undefined | Better HN

0 pointsotterley5y ago0 comments

Browsers like Safari are increasingly enabling privacy features that, among other techniques, block third party cookies by default. So this could be Google’s way of reacting to this change.

0 comments

geofft5y ago

I don't see how. Web bundles don't affect whether a cookie is considered third-party or not. Either the content is provided and signed by the actual website, which cannot place cookies for the advertiser's domain, or it's provided and signed by the advertiser, at which point it would be subject to blocking just like normal web traffic from the advertiser. Is this any different with bundles?

jlokier5y ago

The third-party cookie will be blocked, but when both sites are served via the same proxy server, over the same TLS/QUIC connection, the third-party can get similar tracking information they would have had with a cookie, without needing a cookie. It's not exact, but it's good enough for inference.

dlubarov5y ago

Assuming that the third party in this scenario is distinct from the party serving the bundle, they wouldn't be involved in the TLS/QUIC connection, right?

So it seems like a third party wouldn't even know that their resource was delivered, unless the party delivering the bundle notified them, or their script makes a separate request to their own server. (And those are options already, so AFAIK bundles wouldn't give third parties any new capabilities.)

jlokier5y ago

In the scenario, the third party is the advertising broker, Google, who are also the entity serving the signed bundle.

2 more replies

detaro5y ago

How do bundles "help" with third-party cookies?

sp3325y ago

Normally, if you load a page from Party A which pulls in content from Party B, it's hard for them to correlate who you are because they have separate cookies. That's not a problem if they're served from the same host, probably even on the same QUIC connection.

j / k navigate · click thread line to collapse

0 comments

geofft5y ago

jlokier5y ago

dlubarov5y ago

Assuming that the third party in this scenario is distinct from the party serving the bundle, they wouldn't be involved in the TLS/QUIC connection, right?

jlokier5y ago

In the scenario, the third party is the advertising broker, Google, who are also the entity serving the signed bundle.

2 more replies

detaro5y ago

How do bundles "help" with third-party cookies?

sp3325y ago

j / k navigate · click thread line to collapse