, and they have options where you can specifically allow Disqus. I've still ran into some blocked pages early on, but after figuring out what was wrong, and allowing that stuff, now I rarely have any problems and I still block 90% of the rest.
For those about to bemoan the breaking of things like Google Analytics: this patch only blocks third party cookies from domains that the user has never visited before. Since 99% of your visitors will have visited google.com, your Analytics should continue to function even after this update.
They could theoretically do both by having the JS on the page set one cookie on the host domain and having the server response set one on the GA domain. I don't believe they do, however.
Shameless self mention: Chartbeat does not do this either.
Wouldn't that count as a third-party cookie? It depends on whether "third party" is defined as "third party from the server response" or "third party from the domain of the loaded page".
Excellent. Now we need to block third party javascript and then we have a chance at a more secure web. After all, any third party javascript could be done by an underwater call between the server and the provider of the service.
It would establish the web as a safe and secure platform, and I think that's in the best interest of the web.
To hell with your personal ambition to underhandedly monetize other people's users.
EDIT: I changed my statement from 'monetize your users' to specify 'other users' as that more accurately reflects the impact of Mozilla's change. Third-party cookies are used for tracking users that aren't yours.
Striving to maximize revenue is great. However, I don't see this particular issue as black and white as you present it. This will certainly make some websites less profitable, but I doubt that it would bring an end to the free web. In fact, aren't there are other ways to do retargeting?
Given Google's relationship with Mozilla, if this move would negatively impact Google, i would be very surprised to see it happen.
You are correct, it won't affect the omnipresent Google because virtually everyone has visited their domain at some point. This will target alternatives to Google, leaving us with one company to do effective advertising.
How is this in the interests of the end user is beyond me, really.
There is plenty of third party javascript that is not at all predatory. Pretty much all analytics services, Olark and other similar customer outreach services, A/B testing suites. There is far more of a push to create new more secure avenues for third party js (namely cors and websockets) to exist than there are efforts to eliminate it.
I'm curious how this change will effect services like optimizely that rely on third party cookies to prevent tests being run on the same users multiple times.
I don't actually think this policy will have the desired effect of improving privacy and similar.
While I do think advertisers and analytics abuse third-party cookies, they also have a dozen other things they can switch to that the browser provides fewer facilities to control: http://samy.pl/evercookie/
Meanwhile, any legitimate services that rely on third-party cookies would have little choice but to switch to whatever mechanism the advertisers switch to, to remain functional.
I agree, I think it is just a small escalation in the arms race.
Personally, I'd rather have tools that pollute the data being collected rather than just blocking it. Imagine a firefox add-on that keeps entirely seperate "cookie jars" based on referrer. So if you visited 100 different websites you would have a 100 different cookies for any particular advertising network, each one unique to the specific website you were looking at.
This is awesome. I have had third-party cookies disabled in Chrome for a long time now, and I rarely experienced any issues with embeds (Disqus being the noteworthy exception).
While Idespise third-party tracking embeds in general, they have gained significant traction on the web (the worst offender is of course Facebook). Since many people think site owners cannot be blamed for that (I think they can), blocking third-party cookies to me is the next best thing for the end user. Also, it's just intuitive to me; when I visit a shop, and I identify myself to the clerk, why should I automatically identify to all bystanders in the shop?
With so many APIs in use, integrations, etc, there will be the potential for a lot of broken stuff. And many non-tech users won't understand why some sites suddenly stopped working. It will just present more challenges for developers of good apps that users want, in order to stop one set of specific behaviors that they do not want.
But advertisers won't just go home. They will find other ways to reach people with possibly more obnoxious and/or invasive tactics.
Reminds me of the spam problem. With all of the spam "solutions" and policies in place, it is now much harder than it should be for legit businesses to send emails to customers who've requested them. Yet spammers are still doing their thing with impunity.
That's actually a pretty elegant solution to the issues that most of Firefox's userbase would encounter if all third-party cookies were blocked (e.g. not being able to log in with or share via their Twitter and Facebooks accounts). How often do real users, particularly the ones who are unaware that cross-site tracking is even going on, visit domains like doubleclick.net or googleads.g.doubleclick.net?
For comparison, I block third-party cookies in Chrome and doubt that most users would be able to navigate the process of understanding when that breaks features on sites and then resolving the issue by selectively allowing the impacted domains. So, I think that's a positive feature in Firefox's (soon-to-be) implementation.
I don't like this, beyond the discussion if 3rd party cookies are good or bad, these measures are always for the worst.
Not long ago IE set DoNotTrack by default. What happened? Every single company that respected the user decision for DoNotTrack, stopped doing so since it wasn't the user, but a browser the one who decided that.
Long story short: All the effort done with DoNotTrack was wasted.
With this story, cookie tracking is far from perfection. It might be great for ad companies, might me useful for retailers and might be creepy for some users, but IMO is the safest way there's to date to keep the equilibrium. There are choices to be protected from cookie tracking and there's plenty of information.
etags, png image, something about tcp stack tracking... there are work arounds and there will be more workarounds... blocking cookies is stupid... they are part of the web
Per links on Duckduckgo, i installed FF plugins: noScript, privacyFix, doNotTrackMe, HTTPS everywhere, adBlock. Now maybe 5-8% of sites i visit show no content whatsoever, and maybe 1/3 of all sites total are broken. For those, Chrome
this is short cited. we don't even know or can imagine the type of interesting applications we are eliminating by saying no to third party cookies. I remember building a reservation widget that loaded via an iframe on a third party domain. Perhaps we would want to maintain some of the reservation history on the users browser (e.g. third party cookie). I believe this would still work, but as we continue to focus only on the use case of advertising and blocking re-marketing ads... we should remember there are other legit use cases for third party cookies.
Cookies aren't in the HTTP specification. RFC 2109, published a year after Netscape and then IE began accepting cookies, recommended that browsers block all third-party cookies.
Sure there are ways of cookieless retargeting, but it is a hassle. I mean, everyone's heard of Samy's Evercookie right? Then there are TCP stack signatures, and other companies like a few European DSPs that use cookieless tracking to track a person (IMO it's quite easy to use a GET pixel to actually capture a person's TCP stack).
You can use 3rd party cookies for good and evil. For example, for my personal project, Fork the Cookbook (http://forkthecookbook.com) I'm working on using pixel drops to track how many people fork recipes from embedded recipes (how else would one measure success of an idea). Most analytics softwares like Google Analytics uses 3rd party cookies.
I'm not too sure about evil uses of 3rd party cookies. I do not consider retargeting to be evil. Other stuff like tracking browsing history can be done but it is extremely inefficient, and does not really return much for the amount of time and effort invested into it.
What about PII you ask? Start with drop sites, where people willingly submit their personally identifiable information, and then it's up to the DMPs to actually correlate the data, which can then be used as ad targeting information. As far as I can tell, even with the big hoohaa over companies like Rapleaf, the truth of the matter is that it's very very inefficient so far.
Privacy is simple IMO. Don't submit your information to websites that ask for anything more than what is needed. Banning third party cookies is like using a cannon to shoot a mosquito.