Privacy/Features/Per-Site Third-Party Cookie Setting/Brainstorm UX
Brainstorming User Experience Options for adjusting Per-Site Third Party Cookie Settings
Changes to Default Behaviors:
- Safari Mode and Firefox Mode:
- By default, allow third parties to READ user cookies IF the site has been specifically visited before
- Allow users an option to Reject Third Party Cookies (Firefox Mode).
- Allow users an option to Accept All Third Party Cookies
- (Con: redirect problem where sites can redirect through a tracker. Can we somehow check the response codes? Even then, we will break pages that the user was legitimately redirected to)
- Requires User Interaction.
- If you click the like button, the third party cookies are sent to Facebook. Still wouldn't show you which friends have liked the article/page when you first visit it.
- This would be really tricky to implement and cover all cases.
- Additional Header - "i-want-access-to-cookies-when-i'm-a-third-party"
- When a user visits a page and the page has this header, the user gets a prompt asking if they would like to allow this site to track them / read their cookies when they are a third party on other pages the user visits.
- Age cookies.
- If a third party has not been accessed in 7 days, don't send third party cookies
- Tie this into DNT
- If the user has checked "tell websites I don't want to be tracked" AND they accept third party cookies, automatically go into Safari Mode. We have to be careful here, we do not want to mess with DNT since it is already well defined.
Changes to UI:
- Third party cookies per site in about:permissions
- When a user has Rejected Third Party Cookies AND a site tries to set third party cookies, ask the users permission to set the cookies per site. Similar to Block, Unblock, Pause Blocking in Ghostery. This might be what Chrome does to handle Third Party Cookies.
- Add to Collusion UI
- Users disable/enable third parties via the UI so they can visualize what's happening.
Open Question: If we could start from scratch, without the current constraints of the web and cookies, how would we solve this problem?