What are Third Party Cookies?

Cookies can be either first party or third party cookies.

Third party cookies come from a web domain that you didn’t visit.

Third party cookies are the evil twin to first party cookies. Recent governmental privacy regulation and tech company initiatives are targeted at third party cookies, not first party cookies.

Third party cookies have been crucial to many forms of advertising, but in recent news third party cookies are quickly becoming a thing of the past.

Contents of this article

  • What are Third Party Cookies
  • What is a First Party Cookie
  • What are Cookies & What Are They Used For
  • Should I Block Third Party Cookies
  • How To Remove Tracking Cookies on Google Chrome
  • How To Allow Third Party Cookies on Google Chrome
  • Alternatives for Cookies

What are Third (3rd) Party Cookies?

Third party cookies are exactly what they sound like. They are cookies attached to your browser that come by a third party.

Third party cookies did not come from a website you directly visited. They attach themselves to your browser without you visiting their domain.

Normally cookies are sent to your browser by the server of the website you are currently on. Third party cookies are not sent from the website you are currently on.

Third party cookies are loaded onto your browser when other content on the webpage are loaded, like images and display advertisements. This content can be loaded from a server other than the website’s server and third party cookies come with it.

This way third party cookies can attach themselves to your browser through websites they have affiliation with.

Most publisher sites monetize their content through ads. So publisher sites allow third party ad domains access to their customers. This is how we end up with third party cookies.

Most commonly, third party cookies come from ads on a website you visit.

For example, if you visit a website with 10 different ads, you could end up with 10 third party cookies, one from each ad.

Third party cookies are used for cross-domain tracking. In other words, thirds party cookies follow you from website to website.

Third party cookies are used for retargeting campaigns, where you are retargeted because you’ve shown interest or are a previous customer.

This is how you can see the same ad follow you from website to website. You have a cross domain tracker cookie that tells advertisement networks what you’ve previously shown interest in.

What is a First Party Cookie?

First party cookies come from the site you are directly on.

First party cookies come directly from the website’s server you’re accessing with your browser to view the webpage.

First party cookies collects data for the website while you are on it. It collects login information, website behavior like which products and pages you visit.

But once you leave the website, first party cookies no longer tracks your internet activity. Once you revisit the website, the cookie kicks back into action.

First party cookies is the preferred kind because it gives full control to the user. The user decides which cookies they consent to and which they do not.

As an industry, digital marketing is swinging towards privacy.

And recent government privacy regulations are applying pressure on ad networks.

What Are Cookies?

Other names for cookies are HTTP cookies, magic cookies, computer cookies.

Cookies are small text files sent to your browser. It’s a small file sent from a server you have requested data from, usually by accessing a website on the server.

Cookies request information on behalf of the website. They are stored on your browser or the server depending on how the developer set it up.

When you come back to the website, the server will send for cookies and this time your browser will sendthe pervious cookie. This way, the website can recognize you as the same user who previously visited their website.

Cookies are simple key-value pairs.

<cookie-name>=<cookie-value>

Cookies are simple bits of information. Examples are your login information, your language, and products you added to your cart.

On Google Chrome you can inspect what cookies a website is using.

Go to the website. Right click anywhere. On the dropdown list, at the bottom, select Inspect. Now, in the inspector, from the top bar, select Application. Then, from the left hand scrolling list, select Cookies. It will dropdown a menu, then select the site you want to see the cookies of.

You’ll see the name-value pairs there. Also you’ll see additional information like when the cookie expires.

What Are They Used For?

Website owners use cookies to measure their website analytics. Like how many people visit their website, how long to they stay, on what pages do they linger.

They note personal information like your site login, website configuration (like language and device), and what products you browse and add to your cart.

For instance, when you revisit a website, don’t have to login, and the website says something like “Welcome back, {your name}.” Likely this website used cookies to track you.

Cookies are used by advertisers to provide a more personalized experience.

Let’s say you were just shopping for a product. Then you go to a different website and you see display advertisements for that same product. This is called remarketing.

The website you were shopping on before added a small text file to your browser to remember you.

So they could advertise relevant advertisements to you as best as they could determine what you’re interested in from your behavior on their site.

Cookies make advertisements & user experience more relevant.

This makes advertisers happier because advertisements are more effective when they’re relevant.

It is useful to consumer because they can find what they’re interested in and hear messages tailored to them.

Should I Block Third Party Cookies?

Your Browser Might Already Block 3rd Party Cookies for You

Safari now blocks third party cookies by default.

Apple is aggressively blocking third party advertisements. They’ve rolled out their Intelligent Tracking Prevention, which prevents any cross-domain third party tracking of any kind.

Firefox is following suit. Firefox now blocks third party tracker that have been blacklisted and only allows cross-domain third party tracking from trusted sources.

Google announced their goal to phase out and block third party cookies by 2022.

This is all to say, likely third party advertisements are already being blocked for you. And if they aren’t already, soon they might be entirely.

If My Browser Doesn’t Yet Block block Third Party Cookies, Should I?

There is such a buzz about privacy concerns surrounding cookies.

The privacy concern I think stems from tracking long periods of your individual browsing history.

Never before has this been able to be done. It’s not like the government used to keep taps on every library book you check out and use that information to profile you (as far as I know).

But seriously, should we be concerned or not?

Can cookies put users at risk of danger?

Can cookies be used criminally?

And do cookies invade on user’s privacy?

One thing I can tell you is that you probably have more cookies than you expect.

I checked my own cookies. I found that hundreds of cookie have been following my web browsing.

Some cookies were from websites I remember allowing cookies from.

But also cookies from domains I’ve never heard of.

On Google Chrome, click the top left 3 dots stacked on each other -> click settings -> scroll down half a page -> under Privacy and security, click Cookies and other site data -> scroll down half a page -> click see all cookies and site data.

You should see a list that looks like this.

This is the place where you can remove third party cookies. And all cookies for that matter.

I can’t even find what acuityplatform.com is! Do I really need it tracking me?

Are Cookies Dangerous?

Cookies can’t infect you with malware. So that’s some good news.

So how can cookies harm you?

Cookiejacking

The biggest security breach I can find is that your cookies can be intercepted and hijacked. Then, the hijacker effectively appear as you on their own browser. Then potentially malicious tasks can be preformed because they can use your cookies to effectively appear as you would.

You are most susceptible to this kind of attack when you are using public, unsecured WIFI or internet.

If you have two-factor authentication set up on your bank accounts and apps, I bet you are much safer from these kind of attacks.

Choosing not to “Remember Me” on important website would also help mitigate your security risk.

Mostly, cookie theft screws with website owners, marketers, and advertisers. The hijacker masks their own internet bot activity as if they were a real person. So this fools analytics into thinking that a real person is view their website or clicking their ad.

Sites with pirated content commonly take the user’s cookies in this way. Then they use real user cookies to mask bot activity in order to fool ad networks for financial gain. The main victim in this case are the advertisers.

Advertisers pay to show their message to real people, but bot activity can mimic human behavior so closely (especially using a real person’s cookies) that advertisers might be paying for clicks and impressions a human never had the opportunity of seeing.

Website to Server Communication Security

The one thing I could scrap up was that cookies could access the information you fill out in forms.

This could be a big deal when credit card and bank information is being filled out.

Before filling out potentially sensitive information, be sure the website has the “lock” that verifies the site has security encryption.

In HTTPS, the S stands for security. These are sites that take special care that communication between your browser and their server is secure connection that cannot be intercepted.

Link Scams

Another word of advice. When in doubt about the authenticity of a url link or the reputation of the author of that link, don’t click. There are some tactics that can steal your cookie data in this way.

And another more concerning scam called “cross-site forgery” can take advantage of cookie’s “Remember Me” functions to complete actions you didn’t fully understand.

Zombie Cookies or Flash Cookies

Zombie cookies existed out there, but after a number of lawsuits, I think their use has fallen.

Zombie cookies is a scare name for Flash cookies.

Flash cookies are just like third party cookies except that they are harder to delete. They can reappear after uninstalling if you don’t purge them from every place they stored copies of themselves.

Outrage surrounding flash cookies led to Adobe Inc. to stop processing flash cookies on 98% of all consumer’s devices. Wikipedia

Another company (Ringleader Digital) attempted to use zombie cookies. This resulted in a lawsuit.

Bottom line: zombie cookies are not acceptable marketing practices. They are taken down when they are found.

Even though zombie cookies are persistent, all they track is your browsing history and limited personal information that you provided to the website directly.

While zombie cookies might be annoying and invasive, they are not perilous.

Conclusion On “Are Cookies Dangerous”

While there are some security threats with cookies, most of the fault lies with the website developer or website host.

Websites should filter and monitor all the content they allow on their sites. So unscrupulous links should not be allowed on trustworthy websites.

The communications between your browser and website’s servers should be made secure by the website.

And websites hosts should ensure that their DNS server is secure to protect against DNS cache poisoning.

In the scamming scenarios I went over, cookies play a indirect role in the vulnerability. To my knowledge, cookies themselves do not put you in danger.

That being said, whether or not cookies invade your privacy or not can only be determined by you.

Third party cookies can lead to tracking long term browsing history and patterns.

Read below how to remove third party cookies.

How To Remove Tracking Cookies on Google Chrome

On Google Chrome, click the top left 3 dots stacked on each other -> click settings -> scroll down half a page -> under Privacy and security, click Cookies and other site data -> scroll down half a page -> click see all cookies and site data.

You can remove cookies individually or all at once by clicking Remove All.

Also when you’re in your settings under “Cookies and other site data,” You can customize your general settings.

As an option with Google Chrome general settings, you can block all third-party cookies.

You also have the option to customize your preferences and allowances for specific sites.

How To Allow Third Party Cookies on Google Chrome

Simply clicked “allow” will work to allow cookies on the website you are currently on.

Probably if you haven’t actively blocked third party cookies, and unless you are using Safari or Firefox, by default you probably are allowing third party cookies.

Navigate to your Google Chrome settings, the to the Cookie settings.

On Google Chrome, click the top left 3 dots stacked on each other -> click settings -> scroll down half a page -> under Privacy and security, click Cookies and other site data -> scroll down half a page -> click see all cookies and site data.

Here in your general settings you can opt to “Allow all cookies.” This will allow third party cookies as well as first party cookies.

You also have the option to make it a rule that you allow cookies from some sites.

Navigate to your Google Chrome settings, then to the Cookie settings.

On Google Chrome, click the top left 3 dots stacked on each other -> click settings -> scroll down half a page -> under Privacy and security, click Cookies and other site data -> scroll down half a page -> click see all cookies and site data.

On this section you can add sites that you’d like to always or never allow cookies from.

Alternatives to Cookies

Google is developing an alternative to cookies they say can be 95% as effective as third party cookies.

Google’s Privacy Sandbox technology for interest based advertising (called FLoC) might serve as a viable alternative to third party cookies.

The proposed FLoC (Federated Learning of Cohorts) is privacy first.

So how does FLoC work?

FLoC groups individuals with shared interests are grouped together. So individual data is lost in the crowd while still allowing advertisers to target interested audiences.

Apple uses their own Identifier for Advertisers (IDFA). They assign this ID to their customers when they buy an iOS device.

Other alternatives to cookies are IP address, URL query string, JSON Web Tokens, ETag, Web Storage, Browser Cache, and Browser Fingerprint. But this is not a technical article so I’m not going to focus on each one of these individually.

Conclusion

Third party cookie’s death is eminent.

Apple is holding a hard line against them. Firefox and Google browsers are following suit.

Google plans to block third party cookies from Google Chrome by 2022.

While I don’t think third party cookies are perilous, they also aren’t a direct way of doing business.

Third party cookies come from ad networks and advertising partnerships rather than straight from the website the user is interacting with.

Mandating first party data will make marketing more challenging, but it should build trust between websites and users.

Blocking third party cookies seems like the natural progression of the internet. But I know it will mean drastic changes to some parts of the advertising industry.

But for these parts, namely programmatic advertising and display networks, change seems to be unavoidable.

Thank you sincerely for reading! My name is Evan Welch. I’m a digital marketing learner with Simplilearn, learning SEO, content marketing, analytics, and social media marketing. Feel welcome to write an comments that popped up for you. And do not hesitate to contact me! I would love to hear feedback, critiques, and comment, especially if I could learn from them!

Leave a Comment

Your email address will not be published. Required fields are marked *