The Case for a General and Interaction-based Third-party Cookie Policy

TL;DR

This paper proposes a universal third-party cookie policy that blocks tracking while maintaining social widget functionality, avoiding blacklists and minimizing impact on non-tracking services, with a practical browser extension implementation.

Contribution

It introduces a novel, general cookie policy that prevents third-party tracking without blacklists, preserving social widget functionality and demonstrating a working browser extension.

Findings

Extensions downloaded 11.8K times

Over 2.8K daily active users

Effective in preventing third-party tracking

Abstract

The privacy implications of third-party tracking is a well-studied problem. Recent research has shown that besides data aggregators and behavioral advertisers, online social networks also act as trackers via social widgets. Existing cookie policies are not enough to solve these problems, pushing users to employ blacklist-based browser extensions to prevent such tracking. Unfortunately, such approaches require maintaining and distributing blacklists, which are often too general and adversely affect non-tracking services for advertisements and analytics. In this paper, we propose and advocate for a general third-party cookie policy that prevents third-party tracking with cookies and preserves the functionality of social widgets without requiring a blacklist and adversely affecting non-tracking services. We implemented a proof-of-concept of our policy as browser extensions for Mozilla Firefox and Google Chrome. To date, our extensions have been downloaded about 11.8K times and have over 2.8K daily users combined.