Key thing is really to disallow third party cookies, as that (among other things) is what is being used to track you by all the advertisers, spammers, Facebookers and so on out there.
Problem with that is the surprisingly large number of legitimate sites that break without third-party cookies. Things like when verizon.com has an element from verizononline.com, which sets a login cookie that verizononline.com expects to read. "Shun brokenly-coded sites" is not an option for something as vital as paying my phone bill.
I'd love an option to accept third-party cookies but delete them on browser exit, while retaining legitimate first-party cookies as usual. Does any of the major browsers have that?
An alternative to third party cookies for login sites is to do a fast forward redirect through the main site for the login and then back again to the destination.
If done properly the user will barely notice or care and it's certainly less invasive than forcing 3rd party cookies to be used.
what will the response to this be? Could the site host set a cookie that then (from the server) is read and the content reported directly to the advertiser?
Sure. But a third-party cookie does more than track your activities on the site that gave it to you. If you get a DoubleClick cookie, then DoubleClick will be able to track you on every site that runs DoubleClick ads. Ie., they'll be able to tell that the same computer is hitting all these sites. This lets them target ads to you based on your whole history across all DoubleClick-serving sites, and to market your profile to their customers.
Certainly - I have been waiting for that kind of thing for a long time. Probably it already exists. However, it would be considerably more difficult to integrate into existing web sites.
I'd love an option to accept third-party cookies but delete them on browser exit, while retaining legitimate first-party cookies as usual. Does any of the major browsers have that?