Firefox Will Soon Block Third-Party Cookies 369
An anonymous reader writes "Stanford researcher Jonathan Mayer has contributed a Firefox patch that will block third-party cookies by default. It's now on track to land in version 22. Kudos to Mozilla for protecting their users and being so open to community submissions. The initial response from the online advertising industry is unsurprisingly hostile and blustering, calling the move 'a nuclear first strike.'"
Online Advertising Response (Score:5, Insightful)
Translation: Boo-fucking-hoo. Online marketing scum have been abusing users for years, making this a retaliatory measure. Let them cry all they want, because nobody gives a shit.
Re:Online Advertising Response (Score:5, Interesting)
And to hell with marketers, they can cry all they want. They have already stripped most television show of a title sequence and forced shows to start rolling credits while still running. Ihave always wondered why I pay for a ton of cable channels when all I am really doing it watching commercials. Good thought to the creator of the DVR.
Re: (Score:2)
"I have always turned of the third party cookies, but good move for making it a default. And to hell with marketers, they can cry all they want."
Agreed. Pretty much by definition, third-party cookies are "stealth" information gathering. They have no right to be tracking me. I keep them turned off, too.
But I do not see why this is news-worthy. It's just a checkbox. The so-called "patch" is probably one line of code, and an exceedingly short one at that.
Re:Online Advertising Response (Score:5, Insightful)
Re:Online Advertising Response (Score:5, Interesting)
It's interesting that no-one has ever tried to retaliate against them using the COPPA law, which makes it illegal to track and retain information on underage kids.
Re:Online Advertising Response (Score:5, Funny)
Re:Online Advertising Response (Score:5, Interesting)
Ah, well, it seems they're doing that in the mobile market, anyway.
They're actually doing something about this because some smartphone games for children do location tracking, and nobody knows why [npr.org].
Re:Online Advertising Response (Score:4, Interesting)
Re:Online Advertising Response (Score:5, Insightful)
That doesnt work in statutory rape cases, why would it work here?
Not that simple (Re:Online Advertising Response) (Score:5, Informative)
The patch is not exactly a one-liner [mozilla.org], because the implemented behavior is not as straight-forward as just "block 3rd party cookies".
It's "block cross-site cookies from origins which I've not visited yet as a 1st party websites and have already 1st party cookies from".
This means, for instance, that Facebook, Google and Twitter gets likely a free-pass to track almost anybody.
And that once you (accidentally or not) click any ad box, you give a free-pass to its advertising agency too.
Re: (Score:2, Insightful)
Above post should be moderated to +10.
Sounds like the big guys are looking to squeeze out any smaller competition. Not a surprise, since Mozilla is pretty much Google's bitch.
Re:Not that simple (Re:Online Advertising Response (Score:5, Insightful)
Above post should be moderated to +10.
Sounds like the big guys are looking to squeeze out any smaller competition. Not a surprise, since Mozilla is pretty much Google's bitch.
Although I'd prefer that tracking would simply be made illegal, I tell you what: I'm less concerned about letting the big guys doing it because they are more likely to have some basic security in place and controls to at least respect the TOS. I'm more concerned about small guys...
Re:Not that simple (Re:Online Advertising Response (Score:5, Insightful)
I also think this could block lots of cookies used for SSO. Some people do actually like to be able to log using their twitter or github credentials.
Re:Not that simple (Re:Online Advertising Response (Score:4, Insightful)
Which is based on OAuth and has precisely nothing whatsoever to do with third-party cookies.
It does cause problems for other completely legitimate use cases, but this is not one of them.
Re:Not that simple (Re:Online Advertising Response (Score:4, Insightful)
If you're relying upon 3rd party cookies for SSO, you're doing it wrong.
Very, very wrong.
Re: (Score:3)
That's why we can block whichever cookies we choose.
Do you doubt that making "block all" the default is best?
Re:Not that simple (Re:Online Advertising Response (Score:5, Interesting)
then the question is, why not doing it the other way round: allow 3rd-partys to access their own cookies, but do not allow them to set a cookie, if they are not the 1st party at the moment.
Consequences (Score:4, Funny)
Sites will start blocking Firefox browsers. If enough popular sites do this, people will be switching to other browsers. Or people will start making Firefox masquerade as a different browser, which (if it becomes popular) will subsequently be made illegal. That is assuming that third-party cookie blocking won't just be made illegal.
It is appropriate to describe this as a first-strike, because there will be a retaliatory salvo, and much of our Internet freedom will get caught in the crossfire.
Re:Consequences (Score:5, Interesting)
Sites will start blocking Firefox browsers...
Considering anyone with 3 firing neurons already blocks advertising to begin with, this is pretty much moot. The reality is advertisers have been abusing cookies for decades, the worst of advertisers have been abusing advertising itself, and allowing malware into their networks and taking a 'cut' of the scam.
Personally? Until advertisers man up, and stop acting like the guy standing on the corner of a shady neighborhood going "hey, wanna buy some shit..." they can simply suck it.
Re: (Score:2)
Oh man that sounds great! Ads that block themselves.
Re:Online Advertising Response (Score:5, Insightful)
And to hell with marketers, they can cry all they want. They have already stripped most television show of a title sequence and forced shows to start rolling credits while still running.
If they only stopped at that!
Are you not getting the damn characters running across your show, in the middle of the show? It superimposes over the current show I am actually watching, just like a popup ad online
Also, a simple comparison of show length, demonstrates that in the 60s/70s shows ran for 26.5 minutes, while current sitcoms are around 22.5 minutes per half hour. And you get to see pop-ads in the middle of some of those three 7-minute long pieces.
Re:Online Advertising Response (Score:5, Insightful)
I have not watched network/premium tv for quite a while, now (3 yrs, maybe longer).
recently, I was staying in some hotels and wanted to see what 'was on'. realize, I have not seen the state of 'current tv' for years.
the moving ads at the bottom and all the rest that you and parent posters have said really turned me off. enough that I will still not consider paying for satellite, cable or anything else 'pay tv'.
really gross and hard for me to accept. I'm over 50 and I do remember when tv was watchable. (yes, goml, etc). but if you have not been desensitized by it gradually, the jump in annoyance factor is too great. I think they have lost me, forever now, as a customer.
tv was always an ad medium, but now its just too absurd!
I can fully, fully understand why the youth culture is all about capturing shows, editing the BS out of them and reuploading them. I fully understand that and I can't blame anyone for wanting to get around the crap.
sorry, industry; you pissed off your customers and many have rebelled and won't ever come back.
Re:Online Advertising Response (Score:5, Interesting)
It's not the writers and producers, it's the TV station owners that make those decisions. I doubt very much that the writers, producers and assorted people that work so hard to create the programming like to see the credits smashed up so that nobody can read them.
Re: (Score:2)
(Shrug) Without their work, the advertisers don't have a platform. There are many ways to monetize content, but only a few ways to sell soap.
The power to say 'No' to that bullshit is in the hands of the content producers, and, ultimately, the viewers. The content producers don't care enough to lift a finger. That leaves us.
Re:Online Advertising Response (Score:4, Insightful)
Your analysis fails to take into account that for a very long time (since TV was invented) the distribution channels have been tightly controlled thus content creators had to jump through the hoops of the content distributors. This is changing, but change takes time and producing content at this scale is a very expensive proposition thus people are unwilling to take risks on independent distribution.
You can draw corollaries to the music industry which is notorious for screwing over content creators. Again, music companies were able to use their position in distribution to extract economic rents and dictate how business took place.
This is *NOT* about the creators not caring, it's about there being no viable alternative in their mind (which isn't the case but someone has to prove ... and oh by the way, Macklemore did just that with "Thrift Shop").
Re:Online Advertising Response (Score:5, Interesting)
> I have always wondered why I pay for a ton of cable channels when all I am really doing it watching commercials.
Because, half the cost of the programming you are watching comes from commercials. The average TV watcher watches about $80 worth of adds per month. (That's assuming about $0.02 per commercial watched, 30 commercials per hour, and 130 hours of TV watched per month which, as far as I know, are roughly accurate averages.) Would you pay $80 more for all that content without the commercials?
Re: (Score:2)
Re:Online Advertising Response (Score:5, Interesting)
I canceled Sky a long, long time ago, when they started broadcasting general advertisement on History Channel, National Geographic etc. Went from reading 1-2 books per year to more than 30. There's not much to see anyway: films are quite boring and lame, TV series are the same or really bad production (Sword of Truth comes to mind) and most documentaries are simply ridiculous with one third of the content being useless reviews after advertisements (just imagine to see them with half of the number of interruptions, it's completely insane). I would gladly pay for BBC documentaries however.
Re: (Score:3)
I cancelled Virgin cable TV when they got into fisticuffs with Sky over some channels, causing me to lose access to the BattleStar Galactica series. In the long run, it saved me about £2000 over three or four years. Cable across the world has been going downhill for a couple of decades now.
There used to be a lot of sci-fi series (Lexx, Firefly, Farscape, Stargate SG-1), but the only ones I can see now are Stargate Atlantis.
Re: (Score:3, Insightful)
I think the advertisers have a legitimate point, and should retaliate. How about trying to pay web site owners to alter their sites so they refuse to load on FireFox? I bet that would be a hilarious and very short negotiation.
In all seriousness, advertisers are simply the worst form of corporatism: All they want is more of everything, regardless of what they already have. They don't like being blocked like this, let them invent their own Internet with its own bizarre, user-hostile set of rule. They coul
Re:Online Advertising Response (Score:4, Insightful)
I would much rather pay by seeing ads instead of paying actual cash. Websites are free to advertise to me as much as they want. If I don't like the ads, I stop using them. There's no need for browsers to protect me.
Re:Online Advertising Response (Score:4, Informative)
blocking third party cookies doesn't, in any way, prevent a website from displaying ads on a website. This isn't an either/or situation. The third-party cookies are used to track users.
Re: (Score:3, Insightful)
If you're okay with having your every move tracked across the web, by all means, use a different browser.
But do yourself a favor and stop pretending that this has anything to do with seeing ads on the internet.
Re:Online Advertising Response (Score:5, Informative)
Well, the public was given a choice back in the 90's. There were ad-driven sites, and there were subscription-based sites.
We know which business model won. The "free" one, because people tend to value short-term rewards over long-term ones. The tracking and collusion by ad companies is just natural evolution of the wild west world of internet advertising. Ad rates have gotten so low that Google would probably be as poor as Yahoo if they weren't keeping tabs on you wherever you go and offering that profiling to advertisers. Facebook as well.
So, this completely has to do with ads on the internet. The public chose short-term self-interest, and now we're reaping the consequences of that choice. I know that a lot of newer slashdotters probably work at VC-funded startups, and think that the internet is just a giant playground where everything is free, but some of us lived and worked through dot-com fantasyland 1.0, and the reality is that businesses have to actually make money. The sad thing is that we're just going through the same cycle again. VC money is a cancer on the tech industry, because it creates unsustainable business models, suppresses competition, and turns the customer into a product.
Re: (Score:2)
The reason that ad rates are low is because anyone in an industrialized society is so constantly bombarded with ads that the ads fade to an incomprehensible background hum that does nothing but interfere with the transmission of the information people actually want. Collapse of this system is inevitable; and when it does,
Re: (Score:2, Informative)
Yes, because the Internet really sucked prior to commercialisation.
Don't believe the guff, prior to a commercialised Internet, services still ran and ran well.
Re: (Score:2)
I have a phobia about spending money. So no matter how low it is, I don't like to pay anything...Also, since the site needs its visitors to keep coming back, they will definitely take care of the visitor's needs.
Re: (Score:3)
I have a phobia about spending money. So no matter how low it is, I don't like to pay anything...
Well, if that's the case, you clearly aren't worth a tenth of a penny to an advertiser anyway so why should your opinion count?
No the complaining will start... (Score:5, Interesting)
When they just get websites using their advertising services to add subdomains covering their cookies.
At that point you WON'T be able to solve this without a huge mess of per-domain whitelists, eventually coalescing into the cookies for the advertisers being handled THROUGH the corporate websites.
I was arguing this a decade or decade and a half ago to anyone who would listen, but it was brushed off (And rightfully so given that it's taken this long for a browser to actually this by default.)
Re: (Score:3)
www.interestingsite.com will only be able to get advertising money from ShadyAds company if they add a shadyads.interesting.com subdomain, and push ShadyAds cookies to users from that subdomain, making them 1st party cookies.
Re:Online Advertising Response (Score:5, Insightful)
Re:Online Advertising Response (Score:5, Interesting)
IMHO, the next step is to block referrer information to third party sites [mozilla.org]. E.g. if example.com loads a script from gstatic.com, then the HTTP_REFERER header is not sent to gstatic.com. There's almost zero collateral damage (one captcha service doesn't work), and companies like Facebook and Google no longer get to know every site that most internet users visit.
Re:Online Advertising Response (Score:5, Interesting)
IMHO, the next step is to block referrer information to third party sites [mozilla.org]. E.g. if example.com loads a script from gstatic.com, then the HTTP_REFERER header is not sent to gstatic.com. There's almost zero collateral damage (one captcha service doesn't work), and companies like Facebook and Google no longer get to know every site that most internet users visit.
I agree whole-heartedly with this sentiment, but it might cause more grief that most would guess.
Over the last year or so I've played around with blocking the referer header from being sent at all, to any websites. 99% handle this just fine, but every now and then I'll come across sites that fail, and in various ways. Sometimes I get a useless error message from CloudFlare [cloudflare.com], and sometimes the page will simply render blank, like this one [scrnland.com] (in this case because TypeKit issues a 403 when requesting the CSS if the referer is missing).
I have no idea why some sites rely so heavily upon an HTTP header which is not required to be present at all. I'd love to see a browser start to do what you suggest and exclude the header in 3rd party requests because it would force sites to treat the header as it was intended (advisory only) and would also make it easier for those who want to block sending it entirely.
Re:Online Advertising Response (Score:5, Informative)
For firefox: network.http.sendRefererHeader, set it to 0 in about:config
Re: (Score:3)
awesome, thank you.
FYI. the values are 0 - don't send any referrer; 1 - send only when clicking a link; 2 (default) - send when clicking link or loading an image.
Incidentally, you can stop chrome from sending referrals by starting it with the --no-referrers option. [darklaunch.com]
Re: (Score:3)
The app inside the iframe relies on setting cookies to keep the session alive, but this won't work anymore because of this policy.
Yes, there are a few workarounds for that, as in "redirect to app domain on _top, set a cookie, and then redirect back to facebook", but that's far from ideal.
I've had to do this because of Safari so that the app would work correctly.
Re: (Score:2)
It's the blanket block that annoys me; an app my company makes doesn't set permanent cookies, only session ones so it knows where in a process flow it is. Oh, well, Firefox users can get a pop-up like Safari so first party session cookies can work. Just as well our traffic has Firefox around the same usage as IE6.
Re:Online Advertising Response (Score:4, Interesting)
Re: (Score:2, Insightful)
Re:Online Advertising Response (Score:5, Insightful)
And blocking third party cookies does nothing to stop advertising and monetization.
It just puts it on a more honest footing.
By the way, there was free content on the web before there was advertising. Maybe you're not old enough to remember.
Re: (Score:2)
let them go "pay-for-content". Then they will see, what they are actually worth to the user. Which means better sites, and the bad ones just die because nobody pays.
Re: (Score:2)
Good luck with that. If the content isn't compelling enough to put up with intellitext and flash spam, then I really doubt that it's compelling enough to get people to pay for.
Micropayments (Score:4, Interesting)
It would be a wonderful world if that happened. I've always been really sad that we didn't manage to have a micropayment system in place in 1995, so that we could pay for what we used instead of having advertising shoved down their throats. I would much rather be the customer than the product.
That's a great idea. Then they could make a micropayment back to me for everything in the page they end up sending me that I don't actually read so they can offset the bandwidth cap that my ISP starts charging me extra for after it's been exceeded.
PS: Micropayments are an incredible bitch to implement, if you've ever tried it, since the transaction fees and data storage pile up. There's a reason the phone companies charge so much per text message, and a lot of it has to do with paying micropayments to themselves every time someone makes a micropayment on sending a text message. The transactional overhead is very high.
Re: (Score:3)
Re: (Score:3)
You are an idiot. Find out how texting works and how it is a free ride on every packet.
Why wait for v22? (Score:5, Insightful)
Re:Why wait for v22? (Score:5, Informative)
Because there is a staging process for adding features to Firefox, so that nothing breaks once something reaches the release builds.
First strike was in Netscape (Score:5, Informative)
Since Netscape 4.7, there was an option to block third-party cookies (yet DoubleClick found a way around that). Changing a default option should have no impact on the advertisers - they can adapt or die.
Re: (Score:2, Interesting)
Doubleclick is now known as Google adwords. So it should be interesting to see if this ever gets into Chrome...
Re: (Score:2)
"yet DoubleClick found a way around that"
Not really. IIRC, they were using a pixel tracker... a third-party graphic, not a third-party cookie. And I am pretty sure they were far from the first to do that. Just the first to use it the way they did.
Re: (Score:2)
Now we need an option to disable cookies on cross-domain image/* requests.
"nuclear first strike" (Score:2, Funny)
[grumpy cat] Good.
Need more nukes (Score:5, Funny)
If the advertising industry is still capable of responding, we obviously haven't nuked them enough yet.
Re: (Score:3)
The problem is that advertisers are like cockroaches; you can't kill them with nukes. When all of civilization has been reduced to a post-apocalyptic wasteland, and mutant zombies roam the land, there will still be someone trying to sell you that one weird trick for losing belly fat.
Re: (Score:2)
You may not ever be able to get rid of them all. But when a slum houses more roach than human tenants by mass, it's probably time to raze the tenements to the ground with fire and re-build something more suitable for human habitation. The most dismal sectors of the web, consisting of tiny slivers of human content wedged between giant mounds of advertisers' feces, are overdue to be razed and rebuilt from scratch, based on new models besides maximally-intrusive-scumbag-ad-supported content. No doubt the roach
A nuclear first strike... (Score:5, Insightful)
...would be incorporating AdBlockPlus and NoScript and enabling both by default.
Do it.
Re: (Score:2)
Noscript is good, but too inconvenient for regular users. Ghostery is much better (for anti tracking use), since it already has a blacklist of the trackers and does not really affect the browsing.
Adblock, Flashblock, Ghostery - must have, Noscript - highly recommended.
Re:A nuclear first strike... (Score:5, Informative)
incorporating AdBlockPlus and NoScript and enabling both by default.
Quite a few websites (whether intentionally or not) make it difficult to figure out which domain needs to run javascript for them to function. It is often _not_ the current domain. So users will end up choosing "Enable all scripts (dangerous)" option with NoScript sooner or later.
Also, when the webpage redirects you to a processor for finalizing a payment, a lot of work can be lost. Cannot go back without losing entered data and cannot complete the payment because reload will screw things up. NoScript should really ask you "Click redirects to a different domain -- enable scripts there?"
Re: (Score:3)
I dunno about others but when a site refuses to show content without me unblocking scrips it will just get ignored.
b.t.w. US sites are really the worse with sometimes 15 or more scripts and most of them 3rd party.
Besides, unless advertisers find a way to serve me from 127.0.0.1, they will not do anything as I couldn't care less about their whining because I do not want their bought for web anyway.
They can keep their 80% of their paid for web and stick it where daylight is not showing as it's all cheapo lose
Re: (Score:3)
Bullshit. Remember SOPA? The Do Not Call List?
> Big Money does not have to adapt. You do.
Bullshit. Votes are more important than campaign funds.
Control news, control discourse, control votes (Score:3)
Bullshit. Votes are more important than campaign funds.
And each company in the entertainment industry can control votes by using whatever news outlets its parent company owns to frame the political discourse [pineight.com].
Re: (Score:3, Insightful)
...and so we teach the addons to cheat on those tests.
Re: (Score:2)
with the user without these plugins as loser.
If you don't, you should (Score:5, Informative)
Block 3rd party cookies, and that is. This is my default setting, and it rarely has any impact on the actual content of a website.
Re: (Score:2)
Been using it so long myself that I'd forgot it wasn't *the* default.
just block all cookies (Score:5, Informative)
Safari (Score:2, Insightful)
Doesn't Safari already do this by default?
Re:Safari (Score:5, Informative)
Doesn't Safari already do this by default?
In the first bugzilla entry for the patch, it details what Safari does and proposes to mimic it.
Nuclear Response (Score:5, Informative)
The initial response from the online advertising industry is unsurprisingly hostile and blustering, calling the move 'a nuclear first strike.'
This is a completely justified nuclear response. The nuclear first strike was when the advertising industry started stalking people everywhere they go without informed consent or even an easy way for average people to opt out, and with no way to purge your history. If you had only used cookies in the public interest, the browser that cares about its users would not have to respond to your hostile behavior.
Re:Nuclear Response (Score:5, Insightful)
The ad industry launched several nuclear 'first-strike' slavos against browsers: pop-ups, pop-unders, interstitials, flashing seizure-inducing Gif ads, javascript pop-overs, flash audio adverts, scroll-overs, surreptitious super cookies, etc, etc, etc.
Fuck them. In the ass.
No lube.
Tomayto, tomahto... (Score:2)
The initial response from the online advertising industry is unsurprisingly hostile and blustering, calling the move 'a nuclear first strike.'
I guess one person's "nuclear first strike" is another's "measured response."
I've been doing this in Chrome for a while. (Score:3)
Re: (Score:3)
warn you to enable coolies though.
Just as I suspected. The Chinese are behind this.
1st-party cookies are a good thing for companies (Score:2)
I would go even further than Mozilla plans to go (and Safari goes already):
By default, I would require all cookies to be either 1st party or "blessed" by either the user or the 1st party.
In other words, if Slashdot had a Facebook widget, either the end user would have to whitelist Facebook to allow it to deposit cookies from anywhere, or Slashdot would have to explicitly "bless" the specific widget or the web browser would not let the embedded Facebook widget read or write cookies without prompting the user
Cute, but ineffective (Score:3)
The "first-party context" loophole is the deathknell of this thing, just as Safari's own mechanism doesn't actually protect anybody's privacy.
If you don't like tracking cookies, that's fine, but there is an infinite variety of workarounds for this so-called solution. One can easily use a URL proxy, for instance -- you click a link marked "Next Page" that actually goes to "entirelylegitimatewebsite.com/track_me_please," which sets a cookie and immediately redirects you to "mysite.com/nextpage." Hey presto, first-party context cookie set!
On the other hand, there's browser local storage, beacon URLs via AJAX... the list goes on and on. Hell, even if most web browsers _do_ start blocking all third-party cookies under all circumstances, the data kingpins will start offering handy little Rack and Tomcat plugins that use first-party cookies to track user behavior across the Web.
If you're a Web user who's paranoid about information leaks, you should already be using Tor and some privacy-centric web browser. But given the degree of personalization inherent in most of the 21st century Web, I have a hard time understanding why a paranoiac would use the Web at all.
That implies obliteration of the ad industry. (Score:2)
Don't we wish.
Insanity laden cookies (Score:5, Informative)
If you have some spare time restart your browser, fire up wireshark and filter for DNS queries then go to just the home page of any of a bazillion web sites... It is insane... one single page load of something like cnn,fox,nbc,forbes translates into 20-30 of dns queries for all manner of advertising and market intelligence companies.. Everyone knows this stuff exists but I was genuinly shocked by the volume and number of sites involved.
If it isn't cookies it will be fingerprinting, flash cookies, DNS cache probing + IP but we can work to mitigate these things as well.
Kudos to Mozilla for protecting their users (Score:2)
Not kudos to Mozilla for taking so many years to do what is obviously needed. This and many other things should not have needed a community submission. The core programmers should already know how to do these things and know that they are essential for safe browsing experience.
I'm diabetic (Score:2)
I have to block ALL cookies.
A disaster. (Score:2, Funny)
What a frelling disaster. The end of third party cookies will pose problems for my household. My wife is getting better at baking but so far cookies seem beyond her even with third party products.
- is tired of hyperbole (Score:5, Insightful)
Fuck these assholes until they bleed.
"Nuclear first strike"? It's a counter-measure. I'm so sick of people using war rhetoric inappropriately. There is no "nuclear cookie blocker" and there is no "war on Christmas". There are no bombs going off and nobody is dying in the streets. This statement makes me want to bomb the corporate office of an ad agency so they have something to complain about*. Might stop the spam for a week too.
*This user does not support the actual use of explosives to make a point. Bombs are not educational tools and should be used responsibly. We now return to your regularly scheduled flame war.
Maybe PayPal will fix their system... (Score:4, Interesting)
Re:Maybe PayPal will fix their system... (Score:4, Informative)
Whoops, just read through the thread on Bugzilla about the patch. It's not really disabling third party cookies completely. It still allows third party cookies to be exchanged if cookies from that third party already exist on the client. So if you visited PayPal directly, then went to a web site with an embedded PayPal button, that site would still send client's PayPal cookies.
That seems like a good trade-off between security and zero-config for most cases. But if also means unless you explicitly disable all third party cookies, sites like Facebook will still be able to follow you around the web.
Re: (Score:3)
But if also means unless you explicitly disable all third party cookies, sites like Facebook will still be able to follow you around the web.
That is one way of interpreting this. The other is as yet another reason not to visit Facebook.
They are claiming to be cockroaches? (Score:4, Funny)
About the only thing that'll survive a nuclear war is cockroaches. So, if the cookie tracking online ad industry survives this nuclear strike, are they cockroaches...?
Easy to bypass 3rd-party-cookie-blocking via CNAME (Score:5, Interesting)
I hate to rain on your parade, but...
Let's say someone has a website http //www.good.example.com, and want http //ads.doubleclick.net to get past this filter. Assuming they control their own DNS, they simply need to set up a CNAME www.bad.example.com that points to ads.doubleclick.net. Voila, the ads.doubleclick.net server shows up on the same domain as www.good.example.com.
Re: (Score:3)
Comment removed (Score:3)
Re: (Score:3)
cry more. If you want money, go get a real job.
Re:Feature Request: remove all cookies EXCEPT (Score:5, Informative)
I regularly clean out my cookies with "delete all", but I'd prefer to keep the ones for sites that require a login. But it's too hard to delete cookies individually.
You can achieve that in Firefox without any extra extensions: Under Privacy: 1. Use Custom settings for history - Accept cookies from sites - Keep until: I close Firefox 2. Under Exceptions: - Add sites you want to allow permanent cookies sites using "Allow" button Done. Sites you allow can store cookies until they expire while other cookies are cleared every time you close the browser.