Hacker News new | past | comments | ask | show | jobs | submit login

You can't read 3rd party cookies, neither the browser sends it to the 1st party server.

The max they can do is track you in their website, but that's terrible, they need to know more.

edit: this means the 3rd party server can't know who you are, even if they get your tracking events, they can't know what you did in the other sites.

thats why fingerprinting could fix this, the 3rd party server could find your profile with a good enough fingerprint.




I'm not talking about 3rd party cookies.

I'm talking about a sameSite cookie made for the publisher, via a proxy on the server.


I don't think I understood you then, if they send 1st party cookies they won't be able to match you against a 3rd party profile, will they?


You set a cookie "forAdProvider".

When a client send you this cookie (sameSite) your server forward it to the ad provider using a RPC call.

The ad provider replies to this call with new data they want you to add to the cookie.

You set the "forAdProvider" cookie on the client, using the data specified by the ad provider.


Ok, so I did understand you correctly before.

I don't think that has much value because the ad provider wouldn't know who you are to begin with.

First time you open said website no cookies would exist for the domain.

Then the ad provider wouldn't know who you are.

Ex: Access foo.com and search for shoes, shoe cookies set for foo.com Then access bar.com which hits foo.com for the ad suggestions Now foo.com knows you searched for shoes, since the 3rd party cookies are there.

Now if you do it without 3rd party cookies bar.com wouldn't have any access to the cookies which identify you as a shoe buyer, because those are set for foo.com


Got it, you are right!




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: