Images or other objects contained in a Web page may reside in servers different from the one holding the page. In order to show such a page, the browser downloads all these objects, possibly receiving cookies. These cookies are called third-party cookies if the server sending them is located outside the domain of the Web page.
This condition is common with on-line advertisement. Indeed, web banners are typically stored in servers of the advertising company, which are not in the domain of the Web pages showing them. If third-party cookies are not rejected by the browser, an advertising company can track a user across the sites where it has placed a banner. In particular, whenever a user views a page containing a banner, the browser retrieves the banner from a server of the advertising company. If this server has previously set a cookie, the browser sends it back, allowing the advertising company to link this access with the previous one. By choosing a unique banner URL for every Web page where it is placed or by using the HTTP referer field, the advertising company can then find out which pages the user has viewed. The same technique can be used with web bugs. These, unlike the obvious banners, are images embedded in the Web page that are undetectable by the user (e.g. they are tiny and/or transparent)
Third-party cookies are used to create an anonymous profile of the user. This allows the advertising company to select the banner to show to a user based on the user’s profile. The advertising industry has denied any other use of these profiles.
Many modern browsers, such as Mozilla Firefox, Internet Explorer and Opera block third party cookies if requested by the user. Internet Explorer version 6 allows a mild form of blocking, called leashing. A leashed cookie is a third-party cookie that is sent by the browser only when accessing a third-party document via the same first-party. For example, if third.com sets a cookie when an image is requested, and this cookie is set for the first time when the user views a document from first.com, the same cookie is not sent if the user downloads a document that contains the same image but the document is on another site other.com, if the cookie is leashed. A leashed cookie is different from a blocked cookie in that it is sent, in this example, if the image is contained in another document from the same site first.com
Popularity: 67% [?]
