Firefox 22 Won't Block Third-Party Tracking Cookies: Why Mozilla Delayed Default Blocker And How Your Privacy Is Affected

After all the fuss we've heard about Mozilla Firefox update 22 including a controversial third-party cookie tracking blocker, it seems that it might have been a little too good to be true as Mozilla announced this week it will delay blocking third-party cookies as a default setting until a little more work is done.
What's New In Firefox 21? Greater Social Integration, Stronger Privacy Settings and New Browser Health Report
Earlier this week Mozilla released Firefox update 21 to users, which included a number of desirable new features such as greater social networking integration through the inclusion of a Facebook Messenger for Firefox along with the ability to receive these real-time updates from your social networks. Foxfire update 21 also included some tweaking to the popular Do Not Track feature found in the privacy tab, which allows users to tell websites "I don't want to be tracked" Probably my favorite addition however is the new Health Report which helps users speed up browser's start-up time and reduce crashes by helping users understand why problems are occurring and fix them.
Mozilla Firefox Beta 22 Released But Default Cookie Blocker Won't Be Included
Soon after the release of Firefox 21, the beta of Firefox 22 was seeded to developers for testing while at the same time the company made the announcement, that for now the third party cookie tracking blocker which was rumored to be a default setting in the latest version of Mozilla Firefox would be delayed.
According to the company, the reason for the hold of the privacy default setting is so that they can "collect and analyze data on the effect of blocking some third-party cookies."
Though Mozilla has acknowledged it's interest in testing a patch by a young Stanford law student Jonathan Mayer, which would by default block cookies from sites users have never visited, still it seems there are some concerns. Not only are the ad companies pitching a pretty epic sized fit right now, Brendan Eich, the CTO for Mozilla and senior vice-president of engineering there also stated there are factors which must be considered that haven't directly come to light yet.
On Thursday Eich wrote a blog post that detailed the reasons the company saw it best to delay the third-party cooking tracking by default in Firefox 22. Still, woven throughout readers can see Eich's contained commitment to user privacy and security.
So what are the reason's the default block on cookie tracking will be delayed in Foxfire 22?
Here is what Eich had to say:
"Mozilla is engaged in a broad, deep conversation about Internet privacy. We believe in putting users in control of their online experience, and we want a healthy, thriving web ecosystem - we do not see a contradiction. However, sometimes a crucial experiment is required to prove it.
To this end, we are testing a patch from Jonathan Mayer. Jonathan's patch matches how Safari has worked for years, and does the following:
  • Allows cookies from sites you have already visited.
  • Blocks cookies from sites you have not visited yet.
The idea is that if you have not visited a site (including the one to which you are navigating currently) and it wants to put a cookie on your computer, the site is likely not one you have heard of or have any relationship with. But this is only likely, not always true. Two problems arise:
False positives. For example, say you visit a site named, which embeds cookie-setting content from a site named With the patch, Firefox sets cookies from because you visited it, yet blocks cookies from because you never visited directly, even though there is actually just one company behind both sites.
False negatives. Meanwhile, in the other direction, just because you visit a site once does not mean you are ok with it tracking you all over the Internet on unrelated sites, forever more. Suppose you click on an ad by accident, for example. Or a site you trust directly starts setting third-party cookies you do not want.
Our challenge is to find a way to address these sorts of cases. We are looking for more granularity than deciding automatically and exclusively based upon whether you visit a site or not, although that is often a good place to start the decision process.
We plan to ship an evolution of the patch "on" by default, but we want to make refinements first. To make sure we get this right we need more data. Our next engineering task is to add privacy-preserving code to measure how the patch affects real websites. We will also ask some of our Aurora and Beta users to opt-in to a study with deeper data collection.
There are many conflicting claims about how this patch will affect the Internet. Why debate in theory what we can measure in practice? We are going to find out more and adjust course as needed. This is the essence of the release test cycle."
Although default cookie-tracking blockers have long been a native part of Apple's Safari browser and seem to work just fine, looking objectively one can certainly see the reasons for Mozilla wanting to do some additional testing. Some might say the non-profit company is bowing under the pressure being placed on them by ad companies who rely heavily on tracking user behavior to tailor ads to the individual. Still, Eich declares they are committed to the users of their products and as such will do the required testing to ensure this good thing really is everything it's cracked up to be. So basically ad companies just earned themselves an additoon6 free weeks of tracking but nonetheless this is no time for them to get excited. The delay has nothing to do with them and everything to do with the user experience.
Though the creator of the third party cookie blocker, Jonathan Mayer has been plenty vocal enough about his disregard for the interests of advertising companies, he even sees the wisdom in postponing the default setting in order "to improve our understanding of false positives (i.e. trusted third parties) and false negatives (e.g. untrusted first parties that are grandfathered in or that the user is temporarily redirected through)."
It will be interesting to see what comes out of the six-week testing period and if in fact these false positives and negatives hold implications not yet considered for our privacy in online browsing.

By Cammy H.

0 yorum: