Third-party cookies and media embed tracking

I’d like to a write a privacy policy for my blog which, given the privacy-first design of, is going to be pretty short.

What third-party cookies do the blogs hosted at use, if any? I mean the published blogs the readers visit, not necessarily the sites and tools bloggers access. The privacy policy mentions the cookies Matomo sets: are they first-party or third-party?

What about the content that can be inserted in blog posts via media embeds?

The major publishing and social platforms provide options for turning off tracking for embedded content. For example, on YouTube, open a video, click SHARE, click < > Embed, and then mark Enable privacy-enhanced mode. On Twitter, open a tweet, click ..., click </> Embed Tweet, click set customization options, and finally mark Opt-out of tailoring Twitter. These are actions a user manualy takes when sharing, but these features are likely supported also by the respective APIs.

When using media embeds in posts, does generate the non-tracking version of the embedding code? Does that code involve third-party cookies?

1 Like

With a standard blog, by default, everything is first-party / hosted by us – including Matomo analytics, web fonts, and Javascript libraries.

As for media embeds, that’s a great point about potential tracking. I don’t believe we enable any of those options, as we generate those embed codes on the server-side, via the API. I’ll look into how we might change that, though.

Edit: actually, MathJax and syntax highlighting libraries are currently pulled from CloudFlare – that’ll be fixed and live on everyone’s site later today.

Thanks, it would help to know whether ends up generating no-tracking code.

Aside from the implications on tracking, some tests I did a while back seemed to suggest the manually generated no-tracking code isn’t responsive and doesn’t adapt well to mobile screens, at least in the case of YouTube videos. This may have changed though.

I drafted the privacy policy.