Mozilla recently introduced a patch into its Firefox browser that blocks third-party cookies, and it’s an interesting, long-awaited development. The change stops third parties from putting cookies on your machine unless you’ve ever visited their website, which stops one of the easiest and most direct ways that users are tracked. This third party cookie blocking is something that Safari already does, but according to Jonathan Mayer (the privacy expert who got Mozilla to make this change), Firefox’s patch is “a slightly relaxed version of the Safari policy.”
Most likely this change will force a faster evolution in tracking content to be delivered as all “first-party” using techniques, like DNS aliasing. Already, some of the biggest trackers on the web are first parties themselves, like Facebook and Google.
A lot of the current discussion focuses on if and how much this change will break the web experience because it’s indiscriminate blocking. It might break widgets that people use in iFrames, like RSS readers, as it doesn’t allow fine-grained tuning (like DoNotTrackMe does). The reliance on third party / hosted services for functionality is a growing part of websites, especially for things like chat / shopping carts / customer service, so we’ll have to see how well this plays out in practice.
It’s a fact that most browser vendors, including Mozilla, make money from advertising and search, so it’s ultimately contradictory for them to turn on features that truly protect the user by fully blocking their own ability to target and to collect data. However, it’s still fantastic to see competition around privacy features in the browser. This wildly expands people’s awareness of privacy with hundreds of millions experiencing these changes, which follow Microsoft’s decision last year to turn on Do Not Track by default in its Internet Explorer browser (which, by the way, is mostly symbolic and doesn’t come close to having the same impact on blocking certain forms of tracking that Mozilla’s change does). However, There’s a reason why Mozilla is the most trusted Internet company for privacy, and they’ve done a great job earning that distinction. We hope they’ll continue to strive for user privacy.
In sum, blocking certain kinds of cookies but not other means of client-side tracking is just another way to push the “arms race” forward, leaving ad-tech companies to do more pixel-based, DOM/Flash/HTML5 storage based things and other server-side shenanigans. Users don’t understand this. They understand black or white: “am I being tracked or not,” not “are you tracking me in certain situations?”
How Firefox’s new settings compare to DNTMe
A lot of people are asking us how DoNotTrackMe (DNTMe) compares to Firefox’s new setting that blocks third-party cookies by default, so we made this handy comparison table:
|Firefox w/new default:||DoNotTrackMe:|
|Now stops cookies set by all third parties by default (including iFrames). Only blocks cookies but has no other effect on other requests, so trackers still see your IP address & other info.||Blocks specific requests that your browser is being asked to make by tracking companies, so trackers see/get nothing, not even your IP address.|
|No effect on images that may be loaded, such as 1-pixel web beacons.||Can block images used for tracking, including web beacons.|
|Blocks all 3rd party content, which might break the web experience (see discussion below).||Uses a block list that blocks some trackers but allows widgets on a per-company or per-website basis to keep a non-broken web experience.|