How to succeed without 3rd party cookies?

This blog was previously about not-tracking cookies; this post, however, is about why third-party cookies are a bad thing and a bad idea, and how to succeed without them.

Why I’m against cookies?

I’m really concerned about cookies. This is not because of any particular product I use, or anything like that. It’s a very simple reason. In our lives, we have a lot of things on our minds. We want to get things done. We want to remember things, and we want to remember them well. We also want to have the best tools to accomplish these things. That’s part of what makes a product like a web browser so powerful. We use it for everything. Most people have many more things on their minds and more on their plates than they could ever use a web browser for. This leads to a lot of ‘leaking’ problems. When we use a web browser, we want to get things done without leaking the details of what we’re doing. For this, we need to create little ‘cookies’ that only we can read (and write, and delete). We can’t do this with a third-party cookie, because the cookie has been written on behalf of another user. This is the simple reason I have a problem with third-party cookies, and why they’re not compatible with the way we use web browsers today. There is a bigger picture here, but we’ll get to it.

The two options for preventing third-party cookies: You have a choice of one of two options, or a mix of the two.

The first option is to use an extension that completely blocks third-party cookies. While this is easy to do, many users would be unhappy if they ever started their web browser and did not find the extension loaded. To prevent this, the extension needs to have a way to notify the user about the missing content. For most users, this would be a bad experience. The best place for this notification is to provide an icon for the missing content at the top of the browser. This can be a link to an article, a help link, a search box, a link to the settings page, or whatever.

The second option is to create a way for a user to opt out of third-party cookies. This lets the user specify that he/she will never use the web browser for a specific domain or set of domains, without having to worry about missing content or extensions. This is a more elegant solution, and one that I think is more common for users today. I’m sure there are plenty of people who will not opt-in for third-party cookies.

The simple reason that we don’t use the second solution more often is that it’s very complicated. The process requires action on a user’s part. It needs to be simple to make it easy for a user to opt-in. In contrast, the first option needs to be done for every domain, every time a user opens the web browser. This can be done as a process that occurs when a user starts the browser and can be done without user interaction. While the first method is simpler, we should give more weight to what is more common: users want to be able to disable third-party cookies, without feeling like they are in control of it.

In the next post of this series, I will talk about what to do with your extensions that track and use your data. You will find out why privacy matters, and how that influences the design of the extension. And you will also discover that your data should not be tracked by extensions.