[thw0rted]

Just to be totally clear, this is how tracking cookies work everywhere. The site you visit includes an iframe with an ID "X" that identifies itself, the iframe loads `trackingsite.com?id=X`, the request includes your cookies for that domain (or at least the ones that are allowed for an iframe request), now `trackingsite.com` logs a visit to Site X from the user holding Cookie Y.

There's a fundamental conflict between privacy and convenience, because I have to either allow no third-party cookies, which means no one can embed any authenticated content from a third-party context (think Disqus comments on a blog), or I have to allow third-party tracking. The middle ground -- allowing some third-party cookies but not others -- is a UX nightmare. Just trying to explain the situation to an average user, at all, is nearly impossible, much less interrupting every visit to every site with "Can I use cookies from {site 2} here? How about {site 3,4,5...112}?".