European advertisers fear they will face a huge new obstacle this May when the European Union's Privacy and Electronic Communications Directive takes effect. The so-called Cookie Directive will require that users explicitly allow Web sites to leave cookies and other data on their machines, according to Raul Mendez on ChiefPrivacyOfficers.com.
It's unclear whether the opt-in requirement will be satisfied by the browser's setting that allows first- and third-party cookies. This uncertainty hasn't prevented some pundits from predicting the end of the world for the European advertising industry, as reported by TechCrunch Europe's Mike Butcher.
Still, the impending deadline makes me wonder what purpose third-party cookies serve for Web site visitors. (First-party cookies have become a necessity. Nearly all major Web services--including Facebook and Gmail--require them.)
Most Web users realize that the ads they see on sites are targeted specifically to them based on the knowledge the sites and their advertising partners have collected about them. The companies claim they don't collect personally identifiable information--or at least most of them state so. The success of their ads finances the "free" services on the Web.
Far be it from me to suggest Web sites shouldn't be allowed to make money. (Considering the ads accompanying this post, such a suggestion would be the height of hypocrisy.) But there's no law--yet--requiring that individuals help online advertisers maximize their profits at the expense of users' privacy.
Many people will argue that tracking cookies are sufficiently anonymous to pose no serious threat to Web users' security. Excuse me for distrusting the willingness and ability of any organization to put my need for privacy over their need to meet their goals, which usually entail profits.
So if third-party cookies offer no direct benefit to users and can potentially be a threat, why do all the major browser makers default to allowing sites to leave all the cookies they want on your machine? Because the advertisers are their customers and are at least as important to them as users are.
Give third-party cookies the boot
Last December, I described how to delete tracking cookies automatically from Internet Explorer, Firefox, and Google Chrome. A post from last July reviewed five privacy add-ons for Firefox, one of which is the Better Privacy program that lets you remove and otherwise control Flash cookies.
A more direct tracker-thwarting approach is to block third-party cookies in the first place. To do so in Internet Explorer 8, click Tools > Internet Options > Privacy > Advanced. Select Block under Third-party Cookies and click OK twice.
Firefox 3.6's cookie settings are found under Tools > Options > Privacy. Uncheck "Accept third-party cookies" and click OK.
In Google Chrome, click the wrench icon in the top-right corner of the browser, choose Options, select Under the Hood in the left pane, click the "Content settings" button next to Privacy, and check "Ignore exceptions and block third-party cookies from being set."
Note that cookies aren't the only way organizations track the people who visit their sites. The Wall Street Journal's Julia Angwin took a close look at the various ways Web users are monitored in a series of articles published last summer entitled What They Know.
If everyone on the Web blocked third-party cookies, online advertisers' profits might suffer. But just as only a small percentage of people use ad-blocking software when they browse, few Web denizens are likely to bother changing their browser's default cookie settings.
Third-party cookies may not be the greatest privacy threat facing Web users (the safety of their personal data stored on vulnerable corporate servers tops that list). However, tracking cookies offer only marginal indirect benefits at best, so why not block them?