Mozilla enhanced Firefox’s already impressive arsenal of privacy preservation technology on Tuesday with the adding a new tool in its flagship browser: Total Cookie Protection. As the name suggests, the feature promises the lid on creepy third-party cookies or tracking technology that wants to track your behavior from site to site.
Before we get into the details of Firefox’s latest feature, it’s worth checking out some of quickly the base of how cookies really work. Broadly speaking, the little strings of text we call “cookies” all have the same purpose: to identify your unique browsing session on your unique computer and save that data for later. Depending on the taste of the cookie involved, that stored data can be used for one of two things: either tracking your behavior on that particular website (first-party cookies) or tracking and compiling your behavior across multiple different sites (third-party cookies).
It’s a bit complicated to explain how these third-party cookies stalk you around the web (although Mozilla details the third-party tracking in this blogIn a nutshell, the reason these cookies stay on over and over again is that just about any site you can name will undoubtedly have some of these third-party cookies in the margins – and sometimes it is in the thousandsIf you happen to visit two sites that use the same third-party code, nothing will stop the company behind that third-party code from syncing that data for their own stalk purposes.
The way this new Firefox feature gets around all of that is actually pretty clever: keeping a separate “cookie jar” for each individual site. Again, Mozilla helpfully outlined The Nitty Gritty of how this works on its own blog, and promises – in short – that these jars will prevent sneaky third parties from using cookie data from multiple sites behind the scenes.
This total cookie protection tech is a direct successoruntil another security update Which rolled out to in late January, when Mozilla announced that Firefox would now isolate its cache and network connection data per website. Mozilla pointed out at the time that this type of data storage could be misused to essentially create a new kind of cookie (literally called a ‘super cookie’), that is, much harder to shake off.
G / O Media can receive a commission
This all sounds totally great on paper, but as we have noted previously, Firefox’s claims weren’t always airtight. So are its commitments about Total Cookie Protection.
To begin with, Mozilla mentions the feature
makes a limited exception for cross-site cookies when they are needed for non-tracking purposes, such as those used by popular third-party login providers.
And that it
does not currently restrict third-party storage access to resources that are not classified as tracking resources.
While the post does not go into the details of what these exceptions look like, this technical doc on Mozilla’s developer blog offers a few pointers.
First, it’s worth noting that Firefox’s definition of what a “tracker” actually is could be closer then you to think. Because there literally thousands of players in the ever-expanding adtech ecosystem, and because the list of trackers Firefox uses (which you can see for yourself here) is relatively short in comparison, it’s inevitable that people using Firefox will be able to see one or two cookies that slip under Firefox’s radar – and track them around the web – purely because that cookie didn’t fall within the Firefox definition of what a ‘ cookie ‘could be.
And once these trackers are left out, they can freely access their cookies and other site storage, and use those IDs to track users across multiple sites – at least for now. According to Mozilla’s dev blog, the company may “choose to apply additional restrictions to third-party storage access in the future,” even for widgets that are not necessarily classified as “trackers” by Mozilla’s strict definition.
Aside from this obscure definition, there is also the fact that Firefox gives certain third-party tools unfettered access to multiple sites as a way of “preventing website outages.” The biggest culprit here, as Mozilla pointed out, is single sign-on (SSO), also known as the buttons that let you sign into a site with your Facebook or Google account. Not for nothing, but when you consider how these two companies sort of lackluster reputation In terms of privacy, I don’t like giving them – or their login widgets – a free pass.
But we give Firefox credit. No browser is perfectEven if Mozilla is a bit short of keeping its privacy promises, it isn’t Google Chrome