Having third-party (3rd party) cookies disabled
remove all cookies
login to gmail.com
visit youtube.com without logging in
and wonder how is it that youtube.com knows your gmail identity ??
Can anyone explain how this is achieved technically and what is the point then of disabling 3rd party cookies??
mike8394
On
So I have done some simple tests and,
Apparently blocking 3rd party cookies does not mean blocking 3rd party cookies!
After logging in to gmail.com, gmail instructs the browser to set cookies for .youtube.com domain and the browser happily does (with 3rd party cookies being disabled).
What this means is that any domain 'A' can happily set cookies for any domain 'B', which means that when you visit domain 'B', it will know that you visited domain 'A' and what you have done there...
When have we signed up for this kind of Web?
A follow-up question:
Which browsers correctly implement 3rd party cookies blocking?
In this (somewhat special/simple) case I would expect the answer to be that you are not really confronted with 3rd party cookies. I assume by 3rd party cookie you mean a cookie that is coming from a different domain than the site you are visiting.
For example a "gmail.com" cookie when you are visiting "youtube.com".
I would be surprised if Google would not set a cookie for "google.com" when you log in to Gmail (login is via "accounts.google.com" for example).
Now if (and again, I am pretty sure that this happens) youtube is loading anything from google.com (analytics.google.com?), that will happily transfer the cookie (which in this case is not a 3rd party cookie as we have defined it before).