Firefox moving forward to block third party tracking
Posted by: Jon on 06/19/2013 02:54 PM
[
Comments
]
Firefox has decided to move forward with the patch to block third-party cookies. The company had suspended the move back in May, 2013, because as Mozilla co-founder Brendan Eich stated on his blog, they wanted to "work on it some more, before moving to the next stage."
-False positives. For example, say you visit a site named foo.com, which embeds cookie-setting content from a site named foocdn.com. With the patch, Firefox sets cookies from foo.com because you visited it, yet blocks cookies from foocdn.com because you never visited foocdn.com directly, even though there is actually just one company behind both sites.
-False negatives. Meanwhile, in the other direction, just because you visit a site once does not mean you are ok with it tracking you all over the Internet on unrelated sites, forever more. Suppose you click on an ad by accident, for example. Or a site you trust directly starts setting third-party cookies you do not want.
The challenge was to find a way to address these sorts of cases. We are looking for more granularity than deciding automatically and exclusively based upon whether you visit a site or not, although that is often a good place to start the decision process.
The Washington Post reports that the blocking technology that Mozilla is developing borrows heavily from Apple’s Safari browser, which blocks all “third-party” cookies, meaning tracking codes from sites that users do not intentionally visit.
Mozilla officials say they have refined that approach in recent months to allow third-party cookies in rare cases — for example, when a site that a person visits regularly uses a different Web address, which sometimes is done for security purposes.
Eich was pleased to announce that Aleecia McDonald of the Center for Internet and Society at Stanford has launched just such a list-based exception mechanism, the Cookie Clearinghouse (CCH).
He goes on to say that the CCH proposal is at an early stage, and they crave feedback. This means we will hold the visited-based cookie-blocking patch in Firefox Aurora while we bring up CCH and its Firefox integration, and test them.
The clearest losers in Mozilla’s plan according to the Washington Post, will be companies that track users without their knowledge. They will be permitted to request permission to place a cookie in Firefox, but users might have little incentive to allow a company they aren’t familiar with to have access their browsing data.
“For them, it is going to be difficult,” McDonald says, but “bringing them out into the light is not a bad thing.”
McDonald was formerly co-chair of a two-year-old effort to get the advertising industry, browser makers and privacy advocates to agree on an initiative called “Do Not Track,” which was endorsed by the White House and Federal Trade Commission. It was aimed at giving users the ability to block tracking by changing the settings on their browsers — no matter what company made them — but the sprawling working group has struggled to reach a consensus.
-False positives. For example, say you visit a site named foo.com, which embeds cookie-setting content from a site named foocdn.com. With the patch, Firefox sets cookies from foo.com because you visited it, yet blocks cookies from foocdn.com because you never visited foocdn.com directly, even though there is actually just one company behind both sites.
-False negatives. Meanwhile, in the other direction, just because you visit a site once does not mean you are ok with it tracking you all over the Internet on unrelated sites, forever more. Suppose you click on an ad by accident, for example. Or a site you trust directly starts setting third-party cookies you do not want.
The challenge was to find a way to address these sorts of cases. We are looking for more granularity than deciding automatically and exclusively based upon whether you visit a site or not, although that is often a good place to start the decision process.
The Washington Post reports that the blocking technology that Mozilla is developing borrows heavily from Apple’s Safari browser, which blocks all “third-party” cookies, meaning tracking codes from sites that users do not intentionally visit.
Mozilla officials say they have refined that approach in recent months to allow third-party cookies in rare cases — for example, when a site that a person visits regularly uses a different Web address, which sometimes is done for security purposes.
Eich was pleased to announce that Aleecia McDonald of the Center for Internet and Society at Stanford has launched just such a list-based exception mechanism, the Cookie Clearinghouse (CCH).
He goes on to say that the CCH proposal is at an early stage, and they crave feedback. This means we will hold the visited-based cookie-blocking patch in Firefox Aurora while we bring up CCH and its Firefox integration, and test them.
The clearest losers in Mozilla’s plan according to the Washington Post, will be companies that track users without their knowledge. They will be permitted to request permission to place a cookie in Firefox, but users might have little incentive to allow a company they aren’t familiar with to have access their browsing data.
“For them, it is going to be difficult,” McDonald says, but “bringing them out into the light is not a bad thing.”
McDonald was formerly co-chair of a two-year-old effort to get the advertising industry, browser makers and privacy advocates to agree on an initiative called “Do Not Track,” which was endorsed by the White House and Federal Trade Commission. It was aimed at giving users the ability to block tracking by changing the settings on their browsers — no matter what company made them — but the sprawling working group has struggled to reach a consensus.
Comments
