Close

Server based 3rd party cookie

A project log for Silly software wishlist

Motivation to do some software projects by writing them down.

lion-mclionheadlion mclionhead 03/09/2021 at 20:030 Comments

Basically, a 3rd party cookie is a cookie from another website that your website is allowed to access.  Every time you go to a website, if it creates its own cookie to persistently store any data, every future website can look up all the cookies from the past websites to determine your browsing history.

These were phased out & replaced with federated learning of cohorts, which is basically a server based 3rd party cookie where goog is the only server.  The browser sends its history to the goog & the goog returns advertisements based on the history that you sent, but individual websites besides the goog don't have access to the history data.  Only the goog does.  The other twist is that the goog doesn't store any ID which uniquely ties a user to each browser history.  

This only works if the browser resends its entire history in every page load.  They could also try compressing the history locally on the browser, into some kind of hash value.  The hash value would contain enough for the server to match your history with similar histories.

It's using the power of monopolies to create some sense of privacy.  There's no reason anyone can't create a server based 3rd party cookie.  Every website can send its location & some kind of ID that uniquely identifies the user to a common server.  The server can build up the history of the ID & return it to anyone who requests it.

Discussions