Measure The Web

User Tools

Site Tools

Trace:
privacy:cookies

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
privacy:cookies [2025/02/18 15:46] – Formatting karelkubicekprivacy:cookies [2025/03/04 13:53] (current) – [First- and Third-Party Cookies] highlighting common misconception karelkubicek
Line 7: Line 7:
 ===== First- and Third-Party Cookies ===== ===== First- and Third-Party Cookies =====
  
-First-party cookies are set by the domain the user is directly visiting, while all other cookies are from third partiesA common misconception is that first-party cookies are always benign and third-party cookies are always intrusive. However, first-party cookies can also track users or even be set by third parties using CNAME cloaking. First-party cookies are restricted to the website's context, while third-party cookies can track users across multiple websites.+<WRAP important>A common misconception in research is that first-party cookies are always benign and third-party cookies are always intrusive!</WRAP> 
 + 
 +First-party cookies are set by the domain the user is directly visiting, while all other cookies are considered third-party cookiesAlthough third-party cookies are significantly more used for tracking than first-party cookies, it is wrong to claim that first-party cookies are always benign and third-party cookies are always intrusive. First-party cookies can also track users or even be set by third parties using [[https://arxiv.org/abs/2102.09301|CNAME cloaking]] and there are many third-party cookies serving necessary functionality such as SSO. 
 + 
 +The only difference is from the browser perspective. First-party cookies are accessible only from the first-party website's context, while third-party cookies are accessible across multiple websites that embed the same third party. But this implementation depends on the browser, with [[https://webkit.org/blog/8943/privacy-preserving-ad-click-attribution-for-the-web/|Safari]] and [[https://blog.mozilla.org/en/products/firefox/firefox-rolls-out-total-cookie-protection-by-default-to-all-users-worldwide/|Firefox]] setting the  storage for third parties for every website separately.
  
 Munir et al. {[shaoor2023cookiegraph]} observed that 89.86% of the top-million websites use first-party tracking cookies. Of these, 96.61% are ghostwritten by third-party scripts embedded in the first-party context, and some are set by fingerprinting scripts. Munir et al. {[shaoor2023cookiegraph]} observed that 89.86% of the top-million websites use first-party tracking cookies. Of these, 96.61% are ghostwritten by third-party scripts embedded in the first-party context, and some are set by fingerprinting scripts.
privacy/cookies.txt · Last modified: 2025/03/04 13:53 by karelkubicek