Mozilla strengthened Firefox already impressive arsenal of privacy preservation technology on Tuesday with the adding a new tool in your main browser: Total Cookie Protection. As the name suggests, the feature promises to do away with any scary cookies or third-party tracking technology that might want to track your behavior from site to site.
Before we get into the details of The latest feature in Firefox, it’s worth quickly recapping some of the the basic of how cookies actually work. Generally speaking, the small strings of text that we call “cookies” have the same goal in mind: to identify your unique browser session on your single computer and store that data for later. Depending on the flavour of cookies involved, the stored data can be used for one of two things: tracking your behavior on that specific website (first-party cookies) or tracking and compiling your behavior on several different websites (third-party cookies).
Explaining how these third-party cookies chase you over the web is a little tricky (although Mozilla has detailed the finer points of third-party tracking in this blog) In short, the reason these cookies seem to persist indefinitely (and continuously) is because almost all the sites you can name, without a doubt, have some of these third parties.party cookies tucked into its banks – and sometimes that number is in the thousands. If you happen to visit two sites that use the same third-party code, there is nothing to stop the company behind that third-party code from synchronizing the data for its own stalk-y purposes.
The way this new Firefox feature bypasses everything that’s really smart: maintaining a separate “cookie jar” for each individual website. Once again, Mozilla has usefully outlined The heart of the matter how it works on your own blog and promises – in short – that these jars will prevent stealthy third parties from generating cookie data from various sites behind the scenes.
This total protection of cookies technology is a direct follow-upuntil another security update what rolled to in late January, when Mozilla announced that Firefox would now isolate its cache and network connection data on a site-by-site basis. Mozilla pointed out at the time that these types of data stores could be abused to create essentially a new type of cookie (literally called a “supercookie”), which is much more difficult to get rid of.
G / O Media can receive a commission
It is all sounds totally good on paper but how we aim before, Firefox claims are not always airtight. This is also true of your promises about Total Cookie Protection.
To start, Mozilla mentions that the feature
makes a limited exception for cross-site cookies when they are needed for non-tracking purposes, such as those used by popular third-party login providers.
And that
it currently does not restrict access to third-party storage for resources that are not classified as tracking resources.
While the post doesn’t delve into the details of what these exceptions look like, this technical doc on the Mozilla developer blog it offers some clues.
First, it’s important to note that Firefox’s definition of what a “crawler” really is can be narrower than you I think. Because there is literally thousands of players in the growing adtech ecosystem, and because the list of crawlers that Firefox uses (which you can see for yourself on here) is relatively short compared, inevitably, Firefox users can see one or two cookies that escape Firefox’s radar – and track them across the web – simply because that cookie doesn’t fit Firefox’s definition of what a “cookie” Can be .
And once these trackers fall by the wayside, they are free to access your cookies and other storage on the site, and use these identifiers to track users across multiple sites – at least for now. According to the Mozilla development blog, the company “may choose to apply additional restrictions on third party storage access in the future”, even for widgets that are not necessarily classified as “crawlers” under Mozilla’s strict definition.
In addition to this obscure definition, there is also the fact that Firefox provides certain third-party tools unrestricted access to multiple sites as a way to “prevent site crashes”. The biggest culprit here, as Mozilla has pointed out, are single sign-on (SSO) services, also known as the buttons that allow you to sign in to a website using your Facebook or Google account. No wonder, but considering how these two companies have a kind of lackluster reputation when it comes to privacy, I prefer not to give them – or their login widgets – a free pass.
But we are giving credit to Firefox. No browser is perfect. Even if Mozilla falls short of its privacy promises, at least it’s not Google Chrome.