Browser settings alone are not enough
©2023, Baycloud Systems Ltd. All rights reserved.
More than a decade after efforts to standardise a Do-Not-Track signal were started, and more than 4 years after it was finally disbanded at the behest of Big Tech, attempts to drain the online tracking swamp via exclusively techniical means have continued to fail.
and in use by 2015.
There is also a danger that less scrupulous companies will develop similar script that circumvents third-party cookie blocking without explaining at all to users what they are doing. Regulators and privacy watchdogs should be on their guard for this. It is also worth noting that could be impossible for browser extensions like Ad Blockers to spot third-party cookie placement through redirection, because the interception is only visible for a very short time, and could be implemented completely using in-line script.
This is a highly successful, but difficult to detect, tracking technique designed to bypass restrictions on more traditional "third-party" cookies.
As this recent proposal for navigation tracking mitigations from some browser companies explains there will always be loopholes to browser based privacy enhancement techniques which determined bad actors will exploit.
The only way to rid the web of the cancer of unconsented online tracking is well-drafted, technically germane privacy law properly enforced by compentent regulators, imposing obligations on both browser companies and websites.
Of course browser based mitigations are important, but they must be standardised, ubiquitous and backed as widely as possible by robustly enforced law, with significant penalties for avoidance.
The EU's ePrivacy Regulation will eventually contain much of this, but, though initially proposd more than 7 years ago, has been unfortunately stuck in in limbo through the embarrassing incapability of EU institutions to agree.