Why aren't third-party cookies disabled by default?

I've been using Google Chrome with third-party cookies blocked for a while and never had any problem because of this. Is there a problem or limitation for the user to disable them? If not, why they're not disabled by default on browsers?


Solution 1:

There's a lot of politics behind this. Note that the two of the perhaps four major browser vendors (Google and Microsoft) also operate major advertising networks. These advertising networks rely on third-party cookies to tailor their content. So, it is not in their interest to implement blocking of third-party cookies. Rumours have it that IE9 was to include a "privacy guard" feature that was removed because of objections from marketing, and I would not be surprised if there are similar politics at Google.

At present, the do-not-track header, which tries to achieve the same purpose, is being supported by Apple and Mozilla (who have no advertising interest) along with Microsoft, which does not operate a particularly successful ad network and is trying to throw in every reason possible to use IE now that it's rapidly losing market share. I think Google will really balk on this, though, they make most of their money off of tracking you.

Solution 2:

Third party cookies are used for a number of things, most of which are relating to advertising. People seem to recoil when they hear the word "advertising", which I think is a strange knee-jerk reaction.

A majority of the free sites are made possible due to advertisement; tracking cookies help keep these ads relevant (or rather, try to make them relevant), which means the publisher/site can charge more for them, and thus reduce the ad pressure on the user (it's a constant fight to keep ad revenue up while at the same time not losing users due to ads).

They are also used for things like frequency capping - if a site seems particularly annoying, with pre-roll ads before every video, or in-page popups on every page, it might be because you have third party cookies disabled. If you have, there is no way for the ad-server to know if you've already been subjected to that ad (normally an intrusive ad is displayed once per user and day, though this varies greatly with site and country).

In short, yes they can be abused (like most tools). But most uses are legitimate and will not hurt the user in any way.

Solution 3:

3rd party embedded widgets. The most common (non advertising) use case is article/blog comments. Disqus and Facebook both provide commenting widgets to embed on your website. You need to be logged in to the respective site for these to work, so they wont work with 3rd party cookies disabled.

Solution 4:

Third-Party cookies are often used to facilitate pass-through authentication from one program to another. If you access one program through another (such as a learning management system) it is quit possible that the integration utilizes third-party cookies for a seamless transfer, so users are not asked to login a second time.