190: The cookie is not going away

10 months ago
9

The trick is to distinguish 1st and 3rd party cookies.

We keep hearing that cookies are going away, but that’s not quite true. Third party cookies are supposedly on their way out, although the process has taken longer than anticipated.

The difference has to do with domains.

But first, what is a cookie?

A cookie is just a small text file that a website writes to your web browser. They’re necessary to maintain state, which I’ll explain in a moment.

The internet is built on anonymous connections. If I visit a website, my web browser makes an anonymous request for the items on that page. The server for that website returns those items – usually that’s html code, javascript, and images – so my browser can display the page. If I view a second page, the website doesn’t know that’s still me. It’s just another anonymous connection.

I’m skipping over something called browser fingerprinting, which makes this discussion a little more complicated, but for now let’s leave it at that. Every connection is anonymous.

Cookies solve that. By writing a cookie to your browser, the website can maintain state between different requests. It works like this. I visit the website for the first time – that means, of course, that my browser, like Chrome, or Edge, makes a request for a page. The web server looks to see if I have a cookie for that site. If I don’t, it writes one.

After my first visit, the cookie probably just has a unique ID. The website can now track the behavior of all the requests made from that browser with that ID. That’s useful for analytics and such. If I were to login to the site, the cookie becomes the way the website recognizes me from page to page. Without the cookie, I’d have to login every time.

What I’m discussing right now is a first-party cookie. That means the cookie is for the website that I’m currently visiting.

To illustrate how this works, imagine I visit the site examplewebsite.com. Once I’m on the site, I can look in my browser to see which cookies have been written.

Let’s assume there are two cookies. The first is from examplewebsite.com. That’s a first-party cookie because that’s the site I’m on. There’s also one from (I’m just making this up) webadvertising.com. That’s a third-party cookie because I’m not on that page.

The purpose of that third-party cookie is to track my behavior across multiple different websites. That would typically be somebody like doubleclick (which is Google) or Facebook. They track what you’re doing on any site that includes that 3rd party cookie.

Why are 3rd party cookies going away? The nice spin on that story is that it strengthens privacy. People don’t want to be tracked.

The truth is this is a ploy by the big tech companies to solidify their control over advertising. They’ll cut off the 3rd party cookie, and thereby hurt competitors, but they’ll find another way to track you.

Don’t think for a minute that they care about privacy. Your personal data is the currency they use to run their businesses.

Loading 2 comments...