Firefox Puts the Nix on Third Party Cookies

[Arctic Fox]

smallbusiness.yahoo.com/advisor/firefox-puts-nix-third-party-cookies-means-call-190014772.html

"Third party cookies are small scripts placed on the hard drive of your computer by—you guessed it—a third party. If you’re visiting Domain A, and Domain B is advertising on Domain A, Domain B can place cookies on your hard drive that follow you onto other sites so that you continue to see their advertisements. Third party cookies allow businesses to track users’ online behavior and use it to advertise to the user. First party cookies perform the same functions, but they are generated by Domain A and will not track the user’s activity onto other websites (domains)."

I've installed Ghostery for this.

[jscheuer1]

Cookies - regardless of where they come from are not scripts, only text data. Scripts on the server can use the data in cookies to track you. Cookies from the site you are visiting can and often are used for this as well. It's not limited to third party cookies.

So, essentially that quote is wrong.

Most browsers allow you to configure whether or not to accept cookies and also whether or not to allow cookies from sources other than the sites you are visiting (third party cookies). So no additional software should be required.

However, depending upon the browser and your familiarity with it, it might be easier to use an add on program to regulate cookies. Just make sure that add on is trustworthy. Having access to your cookies, it could send sensitive data (passwords, account numbers, etc.) to a hacker's or phisher's server.

[traq]

As you might imagine from reading John's reply, it's important to understand what cookies are and how they work before jumping to conclusions.

(I've removed the "hot" link from the original post. If anyone wants to read the article, that's fine, of course; be advised that it's misleading in several parts and flat-out wrong in others.)

As John says, "cookies" are text files (though nowadays browsers usually store them in a database), nothing more. They are not "scripts," "viruses," "plug-ins," "malware," "executables," "apps," or anything like. Your browser will provide cookies to their matching domains when you make an HTTP request to them.

For example, Facebook gives you a cookie, which sits in your browser doing nothing until you return to Facebook. However, at some point, you'll visit some other site that has a Facebook "Like" button on it. That button is generated via a script the the site owner placed there. It's hosted on Facebook, so when your browser requests it, that Facebook cookie will go along with it. As a result, Facebook knows what sites you visit and may have a general idea of what you do there. Note, however, that the cookie itself is still doing nothing - it hasn't collected any information while it was sitting on your hard drive; neither has it opened any lines of communication between you and Facebook. The website you're visiting decided to give Facebook access to its visitors, and Facebook is doing something based on the fact that it got the cookie back from you.

What makes a cookie "third-party" is that it doesn't "belong" to the actual site you're visiting - it comes to you via an advertisement, iframe, script call, even an image that is hosted on a domain other than the one you typed into your address bar. In my example above, the Facebook cookie (since you actually received it from a visit to facebook.com) was actually a first-party cookie until you visited the site with the "Like" button.

And as John pointed out, almost all modern browsers have settings to control how such cookies are handled.
The "off-by-default" behavior is all that's new here; but I agree that it is A Good Thing.

[james438]

This is a bit off topic, but I have to say that it is amazing to see you back Arctic Fox as you are one of the absolute very first members on this site and quite possibly the oldest active member on the site outside of ddadmin. Welcome back!