Firefox Rolls Out Total Cookie Protection By Default To All Users Worldwide 72
Mozilla: Starting today, Firefox is rolling out Total Cookie Protection by default to all Firefox users worldwide, making Firefox the most private and secure major browser available across Windows and Mac. Total Cookie Protection is Firefox's strongest privacy protection to date, confining cookies to the site where they were created, thus preventing tracking companies from using these cookies to track your browsing from site to site. Whether it's applying for a student loan, seeking treatment or advice through a health site, or browsing an online dating app, massive amounts of your personal information is online -- and this data is leaking all over the web.
The hyper-specific-to-you ads you so often see online are made possible by cookies that are used to track your behavior across sites and build an extremely sophisticated profile of who you are. Recent stories (including an excellent Last Week Tonight episode) have shown how robust, yet under-the-radar, the data selling economy is and how easy it is for anyone to buy your data, combine it with more data about you and use it for a variety of purposes, even beyond advertising. It's an alarming reality -- the possibility that your every move online is being watched, tracked and shared -- and one that's antithetical to the open web we at Mozilla have strived to build. That's why we developed Total Cookie Protection to help keep you safe online.
Total Cookie Protection works by creating a separate "cookie jar" for each website you visit. Instead of allowing trackers to link up your behavior on multiple sites, they just get to see behavior on individual sites. Any time a website, or third-party content embedded in a website, deposits a cookie in your browser, that cookie is confined to the cookie jar assigned to only that website. No other websites can reach into the cookie jars that don't belong to them and find out what the other websites' cookies know about you -- giving you freedom from invasive ads and reducing the amount of information companies gather about you. This approach strikes the balance between eliminating the worst privacy properties of third-party cookies -- in particular the ability to track you -- and allowing those cookies to fulfill their less invasive use cases (e.g. to provide accurate analytics). With Total Cookie Protection in Firefox, people can enjoy better privacy and have the great browsing experience they've come to expect.
The hyper-specific-to-you ads you so often see online are made possible by cookies that are used to track your behavior across sites and build an extremely sophisticated profile of who you are. Recent stories (including an excellent Last Week Tonight episode) have shown how robust, yet under-the-radar, the data selling economy is and how easy it is for anyone to buy your data, combine it with more data about you and use it for a variety of purposes, even beyond advertising. It's an alarming reality -- the possibility that your every move online is being watched, tracked and shared -- and one that's antithetical to the open web we at Mozilla have strived to build. That's why we developed Total Cookie Protection to help keep you safe online.
Total Cookie Protection works by creating a separate "cookie jar" for each website you visit. Instead of allowing trackers to link up your behavior on multiple sites, they just get to see behavior on individual sites. Any time a website, or third-party content embedded in a website, deposits a cookie in your browser, that cookie is confined to the cookie jar assigned to only that website. No other websites can reach into the cookie jars that don't belong to them and find out what the other websites' cookies know about you -- giving you freedom from invasive ads and reducing the amount of information companies gather about you. This approach strikes the balance between eliminating the worst privacy properties of third-party cookies -- in particular the ability to track you -- and allowing those cookies to fulfill their less invasive use cases (e.g. to provide accurate analytics). With Total Cookie Protection in Firefox, people can enjoy better privacy and have the great browsing experience they've come to expect.
Meh (Score:2)
Re:Meh (Score:5, Informative)
My Firefox never looks like Chrome. The first thing I do when I start a new installation, even before installing uBliock Origin, is turn the menu bar on.
Re: Meh (Score:2)
Re: (Score:3)
Also every browser these days has an in private mode that isolates cookies.
Yes, but it doesn't remember any logins or anything. You can't do much 'real' browsing in that mode.
Re: (Score:2)
That's the issue. No cookies at all on one side for real browsing everywhere without generating a clutter of cookies to sites you may never go back to, or else every cookie ever dreamed of for sites where you do need to log in and where you might be doing business.
So you need the discipline to keep the two use cases separated some how, and not mess up. For me cookie auto delete in Firefox has been quite useful. I can white list sites I want to retain cookies, and every one else gets cleansed at the end of t
Re: (Score:2)
Re: (Score:1)
Re:Meh (Score:5, Insightful)
Re:Meh (Score:5, Funny)
Switching back from what?
http://www.joeschmidt.com/arch... [joeschmidt.com]
Re: (Score:2)
Switching back from what?
Chrome obviously. If you're going to be stuck with Chrome-like experience whether you pick FF or chrome, you might as well stick with a non-broken, faster version of it that works well with gmail and won't break your addons every year.
Re: (Score:3)
Re: (Score:2)
Vivaldi maybe? Though I suppose I couldn't really argue if you wanted to claim it was effectively just Chrome.
Re: (Score:2)
Opera.
I mean the Presto one.
Re: (Score:2)
Re:Meh (Score:5, Interesting)
You're totally going to miss out on the usable web, then. In the interest of getting people to see ads instead of blocking them, Chrome is breaking the webRequest API. Firefox, on the other hand, continues to give uBlock Origin what it needs. Firefox's UI might be as weird and nonstandard as Chrome's, but its behavior sure is a lot nicer.
Re: (Score:2)
The day ad blocking actually suffers in Chrome, lots of us will move to Firefox. Until then, there's no reason to make the switch. It's not as if it's an ordeal we'll need months of preparation for.
Re: (Score:2)
If you don't like ad's then why would you use the web browser made by the biggest advertiser?
Hmm (Score:2)
That's all fine and dandy but this shit better not break my websites.
Re: (Score:3)
Sounds like it has the potential to break logins.
Say you're going to Gmail.com - it takes you to accounts.google.com to sign in. Then you log in. Any login/session cookie set wouldn't be valid when heading back to gmail.com
The only workaround for that is a huge set of whitelists of domain associations.
Re: (Score:3)
OAuth2 doesn't need cross site cookies. Just an auth code nonce fetched by the application prior to redirecting to the login form. You then use that auth code to fetch the token once the user has logged in and they are redirected back to your app.
Re: (Score:2)
There are aspects of live session management in OAuth which will probably be broken because of this, as it relies on either an iframe or XHR call accessing the IdP sites cookie to establish whether the IdP still considers the session active.
If you are just going bare bones OAuth, then no it wont be affected so long as you are doing the appropriate redirects.
Re: (Score:2)
I presume the accounts.google.com redirect is like any federated login using oauth -- used by all sorts of sites to let you login with google, facebook, etc accounts. That does not involve 3rd party cookies. The redirect back to the site you came from conveys a token and other info which the original site uses to set a first party cookie.
Re: (Score:2)
As I note above, Google offers more than just their OAuth flow for logins - they have a "Login with Google" button which works entirely through iframes, XHR and JS to auth with an existing Google Account session without the user leaving the original applications page. That will almost certainly break because of this change (unless exceptions are made for XHR and iframe cookie usage when those things are to different domains, but that kinda defeats the point of this restriction right?), meaning that sites wh
Re: (Score:2)
Google has its "sign in with Google" button for third party sites, and it personalises that button with your current Google Account session if you are logged in. If you are already logged in with Google Account, it shows you your account name and profile image - and the login process for the third party site at that point is entirely Javascript based (a non-OAuth, non-interactive flow which issues you an id_token only through XHR calls to Google Accounts).
This segregation of cookies to the first party doma
Re:Hmm (Score:5, Interesting)
Firefox as-is breaks a bunch of sites for me. They give a "Turn off your ad-blocker" popup, and after a little digging what you find they really mean is, "Turn off your tracking protection." In other words, "Our advertisers want to track you and we won't let you into our site unless you let them."
I've made a few posts about this evil practice and get chided about my tin-foil hat.
Re: (Score:3)
Firefox as-is breaks a bunch of sites for me. They give a "Turn off your ad-blocker" popup, and after a little digging what you find they really mean is, "Turn off your tracking protection." In other words, "Our advertisers want to track you and we won't let you into our site unless you let them."
I've made a few posts about this evil practice and get chided about my tin-foil hat.
Makes me wonder about who is behind / doing the chiding.
I prefer a different approach: disinformation. If I had time, I'd write a plugin that would pepper the cross-site cookies with confounding garbage. Fill up the trackers with junk. Anything that legitimately "needs" it, like sites that share a google login, could be whitelisted. But I'd still run that browser instance in a sandbox / container.
Re: (Score:2)
I like that idea. Cyanogenmod had a "privacy mode" that would allow things like location and such to act like they're sharing data as requested - but the content would be bogus.
Re: (Score:1)
Re: (Score:2)
That's what I generally do, too. It doesn't stop it from annoying me, to some extent.
Re: (Score:3)
That's all fine and dandy but this shit better not break my websites.
I agree in principle, but I would argue that if a website breaks due to cross-site cookies being blocked, that website is what's broken.
How does this actually work (Score:2)
Cookies have always only been sent back to the originating website, a different cookie jar for each URL.
The tracking happens when webpage on site A sends a message toe site B, traditionally just by requesting an image from B. Then B gets B's cookies, not A's cookies.
Ghostery, NoScript, and Cookies Manager? (Score:2, Interesting)
Is there a NoScript add-on that works with the new Firefox?
Is there a Cookies Manager add-on for the newest Firefox?
Re: (Score:3, Informative)
Re: (Score:2)
Yes, yes, and yes. I lost noscript for like a few days when they moved away from XUL, I survived. I've been running cookie autodelete and container tabs for years now to get the functionality that is now default. Firefox is still pretty good.
How easy it is to buy data (Score:2)
Too Late For Me - Save the Children! (Score:5, Funny)
Amazon and Google already know the inner workings of my soul, my thoughts, my desires, and my inclinations. I'm lost, a malleable toy in the hands of the advertisers... forever doomed to follow each incredibly well-targeted advertisement...
At least as long as I have data connectivity. I can get a reprieve with a fishing rod and a phone left on shore. Call it a "day pass" from the prison.
Every browser already has this (Score:2)
Does not change anything at all (Score:3)
You do realize that the website that's using trackers is intentionally doing so, right? It's not like a random website can steal your Facebook login token. They can plant the trackers they want, and the trackers can then track the data, after the website has allowed them to do so.
So now you can't plant tracker cookies.
But the original website still wants to sell your data.
_So they will._
They will merely collect your data themselves and then sell it on the backend to the data vendors.
We used to do this back in the day with other online companies in the late 90s/early 00s.
We even compiled profiles by tracking them across an array of sites, without cookies.
Re:Does not change anything at all (Score:4, Informative)
Yes but they won't be able to correlate the data across sites. They'll only know that you visited their site, not what other sites you frequent.
(and that's the entire point of this)
Re:Does not change anything at all (Score:5, Informative)
The data broker will be able to correlate the data across sites just fine. They are buying from all the sites. The sites just have to give them all your data.
Option 1: Correlate based on 'anonymized' data
It's very easy to identify a unique set of users by random data gleamed from the browser.
1. Site pushes you javascript. The javascript generates some data and sends it back to the site. The site adds some extra metadata and generates a fingerprint.
2. Site sells that data to a data broker.
3. Data broker aggregates all the data across all sites.
4. Data broker takes all the fingerprints that look the same and puts them into buckets.
5. Data broker refines the buckets with any additional labeled site-specific non-anonymized metadata provided by sites, such as your email address, username, real name, mailing address, credit card number, etc.
6. Data broker ends up with extremely accurate profiles of users across sites.
Option 2: Ask the site to identify you.
1. Site collects data about you.
2. Site sells your data to data broker. They tell your name, email address, etc etc in plaintext.
3. Data broker aggregates all the data from all the sites.
4. Data broker knows exactly what sites you visit.
No cookies required for _any_ of that. And all that's been possible since the web was invented.
Re: (Score:2)
The data broker will be able to correlate the data across sites just fine. They are buying from all the sites. The sites just have to give them all your data.
Option 1: Correlate based on 'anonymized' data
It's very easy to identify a unique set of users by random data gleamed from the browser.
1. Site pushes you javascript. The javascript generates some data and sends it back to the site. The site adds some extra metadata and generates a fingerprint.
2. Site sells that data to a data broker.
3. Data broker aggregates all the data across all sites.
4. Data broker takes all the fingerprints that look the same and puts them into buckets.
5. Data broker refines the buckets with any additional labeled site-specific non-anonymized metadata provided by sites, such as your email address, username, real name, mailing address, credit card number, etc.
6. Data broker ends up with extremely accurate profiles of users across sites.
What's the anonymized data? The stuff reported by the browser is specific [privacy.net], but I don't think it's specific enough to ID individual users. And I'm not sure even things like browser extensions are going to be very informative when building a user profile.
Option 2: Ask the site to identify you.
1. Site collects data about you.
2. Site sells your data to data broker. They tell your name, email address, etc etc in plaintext.
3. Data broker aggregates all the data from all the sites.
4. Data broker knows exactly what sites you visit.
No cookies required for _any_ of that. And all that's been possible since the web was invented.
Well it's possible for the broker to correlate among sites you identified yourself to, but if I never give the site my info they won't know who I am.
Now, if you don't use a VPN then the sites all get your IP, and then it's pretty trivial for them to track you
Re: (Score:2)
> What's the anonymized data?
About 70 different points of data, not including connection information like ip/port/protocol fingerprint. Can be used to uniquely identify a single connection over any number of sites/network connections.
https://amiunique.org/ [amiunique.org] https://panopticlick.eff.org/ [eff.org] http://uniquemachine.org/ [uniquemachine.org] http://yinzhicao.org/TrackingF... [yinzhicao.org]
As of 5 years ago, these features could identify a single user 99.24% of the time.
They don't need to use any cookies to know someone at your address in West Philad
Re: (Score:2)
Not really correct. Firefox is reducing available fingerprint markers as well. Of course, there's a problem if you log into most sites and they are unscrupulous. Be picky about the sites you log in to, and clear your history cache every 3-7 days. That way the sites that are sleazy but you rarely need to login to can't correlate by your email/phone.
Mozilla is also offering a VPN service now. That blunts IP address as a fingerprinting method.
Re: (Score:2)
Firefox has fingerprinting protection built in too. A common way was to exploit tiny differences in the way GPUs render stuff via the HTML canvas, but Firefox blocks that. It also blocks common Javascript methods like getting a list of available fonts on the system.
Chrome is moving to generic user agents and auto-deleting cookies regardless of their expiry date if the user hasn't visited the site for a while. I don't know if Firefox is doing that too, I haven't kept up because I use my own add-ons for that
Re: (Score:2)
I'm currently using the latest Firefox, and all the fingerprinting sites I linked to (https://slashdot.org/comments.pl?sid=21531004&cid=62620234) work on me.
Re: (Score:3)
Correction, they won't be able to correlate the data across sites trivially easily.
There's plenty of non-cookie ways to identify a browser and string enough of them together to basically identify you.
The EFF has a tool to see how identifiable you are [eff.org].
Mozilla just made life a little bit bit harder - most trackers are probably usin
Re: (Score:2)
It's not like a random website can steal your Facebook login token.
With this turned on, I don't think 3rd party web sites can use Facebook for authentication at all. The cookie would be isolated from the one you get when you visit facebook.com to log in.
Re: (Score:2)
Can't wait for it to arrive in ESR (Score:2)
I use FireFox on the ESR channel. Very few times, there comes a feature that makes me wish the next version of the ESR arrives ASAP. This is ne of those ocassions. Super interesting, Super usefull feature...
What gives, just a matter of being patient. In the meantime, privacy badger, tracking token stripper, facebook conatiner and uBlock origin are my firends...
Re: (Score:2, Informative)
Next ESR is due in two weeks, June 28th, so you don't have to be too patient. :)
https://wiki.mozilla.org/Relea... [mozilla.org]
Re: (Score:2)
Next ESR is due in two weeks, June 28th, so you don't have to be too patient. :)
https://wiki.mozilla.org/Relea... [mozilla.org]
Thank you. Actually, you are right, I was tinking of late August (when the stadard update mechanism will offer it), but nothing stops me from downloading since 102.0 on Jun 28, like you correctly opinted out.
thanks again
Re: (Score:2)
You can install addons and change settings to get this functionality right now.
Re: (Score:2)
Re: (Score:3)
Seamonkey?
Re: (Score:2)
how are they "rolling this out" to people?
"Gradually"
https://wiki.mozilla.org/Relea... [mozilla.org]
Re: (Score:2)
ie. You'll get this one one on the 28th.
Re: (Score:2)
Re: (Score:2)
I use waterfox, with a few addons (some for privacy, some for functionality like session managers), copies some of the privacy settings from tor browser (which double as performance tweaks due to not writing to disk as much), then I copy and run the whole thing from a ramdrive.
It is without a doubt the *best* browsing experience I have ever had. Running it from a ramdrive doesn't use any extra memory as the files are all already in memory, and the writes to disk bottleneck is gone completely.
It's also compl
The Root of the Issue (Score:2)
This approach strikes the balance between eliminating the worst privacy properties of third-party cookies -- in particular the ability to track you -- and allowing those cookies to fulfill their less invasive use cases (e.g. to provide accurate analytics). With Total Cookie Protection in Firefox, people can enjoy better privacy and have the great browsing experience they've come to expect.
That "provide accurate analytics" is a use for which cookies were never designed. Therein lies the root of the problem -- little unwashed children are using cookies for purposes for which they were not designed. Perhaps a bowl of wash-water and a little towel behind the ears would be more appropriate.
Arms race continues! (Score:2)
Good news for now (Score:1)
Modern tracking tech doesn't depend on cookies (Score:3)
Developers behind tracking technologies have long moved on from relying on your cookies. At least, ever since all the browsers started introducing anti 3rd-party-cookie measures. These days all you need is a good fingerprinting hash function which generates a unique advertising ID based on your specific browser and/or system configuration. The output of this function will be exactly the same regardless of which cookie jar you land in. Then all you have to do is POST the accessed url along with the cookie to some sort of a central tracking endpoint.
Re: (Score:2)
Sure but Firefox blocks most of those as well. Here's a handy table that shows you what they block by default:
https://privacytests.org/priva... [privacytests.org]
Unfortunately it's a bit vague, e.g. Firefox has Private Browsing mode but also has a "Privacy" setting for normal mode that blocks a lot of fingerprinting. Still, you can see that some browsers are pretty good out of the box.
Use cookie autodelete extension (Score:2)
Mobile Version (Score:2)
Cool, reminds me of why I'm still loyal (Score:2)
Let me check, but I think I got this a day or two ago. Yeah, I did.
Cookie monster (Score:1)