In association with heise online

25 February 2013, 16:06

Firefox 22 to block third-party cookies

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Firefox logo

A patch submitted for inclusion in Firefox 22 by Jonathan Mayer means that this version of the browser will block third-party cookies by default without requiring the user to set a custom history policy and then forbid the accepting of those cookies. The policy is slightly more nuanced in that Firefox will accept third-party cookies from sites which have created a cookie for themselves when the user has previously visited them. But this policy will potentially see cookies from advertising networks that are used to track the browsing habits of users being blocked, as it is unlikely a user will have visited the advertising networks directly.

The patch is expected to be released in a development version of Firefox 22 on 5 April. Users will still retain the option, as with current versions of the browser, to manually set the browser to not accept any third-party cookies.

Mike Zaneis of the Internet Advertising Bureau described the new setting as "a nuclear first strike against [the] ad industry". Mayer, on the other hand, points out that Safari has been using a similar policy to what his patch entails for approximately the last ten years. In fact, the policy coming with Firefox 22 would be "a slightly relaxed version" of what Safari already does. He recommends that web site owners should treat Firefox users in the same way as they currently treat visitors to their site who use Safari.

Mozilla has been instrumental in the development of the Do Not Track (DNT) standard which uses browser headers to opt users out of tracking by third parties, but which also requires browser vendors and the advertising industry to honour the preferences set by the user. So far, no consensus has been reached between these parties on how exactly the DNT headers should be treated, which currently makes the technology ineffective as advertising companies can just choose to ignore the setting. To be effective, DNT would have to be backed by legislation forcing companies to honour the headers.

Mayer says that he would like to extend the policy to HTML5 Web Storage in the future and that he would recommend relaxing the cookie policy for web sites that honour DNT settings reliably. He is also interested in providing "a uniform mechanism for requesting storage permissions" for web sites in general.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit