FIRST-PARTY
foo.com bar.foo.com foo.bar.foo.com
THIRD-PARTY
doubleclick.net webtrendslive.com foo.112.2o7.net
JavaScript HTTP header response
First-party
Third-party
New Firefox default is to block third-party cookies
Safari has done this for a while Detail:
Blocks setting cookies from third-party domains that have no existing cookies set as first-party
i.e., Facebook will still be able to track you
Reliably(*) track the shared audience between separate domains
foo.com
ooo.combar.com
* Except Safari
Google Analytics uses first-party cookies exclusively
Passes cookie ID between domains only when users click from one to the other
Can’t reliably measure audience overlap
Web analytics vendors need to find a solution Data brokers are screwed Small publishers will lose data-enhanced ad
revenue
Moving to HTML5 localStorage late this week Interesting side effect:
localStorage is isolated by scheme + hostname + port (HTML5 Origin)
Not really a problem though
See: http://htmlui.com/blog/2011-08-23-5-obscure-facts-about-html5-localstorage.html
If the domain already has cookies, it can set them third-party Facebook will be fine Google will be fine Fairfax, News will problably be fine Web analytics can probably find a workable
solution
Iframe hack: Google got caught using this Browser fingerprinting Bounce users through your domains? iJento
do this HTML5 localStorage
Vendors:
David Jordine @Adobe
Mark Allison @WebTrends
Sauli Happonen @Nielsen
Chaoming Li NarbehYousefian