Future versions of Mozilla Firefox will have third party cookies disabled by default. Nothing new about that, Safari is doing this as well since quite a time. Soon Chrome will follow. Some Mozilla-induced hype is going on though right now.
I don't want to go too much into detail what third party cookies are and what not, yet I just want to make one thing clear:
Blocking third party cookies does not change a bit of anything you would have expected to change, like, preventing third party cookies!
This sounds weird to you?
- Third party cookies are actually cookies that are most of the time set by partners of the website you are visiting.
- Most of the time these partners are friendly to the website operator, as they are having some kind of business deal.
- Both the web site operator, as well as his advertiser partner, are benefiting from this partnership (otherwise you would hardly call it a partnership)
Here is what's going to happen:
- As soon as third party cookies are going to be disabled in all major browsers by default, the website operator is going to register a subdomain name which targets an IP address maintained by the advertiser. This is an effort of one minute.
- After setting up the subdomain, the advertiser is allowed to set as much cookies as he wants on behalf of the website operator's domain, provided that the website operator is referring to his advertiser partner by the new subdomain.
- Now no security policies within the browsers are taking effect anymore.
Only thing which would help here is a check of the IP of the subdomain whose content is embedded, and if its different. Then also a check of the IP owner would be necessary, which renders this idea quite senseless. (Also, please don't start thinking about white-/blacklists for subdomains running on the same domain, that's leading nowhere ).
See, blocking third party cookies has no effect on online advertising.
It can help to avoid security issues by blocking unwanted cookies from malicious third parties though.