Semantics. He says there's no significant difference between 1st & 3rd party cookies and then goes on to say that third party cookies are obtained from sites / locations other than the one to which you are logged on. THAT's a significant difference in my book and the reason my browsers are always set to accept first party cookies but reject 3rd party cookies.
yeah, I thought that was weird myself. There is no difference, except for this. But then there is a difference.
His point is that, operationally, There is no difference; whether a cookie is first-party or third party is something that requires context. If you go to twitter.com, twitter.com cookies are first party cookies.
-the browser loads the site. It sends it any cookies indexed for that site. The site itself doesn't actually get any cookies for twitter on it's own.
The reason people find this to be a problem is that advertisements can track user movements across the web if their ads embed that sort of logic; each usage of the advertisement would have the same code to retrieve some data from a ad server (doubleclick or whatever) and thus each one can send in the current documentURL as a cookie, as well as perhaps a unique ID for that person to be stored as a local cookie. That server can then index all the pages a given IP has visited that contains ads in that fashion, and further logic can perform analytics to target future advertisements for ads that send in that cookie. There are of course two ways to combat this- the first is to disable third party cookies, but then a lot of various platform technologies stop working; things like facebook or twitter widgets won't always work properly. The basic idea in that case is that code referenced on other servers on that page won't get any cookies for their site. (ie, even though the js refers to platform.twitter.com and loads files from there, the browser won't send the platform.twitter.com cookies). Sometimes this can be an added bonus, since those types of widgets are rather annoying sometimes. And this prevents ad exchanges from collecting any data about you.
I have to say I've sort of flip-flopped on the subject of targeted advertisements, which most of those things are aimed at. I used to think it was draconian and big-brothery, but now I don't think so anymore. For example, most advertisements I see are about Information technology related products regardless of where I am seeing the ad, which, even though I might never actually buy it or click them or anything of that sort, I much prefer being shown advertisements for Visual Studio add-ins than feminine hygiene products. At the very least it makes a change from the old Television commercial method of "throw all commercials at everybody and see what sticks, then make up some analytics data to make companies think it is effective". There was loose targeting of course in that ads were targeted sometimes around the program for which they comprised a commercial break, but there isn't any actual hard data for advertisers to use to determine effectiveness.
Naturally there are many people who feel advertisement is inherently evil. And block any and all ads, despite the implicit moral contract between the content provider and the person viewing said content. For a time I blocked ads on my own site until I removed them all because a few cents a month wasn't worth it. Of course the whole ad-blocking thing is a completely separate can-of-worms that is really only tangential to HTTP cookies. Now it's when ad agencies try to workaround things like adblockplus that you get problems, since sometimes that can fall into the realm of exploit code to find browser implementation problems or issues with the add-in that they can exploit to get around user preferences. That's crossing a line, I think.