Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Aligning the concept of cookies #148

Open
MatiasLFranco opened this issue Apr 25, 2023 · 1 comment
Open

Aligning the concept of cookies #148

MatiasLFranco opened this issue Apr 25, 2023 · 1 comment

Comments

@MatiasLFranco
Copy link
Contributor

Everyone has heard about first-party cookies, second-party cookies and third-party cookies.

  • First-party cookies are created by the website you are currently visiting. It is the site displayed in the address bar.
  • Second-party cookies are created by one company and shared with another company.
  • Third-party cookies are created by a different website than the one you are currently visiting.

Technically, second-party cookies do not exist. There are only first-party and third-party cookies. Some people use the term "second-party cookies" to describe when two companies agree to share their first-party data (or cookies) between them.

When third-party cookies go away, mutual agreements between companies to share cookies will no longer be possible and the concept of second-party cookies will become obsolete.

Third-party cookies, on the other hand, will continue to exist within a First-Party Set.

I am not an expert, but I believe that it is important to clarify the different types of cookies after the deprecation of third-party cookies.
@krgovind
Copy link
Collaborator

Thanks for the feedback, @MatiasLFranco! Indeed, with the changes that we made to First-Party Sets a few months ago with #92, it is true that the use of the requestStorageAccess and requestStorageAccessFor APIs unlock access to conventional third-party cookies. This is different from our previous approach with the SameParty cookie attribute, which restricted the scope of cookie access relative to regular third-party cookies.

While requestStorageAccess and requestStorageAccessFor do indeed make third-party cookies available again, they now require active invocation by the site, instead of being available by default as with the current state of third-party cookies (in Chrome). As noted in privacycg/storage-access#165, we are also considering supporting the use of a user-prompt-based requestStorageAccess outside of First-Party Sets to enable authenticated third-party embeds.

We'll think about how to better communicate this, especially in developer articles which have wider readership than individual proposals/explainers such as this one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MatiasLFranco @krgovind