The alarm triggering at the 20 minutes was very ammusing

I thunk the cookie jar approach with http header that would whitelist origins where from the cookies are accepted, would be very robust and reliable solution.

There's an even easier way to ensure your website was never vulnerable to CSRF or clickjacking: these are both instances of the Confused Deputy Problem. It turns out that when Norm Hardy first wrote about this problem in 1988, he also described the solution for it. If you've been building systems the way he described, you've looked on in bewilderment at the rest of the world as it grapples to plug holes in a legacy security model.

Very nice talk.

So everyone wants to fix it so ads can still track us, but screw security 😅

Interesting talk, however, it's not really showing "the future of cookies," but rather "the past and present."

*biscuits