How The Cookie Clearinghouse Works

UPDATE 11/24/2014: Thank you for your interest in the Cookie Clearinghouse. We have stopped work on this project.

This page remains for historical reference only.

The Cookie Clearinghouse will publish block-lists and allow-lists based on objective, predictable criteria. Right now, we are in the process of developing those criteria. As a result, and with the input that we receive from this process, we may make changes to the ideas outlined below.

Four Presumptions

The Cookie Clearinghouse starts with four presumptions. A presumption means this is how we expect software (like a web browser or plugin) to treat cookies, in the absence of other information on a block-list or an allow-list. These presumptions are:

  1. If a user visits a website, set the cookies from that site.
  2. If a user does not visit a website, do not set the cookies from that site.
  3. If a site is trying to save a DAA opt out cookie, set the opt out cookie from that site.
  4. If a user consents to setting a cookie, set the cookie.

(Note: In the future, we might add a fifth presumption for websites honoring Do Not Track. We await a W3C DNT Recommendation, and will evaluate this idea once W3C completes work.)

The first two presumptions are how Apple’s Safari browser works today, as well as how Mozilla’s Firefox browser works in pre-release versions. The third presumption is based in part on how Google’s Chrome browser works today. The fourth presumption is in keeping with requirements under European laws.

These presumptions work well most of the time. There are some edge cases, however, where they do not make sense.

Examples of Edge Cases

Example 1: A first party might have multiple domains with only one the user visits, and the rest have cookies blocked.

If Stanford hosted all of their images on www.stanford-images.edu, but users only visit www.stanford.edu, then cookies would set from www.stanford.edu (presumption 1) but not from www.stanford-images.edu (presumption 2.) This does not make any logical sense, since both websites are part of Stanford.

We can address this issue by creating an allow-list and adding the related-but-unvisited sites to that allow-list.

Example 2: A user might visit a site in a first party context, then have it track the user all over the web as a third party.

Social widgets are one possible example. A user could visit www.stanford.edu, and cookies would be set (presumption 1.) Later, the user might visit several completely unrelated news sites that have a widgets from Stanford, perhaps to let Stanford students share a news story with their friends. Because the user already visited www.stanford.edu, the Stanford widget could continue to read and set cookies (presumption 1) even on an unrelated site. This does not make logical sense, since once on the news site, the Stanford widget is hosted by a third party, and really should be treated as if the user had not visited the site (that is, treated under presumption 2.) To complicate things further, if a user cleared cookies and then visited an unrelated news site with a Stanford widget, in that case Stanford would not be able to set and read cookies. In other words, the order a user visits a series of sites can determine which cookies set. This is confusing to users.

We can address this issue by creating a block-list and adding cookies that should be treated as third-party cookies to that list.

Block-lists and Accept-lists

The Cookie Clearinghouse will create, maintain, and publish two lists:

  1. A block-list is for cases where cookies ordinarily would be set based on the four presumptions, but now will not be set.
  2. An accept-list is for cases where cookies ordinarily would not be set based on the four presumptions, but now will be set.
These two lists create ways for sites, and users, to call out if a site’s initial classification is not consistent with the established criteria. While many details here have yet to be worked through (as part of the input gathering process,) the basic approach will likely depend on a system of challenges and counter-challenges.

Challenges and Counter-challenges

We expect site owners and users will be able to fill out an online form to describe why the normal presumption is the wrong classification for a particular site. The online form will contain a set of check boxes that describe possible reasons why the presumption is incorrect.

If a presumption would have blocked a site’s cookies, then a challenge will put the site on the allow-list, to ensure their cookies are set. Similarly, if a presumption would have set a site’s cookies, then a challenge will put the site on the block-list.

A counter-challenge will revert to the initial presumption and trigger a technical review. During the technical review, Cookie Clearinghouse staff will work through the two competing claims and make a factual evaluation. In some cases this will involve contacting the parties involved.

0 comments on “How The Cookie Clearinghouse Works
7 Pings/Trackbacks for "How The Cookie Clearinghouse Works"
  1. […] Now Stanford Law School has stepped into the maelstrom. Backed by Mozilla and Opera, the institution’s Center for Internet and Society (CIS) is launching a Cookie Clearinghouse (CCH), which is a centralized repository for whitelist and blacklist data on web tracking. In theory, “the CCH will identify instances where tracking is being conducted without the user’s consent, such as by third parties that the user never visited,” according to the CCH site. […]

  2. […] visited and allow cookies from those s/he had. The Cookie Clearinghouse aims to address two “edge cases” in which such an approach doesn’t work: first, sites with a different domain that work with […]

  3. […] joins Mozilla in war on cookies | My Blog says: June 21, 2013 at 3:55 pm […] Now Stanford Law School has stepped into the maelstrom. Backed by Mozilla and Opera, the […]

  4. […] The Cookie Clearinghouse starts with a series of behavioral rules for user agents before black or whitelists are applied: […]

  5. […] blog today with news of a new cookie software system out of Stanford called Cookie Clearinghouse. According to its Web site, it will “publish block-lists and and allow-lists based on objective, predictable […]

  6. […] The Cookie Clearinghouse starts with a series of behavioral rules for user agents before black or whitelists are applied: […]

  7. […] Stanford University has thrown its hat in the ring along with heavyweights Microsoft, Mozilla and Senator Jay Rockefeller (D-W.Va.) in the battle royale for consumer privacy. Stanford’s contribution is a Cookie Clearinghouse that “will publish block-lists and allow-lists based on objective, predictable criteria.” […]