[icebraining]

> and they combine the cookie ids.

And how do they do that? The "advantage" of third-party tracking is that a cookie set by the analytics service on site A gets sent back when the user goes to site B and C and D (etc).

Without that, they have to somehow figure out that user 34 on site A is the same as user 95 on site B. That's often possible, but much less reliable.

[puffy_magicdrgn]

I assumed the grandparent meant how do "you" track across your own properties..

For the likes of google and co, I wouldn't be surprised if we start seeing more ad companies requiring you to send some other PII via the api so they can turn a random tracking ID into an email address or whatever though.

The same user on a.com and b.com get different ID's, but a.com and b.com both send data to tracker.com which maps that ID to an email address and then tracker.com can easily combine 'em. Not sure it's legal to do so, when I was working in this space we were quite forbidden from mixing up tracking information from various properties

[chkuendig]

No, I meant across different properties of different publishers. I assume that's still only possible with browser fingerprinting, IPs etc.

So blocking third-party cookies is a good start to avoid tracking across different publishers (which is the big no-no for me, the fact that a single publisher knows what i read of his is not such a big issue and not that different to what has always been done by just crawling the ht_access logs...)

[londons_explore]

Site B has an iframe back to site A and the 'user 34' cookie can still be read.

All these protections only prevent setting cookies, not reading them again.

[icebraining]

It does prevent them from reading too: "Domains classified as trackers are not able to access or set cookies, local storage, and other site data when loaded in a third-party context." (emphasis mine)

https://blog.mozilla.org/security/2018/10/23/firefox-63-lets...

[cphoover]

Browser fingerprinting?

How do you defeat that? If people want to track... they will track.

[tetraca]

Throw away your browser and renounce all web technologies made after November of 1995.

[cphoover]

Disable Javascript!

[cphoover]

I remember when people used to believe Progressive Enhancement meant works without JS... no longer.