Firefox 22 Will Block Third Party Cookies By Default

Subject: General Tech | February 26, 2013 - 03:29 AM |
Tagged: tracking cookie, Privacy, firefox 22, cookies

Mozilla’s Firefox web browser continues to add new features. A recent patch submitted by Jonathan Mayer proposes an interesting change to the way the browser handles third party cookies. The patch is suggested to be rolled into Firefox 22, and should it be approved, the open source browser would adopt Safari-like behavior by blocking third party cookies by default. Specifically, the patch would change the default behavior to block third party cookies by default unless the user has visited the website themselves at some point. Users will also be able to tweak the setting via a UI menu item and choose whether to always block third party cookies, only allow cookies from previously visited sites, or allow all third party cookies (for comparison, Google Chrome goes with this option as its default).


This is a positive move for consumer privacy, but it is also a disruptive strike at online advertisers. So called third party cookies are tidbits of code that sites can utilize to identify and track users on other sites. The uses of cookies can range from a shopping site using cookies for shopping carts or coupons to ad networks that track you across the internet to deliver targeted advertising and gather information about users. Safari has managed to get away with blocking third party cookies by default so far, but Firefox has a great deal more market share. Should Firefox move to a block-by-default model, advertisers are not likely to be pleased considering they think that Do Not Track is bad enough (heh). I think it may need to be relaxed somewhat, but the proposed patch’s behavior is closer to a fair balance between privacy and tracking than the current arrangement.



Currently, you can choose to accept all or block all (with accept all being the default). The new patch would add a new option to the GUI menu to only allow cookies from previously visited sites.

Interestingly, this is not the first time that changes to Firefox’s cookie handling behavior has been proposed. A few years ago, developers considered a similar patch but found that it caused too many problems with websites. It is worth noting that Jonathan Mayer's patch is not as strict in what it blocks as that previous patch attempt, so it is more likely to be approved--and break fewer sites out of the box. Then again, the more browsers that adopt a block-by-default policy for third party cookies, the more websites will be pressured into finding workarounds such as poxy-ing the third party ad cookies from their own domain (making the cookies first party as far as the browser is concerned). In the end, the battle between consumers and advertisers will rage on with websites/publishers caught in the middle tryng to find an acceptable balance.

It will be interesting to see whether this patch goes through and what the fallout (if any) will be.

What do you think about the proposed change to the default cookie handling setting? Are you already using a third party browser plugin with a white list to block them by default anyway?


Also Read: Firefox 19 Includes Built-In PDF Viewer @ PC Perspective.

Source: Ars Technica

So you think nobody knows what you've been watching on the net?

Subject: General Tech | August 17, 2011 - 02:03 PM |
Tagged: security, fud, tracking cookie, super cookie, ETag value

KISSmetrics is a small company which is able to track your movements across sites like Hulu and Spotify, using what some call a super cookie but more accurately is an ETag value.  That ETag value is a unique identifier stored in both a browser's cache and metadata folders which can be sent to KISSmetrics via JavaScript along with a header, so that any time you visit a site partnered with KISSmetrics they will know it is you.

Of course, very soon after the technical documentation of the trick was released to the net KISSmetrics claimed that they were completely innocent and that it was all a misunderstanding.  According to the CEO of KISSmetrics the company has never tracked anyone nor shared the information with a third party, so either the company never plans to ever make any money or he is being very specific in his definitions of what "is is".  Even better, they claim not to use ETag values at all only first party cookies.  As well, they claim support for the Do Not Track header and a "consumer-level opt-out" for their tracking as well.  That is disingenuous in that there is no sign of how to start the opt out process on their site, nor is there any clear way that they could identify you in order to let you opt out without a cookie or ETag placed on your machine in the first place.

The Do Not Track header is a good idea, but in addition you should consider browser add ins such as BetterPrivacy, NoScript and Ghostery as essential and perhaps even get used to running Chrome in Incognito mode, if you do not want to be trapped.  Don't use them to disable the ads which fund your favourite websites, they should be used to identify and possible block violations to your privacy only.  You can follow the link at The Register if you would like to see the technical research that has lead to these questions about KISSmetrics.


"A privacy researcher has revealed the evil genius behind a for-profit web analytics service capable of following users across more than 500 sites, even when all cookie storage was disabled and sites were viewed using a browser's privacy mode."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register