Email or username:

Password:

Forgot your password?
Technical Architecture Group

In 2023, we published a finding encouraging the deprecation of third party cookies, and the development of new technologies that can replace their functionality. Today, we’re issuing an updated version of that finding to further clarify our position: third-party cookies are harmful to the web and must be removed. w3.org/2001/tag/doc/web-withou
@torgo

10 comments
Oliver Hunt

@tag @torgo But won't someone think of the advertising resellers and surveillance industry?

Jack William Bell

@tag @torgo

So long as 3p cookies are not replaced with something local I can't turn off when it turns out it can be gamed.

I would like to see any 'new technologies' live entirely on the server side.

sofia ☮️🏴

@tag @torgo seems like you're a little late to that party.

how about deprecating automatically accepting cookies and having them opt-in instead? GDPR says cookies should be consented to, but without browsers actually rejecting cookies by default, we invited this whole dark pattern garbage and websites that just refuse to load without LocalStorage.

Don Marti

@sofia @tag @torgo

GDPR says you need informed consent, and there are not that many people worldwide who understand cookie-based business models and data flows well enough to consent (I have been following this stuff for years and still am not informed enough to give informed consent for many/most of the cookies on a random site) Maybe the top posters on Reddit's r/adops and some privacy researchers know enough to consent if they chose to?

sofia ☮️🏴

@dmarti i'm not sure what consclusion you try to draw from this.

should my ability to buy food depend on me understanding the entire supply chain, because else i could not "really consent" to it?

@tag @torgo

Don Marti

@sofia @tag @torgo consent is required for processing your personal info, most normal transactions don't have to have it

Claus Cramon Houmann

@tag @torgo so, Google happily judges other companies on their practices, such as certificate companies that they remove, which implies that others can remove anything Google if they don’t stop supporting 3rd party cookies?

Don Marti

@tag @torgo also, before anyone mentions that cookie vs. non-cookie tracking is a competition problem, this is from #W3C privacy principles:

"Sharing data between different contexts of a single company can be a privacy violation, just as if the same data were shared between unrelated actors.”

w3ctag.github.io/privacy-princ

Turning off 3rd party cookies is good, but good as in "good start" not final outcome

Don Marti

@tag @torgo imho browsers have a more important obligation to block intra-company cross-context tracking, because of centralization risks (DSA compliance is a related issue)

solstice

@tag @torgo
Google decided to keep third party cookies because not doing so lowered their profits.

Go Up