Mozilla delays blocking third-party tracking cookies in Firefox 22, says more work is needed

Mozilla has announced that it will hold off on blocking third-party tracking cookies in the latest version of Firefox. The browser developer says that there is “a little more work” to be done before it was going to become available. It is believed that this feature will become a default setting for Mozilla’s browser, which will then enhance its Do Not Track enforcement protocol.

The company began testing the cookie blocker at the same time as it released Firefox 21 earlier this month. As part of its efforts to put users in control over their own Web experience, Mozilla unveiled Do Not Track. The idea was to provide Firefox users with a greater understanding and control with what information is being transmitted and what they want protected.

Delaying the launch of Firefox 22 may be considered to be a bit of a setback for Mozilla, but it could also be viewed as a way for the company to bolster its offering. In fact, the company said that it was delaying implementing it as a default setting so that it can “collect and analyze data on the effect of blocking some third-party cookies.”

Brendan Eich, Mozilla’s CTO, wrote in a blog post that the company is testing a patch created by Stanford student Jonathan Mayer for Firefox. Mayer’s solution allows cookies from sites a user has previously visited and blocks those from new pages. He believes that through this methodology, users will feel more comfortable with cookies from sites they have a relationship with versus unknown ones.

However, two problems have caused Mozilla to delay implementing this patch:

False positives. For example, say you visit a site named foo.com, which embeds cookie-setting content from a site named foocdn.com. With the patch, Firefox sets cookies from foo.com because you visited it, yet blocks cookies from foocdn.com because you never visited foocdn.com directly, even though there is actually just one company behind both sites.

False negatives. Meanwhile, in the other direction, just because you visit a site once does not mean you are ok with it tracking you all over the Internet on unrelated sites, forever more. Suppose you click on an ad by accident, for example. Or a site you trust directly starts setting third-party cookies you do not want.

Eich says that Firefox 22 will have the cookie blocker “on” by default, but only after additional work has been done. Mozilla will run an engineering test to add “privacy-preserving code” to measure how the patch affects real websites.

Those using the beta version of Firefox 22 have a version of the patch installed, but it is not turned “on”. Users within its Aurora channel have the service enabled by default, which Mozilla says will give it better ongoing test coverage and A/B testing.

Photo credit: JOSEP LAGO/AFP/Getty Images