> If the browser is not processing a user gesture, reject.<p>This is actually a great heuristic, reminiscent of what's used in video game addon APIs to ensure untrusted code can't run on its own but only when activated. A Soundcloud or Youtube embed can associate a user-initiated play with your account (and add it to your recently-played history), but not a page load; same with a Facebook like, a Pinterest pin, etc. So it's much less impactful on user experience than blocking third-party cookies altogether. If it gains widespread adoption, though, it will have an interesting effect on advertising - will we see a shift back towards ads designed to promote clickthrough rather than just brand impressions? Will the value of embedded ads drop relative to closed-platform ads?