The Washington Post is Preparing for Post-Cookie Ad Targeting:
The Washington Post has developed a first-party data ad targeting tool called Zeus Insights that offers detailed contextual targeting capabilities along with user-intent predictions for marketers. The goal: to give marketers a sophisticated ad-targeting tool that isn’t reliant on third-party cookies but still drives results despite stricter data-privacy stipulations laid down by regulators.
The Zeus platform monitors contextual data such as what article a person is reading or watching, what position they have scrolled to on a page, what URL they have used to arrive there and what they’re clicking on. The publisher will then match that data to its existing audience data pools, which it has accumulated over the last four years, to create assumptions on what that news user’s consumption intent will be. The technology uses machine learning to decipher the patterns.
However, The Post’s strategic goal isn’t just to provide ad-targeting options for advertising clients that want to wean themselves off reliance on third-party cookies; it’s also to widen other publishers’ ability to compete with the big tech platforms.
The Post plans to license the Zeus platform to publishers both domestically and internationally, by integrating it with its Arc technology platform, which it has licensed to publishers since 2016 and reaches a combined 750 million unique users globally, according to the publisher. The theory is that in doing so, publishers can compete more effectively with the scale and data-targeting opportunities provided by Facebook and Google.
[...] “In a world where third-party cookies are being killed and cookie pools are decreasing, we expect tools like this to increase in importance,” said Ryan Storrar, svp and head of media activation, EMEA for Essence. “Being able to action cookieless user data is a helpful step in the right direction to embrace privacy in precision marketing.”
(Score: 3, Insightful) by Pino P on Friday July 19 2019, @12:54PM (6 children)
I can understand your point for websites that neither require a login nor offer a shopping cart.
But among sites using a login, I don't see a lot of them falling back to HTTP Basic authentication. I imagine this is because HTTP Basic authentication sends the name and password with every request instead of just the first request. This causes more load on the server, which has to (slowly) hash your password with bcrypt/scrypt on every single request instead of just (quickly) verifying that the token from your cookie corresponds to a valid session.
And if you're trying to buy something online and have it shipped to your home or to a pickup location in town, I don't see how the server can distinguish your cart from another shopper's cart without either A. using HTTP cookies or an equivalent mechanism, or B. requiring all shoppers to create an account before shopping and then using HTTP Basic authentication.
(Score: 0) by Anonymous Coward on Friday July 19 2019, @02:21PM (1 child)
Include the session id as a parameter in all links.
(Score: 2) by Pino P on Saturday July 20 2019, @10:36AM
This would have the serious drawback of letting anyone hijack your session if you share the URL of a page, such as if you share a link to a product in the store with friends to ask them for their opinion on that product. See answers to the question "Why is passing the session id as url parameter insecure?" by Jonathan Egerton [stackexchange.com].
(Score: 2) by DannyB on Friday July 19 2019, @02:55PM (3 children)
Simply allow "session" cookies. The kind that only exist for the duration of your interactive session, and then are deleted by the browser so there can be no tracking beyond your current interactive session.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by Pino P on Saturday July 20 2019, @10:42AM (2 children)
With session cookies only, there would be no way for a two-factor authentication provider to mark your computer's browser as "trusted." This means you would have to reauthenticate using the second factor on every site you visit every time you open your browser. For sites that use SMS 2FA and for users on metered SMS plans, this can get very expensive very fast.
(Score: 2) by DannyB on Monday July 22 2019, @01:28PM (1 child)
That is true. But it is a separate issue, unless you want to require 2FA -- which is a policy decision of the individual web site.
Another thing that persistent cookies prevents is the: [x] Remember Me
so that next time login is either bypassed or much simplified.
Using 2FA is going the opposite direction of "remember me".
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by Pino P on Tuesday July 23 2019, @01:05PM
A growing number of websites are making that decision after encountering abuse by bot users. Twitch, for example, instituted a 2FA requirement for Affiliate broadcasters long ago and expanded it to all broadcasters in June 2019 [reddit.com].
The assumption that sites requiring 2FA make is that a user will use "remember me" to convert each device that the user regularly uses into a backup second factor for that user. Thus you need 2FA to place a "remember me" cookie on a device but not to use such a cookie.