I strongly agree. There is no legitimate functionality that can't be implemented without 3rd party cookies. Some sites will break at first until they are fixed, and we could have a whitelist for a while, while making it very cumbersome to be added to that list. New sites would simply need to workaround the lack of 3rd party cookies and accept that user tracking is technically illegal.
The surveillance internet is something that was allowed to evolve by a lack of foresight from the standard authors in their desire to build a rich web. We should put an end to it as soon as possible. The browser should not leak unique identifiers in any situation and all standard browsers should be as finger-print resistant as the Tor Browser.
In my view, if you leak data that is critical to the privacy of the user, it's as bad if not worse than an improper implementation of TLS. It takes only two, modestly skilled, collaborating webadmins (one site "shameful" and one used with authentication) to possibly destroy a person's life, reputation and family. A practical attack on SSL2.0 is orders of magnitude more difficult.
Let's put responsibility for privacy back where it should be: on the browsers and web standard authors.
I'm genuinely curious about your assertion. Let's say I have an application for my business and I want to embedded a report on one of my pages from a separate application. This other application is a SaaS application, so I can't just "mount" it at mydomain/some-sub-path. How do I have secure reports without third-party cookies? Store cookie-like stateless tokens in my wrapping app and send them in the URL?
That could work well because if the message shows the domain that looks like the content they want to see they will allow it but if its a random tracker domain they will block it.
It's also important to not include [Whitelist INC i.imgur.com], only [Whitelist INC i.imgur.com FROM example.com], because trackers will adapt to exploit the first one as soon as it's common enough to be noteworthy.
If browsers break 3rd party cookies and they are not fingerprintable, the arms race stops: there is no way to track a client across multiple sites, other than weak correlations with IP, interests, etc.
If it's inside your business you can use subdomains like site1.domain.com and site2.domain.com and set the cookie domain attribute to domain.com and you will not have a problem because the cookie will be visible among all the sites of your domain.
Technically, ad-tracking is not an invasion to privacy per sé, and does not identify a person. It is always connected to a client, and it is illegal to connect the client browsing data to a real person.
So from that perspective, how is ad-tech a problem for privacy?
The surveillance internet is something that was allowed to evolve by a lack of foresight from the standard authors in their desire to build a rich web. We should put an end to it as soon as possible. The browser should not leak unique identifiers in any situation and all standard browsers should be as finger-print resistant as the Tor Browser.
In my view, if you leak data that is critical to the privacy of the user, it's as bad if not worse than an improper implementation of TLS. It takes only two, modestly skilled, collaborating webadmins (one site "shameful" and one used with authentication) to possibly destroy a person's life, reputation and family. A practical attack on SSL2.0 is orders of magnitude more difficult.
Let's put responsibility for privacy back where it should be: on the browsers and web standard authors.