Hacker News new | ask | show | jobs
by threeseed 682 days ago
Firefox like Chrome still allows long-lived i.e. 400 days first party cookies.

This is being abused by advertisers to track you across the web.

If they do care about privacy it would be good for them to copy Safari and make this 7 days.
2 comments
cpeterso 682 days ago
Does a 7 day expiration matter if the tracker can just set new cookies with new 7 day expiration dates as it tracks you?

Also, Firefox partitions cookies by site (aka Total Cookie Protection), so first-party facebook.com cookies, cross-site facebook.com cookies on example.com, and cross-site facebook.com cookies on example.net all get separate cookie jars.

https://blog.mozilla.org/security/2021/02/23/total-cookie-pr...

link
threeseed 682 days ago
Total Cookie Protection is a completely useless feature.

Advertising industry has been moving to first party cookies ever since Apple implemented ITP.

link
yjftsjthsd-h 682 days ago
> If they do care about privacy it would be good for them to copy Safari and make this 7 days.

If I get logged out of every website on a weekly basis I'm going to be annoyed.

> This is being abused by advertisers to track you across the web.

How do they use first party cookies to track you?

link
davidfischer 682 days ago
There's a few ways first party cookies can track you. Probably the biggest single way is Google Analytics which by default uses only first party cookies. Even without cookies at all, GA could track you across the web although first party cookies do make this a little easier and "better". However, first party cookies can help trackers in other ways like for CNAME cloaking[1] which basically makes a first-party cookie function similarly to a third-party one.

Disclosure: I work for a small privacy focused ad company.

[1] https://webkit.org/blog/11338/cname-cloaking-and-bounce-trac...

link
threeseed 682 days ago
> If I get logged out of every website on a weekly basis I'm going to be annoyed.

Then those websites should move to Passkeys.

> How do they use first party cookies to track you?

Because Meta and Google allows websites to submit advertising data to them server side using a self-hosted JS file which sets the first party cookies on your behalf.

link
yjftsjthsd-h 681 days ago
> Because Meta and Google allows websites to submit advertising data to them server side using a self-hosted JS

How does ex. 7d expiration help with that?

link
majorchord 682 days ago
> How do they use first party cookies to track you?

domain fronting

link