All Firefox users are now protected better against online tracking
Mozilla announced today that it is rolling out Total Cookie Protection to users worldwide and turning it on by default.
Total Cookie Protection can best be described as a sandbox for cookies. To better understand what it does, it is necessary to understand how cookies work without it.
When a user visits a website, the site, and any other site that has elements on the opened page, may place cookies and other data on the user's device. Some companies use these cookies to track users across websites and pages. The wider their reach is, the better their ability to track users.
Browsers included options to deal with cookies for a long time. Most allow users to block third-party cookies outright or delete cookies regularly. There are also extensions that help with cookies, such as Cookie AutoDelete.
Total Cookie Protection in Firefox
Total Cookie Protection in Firefox limits cookies to the websites they were created on. These cookies can't be accessed by other websites, which makes them for the use of tracking useless. In other words: cookies have only a limited use now in Firefox when it comes to tracking.
Firefox users had to enable the Total Cookie Protection feature manually up until now, using the Custom Enhanced Tracking Protection settings.
Mozilla is rolling out a change that adds Total Cookie Protection to Firefox's standard Tracking Protection mode. Enhanced Tracking Protection improves protection against online tracking through a variety of defensive tools.
The standard protection is the default, and it blocks social media trackers, cryptominers and fingerprinting scripts. Now, it is also blocking third-party cookies used for tracking users by default.
Note that the options is also enabled in Strict mode, and that users may configure it to be enabled in custom mode as well.
The change improves tracking protection in Firefox significantly. Previously, Firefox users had to enable the Total Cookie Protection feature manually in the browser to improve protection against cookie-based tracking.
Mozilla began prompting desktop users about the feature in May 2022 and launched it in Firefox for Android in November of the same year. Firefox did block a list of known tracking cookies at that point already.
Now that Total Cookie Protection is on by default in Firefox, Firefox users are better protected when it comes to cookie-based tracking. It is a good step in the right direction.
Those who want even more protections may want to check out Mullvad Browser, which is based on Tor, which itself is a modified Firefox ESR build.
Now You: How do you handle cookies in your browsers?
Nice feature. This should be applied by Chrome and Egde too. Thanks for the article!
If you are a Chrome or Edge user, you have already given up on privacy.
Why care about cookies lol
Good thing I use Opera and Brave then.
Indeed. You clearly know all about privacy. All Google based browsers and especially Opera is the pinnacle of privacy and security.
Or rather people should stop using Chrome and Edge, Brave and anything on Chromium!
And use Firefox the best browser!
And use it with uBlock_Origin as adblocker!
Firefox was the best browser in 2005 until 2008, then Chrome came and Firefox became an afterthought. Nobody uses it anymore.
People don’t make forks of it anymore.
Why? Because it’s not worth it.
A fork of Firefox was released literally one week ago (Mullvard).
Rubbish Allwynd! You have a tunnel vision if you think nobody makes forks of Firefox anymore. I’m using one right now called Floorp which functions perfectly 99% of the time. For the odd 1% when it won’t load a particular site I’ll switch to FF.
Firefox is still an excellent browser to protect user privacy and will continue to do so for years to come I’m sure.
But check your own browser against this link and you may be surprised about how it compromises your privacy. https://www.unixsheikh.com/articles/choose-your-browser-carefully.html
Don’t pay any attention to him. He is trying to become the new Iron Heart, but unfortunately he does not know much about browsers, so he just ends up looking to silly. He just wrote a post about how the CCP backed Opera browser is the best for privacy.
Even the old Iron Heart is dogshit knowledge at best, lmao browser expert who couldn’t even write adblock rules by himself and rely on rule writters/brave writter to write rules for him.
Allwynd, “no one uses FF”. Well, I use it and I know there are a few guys who do the same. Besides, if an app doesn’t have forks it may mean the app is perfect… However, two trivial observations: FF is really good but not perfect, and it has forks.
Hi Martin and everybody else,
After updating to Firefox 112 i noticed a very clear new behavior, which seems to be a bug, right after I close down/exit Firefox, another Firefox entry is created and pops up in the Dock for no good reason. It happens everytime and is easy to reproduce. If I start and close Firefox 5 times then I end up having 5 Firefox icons sitting in the Dock. Not a difficult bug per se since it is easy to delete the icon, but still annoying of course. This system runs macOS Mojave.
Firefox has become self-aware and is multiplying … beware the gray goo ( https://en.wikipedia.org/wiki/Gray_goo )
On my MacPro (FF112.0.1/macos10.13.6) I noticed when I quit Firefox all the icons in the dock now jiggle slightly as if one of them is changing to a different width and jostling the rest around a bit. No additional icons appear, tho.
It doesn’t behave that way on Windows 8.1 so maybe it’s an Apple setting which is causing it.
Maybe check Apple support forums and see if anybody else has experienced the same behaviour.
Update. Fixed in 112.0.2:
…And of course this new feature is illustrated with some hippy-dippy artsy drawing.
I don’t find this option in 112
Just look at privacy options, default (standard), you will see an advice that it’s applied.
“Most allow users to block third-party cookies outright or delete cookies regularly. There are also extensions that help with cookies, such as Cookie AutoDelete.”
That’s my choice, together with FPI (First-Party Isolation) enabled, all Third-party cookies blocked and Tracking Protection disabled :
pref(“privacy.firstparty.isolate”, true); // DEFAULT=false
Tracking protection managed by uBO filters together with system-wide blockers.
I don’t like, I do no want, I do not accept 3rd-party cookies. Firefox’s built-in Tracking Protection delegates some rights to some specific sites to lay their 3-rd party cookies, i.e. YouTube : visit a site which includes an embedded YouTube video and a 3rd-party YouTube cookie will appear. I refuse that. Period. In my view these delegations are mainly intended for corporations which need cross-site access in order to maintain their cross-site supervision, Google to start with but not only. FPI (born with TOR) is the way to go IMO, at least as long as it available.
Moreover, as mentioned in the article, the ‘Cookie Autodelete’ not only will handle the user’s choice regarding site-specific cookies but as well site-specific localStorage, IndexedDB, Plugin Data, Service Workers : you exit a site, you may keep or remove all or either of these caches within the very session. That’s how I conceive a clean journey on the Web, that’s how I conceive anti-tracking efficiency.
@Tom Hawack, I always like your opinions even though this site is constantly promoting Windows 11!
Can you upload for example here: https://www.upload.ee/
your personal “Cookie Autodelete” settings?!
Just to add that I am using Ungoogled chromium and would like to test this extension along with your custom settings.
Thank you, I hope you will accept my request with good feelings so that we can all be useful to each other.
Hello @sal, of course I can share my settings regarding cookies management in Firefox, version 112.0.
Be noted nevertheless :
1- As all preferences ours may not be theirs. Sharing is not an incentive to adopt.
2- I use a 155KB config.js file to hold all my Firefox about:config settings. This config.js file is meant to be used within Firefox’s AutoConfig feature. The extract I share is only 10KB. Requires modifications if copied to a user.js file.
3- The config.js file I share has been cleaned of all settings not pertinent to cookies, in fact I’ve left only the
// [SECTION 0501]: ISOLATION, COOKIES, TRACKING PROTECTION, CONTENT BLOCKING
4- All specifics to config.js and AutoConfig have been added/commented in the shared file.
I’ve discovered the [https://www.upload.ee/] that you propose : quite nice. The file is available there :
Feel free to about what could puzzle you or with which you’d disagree.
@Tom Hawack, the extension does not accept this file with .js extension for import.
I mean share the settings from here: chrome-extension://fhcgjolkccmbidfldomjliifgaodjagh/settings/settings.html#tabSettings -> for me it will be import.
But you’re on Firefox, here’s a picture of where I want your settings from: https://i.postimg.cc/pLFNmv1p/Ahh.png
I haven’t used this extension before, but I think this menu adds all the settings of the extension.
That’s why I’m asking for this file.
@sal, terribly sorry, my fault : you had written “your personal “Cookie Autodelete” settings?!” and I read “your personal “Cookie” settings?!”. Rush, not stress :=)
Of course your ‘Cookie Autodelete’ won’t import such a config.js file when it backups user settings to CAD_CoreSettings.json and CAD_Expressions.json …
The screenshot of the ‘Cookie Autodelete’ settings you provide (in Russian I presume) refers as it seems to the ‘Core settings’ : here are mine for ‘Cookie Autodelete’ version 3.8.2 :
Sorry again :=)
@sal, I forgot to mention given it seems obvious : the core settings are the basis but fine tuning is all in the ‘Expressions’ which include the user’s per-site decisions which, if not provided by the user, will consider those of the ‘CoreSettings” …
I suggest, as it appears on my ‘CoreSettings’ a lite “for-all” approach in order to avoid problems and then a fine-tuning throughout sites for which you aim to keep either cookies (or some of them) and localStorage and IndexedDB : for instance I have settings for a site which keeps my settings not in a cookie bur in my localStorage and also in my indxedDB. If I wish to keep those settings and keep them once Firefox is closed Ill have to :
1- Be sure the site’s permission is to ‘accept’ cookies in case my Firefox settings are set to clean cookies on exit : if so, when on the site, open Firefox’s ‘Page Info’ / Permissions / Set cookies a’nd choose ‘Allow’.
2- In ‘Cookie Autodelete’, from its toolbar button, the site is displayed : choose ‘+Whitelist’ to keep after Firefox exit (or ‘+Greylist’ to keep for session only in which case step (1) above is obsolete and/or not advised) and then select what you want to keep within the displayed ‘Options’ (cookies, localStorage, cache etc…). in my case for the site I needed only to keep the localStorage I checked only ‘LocalStorage’ … all removed when exiting the site except localStorage which includes my settings for that site.
Easy, easier to explain when sharing the screen. Hope you get it, I’m a bad teacher :=)
Feel free to ask for further explanations.
@Tom Hawack, thanks for the file. I will test this “Cookie Autodelete” extension because I have not used it before. ;) But I will test it with the correct (your personal) settings.
@Tom Hawack, it’s a shame I don’t have any personal communication with you because I’ve posted my previous comment here at least 30 times and it’s been deleted over and over again….
@Tom Hawack, no, it’s not Russian. ;) We have given the script/alphabet and the language to Russia, because since the past we are Slavic and Christian brotherly peoples. ;) (This is a historical fact).
@sal, great! Hope you get along for the best with ‘Cookie Autodelete’ — Feel free to ask for help/advice
No personal communication here, only dialogs via comments. Odd : “I’ve posted my previous comment here at least 30 times and it’s been deleted over and over again….”. Better to add brackets to urls [[email protected]] and add an email to your comments. Usually if above conditions are fulfilled comments get published immediately.
It wasn’t Russian. Dear me, a lot to learn :=)
I’ve processed the image [from: https://i.postimg.cc/pLFNmv1p/Ahh.png%5D via an online OCR [https://www.imagetotext.io/] and submitted the text to the Polyglot 3000 offline application that i’ve been using for years [https://www.polyglot3000.com/index.shtml] which reported the language as Bulgarian : that’s for a reasonably curious guy’s satisfaction :=)
All the best! Yes, i run Firefox as you’ve understood but the ‘Cookie Autodelete’ core settings should apply I believe on all browsers which support this extension, mainly Chrome given Chrome is the browser you refer to.
Read you later :=)
@sal, I have to bring an erratum.
I wrote above that “I suggest, as it appears on my ‘CoreSettings’ a lite “for-all” approach in order to avoid problem[…]
In fact the “Cookie Autodelete” (CAD) core settings I shared proceed the other way around : in ‘Other Browsing Data Cleanup Options’ you can see that I’ve checked all except ‘Enable cache Cleanup’ which means that by default CAD cleans all it can (except sites’ cache data) when exiting whatever site.
Usually I set lite default settings but I made an exception for CAD given by default I have no reason to keep sites’ data and make an exception when applicable. Why not sites’ Cache? Because I still haven’t understood what exactly it corresponds to given that checked or not I experienced no differences …
I may be overdoing it but since I wrote it by mistake I have to correct it as well.
[Obviously, wherever there are links, I’ll put brackets.]
I’m still getting used to this new extension for me. Of course – deleted everywhere I was logged in. :}}} And everywhere I remember, I log in again and add for every site that has an account and use it regularly, in the whitelist cookies. That’s how I found that the next time I start Ungoogled chromium the cookies are not deleted.
On the other hand, the sites that I visit, but are not important to me or do not have usernames, the features of this extension are useful to me, and I understand that cookies are deleted precisely for such sites.
Am I understanding and using this “Cookie Autodelete” extension correctly so far? :}
[By the way – I never clearly saw how you use DNS proxies, were they – I read in some old topic here, but… I don’t have your facebook account to comment, but…]
(I’m putting the parentheses because I’m tired of saving to text files what I write, refreshing the page here and posting again and again because the bot rubs….)
@sail is it, no longer “sal” : OK!
> “Am I understanding and using this “Cookie Autodelete” extension correctly so far? :}”
I would have been surprised otherwise!
> “[By the way – I never clearly saw how you use DNS proxies, were they – I read in some old topic here, but… I don’t have your facebook account to comment, but…]”
That’s two different things.
I resolve DNS requests with DNSCrypt-Proxy [https://github.com/DNSCrypt/dnscrypt-proxy] : that may be what you’re referring to.
Facebook? I don’t have a Facebook account not any other social site account. I avoid all and that includes preventing any access by blocking them through blacklists (another feature of DNSCrypt-proxy) : we won’t get to communicate through that channel :=) An half-exception for Twitter which I redirect to Nitter instances (read-only).
> “(I’m putting the parentheses because I’m tired of saving to text files what I write, refreshing the page here and posting again and again because the bot rubs….)”
I don’t understand that point : what do parentheses have to do with your comments being delayed? Once you’ve hit [POST COMMENT] the page refreshes automatically, parentheses or not. if it doesn’t for you then the explanation/culprit/solution is elsewhere. No idea.
I mean I post a comment less than a minute later and it gets deleted maybe by a bot. (That’s why when I post my comment – and I save it to a text file to put it back here for you to read and it’s like that in every comment I post – constantly the bot deletes my comments). :}
I just realized a mistake in the above config.js file I had shared.
Though it appeared this file had nothing to do within our concerns, given I shared it and for those who’d wonder why the file is incomplete :
I had cut incorrectly the cookie section after sub-section (5)
I’ve fixed this by adding sub-sections (6) to (9) : [https://www.upload.ee/files/15115504/config.js.html]
If I shared it be it complete. It is now.
I like using Firefox and would like to create separate profiles for my Mum and Dad as they use the same PC and Mac.
I am a noob and was wondering if anyone can suggest an easy step by step way to install a separate profile for each of them?
Also, would using Firefox Beta separately interfere with profiles?
Appreciate your help.
The following gHacks link provides information for multi-profiles and Firefox:
Updated article: https://www.ghacks.net/2008/04/30/working-with-several-firefox-profiles/
The way I do it is to launch the Run command and type: “firefox.exe -p” (without quotes) which launches the “Choose User Profile” dialog window. Next, remove the checkmark from: “Use the selected profile without asking at startup” and then close Firefox.
Now, when you click the Firefox logo on the taskbar you’ll see that same dialog window where you can choose which profile you want to use. This assumes you named your profiles to something which identifies each user such as their name for example.
In my particular case I’m the only user, but I use different profiles for different things. For example, I use one profile for which cookies are set to “Strict” along with many more “about:config” settings.. In another profile they’re set to “Standard”. I just switch to whichever profile I want using the same dialog box described above.
This works for the Floorp browser which is a Firefox fork as well except that “floorp.exe -p” needs to be run instead initially.
This is why I use Firefox as my daily default browser. Nothing’s better than Firefox when it comes to privacy and security.
Firefox wants you to sign in to sync your browsers using the cloud. Once they have a rich database of user emails, the value of Firefox will be tremendous to the right buyer.
Totally agree with you Gergie.
In my main computer, I use Firefox standard 64-bit + Firefox ESR 64-bit.
Now You: How do you handle cookies in your browsers?
By following the rule of KISS.
1. Block all 3rd party cookies.
2. Delete all other cookies immediately upon leaving every website.
Cookie AutoDelete is okay but it can be resource intensive and all these addons/extensions are limited by Mozilla which is why the developer of Forget Me Not gave up.
I still use Cookie AutoDelete but have also tried others such as Flag cookies which seems to be updated often however I could not get it to function properly and accept my settings as it created a lot of problems with some websites and logins but that could be me just being incapable of setting it up correctly.
It might be worth looking at nonetheless.
I have been looking at a lot of extensions again lately and discovered some experimental extensions that show some promise in different aspects.
I haven’t tested this new feature in firefox yet but I would hope that there is some transparency as others have suggested here I imagine there is some sort of hardcoded whitelist benefits Mozilla in some way.
@Mystique, I had reviewed ‘Flag Cookies’ on AMO a month ago and haven’t changed my mind since :
Moreover if you couldn’t get it to function properly, I feel no incentive.
CAD (Cookie Autodelete) is flawless and handles all (Cache (site’s data), IndexedDB, LocalStorage, Plugin Data, Service Workers) flawlessly. Updates make sens when required technically, maybe aesthetically, otherwise the change for the change is meaningless IMO.
Username of your review – DaddyCool lol. Made me chuckle for quite a bit. Good way to start the day.
It’s tragically funny that the small number of people that are concerned about privacy and advocate for it, are busy attacking each other depending on if they are Team Brave or Team Firefox. While the behemoth Team Google just laughs and looks at them fighting for the crumbs. Why not be happy that people are concerned about their privacy and choose to enhance it, rather than bash a viable alternative. They both work well and it is a preference on which browser to choose. There are pros and cons to every product, however as long people avoid products from one of the dominant technology monopolies led by an American oligarchs the community should be happy. The more privacy choices that are out there, the better in my humble opinion. Competition is a driver for innovation
Maybe not a tragedy but funny indeed. Maybe not all of those “concerned about privacy and advocate for it, are busy attacking each other depending on if they are Team Brave or Team Firefox” but many, unfortunately.
It’s not specific to privacy concerns but perhaps to any area, technological or not, where people get committed to having a strong position because of the importance, at least the importance they give to given topics.
How to disagree with the good sens of your comment? You know, my belief is that ever since mankind arose at least two fundamental aspirations have slowed down its progress : domination and fear, both tied in an everlasting vicious circle. Freedom is also in one’s ability to exit that circle, like in cartoons where you see this figure escaping from a fight’s chaotic snowball-like spinning wheel :=)
It is definitely possible — I mean, within range — to conciliate convictions and dialog. Another advantage is that being sociable is not only an ethical, a polite form of relationships but as well the key to improving ourselves by adding an ounce or two of flexibility to our rigid minds. Not saying I always do myself but I believe I’m wrong when i don’t.
I wrote “You know, my belief is that ever since mankind arose at least two fundamental aspirations have slowed down its progress : domination and fear”
Fear is not an aspiration. I should have written “two fundamental sentiments” if “sentiment” is the right word in English (I think in French!).
My approach is similar to Tom H’s: FF ESR, FirstPartyIsolation, no 3rd party cookies allowed, uBlock Origin, CookieAutoDelete, permanent private browsing mode.
If a trusted site won’t work, I don’t whitelist; I have a vanilla installation of unGoogled Chromium – in permanent incognito mode – and I’ll open the site there.
In addition, Mullvad VPN, with its DNS-level ads, tracking and malware blockers turned on.
Yes, I accept there’s redundancy there, but it works for me. YMMV.
How does Total Cookie Protection compare to Firefox containers?
The only difference I can think of is that containers could allow segregating cookies from the same domain, e.g., using containers to have two different logins to the same website.
@ VioletMoon – thank you for replying to my request for the links on Firefox profiles:-)
I’ve created another profile now and it works! Many thanks!
I’ve searched in vain to find any multiple profile links for Firefox on Mac
@John–Maybe the old profile manager:
Good idea here–run a portable version and an installed version:
Yes, not much to go on, but it looks doable with some patience.
“All Firefox users are now protected better against online tracking”
I am not. Running the latest Firefox ESR.
This is the comment I was looking for as the title of this post is incorrect.
I do believe that Firefox ESR users are Firefox users, too.
@VioletMoon – thanks for those suggestions for the Mac. Will give them a go. Your suggestions for multiple profiles on my PC were implemented and run sleek and without a hitch. Appreciate your help.
I use several Firefox profiles on my Mac and I got the profile manager to start/show up at every fresh start, this way, I can easily pick the profile I want from the list and start Firefox. Go to the link below and follow the steps at “Start the Profile Manager when Firefox is closed”.
When done, you should see the manager that is shown in the screenshot at every start.
Be sure to not check “use the selected profile without asking at startup”, if you do, then the profile manager will not start the next time and you would need to go through the steps again.
Hope it helps. Take care.
@Karl Wow! that worked on my Mac!. Thanks for the warning to not check, “use the selected profile without asking at startup”. Appreciate your help.
You are welcome :) Happy to hear it worked out fine.
I wonder if those Firefox users who ONLY use this in-built tracking protection would have been protected from this “pixel” tracking scenario, if it would have had any effect and prevented this…
“Major UK pharmacy shares intimate customer data with Tiktok
Chinese social media giant TikTok receives detailed information about UK pharmacy customers and their online purchases.
LloydsPharmacy shares customer email addresses as well as information about symptoms and purchases, a Swedish Radio News investigation has found.
The pharmacy chain also shared such information with Facebook.
When Swedish Radio News examines hundreds of European online pharmacies, one of them stands out.
During our test, the UK pharmacy chain LloydsPharmacy runs tracking pixels from Facebook and TikTok on its website.
The pixels monitor our visit in detail. For example, they collect our exact search terms – such as “erectile dysfunction” and “irritable bowel syndrome” – as well as data about products we add to the shopping cart, such as Viagra, thrush cream and a chlamydia test.
During our brief visit, LloydsPharmacy sends information to the social media giants 60 times.
At checkout, both Facebook and TikTok collect our email address. In addition, Lloyds sends our first and last name to Facebook, and our phone number to TikTok.
All of these transfers occur without our consent, and we are unable to turn them off in the cookie banner.
LloydsPharmacy declined a recorded interview, but wrote in an email that they are “currently investigating the issues raised” by Swedish Radio News, and that they regularly review their cookie and privacy policies.
After being contacted by Swedish Radio News, LloydsPharmacy changed their website so that transfers to Facebook and TikTok only occur once the visitor has accepted cookies.
When we chose to opt out of all optional cookies, we were met by a broken website where it was impossible to shop.
Neither Facebook nor Tiktok have responded to questions about their use of the information received from Lloyds Pharmacy.
Both companies wrote in emails to Swedish Radio News that advertisers should not send them health information.
Facebook has said it has a filter built to detect and delete sensitive health information and prevent it from being stored.
“Like any technology, our filters won’t be able to catch everything all of the time,” Facebook’s parent company, Meta, wrote in an email to Swedish Radio News.
The company has not shared any documentation that shows how effective the filter actually is.
Last year, Swedish Radio News sent 200,000 instances of sensitive health data in Swedish to Facebook from a fake online pharmacy created by its reporters, revealing that Swedish data was in fact stored on Facebook’s servers.”
Pay attention to that other change:
“Now, if you click on Settings > Privacy and Security > Cookies and Site Data > Manage Data, Firefox no longer shows individual domains that store data. Instead, Firefox lists a cookie jar for each website you have visited.”
Now if google.com drops a third-party cookie on your device, it won’t appear any more on that window. Under the pretext that’s it’s double-keyed, they act like it doesn’t exist at all, when showing the cookie list to the user.