Firefox update will see third-party cookies blocked by default

Out-Law News | 26 Feb 2013 | 10:38 am | 1 min. read

An update to Mozilla's Firefox website browser will include a default setting that will automatically prevent third-party cookies being set on users' machines.

Stanford graduate Jonathan Mayer, who has been involved in implementing the update, said that the new policy would resemble the one adopted by Apple in its Safari browser.

"How does the new Firefox cookie policy work? Roughly: Only websites that you actually visit can use cookies to track you across the web. More precisely: If content has a first-party origin, nothing changes. Content from a third-party origin only has cookie permissions if its origin already has at least one cookie set," Mayer said in a blog

Cookies are small text files that record internet users' online activity. Cookies come in a variety of forms and differing functions for tracking user behaviour on websites.

Websites can track user behaviour during individual visits to sites (session cookies) or over multiple visits (persistent cookies) and serve one or a number of different purposes (multipurpose cookies). They can also be served by the websites themselves (first-party cookies) or on behalf of other internet firms, such as advertising networks that use (third-party) cookies to track users' online activity in order to serve them with targeted ads they consider more relevant to those users.

Mayer said that third-parties would need to have individuals' consent in order to serve cookies if those users have not "intentionally interacted" with their content under the new Firefox policy.

"If a user does not seem to have intentionally interacted with your content, or if you’re uncertain, you should ask for permission before setting cookies," Mayer said. "Most analytics services, advertising networks, and unclicked social widgets would come within this category."

"Working around the policy’s technical limits may be reasonable in certain cases, but undermining the policy’s privacy purpose is never acceptable," he added.