• intensely_human@lemm.ee
    link
    fedilink
    English
    arrow-up
    86
    ·
    2 months ago

    Aren’t cookies already limited to the site at which they were created??

    What the fuck? You mean to tell me sites have been sharing cookies?

    I thought all browsers only delivered cookies back to the same site.

    • Dave@lemmy.nz
      link
      fedilink
      English
      arrow-up
      156
      ·
      2 months ago

      The problem is that a website is generally not served from one domain.

      Put a Facebook like button on your website, it’s loaded directly from Facebook servers. Now they can put a cookie on your computer with an identifier.

      Now every site you visit with a Facebook like button, they know it was you. They can watch you as you move around the web.

      Google does this at a larger scale. Every site with Google ads on it. Every site using Google analytics. Every site that embeds a Google map. They can stick a cookie in and know you were there.

        • Dave@lemmy.nz
          link
          fedilink
          English
          arrow-up
          58
          ·
          2 months ago

          Yes, it’s the reason for the tracking. To sell more targeted ads.

          If you’re up for reading some shennanigans, check out the book Mindf*ck. It’s about the Cambridge Analytica scandal, written by a whistleblower, and details election manipulation using data collected from Facebook and other public or purchased data.

      • MonkderVierte@lemmy.ml
        link
        fedilink
        English
        arrow-up
        17
        ·
        edit-2
        2 months ago

        Put a Facebook like button on your website, it’s loaded directly from Facebook servers. Now they can put a cookie on your computer with an identifier.

        Which is not allowed by GDPR btw, because they do that even if you don’t click them. There are plenty guides online, how to create your own, not tracking, facebook like button.

        • Dave@lemmy.nz
          link
          fedilink
          English
          arrow-up
          5
          ·
          2 months ago

          How does GDPR fit in to Google Analytics and personalised ads?

          I would have thought it went something like: random identifier: not linked to personal info, just a collection of browsing history for an unidentified person, not under GDPR as not personal info.

          Link to account: let them request deletion (or more specifically, delinking the info from your account is what Facebook lets you do), GDPR compliant.

          Both Google and Facebook run analytics software that tracks users. I presume letting people request deletion once it’s personally linked to them is probably what let’s them do it? But I don’t live in a GDPR country, so I don’t know a whole lot about it.

          • MonkderVierte@lemmy.ml
            link
            fedilink
            English
            arrow-up
            5
            ·
            2 months ago

            No, it should’ve been opt-in. But loophole with “vital interest” and politics being slow and surface-level like politics.

        • Dave@lemmy.nz
          link
          fedilink
          English
          arrow-up
          42
          ·
          2 months ago

          It doesn’t have to be. Your browser sends the cookies for a domain with every request to that domain. So you have a website example.com, that embeds a Facebook like button from Facebook.com.

          When your browser downloads the page, it requests the different pieces of the page. It requests the main page from example.com, your browser sends any example.com cookies with the request.

          Your browser needs the javascript, it sends the cookie in the request to get the JavaScript file. It needs the like button, it sends a request off to Facebook.com and sends the Facebook.com cookies with it.

          Note that the request to example.com doesn’t send the cookies for Facebook.com, and the request to Facebook.com doesn’t send the cookie for example.com to Facebook. However, it does tell Facebook.com that the request for the like button came from example.com.

          Facebook puts an identifier in the cookie, and any request to Facebook sends that cookie and the site it was loaded on.

          So you log in to Facebook, it puts an identifier in your cookies. Now whenever you go to other sites with a Facebook like button (or the Facebook analytics stuff), Facebook links that with your profile.

          Not logged in? Facebook sets an identifier to track you anyway, and links it up when you make an account or log in.

          • intensely_human@lemm.ee
            link
            fedilink
            English
            arrow-up
            2
            ·
            2 months ago

            How is Facebook able to know what site is requesting it? Is it in the referer header, or is it parameters in the javascript/image url?

            • Dave@lemmy.nz
              link
              fedilink
              English
              arrow-up
              2
              ·
              2 months ago

              There is a referer header sent, but depending on the exact code added to the page, it’s very likely they are loading a snippet of JavaScript that lets them collect other information and trigger their own sending of information to their server.

              For example, Google Analytics has javascript added to the page, but loading fonts from Google’s CDN (which many sites do) will rely on the referer.

    • Mongostein@lemmy.ca
      link
      fedilink
      English
      arrow-up
      48
      ·
      edit-2
      2 months ago

      I know Facebook and Reddit are in cahoots.

      I went to visit Reddit a couple weeks back to read the Deadpool & Wolverine comments, but used the wrong container tab and now Facebook feeds me endless Marvel related stuff.

      A lot of it is culture war bullshit too. Hmmmmm 🤔

      • lud@lemm.ee
        link
        fedilink
        English
        arrow-up
        13
        ·
        2 months ago

        No, you don’t know anything. Just because you have a suspicion because something happened to you once doesn’t mean you are sure in any way.

        • Mongostein@lemmy.ca
          link
          fedilink
          English
          arrow-up
          24
          ·
          2 months ago

          Nah I’m sure.

          I never once saw a post about Marvel fed to me by Facebook and now it’s constant

          • lud@lemm.ee
            link
            fedilink
            English
            arrow-up
            5
            ·
            2 months ago

            Did it start after the extremely popular marvel movie “Deadpool and Wolverine” released?

            • 11111one11111@lemmy.world
              link
              fedilink
              English
              arrow-up
              16
              ·
              2 months ago

              Lol that’s your argument for why you think they don’t know what they’re talking about? Because all you did is make yourself seem like you have no idea how cookies work 🤣

              • lud@lemm.ee
                link
                fedilink
                English
                arrow-up
                5
                ·
                2 months ago

                It’s just one single person who noticed something once.

                That’s an awful awful sample size absolutely filled with bias and thought fallacies.

            • Mongostein@lemmy.ca
              link
              fedilink
              English
              arrow-up
              6
              ·
              edit-2
              2 months ago

              Before. “Couple weeks” is more like 5 months at this point now that I think about it.

              I don’t mind some of it much, but the obvious culture-war bait is infuriating.

              It’s not because the movie just came out. I’ve been diligent about keeping Facebook and Reddit in their container tabs for years. It’s just Marvel stuff, not just the movies. Marvel’s been putting out huge movies for years and this hasn’t happened around any of their other releases.

              • lud@lemm.ee
                link
                fedilink
                English
                arrow-up
                1
                ·
                2 months ago

                Why aren’t you just using the official automatic Facebook container?

      • AShadyRaven@lemmy.zip
        link
        fedilink
        English
        arrow-up
        1
        ·
        2 months ago

        oh i know how this works and its not the way you think. Its somehow better and worse at the same time

        Im going to describe the process using a hypothetical situation:

        You decide to try a new shampoo but you’re not sure what to buy. You ask your friend “hey what shampoo do you use” and they tell you they use Head and Shoulders.

        Later that night, you google head and shoulders and read reviews

        The next day, your friend gets Head and Shoulders ads on youtube and facebook and Instagram, etc

        This is because google knows both of your locations and search history. It sees that you two were within a few feet of each for hours and decides to shoot ads at you both, based on what either of you have searched recently.

        This is called proximity targetted advertising and i think its gross.

        But this is why so many people say things like “we were talking about it and now im seeing ads they must be spying on me”