I'm back to thinking about CSRF: why is it useful for sites to be able to embed resources (like <img src="othersite.com/whatever.jpg">) and for the browser to send the user's cookies to the third-party site?
There's "ads" and "tracking" obviously but I feel like there's another actually-useful-to-users reason I'm not thinking of
@b0rk afaict almost any "need" can be solved by an oauth-like redirect to construct a local cookie, an iframe, or links that contain the content (e.g. for share buttons).
and having disabled them completely for many years: very nearly the only problems come from companies which are a conglomerate of many companies and can't ever get their infrastructure to work together.
@groxx thanks, it's really useful to hear that almost nothing breaks when you disable them completely. I should try it and see what happens.
do you use a browser extension to do that?
@b0rk there used to be more issues when browsers started clamping down on third party cookies, but it has been mostly smooth sailing for at least a few years now. The GDPR cookie banners have always struck me as weird because a reasonable browser simply doesn't store them at all, and that's also your way of opting out *without* the site's consent.
(it does nothing for server-side collection, of course, so that part of it is still useful (if it actually does anything at all, I doubt it does usually))
Julia Evans
groxx