Mozilla postpones default blocking of third-party cookies in Firefox
A patch to only allow cookies from sites visited still needs more work, Mozilla's CTO said
IDG News Service - Mozilla has postponed blocking third-party cookies by default in Firefox 22, "to collect and analyze data on the effect of blocking some third-party cookies."
The nonprofit organization is, however, not softening its stand on protecting privacy and putting users first, Brendan Eich, Mozilla's CTO and senior vice president of engineering, wrote in a blog post Thursday.
Mozilla has been testing a patch from Jonathan Mayer, a graduate student at Stanford University in computer science and law and online privacy activist, which like Apple's Safari browser allows cookies from websites already visited, but blocks cookies from sites not visited yet.
A pre-build version of the browser, called Firefox Aurora, was released on April 5, and included the patch to only allow cookies from sites visited. Aurora is a preliminary stage in the development cycle before Beta and Release of a version of Firefox.
The default preference will be kept to allow third-party cookies in the Beta and Release channels, Mozilla said in an update on its developer network.
The plan by Mozilla to block third-party cookies by default in upcoming Firefox releases was criticized by the online advertisement industry, some of whom said that cookies serve other purposes like data theft protection and analytics besides advertising. The move will affect small businesses that make up the diversity of content and services online and consumers' ability to manage their own privacy, said the Interactive Advertising Bureau, which called on Mozilla in March to withdraw the planned changes to the Firefox browser.
Mozilla is now worried about "false positives," such as if the patch blocks cookies from websites associated with a site the user has visited. If a user visits a site named foo.com, which embeds cookie-setting content from a site named foocdn.com, as a result of the patch, Firefox will set cookies for foo.com, but block cookies from foocdn.com because it was never visited directly, even though there is one company behind both sites, Eich wrote.
On the flip side, just because an user visited a website, he may not be comfortable being tracked all over the Internet and on unrelated sites, which is a "false negative" that the patch could allow.
Mozilla said it needs more data and refinements to the patch before it can ship a version of it which blocks cookies from unvisited sites by default, and has asked for volunteers from its Beta and Aurora releases. The Beta for Firefox 22 was released Thursday.
"Our next engineering task is to add privacy-preserving code to measure how the patch affects real websites," Eich wrote.
The patch has been moved to the Beta release channel of Firefox 22 but is not on by default. It remains in the Aurora build of Firefox 22, though it is turned on by default.
"The patch as-is needs more work," said Eich, promising an information update in six weeks.
Firefox 22 is scheduled to move to Released in the week of June 24.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
Red Hat Enterprise Linux - The Original Cloud Operating System
Linux adoption is growing against a number of measures, such as the
number of supercomputers that run Linux and the size of the contributing...
- OpenStack Hype vs. Reality: CIO Quick Pulse Open-source architecture can enable IT departments to build infrastructure-as-a-service (IaaS) clouds running on standard hardware.
- Building a Bridge to the Next Generation Data Center Selecting a widely adopted operating system is a foundational component of a standardization strategy.
- OpenStack and Red Hat: IDC White paper Most OpenStack deployments are by public cloud providers that are early adopters of technology and use OpenStack in a do-it-yourself deployment and support...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Desktop Apps White Papers | Webcasts