Hacker News new | past | comments | ask | show | jobs | submit login

Most browsers have a setting to disable 'third party cookies' - e.g. if you're on www.evil.com and that page sends a request to www.example.com the example.com connection won't send cookies, or store received cookies.

You can set this up easily in Firefox [1] and Chrome [2]. It will break a handful of things, for example some sites embed comments from facebook, disqus, google+ etc. So for example when you visit www.youtube.com you won't be able to comment, as comments are in iframe loaded from plus.google.com which you can't log into without third party cookies enabled.

IMHO this is no great loss, and I block third party cookies all the time.

Of course, it's still possible to do certain attacks by redirecting the entire browser window or opening a popup window.

[1] https://support.mozilla.org/en-US/kb/disable-third-party-coo... [2] https://support.google.com/chrome/answer/95647?hl=en-GB




What will I do without my YouTube comments?? /s

In all seriousness I blocked Third Party Cookies in Chrome and never looked back. Nothing of value was lost.


I did this after I learned that Safari on iOS does this by default. If in all of my usage of my phone browser I didn't run into issues, I don't see why I should on the desktop.


Developers often make special exceptions for iPhones that they won't make for e.g. linux users.


How so? You can't really get around not using third party cookies by doing something different, and if you can, are you really going to detect the device type rather than whether the UA accepted third party cookies? I guess anything is possible. All I know is that turning off third party cookies has not affected me in any way over the past three months. Then again, I block advertisers at DNS and via ABP, and they are the main user of third party cookies, so I guess you could say that the ads didn't properly work for me for a while.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: