It’s unlikely we’ll ever be able to live a tracker-free life online, but we appreciate the companies doing what they can to at least make tracking users a lot harder, technologically. If you’re a Firefox fan, Mozilla has just launched a new “Total Cookie Protection” mode that basically isolates all of a website’s cookies. Each website gets its own “cookie jar,” to borrow Mozilla’s metaphor, and cookies live there; they can’t be shared with any other website.
As Mozilla writes:
Total Cookie Protection makes a limited exception for cross-site cookies when they are needed for non-tracking purposes, such as those used by popular third-party login providers. Only when Total Cookie Protection detects that you intend to use a provider, will it give that provider permission to use a cross-site cookie specifically for the site you’re currently visiting. Such momentary exceptions allow for strong privacy protection without affecting your browsing experience.
In combination with the Supercookie Protections we announced last month, Total Cookie Protection provides comprehensive partitioning of cookies and other site data between websites in Firefox. Together these features prevent websites from being able to “tag” your browser, thereby eliminating the most pervasive cross-site tracking technique.
This approach should allow Firefox to be more effective at blocking cookie-based tracking, period, rather than relying on a list Mozilla doesn’t control to fuel its regular blocking implementation — its Enhanced Tracking Protection. The problem, writes Mozilla’s Johann Hofmann and Tim Huang, is rather obvious:
To fight against web tracking, Firefox currently relies on Enhanced Tracking Protection (ETP) which blocks cookies and other shared state from known trackers, based on the Disconnect list. This form of cookie blocking is an effective approach to stop tracking, but it has its limitations. ETP protects users from the 3000 most common and pervasive identified trackers, but its protection relies on the fact that the list is complete and always up-to-date. Ensuring completeness is difficult, and trackers can try to circumvent the list by registering new domain names. Additionally, identifying trackers is a time-consuming task and commonly adds a delay on a scale of months before a new tracking domain is added to the list.
Theoretically, the exceptions to the “cookie jar” approach that Mozilla has carved out within Firefox should still permit users to do things like log into websites using single sign-on. And let’s all just cross our fingers that companies won’t find a way to take advantage of the flexibility Mozilla has afforded these otherwise legitimate use cases for third-party cookies.
As always, the best approach is to use Firefox’s protections as one tool in your advertising-fighting arsenal, but not the only one. And for starters, you’ll need to enable the Strict version of Firefox’s Enhanced Tracking Protection to take advantage of the new “cookie jar” approach. Standard mode won’t cut it:
From there, install a few of your favourite other extensions for limiting tracking and advertising, and you should be set. Our favourites include: