Mozilla has strengthened Firefox already impressive arsenal of privacy technology Tuesday with adding a new tool in its flagship browser: Total Cookie Protection. As the name suggests, the feature promises to put the lid on any creepy cookie or third-party tracking technology that might want to track your behavior from site to site.
Before going into the specifics Firefox’s latest feature is worth a quick recap of some of them the basics about how cookies actually work. Broadly speaking, the tiny strings of text we call “cookies” all have the same purpose in mind: identifying the unique browser session on your unique computer and storing that data for later. It depends on flavor of the cookies involved, that the stored data could be used for one of two things: either tracking your behavior on that website (primary cookies), or tracking and compiling your behavior on several different sites (third party cookies).
Explaining how these third-party cookies keep you on the web is a bit tricky (although Mozilla has detailed the finer points of third-party tracking in this blog). In short, the reason why these cookies seem to persist continuously (and continuously) is due to the fact that almost any site you can name has, without a doubt, a number of these thirds.party cookies hidden in its edges – and sometimes this number is in thousands. If you happen to visit two sites that use the same bit of third-party code, nothing will stop the company behind that third-party code from synchronizing that data for their own purposes.
The way this new Firefox feature bypasses everything that’s actually pretty smart: keeping a separate “jar of cookies” for each individual site. Again, Mozilla pointed out with help nitty-gritty about how this works on your own blog and promises – in short – that these jars will prevent third parties from hiding cookies from multiple sites behind the scenes.
This total protection of cookies technology is a direct pursuitup to another security update that launched towards the end of January, when Mozilla announced that Firefox would now isolate its cache and network connection data from one site to another. Mozilla pointed out at the time that these types of data stores could be abused to create essentially a new type of cookie (literally called a “supercookie”). much harder to shake.
G / O Media may receive a commission
This all sounds totally great on paper, but as I have shown Before, Firefox statements weren’t always sealed. This also applies to its promises regarding the total protection of cookies.
For starters, Mozilla mentions that feature
makes a limited exception for cross-site cookies when they are needed for non-tracking purposes, such as those used by popular third-party login providers.
And this
does not currently restrict access to third-party storage for resources that are not classified as tracking resources.
Although the post does not go into detail about what these exceptions look like, this technical document on the Mozilla developer’s blog offers some clues.
First of all, it’s worth noting that Firefox’s definition of what a “tracker” actually is could be narrower than you would think. Because it exists literally thousands of players in the growing adtech ecosystem and because the list of trackers that Firefox uses (which you can see for yourself) Here) is relatively short by comparison, inevitably people using Firefox might see a cookie or two slipping under Firefox’s radar – and tracking them on the web – just because that cookie doesn’t fit Firefox’s definition of what could be a “Cookie”.
And once these trackers are private, they are free to access cookies and other site storage and use those identifiers to track users on multiple sites – at least for now. According to the Mozilla developer blog, the company “may choose to apply additional restrictions on access to third-party storage in the future,” even for widgets that are not necessarily classified as “trackers” in Mozilla’s strict definition.
Apart from this murky definition, there is also the fact that Firefox offers certain third party tools unrestricted access to multiple sites as a way to “prevent website breakage.” The biggest culprit here, as Mozilla pointed out, is single sign-on services (SSO), aka the buttons that allow you to connect to a site using your Facebook or Google account. Not in vain, but given how these two companies have a kind of lightless reputation In terms of privacy, I’d rather not give them – or their login widgets – a free license.
But we give Firefox credit. No browser is perfect. Even if Mozilla doesn’t live up to its promises of privacy, at least it’s not Google Chrome.