Site   Web

February 25, 2013

Firefox Launches New Cookie Policy for Privacy Lovers

Patch Keeps Third-Party Advertisers from Targeting Firefox Users

Mozilla currently is currently testing a new patch for Firefox that will substantially elevate user privacy by blocking third-party cookies.

The policy’s author, Stanford graduate student Jonathan Mayer, said the patch is to be incorporated into Firefox version 22, set for release in June.

“Roughly: Only websites that you actually visit can use cookies to track you across the web,” Mayer said in a blog post.

“More precisely: If content has a first-party origin, nothing changes. Content from a third-party origin only has cookie permissions if its origin already has at least one cookie set.”

To break it down, cookies enable third-party advertisers to view users’ surfing practices so they can better target individual users with ads that match their interests and online activities. This patch, however, will prevent them from discovering users’ surfing practices which, in turn, means no more tailored ads.

Under version 22, cookies will only be installed on a user’s system if he or she actually visits the site connected to the cookies.

The settings are similar to the defaults in Safari, although Mayer said the Firefox cookie defaults are a “slightly relaxed version” of Apple’s browser.

“Collateral impact should be limited,” Mayer said. “Safari’s cookie policy has been in place for over a decade, and it is included in both the desktop and iOS versions of the browser. A few websites may require a tiny code change to accommodate Firefox in the same way as Safari.”

The Firefox patch will spend about six weeks each in the pre-alpha, alpha, and beta builds to make the change as seamless as possible.

The advertising community is unlikely to be impressed by Firefox’s upcoming cookies policy.

Mike Zaneis, senior vice-president and general counsel for the Interactive Advertising Bureau (IAB) voiced his displeasure on Twitter.

“Firefox to block 3rd party cookies?”  Zaneis wrote in a tweet. “This default setting would be a nuclear first strike against ad industry.”

Zaneis’ statement may not be completely accurate — given that Safari already has a strict cookies policy, Mozilla’s move is hardly a first strike.

Still, Firefox does control about 20 percent of the desktop browser market and the incorporation of the privacy patch is bound to be a blow to the advertising community.

Mayer said third-party websites that use cookies can work around the policy’s technical limits up to a point, but added “undermining the policy’s privacy purpose is never acceptable.”

“If a Firefox user appears to have intentionally interacted with your content, take the same approach as for Safari users,” he said. “Examples of content within this category include Facebook apps and comment widgets where a user has typed text.

“If a user does not seem to have intentionally interacted with your content, or if you’re uncertain, you should ask for permission before setting cookies. Most analytics services, advertising networks, and unclicked social widgets would come within this category.”

Mayer also pointed out the new policy does not address pre-existing cookies. He said Firefox users should clear their cookies to fully benefit from the new patch.

Mayer said the current patch is only the beginning, as far as he is concerned. He also hopes to extend the cookie policy to other storage technologies such as HTML5 Web Storage and relax the cookie policy for websites that honor Do Not Track.