Forgot your password?
typodupeerror
Firefox Advertising Mozilla Privacy Your Rights Online IT

Firefox Will Soon Block Third-Party Cookies 369

Posted by timothy
from the accept-only-genuine-chocolate-chip dept.
An anonymous reader writes "Stanford researcher Jonathan Mayer has contributed a Firefox patch that will block third-party cookies by default. It's now on track to land in version 22. Kudos to Mozilla for protecting their users and being so open to community submissions. The initial response from the online advertising industry is unsurprisingly hostile and blustering, calling the move 'a nuclear first strike.'"
This discussion has been archived. No new comments can be posted.

Firefox Will Soon Block Third-Party Cookies

Comments Filter:
  • by CheshireDragon (1183095) on Saturday February 23, 2013 @05:38PM (#42991495) Homepage
    I have always turned of the third party cookies, but good move for making it a default.
    And to hell with marketers, they can cry all they want. They have already stripped most television show of a title sequence and forced shows to start rolling credits while still running. Ihave always wondered why I pay for a ton of cable channels when all I am really doing it watching commercials. Good thought to the creator of the DVR.
  • by Anonymous Coward on Saturday February 23, 2013 @05:39PM (#42991505)

    Doubleclick is now known as Google adwords. So it should be interesting to see if this ever gets into Chrome...

  • by Anonymous Coward on Saturday February 23, 2013 @05:52PM (#42991583)

    When they just get websites using their advertising services to add subdomains covering their cookies.

    At that point you WON'T be able to solve this without a huge mess of per-domain whitelists, eventually coalescing into the cookies for the advertisers being handled THROUGH the corporate websites.

    I was arguing this a decade or decade and a half ago to anyone who would listen, but it was brushed off (And rightfully so given that it's taken this long for a browser to actually this by default.)

  • by fluffy99 (870997) on Saturday February 23, 2013 @06:08PM (#42991699)

    It's interesting that no-one has ever tried to retaliate against them using the COPPA law, which makes it illegal to track and retain information on underage kids.

  • Micropayments (Score:4, Interesting)

    by tlambert (566799) on Saturday February 23, 2013 @06:52PM (#42991989)

    It would be a wonderful world if that happened. I've always been really sad that we didn't manage to have a micropayment system in place in 1995, so that we could pay for what we used instead of having advertising shoved down their throats. I would much rather be the customer than the product.

    That's a great idea. Then they could make a micropayment back to me for everything in the page they end up sending me that I don't actually read so they can offset the bandwidth cap that my ISP starts charging me extra for after it's been exceeded.

    PS: Micropayments are an incredible bitch to implement, if you've ever tried it, since the transaction fees and data storage pile up. There's a reason the phone companies charge so much per text message, and a lot of it has to do with paying micropayments to themselves every time someone makes a micropayment on sending a text message. The transactional overhead is very high.

  • by Anonymous Coward on Saturday February 23, 2013 @06:56PM (#42992017)

    IMHO, the next step is to block referrer information to third party sites [mozilla.org]. E.g. if example.com loads a script from gstatic.com, then the HTTP_REFERER header is not sent to gstatic.com. There's almost zero collateral damage (one captcha service doesn't work), and companies like Facebook and Google no longer get to know every site that most internet users visit.

  • by Man On Pink Corner (1089867) on Saturday February 23, 2013 @06:58PM (#42992029)

    At first glance, the dancing cartoon characters and excessive commercial breaks seem like a supply-side problem. The fact that the show's producers and writers tolerate this sort of thing is a sign that you, as their audience, are very far from the top of their minds when they come to work each day. They clearly harbor the same disrespect for their own craft that they have for your time. Seems simple enough.

    On the other hand, the fact that you, as their audience, keep watching their shows, is one that I don't have a ready explanation for.

    My only guess is that some people just don't value their limited time here on Earth as much as they should. Either switch to Netflix, use torrents, or sell your TV on Craigslist for a bag of horse. Any of these things will be a better use of your time than watching network TV.

  • by Anonymous Coward on Saturday February 23, 2013 @07:19PM (#42992145)

    I canceled Sky a long, long time ago, when they started broadcasting general advertisement on History Channel, National Geographic etc. Went from reading 1-2 books per year to more than 30. There's not much to see anyway: films are quite boring and lame, TV series are the same or really bad production (Sword of Truth comes to mind) and most documentaries are simply ridiculous with one third of the content being useless reviews after advertisements (just imagine to see them with half of the number of interruptions, it's completely insane). I would gladly pay for BBC documentaries however.

  • Re:Consequences (Score:5, Interesting)

    by Mashiki (184564) <mashiki@gmai l . c om> on Saturday February 23, 2013 @07:32PM (#42992221) Homepage

    Sites will start blocking Firefox browsers...

    Considering anyone with 3 firing neurons already blocks advertising to begin with, this is pretty much moot. The reality is advertisers have been abusing cookies for decades, the worst of advertisers have been abusing advertising itself, and allowing malware into their networks and taking a 'cut' of the scam.

    Personally? Until advertisers man up, and stop acting like the guy standing on the corner of a shady neighborhood going "hey, wanna buy some shit..." they can simply suck it.

  • by me at werk (836328) on Saturday February 23, 2013 @07:44PM (#42992299) Homepage Journal

    Ah, well, it seems they're doing that in the mobile market, anyway.

    They're actually doing something about this because some smartphone games for children do location tracking, and nobody knows why [npr.org].

    According to the FTC, among its more troubling findings is that many children's apps "shared certain information with third parties -- such as device ID, geolocation, or phone number -- without disclosing that fact to parents. Further, a number of apps contained interactive features -- such as advertising, the ability to make in-app purchases, and links to social media -- without disclosing these features to parents prior to download."

  • by JaredOfEuropa (526365) on Saturday February 23, 2013 @07:50PM (#42992329) Journal
    Good point... I don't see any harm in allowing 3rd party session cookies (anyone?). I don't think FF currently has an option to block 3rd party cookies but allow session cookies from 3rd parties,not even manually. If you're in the business of making apps like this, perhaps it's worth pointing out to the FF guys; they might not have thought of everything. Just look at the crappy cookie law we just got in Europe.
  • by allo (1728082) on Saturday February 23, 2013 @08:10PM (#42992463)

    then the question is, why not doing it the other way round: allow 3rd-partys to access their own cookies, but do not allow them to set a cookie, if they are not the 1st party at the moment.

  • by hedwards (940851) on Saturday February 23, 2013 @08:18PM (#42992493)

    It's not the writers and producers, it's the TV station owners that make those decisions. I doubt very much that the writers, producers and assorted people that work so hard to create the programming like to see the credits smashed up so that nobody can read them.

  • by t4ng* (1092951) on Saturday February 23, 2013 @09:03PM (#42992723)
    I never quite understood how, for the past several years, embedded PayPal payment buttons have remained completely broken if the client disabled third party cookies. Maybe if all browsers did this PayPal would finally fix their system.
  • by egarland (120202) on Saturday February 23, 2013 @09:50PM (#42992931)

    > I have always wondered why I pay for a ton of cable channels when all I am really doing it watching commercials.

    Because, half the cost of the programming you are watching comes from commercials. The average TV watcher watches about $80 worth of adds per month. (That's assuming about $0.02 per commercial watched, 30 commercials per hour, and 130 hours of TV watched per month which, as far as I know, are roughly accurate averages.) Would you pay $80 more for all that content without the commercials?

  • by knorthern knight (513660) on Saturday February 23, 2013 @10:30PM (#42993097)

    I hate to rain on your parade, but...

    Let's say someone has a website http //www.good.example.com, and want http //ads.doubleclick.net to get past this filter. Assuming they control their own DNS, they simply need to set up a CNAME www.bad.example.com that points to ads.doubleclick.net. Voila, the ads.doubleclick.net server shows up on the same domain as www.good.example.com.

  • by nmb3000 (741169) <nmb3000@that-google-mail-site.com> on Saturday February 23, 2013 @10:52PM (#42993211) Homepage Journal

    IMHO, the next step is to block referrer information to third party sites [mozilla.org]. E.g. if example.com loads a script from gstatic.com, then the HTTP_REFERER header is not sent to gstatic.com. There's almost zero collateral damage (one captcha service doesn't work), and companies like Facebook and Google no longer get to know every site that most internet users visit.

    I agree whole-heartedly with this sentiment, but it might cause more grief that most would guess.

    Over the last year or so I've played around with blocking the referer header from being sent at all, to any websites. 99% handle this just fine, but every now and then I'll come across sites that fail, and in various ways. Sometimes I get a useless error message from CloudFlare [cloudflare.com], and sometimes the page will simply render blank, like this one [scrnland.com] (in this case because TypeKit issues a 403 when requesting the CSS if the referer is missing).

    I have no idea why some sites rely so heavily upon an HTTP header which is not required to be present at all. I'd love to see a browser start to do what you suggest and exclude the header in 3rd party requests because it would force sites to treat the header as it was intended (advisory only) and would also make it easier for those who want to block sending it entirely.

  • by brandonY (575282) on Saturday February 23, 2013 @11:38PM (#42993399)
    The trick is to make sure that you never have any way of finding out that the person you're tracking is under 13. Never ask for their age.

Get hold of portable property. -- Charles Dickens, "Great Expectations"

Working...