In episode 876, Steve talked about Firefox's Total Cookie Protection and used his page: https://www.grc.com/cookies/forensics.htm to prove they were not working as third party cookies were still being written.
Total Cookie Protection does not stop third party cookies, it isolates them from tracking you across the web. He even said this at the beginning of the segment.
For example if you go to Costco's website and one of their advertisers say Tempur-Pedic mattresses puts a 3rd party cookie in the Costco cookie jar, then went to the Mattress Firm website and Tempur-Pedic mattresses tries to see where else you have shopped for mattresses by looking for their cookie, they won't see it with Firefox because the Costco cookie jar is isolated from the Mattress Firm cookie jar.
The paradigm of the test needs to change. Steve's test would need to have 2 sites to visit, the first writes a third party cookie, the second site looks for the third party cookie to see if it exists. If it does, then flag it as a concern. If it does not find the third party cookie, then write a new one without flagging it.
The whole discussion failed to remember the distinction between isolated and a central cookie jar.
Total Cookie Protection does not stop third party cookies, it isolates them from tracking you across the web. He even said this at the beginning of the segment.
This change does not disable third-party cookies. That's the secret. It merely divides the single massive global cookie jar into individual per-domain or, as web engineers would say, same-origin cookie jars. In that manner, any third party is welcome to set a cookie in anyone's browser. But when that user goes somewhere else, the cookie jar will be switched to a new jar for that new domain.
For example if you go to Costco's website and one of their advertisers say Tempur-Pedic mattresses puts a 3rd party cookie in the Costco cookie jar, then went to the Mattress Firm website and Tempur-Pedic mattresses tries to see where else you have shopped for mattresses by looking for their cookie, they won't see it with Firefox because the Costco cookie jar is isolated from the Mattress Firm cookie jar.
The paradigm of the test needs to change. Steve's test would need to have 2 sites to visit, the first writes a third party cookie, the second site looks for the third party cookie to see if it exists. If it does, then flag it as a concern. If it does not find the third party cookie, then write a new one without flagging it.
The whole discussion failed to remember the distinction between isolated and a central cookie jar.