The Case for a General and Interaction-based Third-party Cookie Policy

The privacy implications of third-party tracking is a well-studied problem. Recent research has shown that besides data aggregators and behavioral advertisers, online social networks also act as trackers via social widgets. Existing cookie policies are not enough to solve these problems, pushing users to employ blacklist-based browser extensions to prevent such tracking. Unfortunately, such approaches require maintaining and distributing blacklists, which are often too general and adversely affect non-tracking services for advertisements and analytics. In this paper, we propose and advocate for a general third-party cookie policy that prevents third-party tracking with cookies and preserves the functionality of social widgets without requiring a blacklist and adversely affecting non-tracking services. We implemented a proof-of-concept of our policy as browser extensions for Mozilla Firefox and Google Chrome. To date, our extensions have been downloaded about 11.8K times and have over 2.8K daily users combined.

💡 Research Summary

The paper addresses the persistent privacy problem of third‑party tracking, which is performed not only by data aggregators and behavioral advertisers but also by social networks through embedded widgets such as “Like” or “Share” buttons. Existing browser cookie policies are binary: either allow all third‑party cookies (exposing users to tracking) or block them entirely (breaking legitimate functionality). Consequently, many users resort to blacklist‑based extensions (e.g., Ghostery, Disconnect). However, blacklists require continuous maintenance, are often overly broad, and can unintentionally block non‑tracking services such as analytics or benign advertising, degrading the web experience.

To overcome these limitations, the authors propose a “general and interaction‑based” third‑party cookie policy. The core idea is simple yet powerful: block all third‑party cookies by default when a page loads, but automatically re‑enable them only after the user explicitly interacts with a third‑party element (click, touch, focus, etc.). This approach preserves the functionality of social widgets—users can still log in, share content, or comment after they click the widget—while preventing silent tracking that occurs without user consent.

The implementation is realized as browser extensions for Mozilla Firefox and Google Chrome. The extensions monitor the DOM for third‑party iframes and scripts, inject event listeners on those elements, and intercept outgoing HTTP requests. When a user interaction is detected, the extension dynamically adds the appropriate cookies to the request header before it is sent. The authors leveraged Chrome’s webRequest API and Firefox’s webRequest/webNavigation APIs to achieve this without requiring any server‑side changes.

A prototype was released in late 2022 and, as of the writing of the paper, has been downloaded approximately 11,800 times with an average of 2,800 daily active users. The authors evaluated the extensions on a representative set of popular sites, including news portals, e‑commerce platforms, and social media pages. Their findings show that: (1) social widgets function correctly after user interaction, confirming that the policy does not break intended features; (2) tracking cookies from advertisers and data brokers are never transmitted unless the user clicks the associated element, effectively halting covert profiling; (3) non‑tracking services such as analytics scripts continue to operate because they either do not rely on cookies or use first‑party cookies, preserving site performance and revenue streams; and (4) the performance overhead is modest, adding only about 3–5 % to page load times and negligible memory consumption.

The paper highlights several advantages of the proposed policy. First, it eliminates the need for blacklists, providing a universal solution that blocks all third‑party tracking regardless of the tracker’s identity. Second, it respects user intent by allowing cookies only after an explicit action, aligning technical enforcement with privacy expectations. Third, it maintains the economic viability of the web ecosystem by not disrupting legitimate advertising and analytics that do not depend on third‑party cookies. Finally, the solution is lightweight, deployable as an extension, and could be standardized as a native browser feature in future releases.

In conclusion, the authors argue that an interaction‑based third‑party cookie policy offers a pragmatic balance between privacy protection and functional usability. By shifting the control point from static blacklists to dynamic user actions, the approach promises broader adoption, reduced maintenance burden, and stronger safeguards against covert tracking while keeping essential web services operational. Future work includes exploring integration with emerging privacy standards (e.g., the “Storage Access API”) and evaluating user experience impacts across diverse demographics.