Firefox 22 and third-party cookies

[Thrawn]

Firefox 22 will block third-party cookies by default (and most people who would know about this, and know how to enable them, wouldn't choose to do it). So we can basically assume that from v22 onwards, Firefox won't support third-party cookies.

Does anyone else think that this is a bad idea?

It's intended to protect against tracking, but if we're talking about the kind of tracking that allows Doubleclick to assemble hundreds of A4 pages worth of personal data about someone, then it won't work. There are other methods of tracking - web bugs, Evercookie, etc - and the big players (Google, Facebook, etc) have the resources to use them. It's smaller operators who will be hit, like a website operator who happens to use multiple domains, and wants to gather aggregate data about user behavior across the site. And those kind of trackers aren't the real threat.

Or what about legitimate, non-tracking uses of third-party cookies? My workplace hosts a shopping cart service for various other sites. Sites embed a snippet of code from us, and that snippet shows a 'mini-cart' on the page, allowing the user to keep track of their order and click through to our payment page to check out. Without third-party cookies, that will completely break. At the moment, we're looking at organising for all the sites that use our service to work around it by first redirecting to us, and we set a cookie and redirect back, so that Firefox will trust our cookies. Ugly, and it highlights the fact that if sites are deliberately embedding third-party content, then they will find a way to collaborate with the third party and get around this.

This will cause widespread inconvenience, angst, and sometimes significant financial pressure on sites that rely on targeted advertising to stay online and free - but it will not really protect the privacy of Joe User, who makes no changes to default settings, and posts 90% of his life on Facebook and/or Twitter, including location data and the names and photos of everyone who was with him at the time.

[GµårÐïåñ]

Are you sure its designed to not support 3rd party anymore? Meaning blocking all of them indiscriminately? If so, then its asinine and a very bad idea, the choice should ALWAYS remain with the users.

Now if they are disabling it by default but you can turn it back on if you want, then its fine I think. Might result in behavior changes being required and break functionality causing grief on support, which I think is a bad way to do it, since it will cause more damage than it will solve. But its something I can live with if I had too. I already barely use Fx as-is.

[Hecuba's daughter]

nvm

[Hecuba's daughter]

nvm

[Thrawn]

@Guardian: It will still support third-party cookies in theory, but with them disabled by default, who is going to turn them on? Hardly anyone will both know how, and choose to do it. And if only 1% of browsers support them, then no site can rely on them and they are basically dead.

Of course, there is the workaround: once a site sets a first-party cookie, it is allowed to set third-party cookies. But that strengthens the argument that this won't work. Third-party cookies indicate deliberate collaboration; sites that want to collaborate will just have to use more redirects, that's all.

@Hecuba's daughter: Good point about Google, possibly the worst offender, getting an automatic foot in the door.

[Hecuba's daughter]

nvm

[GµårÐïåñ]

@Guardian: It will still support third-party cookies in theory, but with them disabled by default, who is going to turn them on? Hardly anyone will both know how, and choose to do it. And if only 1% of browsers support them, then no site can rely on them and they are basically dead.

Of course, there is the workaround: once a site sets a first-party cookie, it is allowed to set third-party cookies. But that strengthens the argument that this won't work. Third-party cookies indicate deliberate collaboration; sites that want to collaborate will just have to use more redirects, that's all.

I still think the way they are going about it is the wrong way. Just because a bunch of people may jump on the band wagon, doesn't mean its the right, or most efficient way of doing things. I think Fx has progressively gone from bad to worse with each move they have made. We thought rapid update cycling to match google was bad, but this is just asinine. Workaround or not, why make people's lives more difficult instead of making it easier and giving them a choice? Say what you will about M$ but Mozilla is in my opinion becoming far worse than M$ ever was and they have been labeled the "secure, privacy conscious, open, and alternative option" to big corporation, yet, here we are from Fx 2 to 2x10 and progressively worse.