11

Ads without cookies?

🤔 🤔 🤔 🤔 🤔 Possible?

Comments
  • 14
    Yes but then they won't be personalized as they use cookies to identify you.
  • 24
    Ads in newspapers, TV ads and billboards all work fine without cookies, don't they?
  • 2
    @ilikeglue that's ok. Hmm back to search. 😁
  • 3
    @7400 sure but hard to integrate in a web page I guess.
  • 20
    @7400 I'd be fine with receiving a cookie next to my morning paper tho :))
  • 7
    Targeted advertisements should work better than general ads
  • 5
    Possible but not good enough for ad providers to do that
  • 3
    Thanks for the feedback. I think I let my little project cookie free and don't use adds.
  • 5
    fully cookie-free website.. hmm...

    wow someone on the internet is actually giving a fuck?

    One day I made proof of concept site that asked user if he wants to use cookies or not, and if he pressed not, my url creator method would do something similar to php sid links.

    EDIT:
    if you ever want to reproduce it, remember to use javascript to kill off the SID when page is loading from URL so noone will copy link with essentially logged in session. Its generally very insecure practice, but its cookieless... something for something. And also as last resort, when saving session info, also save IP addres of remote host and dont allow others for that session.
  • 2
    @DubbaThony elaborate more on the cookie free thing
  • 2
    Okay, it's quite simple. Its all in PHP.

    First user has no cookies, he goes into your website.

    Second he gets prompt "cookie or cookieless*
    *cookieless may introduce some security risks"

    Third, I get his request with decision (if not, i dont allow go anywhere else) and if its ok for cookies I use your typical $_SESSION[], but if it's not, I had special model, where I could open session on database - create record containing id, remote ip, sid, value (value was serialized pseudo-session array)
    I modified my mklink() function that I use to create urls from scratch to check in the model if we are using no cookie approach and if so, I attach to urls that match base domain with current one ?sess=<24 chars of entropy>

    So anywhere I create links they have GET identifing param.

    Next, user uses website normally, when loading new page, he for brief second sees your crappy URL with key, but you can fix it in javascript as soon as <head> of page loads.
  • 2
    @irene Also took more steps that if someone copy-pasted url with session key somewhere. I check IP.

    I know, I could check plethoria of different things too, but it wasn't production ready, it was my personal bet with firend that you can have fully functional session, with login etc, with ability to completly reload webpage without usage of any local storage.

    (not nuff characters per post ;( )
  • 4
    @DubbaThony wait... Isn't cookie-less means no personalized experience whatsoever? Like, no login or anything else.
  • 1
    @DubbaThony you could use html5 local storage so your not sending a key over the URL, but would still result in nasty work around overall Just to avoid a session cookie.
  • 3
    In this project I don't need user accounts.

    When I need user accounts I use the web storage to save the web token.

    I send it only on the header of the request.

    Works pretty well.
  • 4
    @C0D4 but web storage is inherently the same as cookies: local personalized data storage which allows to personificate the experience.
  • 1
    @irene correct, but it's not a cookie.
  • 3
    @C0D4 it's virtually the same as cookie
  • 1
    @irene I think the difference is that the locale storage can't be read from the server directly.
  • 2
    @JackToolsNet how does it work then? :v
  • 2
    @irene I use only angular. So it is quite easy to write and read the local storage and personalize the app.

    localStorage.setItem("key", "value");

    localStorage.getItem(key);

    Of course it's vanillajs at the end.
  • 2
    @irene technically, yes it serves a similar purpose, however ad servers would be unable to use it traditionally as localstorage is bound to the current domain.
  • 1
    Huh - of course.
    But ads from the big players come with cookies just because they are personalized (a good thing).

    Nobody likes tv-ads. But some development-related ad in between all the instagram posts i'm scrolling through is nice.
  • 2
    Yes it's possible but not personally. I show ads in my application for other apps that I like. And I don't track the user with cookies. I only show a random ad from my database and maybe lots of users don't click on it but it's an ad without tracking
  • 1
    @irene it's possible as long as you stay on webpage.

    And with refreshes. I described exacly how it's possible to do. It's wacky. But it works perfectly fine at the end of the day.

    EDIT:
    in other words, what I did, was session without session. I could still recognize user, and thus customize expirience (I actually allowed logging in as proof of concept) but as soon as you leave the webpage and enter it again, you are logged off again, and need to refuse cookies again. But as long as you dont lose your ID that is passed by GET, it's fine :)
  • 1
    @DubbaThony I mean doesn't personalized experience have to fetch user specific data from the server which requires sending session ID to the server which totally mitigates the denial of cookies?
  • 0
    @irene
    exacly, you use session ID that is stored in html itself not in cookies. So you get all the goodies (if you dont use external source of goodies becouse almost 99.999% sure it wont accept your way of doing it)
  • 1
    @DubbaThony wait, it's the same user tracking. You just send info not from cookies but from other storage. what's the point then?
  • 0
    @irene
    Storage is in RAM. It's directly in the html file you recieve.

    Which is perfectly fine.

    EDIT:
    whole afair is about not persisting the data on client's machine. Only thing my solution persists is his browser history ;)
  • 0
    @DubbaThony not fine if you need to send some ID from that storage to fetch user-related content.
  • 0
    @irene

    Either me not understand you or you not understand me.

    Some people hate the fact that there will be webpage leftovers on their machine after you close the tab.

    Nobody minds his/her RAM usage when it contains HTML code.

    Every refresh with cookie you send your ID using http header.

    Every refresh without cookie you send your ID using GET request that is saved in your RAM in your <a href=""> tag (so no persistance whatsoever here)

    You can perfectly fine send your ID either way and it's perfectly accessible for server either way during request.
  • 1
    @DubbaThony but it will be the same as cookies. Cookies are just an interface for server to track the logged (or autologged) user. Isn't all the point of refusing cookies is to stop any personalization and any identification by server?
  • 0
    @irene
    Not only that's the point. It's often considered as side-effect.

    Refusing cookies also means that your PC is left without a trace except history log.

    Refusing cookies also means that your browser will write few bytes less on disk (and some people have issue with that which causes me heavy lolz)

    Now, get avarage Joe, and tell him he can do sth without cookies. And he can still log in. He will not see any issue with it. He will even google how to check cookies to make sure youre not kidding him. and sure enough, it will work.

    Still, as I mentioned in first comment. It was PoC site that i wrote only becouse of bet I took with my friend.

    EDIT: actually 3rd comment
  • 2
    @DubbaThony how is it different from "clear cookies on browser close" then? Why do we need any of those complicated GDPR things if cookies (in your explanation) can be mitigated like that?
  • 1
    @irene

    becouse solution I have works around cookies issues.

    It's dirty.
    It kindda works.
    But GPDR took care of that by beeing too broad xD

    here, take this quote:
    "This may leave traces which, in particular when combined with unique identifiers"

    it MAY leave trace, not MUST.

    So as long as you identify user in any way, including pulling it from your ass, you fall into GPDR.

    They made it so broad that even if you use for what the fuck reason IP address for this, you fall into it.

    But you dont have to do cookie policy if you look for any practical usage.

    It was theoretical question, I anwsered how to do it. Drop your mindset of doing it for GPDR. Do it for fun ;)
  • 0
  • 0
    @7400 cookies and milk with newspaper ads?
Your Job Suck?
Get a Better Job
Add Comment