Mozilla anti-cookie tool plans crumbling

Google will never deprecate 3rd party cookies, and without cross-vendor support Mozilla will be attacked when sites start breaking.<p>It&#x27;s a real shame, I&#x27;ve been blocking all 3rd party cookies and referrers for years and really want to see the web to a more privacy concious model. With all the web features tracking tricks out there now though, I feel it&#x27;s nigh impossible.<p>Take for instance, common Javascript libraries hosted on CDNs. Every time you visit a jQuery based page where the js file is on a CDN you reveal to the host of that CDN (e.g. Google) what website you&#x27;re on. You also put complete faith in that 3rd party CDN provider for your security.<p>3rd party cookies are just the tip of the iceberg in terms of how broken the web is for the privacy concious.

Privacy on the Internet today is so riddled with conflicts of interests and doublespeak that it&#x27;s hard to know where anyone stands on anything.<p>Microsoft implemented a Do-Not-Track by default in IE 10 [0], only to later reveal it was planning an even more intrusive ad tracking system of its own [1]<p>Google added a Do-Not-Track feature belatedly to Chrome, buried within levels of settings and warnings [2]. And yeah, they&#x27;re working on their own cookie replacement too [3].<p>Facebook meanwhile is tracking you across the web through its own re-targeting tech [4] and even your cursor movements on its site [5]<p>In fact, when companies like Google, Facebook and Microsoft want to dump cookies [6], I&#x27;d argue that we&#x27;re already past the point where a Firefox can make a difference.<p>IMHO Internet tracking has become like fast food. A meaningful difference will only come when average users start caring about their privacy and are willing to make conscious choices for it.<p>[0] - <a href="http://arstechnica.com/information-technology/2012/08/microsoft-sticks-to-its-guns-keeps-do-not-track-on-by-default-in-ie10/" rel="nofollow">http:&#x2F;&#x2F;arstechnica.com&#x2F;information-technology&#x2F;2012&#x2F;08&#x2F;micros...</a><p>[1] - <a href="http://adage.com/article/digital/microsoft-cookie-replacement-span-desktop-mobile-xbox/244638/" rel="nofollow">http:&#x2F;&#x2F;adage.com&#x2F;article&#x2F;digital&#x2F;microsoft-cookie-replacemen...</a><p>[2] <a href="http://www.pcmag.com/article2/0,2817,2411916,00.asp" rel="nofollow">http:&#x2F;&#x2F;www.pcmag.com&#x2F;article2&#x2F;0,2817,2411916,00.asp</a><p>[3] <a href="http://www.usatoday.com/story/tech/2013/09/17/google-cookies-advertising/2823183/" rel="nofollow">http:&#x2F;&#x2F;www.usatoday.com&#x2F;story&#x2F;tech&#x2F;2013&#x2F;09&#x2F;17&#x2F;google-cookies...</a><p>[4] - <a href="http://adage.com/article/digital/facebook-launches-retargeting-alternative-fbx/244746/" rel="nofollow">http:&#x2F;&#x2F;adage.com&#x2F;article&#x2F;digital&#x2F;facebook-launches-retargeti...</a><p>[5] - <a href="http://www.pcmag.com/article2/0,2817,2426602,00.asp" rel="nofollow">http:&#x2F;&#x2F;www.pcmag.com&#x2F;article2&#x2F;0,2817,2426602,00.asp</a><p>[6] - <a href="http://online.wsj.com/news/articles/SB10001424052702304682504579157780178992984" rel="nofollow">http:&#x2F;&#x2F;online.wsj.com&#x2F;news&#x2F;articles&#x2F;SB1000142405270230468250...</a>

I think that Mozilla&#x27;s recent re-launch of Lightbeam (nee Collusion) shows that they&#x27;re not trying to back away from the issue of third-party cookies. The complication is that you need to find a solution that doesn&#x27;t break enough sites that users give up and switch to less-privacy-conscious browsers, which would completely defeat the purpose.

Mozilla isn&#x27;t positioned to stand up to Google while they&#x27;re getting $300 million a year [0] from them. (For reference Mozilla&#x27;s 2011 revenue was $163M [1]) I trust (to a point) their motivations but I would imagine that much dough comes with more strings attached than just making Google the default search in Firefox.<p>I think we&#x27;re very lucky to have Mozilla in the FOSS world but the will for better privacy will have to come from the community.<p>[0] - <a href="http://www.forbes.com/sites/timworstall/2013/01/22/so-why-is-google-funding-its-own-competition-in-the-firefox-os/" rel="nofollow">http:&#x2F;&#x2F;www.forbes.com&#x2F;sites&#x2F;timworstall&#x2F;2013&#x2F;01&#x2F;22&#x2F;so-why-is...</a><p>[1] - <a href="http://www.mozilla.org/en-US/foundation/annualreport/2011/faq/" rel="nofollow">http:&#x2F;&#x2F;www.mozilla.org&#x2F;en-US&#x2F;foundation&#x2F;annualreport&#x2F;2011&#x2F;fa...</a><p>edit: I didn&#x27;t state it explicitly but my argument is based on the idea that Google is primarily interested in a low-privacy and ad-based web.

I tried searching for the patch in question, and here is what I came up with:<p>Searching for Jonathan Mayer in Bugzilla <a href="https://encrypted.google.com/search?sitesearch=bugzilla.mozilla.org&amp;q=jonathan+mayer" rel="nofollow">https:&#x2F;&#x2F;encrypted.google.com&#x2F;search?sitesearch=bugzilla.mozi...</a><p>Here is the meta bug: <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=818337" rel="nofollow">https:&#x2F;&#x2F;bugzilla.mozilla.org&#x2F;show_bug.cgi?id=818337</a><p>I think this is the patch: <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=818340" rel="nofollow">https:&#x2F;&#x2F;bugzilla.mozilla.org&#x2F;show_bug.cgi?id=818340</a>

&gt; &quot;This default setting would be a nuclear first strike against (the) ad industry,&quot; tweeted Mike Zaneis, general counsel for the Interactive Advertising Bureau.<p>Such dramatic silliness. An <i>actual</i> first stirke would be NoScript and AdBlock installed by default (which I already do to begin with). Removing third-party cookie functionality is just a shot across the bow.

Philosophically, this effort seems fallacious to me. Many of the Internet&#x27;s services are only free because of advertising, and while Mozilla&#x27;s intentions seem admirable, they&#x27;re at best short sighted and at worst naive.<p>As for the immediate reason Mozilla is backing off, have you ever wondered how you make money as a browser? One of the key revenue streams for a company like Mozilla or Opera is referral fees from search engines. Ever wonder why Microsoft is so desperate to make it difficult to use non-IE browsers? it&#x27;s because they have their own search engine.<p>My own personal speculation is that some of Mozilla&#x27;s search engine customers, whose business model often includes using cookies, came forward and indicated their displeasure with this initiative and pointed out that this would basically amount to biting the hand that feeds it on Mozilla&#x27;s part.

There is no need for a &quot;tool&quot; (which will only add to code bloat and be circumvented anyway). Just don&#x27;t accept 3rd-party cookies and be done with it. All browsers already have this setting, it just needs to be enabled by default.<p>I invite all who haven&#x27;t done so yet to change their browser&#x27;s settings right now to refuse 3rd party cookies. They have almost no legitimate use anyway. The only breakage of a useful site I&#x27;m aware of pertains to active Disqus logins, a price well worth paying in my opinion.<p>The 3rd party cookie tracking problem is worse than most people think. For instance, every time your browser pulls a file from a CDN, you&#x27;re tracked.

Why don&#x27;t browsers just generate a UUID on first run per user.. then anyone tracking can do so server-side.. with a browser&#x2F;user option to re-generate a new one. It would effectively be the same.. then have a white&#x2F;blacklist for sending this id.<p>Or they could make a system where a site can set their own unique id, that they can use.. oh, maybe have a custom key for this value.. and maybe they could call it a token system.. ooh or maybe cookies.<p>&#x2F;sarcasm

I feel most users got over the creep factor of cookies back in 1998, and nothing that happened since has demonstrated that cookies need to be severely restricted. In fact, I expect more physical businesses will be installing face recognition to essentially cookie and track casual shoppers in a real stores offline, consumers are already used to this online, and don&#x27;t feel threatened by it.

Very disappointing.

Doesn&#x27;t Apple already do this?

Good. This recent war against cookies is futile and silly.<p>If you visit a website (Assuming you don&#x27;t go via some anonymizer proxy), they can track you, and they can pass your details to any 3rd party who wishes to also track you.<p>Cookies are the easiest way for them to do that, but its absurdly naive to think that if you block cookies then people won&#x27;t track your browser activity online.<p>If you don&#x27;t want to be &#x27;tracked&#x27;, stop generating HTTP requests, or do them through an anonymizer service. And good luck getting any website to work properly.