Hacker News new | ask | show | jobs
by JohnFen 666 days ago
That seems the obvious result of this sort of thing.

> Related Website Sets (RWS) is a way for a company to declare relationships among sites, so that browsers allow limited third-party cookie access for specific purposes.

So the website itself gets to declare other "blessed" domains that can bypass third party cookie blocks? Big websites are constantly looking for ways to abuse users by bypassing their attempts at protecting themselves. How would anyone think these sites can be trusted not to abuse this?
2 comments
jahewson 666 days ago
No, the website itself does not get to declare this. There’s a master list that they have to submit their site to and go through an approval process.

But as the article details, the contents of that preliminary list is already disconcerting. The whole “Google as the arbiter of all things ads” concept is a bust.

But the alternative isn’t great either - today’s system of third party cookies allows for far worse. We need some better ideas.

link
JohnFen 666 days ago
> There’s a master list that they have to submit their site to and go through an approval process.

How is that not the website declaring it? Approval processes are meaningless.

> today’s system of third party cookies allows for far worse.

That's why I want zero third party cookies.

link
ddtaylor 665 days ago
> How is that not the website declaring it? Approval processes are meaningless.

Submitting your website to a list controlled by some arbitrary website on the Internet is very much different from serving some kind of metadata to visitors that their browsers interpret.

Also the approval process existing does matter. Under a normal situation when you serve some kind of metadata (like what sites you are "related" to) there is no "approval" process to who gets to serve this kind of metadata and who doesn't.

The tools to do this the right way exist in so many different ways.

link
JohnFen 664 days ago
> is very much different from serving some kind of metadata to visitors that their browsers interpret.

Absolutely, but I wasn't positing some kind of metadata.

> Also the approval process existing does matter.

It can matter, but it often does not. I don't expect it to matter here because the big web players will not be denied their preferences.

link
klabb3 666 days ago
> There’s a master list that they have to submit their site to and go through an approval process.

Wtf, seriously? I skimmed the post and honestly didn’t think RWS was so bad, assuming that obviously it would be decentralized. A centralized list that Google (or some shell consortium) controls is the biggest no-no. Decades of erosion of web principles have clearly made us complacent.

link
HnUser12 666 days ago
I don’t know too much about this but I’m curious if what I saw recently on safari is similar? When visiting related Microsoft websites, I got a pop up asking permission to share the cookie for login. I was up to me to approve or reject that request. Seems like a better implementation.
link