The Slow Death of the Internet Cookie

Sara Fischer, writing for Axios: Over 60% of marketers believe they will no longer need to rely on tracking cookies, a 20-year-old desktop-based technology, for the majority of their digital marketing within the next two years, according to data from Viant Technology, an advertising cloud. Why it matters: Advertising and web-based services that were cookie-dependent are slowly being phased out of our mobile-first world, where more personalized data targeting is done without using cookies. Marketers are moving away from using cookies to track user data on the web to target ads now that people are moving away from desktop. 90% of marketers say they see improved performance from people-based marketing, compared with cookie-based campaigns.

Not a lot of article content here...

What replaces it? How do they accomplish individual tracking?

Re: Not a lot of article content here...

[M0j0_j0j0]

Bitcoin!! You forgot Bitcoin you insensitive cod

Re:Not a lot of article content here...

What replaces it? How do they accomplish individual tracking?

Location, surveillance, fingerprinting?

Re:Not a lot of article content here...

[Cajun+Hell]

The big WTF-are-they-talking-about clue was revealed in this line of nonsense: "Cookies don't really work on mobile." (Wut?) The paragraph basically goes on to explain they're expecting many users to stop using web browsers altogether, and just run native apps that request ads by user id. Basically, the problems that cookies were invented to solve, are already solved by the apps having their owmn version of local storage (and without all those pesky controls and options that web browsers give to users).

Re: Not a lot of article content here...

[TheOuterLinux]

They are only redefining the "cookie" and calling it something else. The Internet decided that its version of "plain toothpaste" wasn't enough and added "whitening," if you catch my meaning. Also, Google isn't the only one with "bubble" technology. Hard drives are getting larger and cheaper and they have the resources to store info on every person leaking an "ip/mac address/canvas/OS" digital fingerprint. When my website was active (too expensive; hosts holding hostage), I honored the "Do Not Track" option and had a dummy cookie option for browsers that didn't support it but for those that didn't do either one, I could get your IP (censored most of it), your operating system, your device, screen resolutions, where you came in from, what you interacted, how long on each page, and where you left to. And the relevant part, if you were a returning viewer. That was with free and open source tools (Piwik); I'd hate to think what others like Google and Facebook are doing. I would also assume that they're depending on mobile users with smart phones and with applications that contain Google or Facebook libraries. More and more applications are including them by default all the time and don't think for a second there isn't any back scratching going on with your personal browsing, text messages, photos, etc.

Re:Not a lot of article content here...

[jellomizer]

Being that many add companies are implemented across many sites, one can simply track by connection info IP Address, browser settings, time of day, original sites.... To paint a picture good enough for advertising.

The old tracking cookies were not any better then tracking connection info.

Re: Not a lot of article content here...

"Company tend"
"Great article"

Plenty of time to post progressive propaganda but no time to become fluent in English.

Re:Not a lot of article content here...

It's not like marketers have discovered they have a soul buried deep down there, somewhere. There's this little gem:

... Europe's GDPR (General Data Protection Regulation), are banning cookie tracking of user data.

Re:Not a lot of article content here...

[ras]

The big WTF-are-they-talking-about

Actually, it's just a big WTF, followed by oh they are sprouting shit in order to get a few clicks (including mine, sadly).

They are saying no advertiser will be using cookies in 2 years because people are moving from browsers to mobile apps. Lets turn this around: they are saying that in two year no advertisers will bother tracking people who use browsers. So in two years I can stop blocking Facebook, uninstall Privacy badger because the web will be sweet and innocent again. Ohkay....

For what it's worth, the page carrying this bullshit installed 3 cookies of its own, plus 7 from twitter. It is true google analytics, sail-horizon, and crwdcntrl didn't install cookies. The injected their tracking data directly into the page using javascript.

Re:Not a lot of article content here...

Highly likely it is device fingerprinting using something like Iovation's products. The fingerprint of a mobile device doesn't change and can't be wiped the way a cookie can.

How do they track without cookies?

[jecowa]

>Advertising and web-based services that were cookie-dependent are slowly being phased out of our mobile-first world, where more personalized data targeting is done without using cookies. Don't mobile devices have cookie support? Or do mobile devices provide tracking features that are better than what cookies provided?

Re:How do they track without cookies?

[Son+of+Rea]

I'd assume they will make you log in every time then save your data on their servers?

Re:How do they track without cookies?

[doug141]

"people-based marketing," which is all the services you need to log in to use. Fitbit, amazon, facebook, alexa....

Re:How do they track without cookies?

[TFlan91]

I'm not sure what they are talking about either.

My guess is some use of local storage.

Re:How do they track without cookies?

[Xylantiel]

My bet: Third-party location-based tracking. Moral: any app you download, turn off location access. This started by ad-supported apps asking for your location to target ads based on your current location, but has turned into snarfing your location history and targeting based on analysis of that (e.g. correlation with other people, where you sleep, etc) which is insanely invasive.

Re:How do they track without cookies?

If you're on the wrong mobile carrier, they will insert a unique identifier into all your HTTP requests. That's one way. You can use a variety of client side persistence methods: Cookies are just the oldest and most limited. If that doesn't work, recognize clients by their (practically unique) configuration. Systems have different fonts available, for example. User agent strings are different. Different browsers on different systems render subtly different and you can generate unique but persistent hash values by drawing into a canvas element and hashing the pixels. There are lots more ways to add unique bits of information to an identifier. Most methods can be defeated by turning off Javascript, but not all.

Re:How do they track without cookies?

[jbmartin6]

Browser extensions and similar offerings with 'anonymous usage data used to enhance user experience', which is corporate-speak or 'it reports everything you do back home for resale of the data.'

Re:How do they track without cookies?

Don't mobile devices have cookie support? Or do mobile devices provide tracking features that are better than what cookies provided?

I think the point is that mobile users often go to websites without clicking on links in the same browsing session, so instead javascript + persistent logins on google/facebook/etc means that they know which user is going to which site. More, they use javascript to track where you look. So, they no longer have to track a cookie. They track a person. You should look at lifehacker's collusion for chrome that talks a little about tracking links.

Re:How do they track without cookies?

[omnichad]

services you need to log in to use

Using cookies...

Re:How do they track without cookies?

The latest thing is called a DNS cookie. They use non-existent or temporary DNS domains and coded info in DNS packets to replace the standard cookie. They're getting away from regular cookies because many people discard after a session. They're also using browser fingerprinting and various cache and local storage replacements for the cookies. The cache and local options supply a lot more versitile info structure.

Re:How do they track without cookies?

[Actually,+I+do+RTFA]

Or do mobile devices provide tracking features that are better than what cookies provided?

Far better. Why do you think every website wants you to download their app?

Shoot, until iOS 10.3, you had to turn off allowing apps to access your MAC address (well, it was hashed with a few other values). And I believe Android still allows it.

Re:How do they track without cookies?

[jecowa]

Even though it's still using cookies, the data is linked to a user account instead of to a randomized cookie identifier.

Re: How do they track without cookies?

https://stackoverflow.com/questions/3454858/how-to-get-client-mac-address-by-a-access-on-a-website

If an os is explicitly sending mac addresses client side to a remote host, that's on them. Not surprising considering the product and ad company at any cost company that allowed it in the first place

Re: How do they track without cookies?

[reanjr]

But how much of the web is still http? And how much of that is serving anything important?

Re:How do they track without cookies?

Cue the Apps Guy.

Apps, dude. Move folks off of browsers to apps which access location services (local and third party) and provide device ID's for tracking.

Re: How do they track without cookies?

Good luck with that.

Your provider is selling your device and location to anyone willing to pay.

Re: How do they track without cookies?

[Actually,+I+do+RTFA]

Huh, I wasn't talking about websites. I was talking about apps. You know, software you download and run on your device. Specifically as differentiated from websites.

Re:How do they track without cookies?

HTTPS - look into it.

Re:How do they track without cookies?

At least in part, browser fingerprinting. Check out the EFF's tool that shows you a little bit of how it works.
https://panopticlick.eff.org

Re: How do they track without cookies?

[Teun]

Not everyone got such a shitty provider.

Re: How do they track without cookies?

For the obviously tech savvy people on /. and similar sites (Hacker News), this is simple to avoid with a VPN. Its trivially easy to set up a VPN and your home network and point your mobile phone back to it, paying once for everything on your network and not twice. Add a Pi-hole to block DNS requests to ads, beacons, and trackers, and you further cut down on the privacy invasion.

A simple, key effort in helping to combat this kind of tracking is to use multiple browsers. I always have to different browsers up: one for random fun surfing (heavily protected), and one, also heavily protected for just business like banking, etc. Never the two shall meet. You can easily set up multiple VPN tunnels to obfuscate your traffic. This stuff is trivially easy and less than $50 year.

Use one email address for banking. Use another for personal use. Use yet another for random crap.

Use a Raspberry Pi running Pi-hole ($35 one-time fee), use a good VPN ($3-5 month), disable network prefetch, disable HTTP/S referer, disable CSS visited links, disable geo location, whitelist JS. Use uBlock Origin, Privacy Badger, Decentraleyes, and No Coin. Opera has a free VPN with several countries of origin from which to choose. There really are loads of options to choose from. All of this takes less than an hour to complete and it works. Run your browser through Panopticlick and other online testers to see where your weaknesses lie. All of this is obviously not 100% effective, but it allows you to maintain a sense of privacy and security without giving away the keys to the kingdom. And perhaps most importantly, pay for your email with a service like Fastmail (no affiliation, just happy customer). Free services make you the product, never a customer.

Re:How do they track without cookies?

thanks facebook

Hardly

[nospam007]

The cookie is what really is the so-called pay-'wall' of the New York Times, Washington Post, The Guardian etc.
Delete them and you can read as much as you want.

Re:Hardly

The cookie is what really is the so-called pay-'wall' of the New York Times, Washington Post, The Guardian etc.
Delete them and you can read as much as you want.

You should try The Times {London} and their default paywall, which can only be defeated with a subscription.

It's true

The cookies are gone, from now on it will be .... Cake, or biscuits or chips

either way, at the end of the day, all of them will end up in the restroom

Re:It's true

[Teun]

The cookies are gone, from now on it will be .... Cake, or biscuits or chips

either way, at the end of the day, all of them will end up in the restroom

Pig, if you ever come over to my place I sure hope you use the toilet...

that's just sick

Cookies were never meant for marketing. They really broke the internet. So many people are afraid of enabling javascript or cookies because they don't want to be tracked, so legit services are hampered by this.

Hey paranoid idiots-- heed this story. They don't need your dumb cookies. You're being tracked anyway. Now stop acting like your privacy is being violated just because a cookie is needed to make the website work.

Re:that's just sick

Well there's also an element of planned obsolescence by software into this, right? Shittons of javascripts make browsers sluggish on everything but the most recent computers and phones. I often find myself forced to deactivate js on my phone and browser just to be able to use them. They're not that old. My phone is 5 yo, my computer is 4 yo. They still work. The web didn't change that much. It's still text, pictures and stuff. I should be able to browse.

Re:that's just sick

Again that's the marketers ruining the internet. There is nothing inherent about javascript or making an interactive website that requires that. If a site is slow because js than by all means disable because they don't know what they are doing, but if you disable js just because you're paranoid that all js is tracking you or is slow then stop.

Re:that's just sick

There are two kinds of websites: those on which you log in to an account, and those that have no legitimate use for cookies.
I allow cookies on a short whitelist of the first category.
If a cookie is needed to make a website work on which you don't log in to an account, the website was written wrong. Hanlon's Razor be damned; I don't care why the website was written wrong.

Re:that's just sick

What ever happened to being allowed to do what you please with your own hardware?

Given how dead-set you are on having people execute arbitrary code that you provide to them, it sounds like you have an agenda to push

Re:that's just sick

What about websites where you can add stuff in your shopping card, before you need to login?

Re:that's just sick

That's a first category site. Cookies make sense.

Replacement?

[unixcorn]

So the cookie is dying. The article says nothing about how we will be tracked in the future. Or how we are being tracked now when I reject cookies.

Re:Replacement?

[havock]

Browser fingerprinting is quite reliable when you reject cookies. Canvas, Font, GPU, CSS API's are all good sources of identifiable data. Of course if you turn off Javascript *and* Cookies, there isn't much left to fingerprint.

Re:Replacement?

There isn't much left to fingerprint? There isn't much internet left either in 2018.

Sadly the tinfoil hat brigade's Do-Not-Track bandwagon completely undermined any legitimate attempt to enable "please track me and make sure other people don't access my bank account" while completely failing in its objective.

Re:Replacement?

[ichimunki]

Cookies are still going to be critical to any user tracking, I'd think. It's just that advertisers won't be relying on their OWN cookies to do the work. Because if they set a cookie on each browser and platform you use, they then have to figure out how to correlate all *your* cookies after the fact. And if you're logging into your same GMail account at work, at home, on your phone, on a tablet, etc, it's better for them to figure out a way to latch onto that. But Google is still going to be using a cookie as part of authenticating you... at least until whatever client/server framework they're using replaces cookies with something else that does the same thing. But the nice thing about cookies from a web framework perspective is that their already part of the standard request/response cycle.

Re:Replacement?

[ichimunki]

The browser fingerprint my Firefox 58 on Windows 10 gives is certainly different than what Silk on my Fire tablet gives. Which makes it totally useless for figuring out that I'm the same person using both browsers. On the other hand, the fact that I access the same Amazon shopping cart from both browsers... dead giveaway.

Re:Replacement?

[Carewolf]

So the cookie is dying. The article says nothing about how we will be tracked in the future. Or how we are being tracked now when I reject cookies.

They now have new and much more invasive HTML5 mechanisms of tracking you that people aren't as aware of, and thus less likely to turn off or protect against.

Re:Replacement?

Until you have visited the same site (that needs log on) with the two browsers then the two fingerprints will be linked to "maybe" the same user.
And if it occurs on another site then the link will become "probably" the same user.
And a third time it will be "definitively" the same user

People-based marketing is a euphemism

It means they've found easier ways to fingerprint you. [PDF] Marketers don't want generic "cookies" they want specific, verified identification.

They're going to have a better spy network than is legal for most governments to have.

Re:People-based marketing is a euphemism

[Actually,+I+do+RTFA]

They're going to have a better spy network than is legal for most governments to have.

Your use of the future tense is cute.

Re:People-based marketing is a euphemism

[Falos]

They prefer verified, but they're more than happy to casually bridge causality. Even to establish "verified". Courts may admit than IP != identity (usually...) but the bigdata team (who need to have some material to present at the quarterly review or whateverthefuck) doesn't care.

Geolocation = Fact! https://xkcd.com/713/

I think the real preference is moving up the skill curve. Cookies are pretty user-controlled, browsers/mods/etc are happily handing over tools. Other fingerprints are beyond the reach of surface dwellers and casuals. Even the user agent is considered gospel compared to fragile, paper-in-a-bottle cookies.

Modern cookie =

Cannabis edible. Sure, you'll be tracked, but it just won't matter so much.

Fingerprinting is replacing tracking

[bahwi]

Fingerprinting is replacing tracking and has been for at least 10 years when I was very peripherally involved with testing a company that did it for work.

It's one way they get you with cookies once you've "cleared" them and they are able to reattach the same ones as before.

EFF has testing: https://panopticlick.eff.org/

And yes, multiple fingerprints can be attached to a single user. You have 10 unique devices and all 10 of those fingerprints get attached to you after logging into a site or account. It can take awhile, but you can't block it.

Slight changes are accounted for, profiles updated. It's not as "fool-proof" as cookies, but that's not really a requirement.

Re:Fingerprinting is replacing tracking

Almost every tracking system is shared with other applications through the organized databases of services like ad.doubleclick.net and Akamai. If you believe the distinct URL's of these services do not link to commonly shared back-end tracking systems, I'd like to walk you through how DNS works some time and explain it.

Re:Fingerprinting is replacing tracking

[jetkust]

This, and they are also selling hoards of information about you between themselves. I wonder if for any company that keeps my fingerprint in a database, could I legally request any data associated with that fingerprint. It doesn't seem all that unreasonable to me.

Re:Fingerprinting is replacing tracking

They can legally choose to reply to you using paper sent via mail. This lets them be sure the address they have on file for you is correct.

Then they can legally charge you a copying fee per page. This lets them be sure the payment information they have on file for you is correct.

So yeah, you go ahead and do that...

Re:Fingerprinting is replacing tracking

[Actually,+I+do+RTFA]

With JavaScript off, they're limited to my agent-string and resolution (and IP address, and other headers).

Re:Fingerprinting is replacing tracking

[bahwi]

Yeah, selective NoScript is a good alternative too. I've been using pi-hole for my DNS as well.

Re:Fingerprinting is replacing tracking

Fingerprinting is replacing tracking and has been for at least 10 years when I was very peripherally involved with testing a company that did it for work.

It's one way they get you with cookies once you've "cleared" them and they are able to reattach the same ones as before.

EFF has testing: https://panopticlick.eff.org/

Yeah, and it seems they use JS in order to do their thing. Their site is hanging as we speak, because JS disabled.

CAP: spoiler

Re:Fingerprinting is replacing tracking

[Actually,+I+do+RTFA]

I assume pi-hole is a Rasp. Pi distro? I looked into setting SQUID up on a Pi, but that seemed to be a chore.

Question: Can you set it up to intersect HTTPS requests (assuming you stick a self-signed cert on the Pi Hole?) And if so, how do you get it to check the certificate authority of who it is man-in-the-middling?

Re:Fingerprinting is replacing tracking

[bahwi]

Not a distro, but works best on Raspbian IIRC, but works on any linux box now I believe.

It acts as a dns server, and has a large block list (mine is 640k domains) which resolve to the raspberry pi's address, which it gives a quick explanation, or in the case of HTTPS, connection refused. It's not the best solution in the world but works really well.

So, no need for SSL certs, since it's just blocking. Hope that helps!

Re:Fingerprinting is replacing tracking

[Actually,+I+do+RTFA]

Ah, got it.

Re:Fingerprinting is replacing tracking

Isn't it still a huge vulnerability for them to rely on fingerprinting?

It should be technically feasible and not partcularly difficult to build a browser extension that will spoof random data, on every request, for every possible unique element used by their fingerprinting algorithm. Someone using this would be unidentifiable.

I suppose the end game will be when the ISPs realise they can be the kingpins in this spying industry, and there will truly be no place to hide.

Re:Fingerprinting is replacing tracking

[gl4ss]

In EU you can.. and few months down the line now if they disagree they can't avoid it.

this is why facebook etc already let you download all your data. you can also request the data to be removed.

Weakening the Web

[Mandrel]

I'm getting concerned that browser-makers, in the interests of privacy and security, are clamping down so much on what websites can do with cookies, local data, and iframes, that they're weakening the power of the open Web relative to mobile apps that ask, and almost always get, permission to do all sorts of powerful things. Perhaps it's time for cookie and iframe permission requests to pop-up when a website is first used, so that trusted sites can still do powerful things.

Terminology

[fisted]

You know you're on a mainstream news site when nobody objects to the term "Internet cookie". Jesus. What's next, Internet pages?

Finally!

[fieldstone]

I work in tech support, and after years and years of scare pieces on the news, this has been a long time coming. A large percentage of the people I work for are paranoid about all cookies. Cookies are bad! Cookies will destroy your computer! Some of these people clear out ALL their cookies daily or weekly, even though I've told them they only need to be concerned with scanning for tracking cookies.

Not that we should cater to ignorance, and not that this problem won't go away once there are no more Boomers to hold these views. But I do feel like if you get better results with other kinds of advertising, tracking cookies are a stupid form of marketing because every anti-malware tool available knows how to remove them and will encourage users to do so.

Misleading... or just plain wrong?

[zarmanto]

It seems to me that there's an awful lot of misinformation here. Cookies have been given a bad name, because the moment they sprung into existence, they were misused and/or abused by advertisers and marketers. The reality is, cookies aren't going away at all... they're just being used more inline with their original intent, that's all. A cookie gives any standard web browser (including those on mobile devices) the feature of storing small chunks of identifying personal data ("login" data) for the user currently using that browser, in order to allow that user to personalize their experience on any given website. (If you're using a mobile app instead of a browser, than that app obviously doesn't need cookies; it can just use local memory natively to store your login credentials.) The abuse started when advertisers realized that they didn't need you to actively "login" to their service, in order to identify you and track you with cookies. Naturally, people don't like it when someone tracks them without first asking for permission... but that's not the cookies fault; they're just tools. A hammer is still intended to be used on nails, even when someone with no scruples uses it on your toes -- but nobody ever blames the hammer for that, and rightly so.

So in other words, "people based marketing" just means that the service you're actively logging into (such as Google, for example) has successfully established themselves as the primary marketer, and they've made arrangements to sell all of your activity to advertisers. Likewise, those advertisers no longer see much return-on-investment in doing the heavy lifting of attempting to gather all of that activity data themselves, in part because so many people have gone to great lengths to stop those advertisers from doing so. Which brings us back to simple the fact that: you're really the product that's being marketed, and the advertisers are the customers. (Which is just as it has always been, really.)

The more things change, the more they stay insane.

Re: Misleading... or just plain wrong?

[dj245]

I can recall that one of the Easter eggs in Fallout 1 or 2 was the cookie. If you ate one, your hard drive seeked and the light blinked (no other item had this action). This was back in the day when games werenâ(TM)t reading constantly from the disk, and hard drive seeks were noisy, so it was noticeable.

Re:Misleading... or just plain wrong?

Oh, for a second I thought they were talking about people who pi.hole the DNS, never see an ad, and pay for private email. What is all this ad stuff you guys talk about all the time?? ;-)

Re:Misleading... or just plain wrong?

nobody ever blames the hammer for that, and rightly so

I may, however, blame person A for giving the hammer to person B who has a clearly-stated intention to bash my brains out. In context, A is the people writing the browsers, and B is advertisers.

sessions

Once I had access to server-side processing, like ASP and PHP, I found the use case for cookies to be really small. That would be, basically, using the cookie to keep track of sessions. Besides that, the 4KB limit really hindered what you could do, as all of the metadata (property names, expiration dates, etc) counted towards the limit. I'd hit all sorts of edge cases like where it would partially store or unexpectedly forget stuff. Not really worth the trouble.

Re:sessions

[tepples]

Once I had access to server-side processing, like ASP and PHP, I found the use case for cookies to be really small. That would be, basically, using the cookie to keep track of sessions.

Whether the cookie stores the raw data or a session ID matters little. It's common practice for each adtech provider to establish a long-lived session for each viewer who visits a site that uses that adtech provider. Viewing a single document might cause several dozen sessions to be automatically established, one for each adtech provider.

Re:sessions

If your session data is that cumbersome, just use a cookie ID and store the terabytes of clutter locally. Saves a lot of bandwidth for users also.

Even better, once you get in the habbit of not pushing everything to the visitor, you might have the sense to place the ads in the server-side code and have them relevant to the page being viewed rather than just dropping a clumsy javascript in and making people see ads for things they bought last week.

Re:sessions

It wasn't cumbersome. 4KB is just ridiculously small. We used to use the cookie to store form data between pages in an application process. A textarea of any size or somebody uploading more than 3 or 4 files (we stored the names) at the end would wipe out fields from previous pages seemingly at random. I guess at one time it was a shorter form. The security office insisted on not using ASP sessions for some reason all the way up into 2007. When we started getting half of the forms in practically blank, which caused lots of issues with routing and contacts, I went to sessions anyway.

It just doesn't take much to fill up 4KB. For example, you might store a list of files recently uploaded/visited/frequented/searched. That lost could be as short as 7 or 8 depending on your URL structure and even that assumes you don't keep anything else in the cookie. The reason you would store this in a cookie might be to avoid the bullshit of WebFroms posting back on every keydown and keyup event. Or because it's a convenience for the user, not an opportunity to data mine or an obligation to store server-side.

Re:sessions

It's common practice for each adtech provider to establish a long-lived session for each viewer who visits a site that uses that adtech provider. Viewing a single document might cause several dozen sessions to be automatically established, one for each adtech provider.

Which is why I ruthlessly block 3rd party sites ... my browser just ignores them entirely. No images, no cookies, no javascript, no fonts, nothing.

See, the 'adtech' companies are parasites, and they offer nothing of value to me ... and if the entire company lined up to give me a rim job, I still would block them.

As far as I'm concerned, the people who work for ad companies can be used for target practice ... you've chosen to work as a greedy douchebag who wishes to track what we do without our consent. Therefore I consider you to be sub-human.

It's time that the default model of the internet and browsers stopped being "wow, look, I've never seen you but why wouldn't I let you set cookies or run scripts" to "no, fuck you, go away".

Annoyingly, we're starting to see real world analogs to ads on web pages ... from time to time I'm in a real brick and mortar store, and someone walks up to me to see if I've applied for their credit card, or 'gotten my discount', or if I want to buy something I've no interest in ... and those people get to learn a very important lesson: if you walk up to a stranger in a store and try to sell them random shit, "fuck off" could well be the response you get.

These adtech companies can go fuck themselves, not my fucking problem.

Re:sessions

You accept a false premise, that this must be done in relay. You misuse the cookie process, and then complain that the other thing you were planning to misuse has issues as well.

Let me repeat:

If any of this data matters to you, then you can afford to store it temporarily at the server and just use a 20-byte ID cookie to correlate what data is returned to what user.

You are why we don't have a nice internet.

Guardian paywall since when?

[tepples]

Since when does The Guardian have a paywall? It offers an optional subscription to ad-free access for $84/year. Slashdot used to offer subscriptions, but this broke years ago.

Justifying Firefox

[freeze128]

This sounds like an article that is justifying what Firefox is doing: dropping cookie management from the newest version. I don't agree, and I insist that Firefox keep some sort of cookie management facility.

Re:Justifying Firefox

[Rick+Schumann]

If the browser drops it someone will write an add-on of some sort to allow you to manage them -- or you can just find the subdirectory they're in and delete them yourself.

Re:Justifying Firefox

I don't agree either! I just don't understand why FF developers just don't keep the user-configurable settings as they are for the ppl that use it instead of hiding or removing them!
From what I read, cookies can be managed in the about:config window or through the developer tools, which is stupid!
I'm a developer too, but every time I use my PC I don't want to BE a developer. I'm also a mechanic, but also don't want to work on my vehicles every time I use them. Most of the time I just want to drive!!

Re:Justifying Firefox

[freeze128]

I don't know how to delete just certain select cookies from the about:config window. I searched for "cookie" and all I see are integer or boolean values.

Firefox's cookie management is terrible because I don't want to look through a tiny mail-slot at my huge list of cookies. Let me RESIZE the window FFS! But that doesn't mean I want the whole thing to GO AWAY!

Re:Justifying Firefox

[Espectr0]

That's really an ignorant way of justifying it. 99% of the websites i visit have a banner somewhere saying "this website is using cookies". Cookies aren't going away anytime soon. While some marketers/spammers may use more advanced techniques, most will remain using cookies for the foreseeable future.

Re:Justifying Firefox

[fisted]

If the browser drops it someone will write an add-on of some sort to allow you to manage them -- or you can just find the subdirectory they're in and delete them yourself.

And then a new Firefox version appears which happens to break all addons.

Re:Justifying Firefox

[Rick+Schumann]

What's your point exactly? The add-on will just get updated. Are you looking for a conspiracy where there is none or something?

Re:Justifying Firefox

[fisted]

What's your point exactly? The add-on will be abandoned

FTFY. Some time later, somebody will write a new addon, and the cycle repeats.

Are you looking for a conspiracy

No.

or something

I'm looking at an astonishingly long series of exceptionally bad design decisions.

Now if you'll excuse me, I have to watch some videos on youtube. Oh wait, I can't because fuck the audio backend that has worked well for everybody for the last decade, let's add a hard dependency on pulseaudio; the hordes of people having issues with it are probably just using it wrong.

this is covered by

Re:Justifying Firefox

[fisted]

Oops, last line should've read "this is covered by Hanlon’s Razor though, so I don't think it's a conspiracy"

which is why...

I use privacy guard on my phone and block all unnecessary traffic. Not to mention i do not install random apps and use fdroid anyways.

Facebook, Amazon, Google, Apple, etc

[edi_guy]

Reality is that they have all the info they need on you already. Awhile back it was said that 81% of adult Americans who use the internet have a Facebook account Google, FB, Amazon, already have a data model on you which is pretty accurate, and likely will match pre-established trends as you get older, have a family, retire, whatever. Your credit card data, your geo-physical presence via cell phone (Google maps), your cell provider tracking your browsing, its all there

And yes, there are several clever, tin-foil hat, Slashdotters who have managed to evade this tracking...but on aggregate the marketers are fine with the percentages they have.

Replaced with what

[gurps_npc]

The article does not say they aren't tracking us anymore, they instead say the cookies are obsolete.

But it failed to mention what is replacing cookies.

That's far more important than the death of cookies.

Re:Replaced with what

[Tony+Isaac]

The thing that has replaced cookies is the "tracking pixel." https://en.ryte.com/wiki/Track...

Every Web company's marketing department gets their software team to include these on their sites. They only too happily send your info to Facebook, Google, and others. Every click, every page load.

No, you are incorrect.

Cookies could have easily been first-party (origin-only) since the beginning. It is virtually the same design pattern to persist a cookie as it is to persist a session ID in the URI. Shopping carts and tracking codes existed before cookies. If it were just created for shopping carts, it would have been first-party only. If it were created for both, it would be open to all origins. Thus, it was created for both purposes.

Why do you think the Referer header was created? It allows sessions to be persisted without even needing to embed them in links. Remember, back when cookies were created, the web was primarily portal-driven, not search-driven. The purpose of the cookie is to persist you when you come back to the portal through a type-in, without you needing to login. The shopping cart issue was already solved. The tracking is the *primary* reason it exists. It is also the *primary* reason it is not double-keyed with origin today. The reason for them is the constant. Otherwise, you need to explain why the reason would be different.

Also, that is not what people-based marketing means. Look it up. How do you get +5 Interesting with basic facts so incorrect?

No one in the world

Can tell me why they can put something on my computer and its a crime if I put something on theirs.