From Adweek, the ad industry complaining about some new cookie protections Apple has shipped in Safari 11:
Safari’s new “Intelligent Tracking Prevention” would change the rules by which cookies are set and recognized by browsers. In addition to blocking all third-party cookies (i.e. those set by a domain other than the one being visited), as the current version of Safari does, this new functionality would create a set of haphazard rules over the use of first-party cookies (i.e. those set by a domain the user has chosen to visit) that block their functionality or purge them from users’ browsers without notice or choice.
Having worked on the internet for the bulk of my career, and having spent a bunch of time dealing with cookies, tracking for marketing, etc., I can safely say that this is bullshit.
The ad industry has gotten so gross with how it tracks users that it’s easier to argue that these changes from Apple aren’t aggressive enough.1Apple is simply identifying cookies set by 3rd parties (sites you didn’t visit directly), which are often used to track you as you browse across the internet. And they’re not blocking them outright—they’re removing them after 24 hours. Basically, “hey, you can check me out for a bit, but you’re not watching me forever”.
You should probably already browse the web with 3rd party cookies turned off, and only turn them on when necessary. And that should be almost never. Safari is giving me the choice to only let my data be shared with the sites I choose. The advertising industry gives me zero choice. Their Trump Press Secretary-level disregard for the actual facts and truth is further evidence they should be trusted about as much as you trust what comes out of the White House.
Some basic grossness: let’s say you’re Facebook, and you convince everyone to put a Like button on their websites. You have a cookie that is set when a user logs into Facebook. You can also set/read a 3rd party cookie when a user lands on a page with a like button. So, now whenever a user browses the web and a Like button loads, Facebook reads the cookies and knows which users are going to which websites. Sketchy enough. But maybe you trust Facebook (you shouldn’t, but I can see trusting them more than your average adtech company). Do you trust some random stranger though? What if some nefarious company created some easy WordPress plugin to put a map on your site. And that map plugin does what Facebook’s Like button does, but now it’s sending your data back to some company you don’t know. Using your IP address, your browser user-agent, browser settings, they can make a pretty accurate unique profile for you, even if they don’t know it’s you. Until they connect it with some other data source that maybe has your name and IP address. And now they have it tied to you. Sorry, this is a long-ass footnote. ↩