I remember coming across the 3rd party cookie restrictions on Safari. I was setting a cookie inside of an iframe for its own domain since it was for internal state tracking for a check-in style button, not trying to set on the iframe's parent page or anything like that. Imagine my surprise when I discovered Safari even blocks 3rd party domains from setting cookies in iframes for their own domains.
For a moment at first, I was kind of frustrated. Then I thought about it and really, really was happy Safari was doing that. It might be causing me a little headache, but its also stopping lots of ad trackers right in their tracks.
This is something I wish all browsers would start doing.
It doesn't break them. Safari doesn't accept cookies from across domains (by default). Safari still sends cookies to iframes across domains.
Even if Safari blocked sending cookies to other domains, it would still be possible for both commenting and the like buttons to work. On a low-tech level, rather than working by Ajax (which is how I assume they work - I haven't actually used them), they would work as a standard link or form to Facebook's site. Once not in the iframe and on Facebook's site, it would realize that you were logged in and rather than asking you for your email and password would record the like or comment. In fact, when you try to press a like button not logged in, a small window pops up asking for your email/pass so that it can log you in and do just that. It's easy to imagine that the window would pop up, offer a little "thank you for your comment" confirmation with a close button.
Facebook could also decide that it wanted to use Flash cookies which would work if Safari blocked sending cookies to other domains. Safari isn't in control of whether Flash is loaded in an iframe and a Flash cookie is requested from another domain. This is part of the reason why it's more significant on the iOS platform. Advertisers do use Flash a lot and that usage can be used to set a Flash cookie that the browser doesn't control and Flash doesn't have a setting to disallow Flash cookies from sites you don't visit.
This caused a bunch of headaches at Vimeo while working on our iframe embed code a couple months back. If I remember correctly Safari (and now I believe Chrome 10) will not send cookies in iframe POSTs unless a user specifically navigates in that iframe. So for example clicking the "like" button in a Vimeo video wouldn't work right away. There is a workaround: you programmatically fake a POST right away, and the second POST works because the user has interacted with it.
This might be a nice "headache" for marketers, but there are legit uses. As a developer I'd prefer if browsers were consistent in their default handling of cookies.
Perhaps you guys should have taken this as a sign that Vimeo relys way too much on cookies. You can't even search the site if you don't accept cookies, no other site I've used fails that way.
I've found it mostly useless, sure I've visited these websites I'm getting ads for everywhere but I already know the company exists and I'm basically just getting a "we exist!" type ad.
An example would be hipmunk, I think they would probably be much better placed try to use banners that offer deals through retargeting. I already know they exist and have been to the site, the ad that I now see because of that doesn't give me any further information.
I love watching people complain about how this should've been going on since the dawn of time. You all do realize that this is, sadly, somewhat important, right?
This is a huge industry that makes incredible amounts of money year over year. You can't endorse fistfuls of free products with no clear revenue stream and then complain about the efforts of an industry that actually handles some revenue generation off of said products.
Apple, at least in the realm of Mobile, is pretty awesome in this regard: by having a model where things have the expectancy of charging you up front, they can safely say "fuck you" to advertisers/marketers like this. More companies should realize this and run along the same tracks.
Honest question-is there really any decent uses for 3rd-party cookies that I, a fairly technically savvy internet user, might benefit from? (and I don't consider "more targeted ads" to be a benefit) Ive had 3rd party cookies disabled in my primary browsers for a while without any seemingly meaningful loss of functionality.
Then it should be shown in the context of being an interesting link. I would ask also, when was the last time an ad was interesting to you? Was something in a popup, interstitial, popover, popunder, popdown, sidebar link, video preroll or post roll or inserted promo actually interesting? Was it something that you purposely clicked to find out more?
Display ads have very low click-through, yet that hasn't stopped advertisers from breaking new records in terms of $$ spent. Research shows there is a subset of internet users that click on stuff all the time- 80% of clicks are from 10% of users (that's after filtering out click fraud etc).
Beyond click-thru (which is what most web app developers will focus on), display ads/paid search serve the important function of an awareness vehicle for brands - which is what the major advertisers care about more than click-thru anyway.
But a hyper targeted ad is not a useful link, it is a potentially useful link that is guaranteed to be extremely biased.
If you search for "cheap haircuts, boston" do you think the ads show the cheapest place to get haircuts (which is what you want)? Or the one that paid google the most (which is what they want)?
I don't understand why people hate ads so much when it makes so many products available for free. I know many would gladly pay but its not realistic to pay for every site and every service.
Think about the forums you visit once because it had an answer to a question you googled. Now imagine if that site wasn't able to make money off ads it served you. Chances are it couldn't exist.
Ad tracking is good for the community because it helps the sites we use everyday make more money. I want those sites to make money so they will continue to exist. If we use a site, the operator of the site should make money.
There must be a certain sweet spot between tracking a user's browser history and having zero targeting in advertising. A niche community or site has things simple -- they need to get direct advertising from businesses in their field. A more generic web service (like Facebook) could use only the data a user explicitly provides on their profile. A site with wide ranges of content could use contextual advertising. All of these options only use data that's already available on a company's servers, and do not require tapping into browser histories through tracking cookies. The main problem with tracking is its implicit nature -- most people don't realize just how much their browsing history reveals about them, but they do understand the information they explicitly reveal on Facebook or Twitter.
I don't buy it. You act like things didn't exist before internet advertising. Usenet and forums existed and thrived for a long time before people started trying to show ads. I couldn't care less if the whole internet ad based economy caves in on itself (not that I think it ever would--advertisers will always find a way). We'd be left with people doing stuff for the sake of doing it and that won't be a bad place. Possibly not as polished, but I'll get over that.
I'd be surprised if the ad companies aren't already giving the publishers who run their ad units a script that allows data to be tracked through it "locally" and which then proxies to/from the ad company. A minor headache but probably worth it for them.
It's sad that Safari does this, especially considering there's a work around using POST: https://gist.github.com/586182 -- it translates to complexity and has performance hit, and doesn't actually add security.
Rather than allowing it because of this, wouldn't it be better to remove this method. I kind of like the balance without the 3rd party cookies, I can write a 3rd party script that people include on there website which stores cookies on their own domain. From the point of view of a single website this is good, from the point of view of a network of websites and those that want to advertise on all of them I guess it is bad. Can always base things off IP, not as good but a similar effect.
Don't imagine for a second that a browser policy change like this would do anything but increase the value and use of cookieless tracking by content delivery networks.
Well its really only from an advertising perspective, the advertiser and the network. From the end users perspective they get the choice, if they really want targeted ads they can always turn the third party cookies on.
Target the ad based on the site the user is visiting, not on trying to violate the user's privacy. On a site to do with cars, show car ads. On a site to do with Dell, show Dell ads.
It's not frickin' rocket surgery.
If no one has a site relevant to your ads, there's your hint that no one wants your service/product. If you believe that I'm wrong... start one. Make a site relevant to that interest, and then you can on-sell your product. Build/find the community that believes in the same stuff you do, and engage them.
For a moment at first, I was kind of frustrated. Then I thought about it and really, really was happy Safari was doing that. It might be causing me a little headache, but its also stopping lots of ad trackers right in their tracks.
This is something I wish all browsers would start doing.