[urda]

... what the hell did I just read. Let me correct the record so those that end up here don't actually buy into this.

> Not all cookies are used for tracking.

No, but third-party cookies are basically used for tracking. A legitimate site does not depend on a third-party cookie to handle features or login. At all, full stop no ifs, ands, or buts.

> Be prepared to start losing your settings in web apps or being logged out after 24 hours if you use Safari.

Again, not going to happen because those are not associated with third-party cookies.

> They're deliberately trying to hold back web technology so that people will be forced to create and use native apps instead.

God no, or there would be no icloud.com, online shopping app, or their other web offerings. There is no conspiracy or holding back, this is purely to protect the user.

> I say this as a die-hard MacBook user.

Then you should be prepared with more research and have your homework done ahead of time on this matter. This is all nonsense and just false.

[Doctor_Fegg]

> A legitimate site does not depend on a third-party cookie to handle features or login. At all

Sites which use Disqus, or similar, for comments.

I hate Disqus with a passion and wish horrible flaming death upon it, and am actually quite pleased that this will break it. But nonetheless it's a "legit" use of third-party cookies to provide a feature (remembering login on an embedded commenting engine).

[pas]

You can do it with IFRAME and postMessage communication. (Have the internal IFRAME send out resize data, and that's all you need to handle from the host page.)

http://benalman.com/code/projects/jquery-postmessage/example...

[dangayle]

As a newspaper developer, let me tell you, a horrible flaming death isn't good enough for it.

[dredmorbius]

The Mozilla comments system recently discussed on HN is a clear alternative.

https://news.ycombinator.com/item?id=15232147

[quiteawhile]

>I hate Disqus with a passion and wish horrible flaming death upon it

I mostly just ignore it, why do you hate it with such intensity? hahah

[bochoh]

> Not all cookies are used for tracking. No, but third-party cookies are basically used for tracking. A legitimate site does not depend on a third-party cookie to handle features or login. At all, full stop no ifs, ands, or buts.

I'd point out that in the case of DocuSign signing sessions powered by iframes that without being able to set this third party cookie prevents the session from loading. Probably the only use case of a third party cookie being useful that I can think of.

[pas]

Aren't the site in the iframe uses its own cookie? (So it doesn't count as 3rd party, no?)

[nevon]

That's not how it works. Even if you're setting the cookie on your own domain, if you're embedding your site in an iframe on a different domain, you won't be able to read your own cookies from within the iframe after this change.

[pas]

Oh! Could you show the relevant post/source from webkit for this?

After reading the webkit blog post on ITP I had no idea they changed this, but yeah, they are probably going to anyway if haven't yet. Otherwise it'd be too easy game this.

[nevon]

Well, that's how cookies in iframes have always worked. The only difference is that these changes explained in the blog post you mentioned means that since you never interact with the domain in a first-party context, you won't be able to read the cookies while in a third-party context. See the heading "Actions Taken After Classification" in https://webkit.org/blog/7675/intelligent-tracking-prevention...