Mozilla's to implement Cookie Clearinghouse privacy information in Firefox

Martin Brinkmann
Jun 20, 2013

Mozilla stopped the deployment of Firefox's third-party cookie patch from progressing to Firefox Beta because of two issues the organization identified in the new privacy feature of the web browser.

The new cookie directive aimed to block all third party cookies in the browser with the exception of third party cookies from websites that you have visited before.

The first issue arose when websites used different servers to deliver contents to users, say a content management system and the original domain. While Firefox would accept cookies from the original domain on third party sites, it would block cookies from domains that are used to deliver site contents, since it was never visited before even though it belongs to the same company or publisher.

The second issue had something to do with the whitelisting of cookies from domains that you have visited in the past. Visiting a website in the past does not necessarily mean that you consent to being tracked by it on third party websites.

A basic example is your interaction on social networking sites like Facebook or Google+. While you may enjoy spending time on those sites, you may not want to be tracked by their scripts on third party websites.

One possible solution that Mozilla favors currently is the Cookie Clearinghouse proposal. It is powered by block-lists and allow-lists "based on objective, predictable criteria".

The block list will be used to block the automatic acceptance of cookies from third party domains even if the user has visited that domain in the past. So, even if you have visited Facebook or Google+ in the past, their widgets may not be able to read or set cookies on third party sites, provided that the domains are on the block list.

The accept list fixes issues where cookies are allowed to be set by two different domains belonging to the same company or publisher. This is for instance the case for two first party domains that are used to deliver the site's contents.

Browsers like Firefox or Opera (Opera Software is on board as well) can make use of the lists the project makes available to better manage exceptions in regards to third party cookies in the web browser.

Mozilla plans to cache the lists locally just like it does for safe-browsing. The project is just starting up. This also means that the current implementation of third party cookie blocking in Firefox will remain in the Aurora and Nightly channels for now until the revised features have been implemented by the team.

The proposed solution should give users better control over the browser's third party cookie handling. It remains to be seen how it will be implemented in the browser, and if there will be options to not use the lists but handle all cookies manually instead.

As always, we will keep you informed about how this progresses.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. Uhtred said on June 21, 2013 at 3:41 am

    Thanks for clear explanation, sometimes the cookie business gets confusing.
    Full control over them gets my vote too.
    I sometimes wonder if everyone would be so accepting of cookies if they had originally been named “personal activity monitors” instead.

  2. ilev said on June 20, 2013 at 10:28 am

    Google’s Chrome doesn’t have any issue with blocking all 3rd party cookies.

    1. someone said on June 21, 2013 at 5:43 am

      And neither does Safari on iPhones, iPads, etc.

  3. Nebulus said on June 20, 2013 at 8:09 am

    I’m always wary when I see things like “based on objective, predictable criteria”. I hope they will give users full control over the cookies, because my criteria might not match theirs all the time.

    1. Martin Brinkmann said on June 20, 2013 at 8:50 am

      I agree. I do hope as well that they provide users with full control over the feature.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.