跨网域用户跟踪没有第三方Cookie？ [英] Cross-domain user tracking without 3rd party cookies?

问题描述

现在大多数用户都在禁用第三方Cookie的情况下进行浏览，因此如何实施跨网域网络跟踪服务（例如，针对行为广告）？

How are cross-domain web tracking services implemented (e.g., for behavioral advertising), now that the majority of people are browsing with 3rd party cookies disabled?

更明确地说，第三方跟踪服务如何识别对不同域的两个请求来自同一个人？

More explicitly, how does a third party tracking service recognize that two requests to different domains are coming from the same person?

一些选项来到我的通过将来自第三方跟踪服务的跟踪网页嵌入到各种网站中，您可以基于iframe 启用

Some options come to my mind:

• 网站。这包括跟踪页面应该能够为跟踪域（？）设置第一方Cookie。如果所包含的页面对于每个跟踪页面是唯一的，则应该可以将请求与嵌入iframe的网站匹配。


• 基于IP + strong>（不可靠）


• 浏览器指纹识别和时钟偏移
  测量（我希望此功能目前尚未使用）


• Cookie切换，即将会话ID作为百分比附加到各个页面之间的所有链接。然后，被访问的页面可以设置其自己的cookie，其ID与引用页面相同。


• 使用非传统Cookie，例如 Flash Cookie 。 这些怪物中有一些不符合同源策略？

• Maybe iframe-based, by embedding a tracking page from the third-party tracking service into various sites. This included tracking page should be able to set first party cookies for the tracking domain (?). If the included page is unique for each tracked page, it should be possible to match the request to the website the iframe is embedded into?!
• IP + user agent based (unreliable)
• browser fingerprinting and clock skew measurements (I hope this is not already in common use today)
• Cookie handover, that is, append the session ID as a paremeter to all links between the various pages. The visited page can then set its own cookie with the same ID as the referring page. Problem is, this does not work if the second page is not visited by clicking one one of those prepared links.
• Using non-traditional cookies, such as Flash Cookies. Maybe some of these monsters don't honor the same-origin policy?

正在进行？

编辑：我刚刚发现禁用第三方Cookie只会阻止创建新的Cookie，发送到第三方域名。因此，可以以某种方式将用户重定向到第三方跟踪服务，其设置第一方cookie，然后可以稍后由web bug读取。有趣。

I just noticed that disabling 3rd party cookies will only prevent the creation of new cookies, but existing ones are still readily sent to the third party domain. Hence, one could somehow redirect the user to the 3rd party tracking service, which sets a first-party cookie, which could then later be read by a web bug. Interesting.

推荐答案

这取决于服务，但对于行为广告，它仍然主要使用第三方Cookie。大多数人目前不阻止他们，所以它工作得很好，有用。它们在默认情况下在主要浏览器中启用，而且很多人不知道设置。最后一次我看到一个统计数字小于5％，但这可以有很大的不同，取决于你正在看的用户的人口统计。在工作中，我通常看到的Cookie拒绝率要低得多。

It depends on the service but for behavioral advertising it's still mainly being done using third party cookies. Most people currently don't block them so it works well enough to be useful. They are enabled by default in the major browsers and not many people mess around with the settings. The last time I saw a statistic on it the number was less than 5% but this can vary considerably depending on the demographics of the users you're looking at. In the work I do I generally see much lower numbers of cookie rejection rates.

跟踪是一种不正确的科学，因为有许多事情可能会中断人与人的联系网络访问（例如使用多个设备和浏览器的人的常见趋势）。

Tracking is an inexact science anyway as there are multiple things that can disrupt the linking of people to web visits (such as the common trend of people using multiple devices and browsers).

我个人对我认为你所关注的主题的看法是，在线广告行业需要小心他们在这方面做什么，因为关于这个问题的公众意见看起来很困惑，并且可能导致拒绝超过隐私原因所必需的。

My personal opinion on the subject that I think you're getting at is that the Online Advertising Industry needs to be careful about what they do in this area because public opinion on the subject appears to be confused and could lead to a rejection of more than is necessary for privacy reasons.

这篇关于跨网域用户跟踪没有第三方Cookie？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！