Mozilla plans to launch a new anti-tracking method in Firefox 65 that blocks tracking resources from accessing storage on all desktop platforms. The new policy is designed specifically to limit cross-site tracking while minimizing site access and rendering issues.
The actual implementation depends largely on tests in pre-release versions of the Firefox web browser. Mozilla runs a Shield study in Firefox Beta 63 at the moment.
Firefox users may have a couple of questions when it comes to the new "Cookie Jar Policy" and how it differs from using the built-in Tracking Protection feature or third-party extensions to block certain types of connections or content in the browser by default.
Firefox's Tracking Protection feature uses a list of known trackers that is maintained by Disconnect. Mozilla uses the "basic protection" list by default but Firefox users may switch to the strict protection list on about:preferences#privacy to block more trackers even if they may cause websites to render incorrectly or function properly.
Firefox won't classify domains as trackers when they are loaded as top-level sites owned by the same organization.
The new feature that is undergoing tests right now uses the same Disconnect list that Firefox's Tracking Protection feature uses. The main change that it introduces comes in form of a new policy that blocks access to cookies and site storage for identified tracker resources.
In particular, the following happens when the feature is enabled:
Firefox users can enable the new policy in pre-release versions of Firefox. We will update the article if the feature is available in Stable versions of Firefox as well. If tests go well, it may be included in Firefox 65 Stable.
Mozilla added a new value to the network.cookie.cookieBehavior of the browser. The preference supports value 4 now which enables the new behavior.
Mozilla notes that the blocking of some tracking resources would break functionality on some websites. To limit breakage, Firefox allows access to storage for trackers if the user interacts with third-party resources.
Currently, Firefox includes some web compatibility heuristics that grant storage access to third-party resources classified as trackers when a user interacts with those third parties. We do this when we expect that not granting access would result in the web page to break.
Access to storage may be granted "when a user gesture triggers a pop-up window that has opener access to the originating document".
Granted storage access expires after 30 days automatically on a per-site basis. If a tracker is granted access on multiple sites, expiration dates are handled independently from one another.
The new Cookie Jar Policy improves user privacy when enabled. While some users may argue that it is not going far enough, others may find it useful enough to use it in favor of other anti-tracking methods.
The feature is a work in progress and subject to change. Firefox users and webmasters interested in the feature can check out the feature's entry on the Mozilla Developer website for additional information.
Webmasters find information on how to test their websites to make sure that the new policy does not break functionality.
Now You: What is your take on the new feature?Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.