Mozilla changes Firefox's cookie policy, improves user privacy - gHacks Tech News

Mozilla changes Firefox's cookie policy, improves user privacy

Many browser developers have added various features and options to their web browsers to improve the privacy of users on the Internet. All include a private browsing mode for instance now which users can make use of to prevent the saving of session related data on the computer system they are using.

Companies have also pushed forward the Do Not Track feature which tells websites that users do not want to be tracked. Do Not Track is not a mandatory feature though and it is up to each individually website and company to either comply with the request or ignore it.

Cookies, small data files saved to the local system when users connect to websites, are often used to track users on the web.A distinction is made between first party and third party cookies. First party cookies are saved by the domain a user is connecting to.

If you open the Reddit homepage for instance, any cookie send by Reddit to the local system is considered a first party cookie. Third party cookies on the other hand originate from scripts that are run on a site. A script like Google Adsense saves cookies on the system. It is allowed to do so because it is run on the site the user is connecting to.

firefox accept third party cookies visited sites screenshot

Mozilla two days ago announced a change to how the Firefox web browser is handing cookies in the future. Firefox from version 22 on will handle cookies in the following way:

  • First party cookies are still saved automatically unless the user has modified the preferences of the browser in this regard.
  • Third party cookies are only saved to the system if its origin has at least one cookie set already. So, if you go to a site that has a Facebook like button implemented, Facebook may not be able to set a cookie on your system unless you have been to the main Facebook website previously.

The new policy is not as strict as disabling all third party cookies using Firefox's preferences, but stricter than how Google Chrome is currently handling cookies (allow all).

Impact on site functionality should be minimal as third party cookies are usually not required for a site's functionality.  Some sites will break however as a consequence and it is not really clear how those will be handled when the patch lands in Firefox 22.

One suggestion that has been made was to accept third party cookies for a session and delete them once the session ends. This would remove the tracking aspect without interfering with site functionality.

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. ilev said on February 24, 2013 at 4:44 am
    Reply

    Safari has this policy for years.

    1. Martin Brinkmann said on February 24, 2013 at 4:50 am
      Reply

      Right, thanks for the tip btw.

      1. ilev said on February 24, 2013 at 10:48 am
        Reply

        :-)

    2. Ahmad said on February 24, 2013 at 5:40 am
      Reply

      Bug was parity safari so already know but thanks for sharing with others.

  2. Transcontinental said on February 24, 2013 at 11:11 am
    Reply

    I guess the default value for third-party cookies will be “always” as it will have been previously.
    In 12 years on the Web, I’ve never allowed 3d part cookies, IE as well as Firefox. I recall a problem once. There is no legitimate reason for those cookies, if required I ban the site from my occupations.

    1. Martin Brinkmann said on February 24, 2013 at 11:55 am
      Reply

      As far as I understood it, Firefox 22 and newer will block third party cookies by default unless the originating server has set at least one first party cookie.

      1. Transcontinental said on February 24, 2013 at 1:59 pm
        Reply

        OK. Good. Once you are aware of the number of users that stick on default settings whatever application it be, opting in (with security & privacy as references) is truly fair-play.

  3. Nebulus said on February 24, 2013 at 2:16 pm
    Reply

    I believe that this is a good idea, as long as the user keeps the option to set this to never or always (and from your screenshot it seems that it will).

  4. anonymous said on February 24, 2013 at 11:30 pm
    Reply

    It would be nice if they eventually make it where the flash cookies can be seen and be separate as well.

    1. Martin Brinkmann said on February 25, 2013 at 3:26 am
      Reply

      They will include other forms of storage in future upgrades.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.