Mozilla Changes Firefox’s Cookie Policy, Improves User Privacy

This will frustrate sites that harvest data on user browsing habits for a while … but they’ll probably figure out a way around it within a month or two.

Many browser developers have added various features and options to their web browsers to improve the privacy of users on the Internet. All include a private browsing mode for instance now which users can make use of to prevent the saving of session related data on the computer system they are using. Companies have also pushed forward the Do Not Track feature which tells websites that users do not want to be tracked. Do Not Track is not a mandatory feature though and it is up to each individually website and company to either comply with the request or ignore it.

Cookies, small data files saved to the local system when users connect to websites, are often used to track users on the web.A distinction is made between first party and third party cookies. First party cookies are saved by the domain a user is connecting to. If you open the Reddit homepage for instance, any cookie send by Reddit to the local system is considered a first party cookie. Third party cookies on the other hand originate from scripts that are run on a site. A script like Google Adsense saves cookies on the system. It is allowed to do so because it is run on the site the user is connecting to.

firefox accept third party cookies visited sites screenshot

Mozilla two days ago announced a change to how the Firefox web browser is handing cookies in the future. Firefox from version 22 on will handle cookies in the following way:

  • First party cookies are still saved automatically unless the user has modified the preferences of the browser in this regard.
  • Third party cookies are only saved to the system if its origin has at least one cookie set already. So, if you go to a site that has a Facebook like button implemented, Facebook may not be able to set a cookie on your system unless you have been to the main Facebook website previously.

The new policy is not as strict as disabling all third party cookies using Firefox’s preferences, but stricter than how Google Chrome is currently handling cookies (allow all).

Impact on site functionality should be minimal as third party cookies are usually not required for a site’s functionality.  Some sites will break however as a consequence and it is not really clear how those will be handled when the patch lands in Firefox 22.

One suggestion that has been made was to accept third party cookies for a session and delete them once the session ends. This would remove the tracking aspect without interfering with site functionality.

Link to Original Content

Tags: , , , , , ,

Comments are closed.