I. Introduction Although third-party cookies enable new web features, they also allow a person's web history to be exposed to new risks. A person's web history can inevitably reveal personal information that, if exploited, could lead to bad things (job offer/identity theft/offers/black mail/embarrassment). So privacy shouldn't be an option, it should be the default. As a result, browsers should disable third-party cookies by default; require users to “accept” third-party cookies).II. How third-party cookies work and the underlying web economics Third-party cookies enable single sign-on authentication (e.g. Facebook login), web analytics (e.g. Google Analytics), and third-party advertisements [1]. ' - websites other than those that the user explicitly visits in their browser's address bar or sees on their screen - to record the user's browsing history. The third party can then archive, analyze and/or exchange and sell the information it has recorded [2]. If a proprietary website is not trustworthy, users may refuse to visit it. But because users are unaware that many third-party sites even exist, they cannot reward responsible sites and penalize irresponsible sites. Thus, the risks associated with third-party tracking are increased by the lack of market pressure to implement good security and privacy practices. Figure 1: A list of third-party tracking sites at http://www.wired.com (Disconnect) III. Arguments for an opt-in policy Enabling third-party cookies by default can lead to a number of security and privacy issues. First, information may be disclosed intentionally or inadvertently, causing physical, psychological, or economic harm to the user. For example, a disgruntled employee of an online marketing company could sell their tracking information to unscrupulous marketers and set them free. In 2011, Epsilon Data Management LLC had hackers gain access to the names and email addresses on its systems. In the days that followed, more than 40 companies, including JP Morgan Chase, TiVo and others, said their customers were among the victims [2]. Second, the majority of consumers do not want to be tracked. According to an online survey by TRUSTe and Harris Interactive [3], 78% of respondents would not consent to analytics tracking of websites, 85% would not consent to web browsing tracking for relevant advertising and 54% do not like not. [4] When options are available, 68% opt out of businesses sharing their information with a third party and 52% say they choose to opt out of online behavioral advertising. Finally, there is precedence for this opt-in decision. In 2009, the European Union passed the Electronic Privacy Directive which required websites to obtain visitors' consent before they could install cookies. [5].