Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Firefox joins Safari in controlling cross-site browser cookies

Firefox has started to roll out Total Cookie Protection, a browser feature that competes with Safari's privacy systems by restricting how cookies are used and cutting down cross-site tracking.

The tracking of users online is big business to marketers, with various trackers online used to keep tabs on a user's surfing sessions. As the data can be collected and mined for details, marketing companies can build sophisticated profiles of online users, in order to serve highly customized advertising.

As part of a continuing battle to prevent such tracking from taking place, Mozilla is rolling out a feature called Total Cookie Protection, which will be enabled by default for users of the browser on Mac and Windows.

Total Cookie Protection changes how cookies are stored by using so-called "cookie jars," namely separate stores for individual websites. The website and any third-party content embedded in it will deposit cookies to a cookie jar associated with just that site.

Once stored, no other websites are able to access the cookies in that particular cookie jar, except for the originating site. In effect, the cookies prevent trackers from being able to access cookies created for other sites, severely limiting their knowledge of the user's online habits.

A Mozilla graphic illustrating the concept of 'Cookie Jars' A Mozilla graphic illustrating the concept of 'Cookie Jars'

Mozilla says in a blog post that the approach "strikes the balance between eliminating the worst privacy properties of third-party cookies - in particular the ability to track you - and allowing those cookies to fulfill their less invasive use cases."

Total Cookie Protection is a continuation of Mozilla's previous efforts to limit the effects of online trackers, including the introduction of Enhanced Tracking Protection in 2018 to block tracking activity.

Mozilla is not the only company who is improving privacy in its browser. Apple's Safari has undergone many changes over the years, with alterations to its Intelligent Tracking Prevention over time strengthening its own security for users.

These changes, which included elements to prevent collusion between trackers and severely limiting the data that could be collected, was found to be "stunningly effective," according to ad industry insiders in 2019. By March 2020, Apple updated ITP to include full third-party cookie blocking among other features.

Later, Apple introduced App Tracking Transparency in iOS 14, which allowed users to severely cut down the amount of data collected by apps for similar tracking purposes.



5 Comments

mac_dog 16 Years · 1084 comments

This is good, but why not eliminate cookies altogether?

aderutter 17 Years · 625 comments

Because cookies can be useful to the individual - e.g. to store preferences etc. 

coolfactor 20 Years · 2341 comments

aderutter said:
Because cookies can be useful to the individual - e.g. to store preferences etc. 

Cookies are technically no longer required these with days with browsers supporting LocalStorage and SessionStorage. Cookies predates these data storage technologies by decades.

KillBillOG 4 Years · 32 comments

Well it would also be nice if places like banks (here's looking at you Salisbury Bank) government agencies etc didn't force you to turn on the insecure forms of cross site cookie "trafficking" to use "Bill Pay" because their developers are lazy, cheap or nefarious vendors that tell poorly informed management that such nasty cookies are "essential" when there are more secure methods. Maybe Apple/Mozilla could have a nicely written form letter you could send to "management" Customer Relations, legislators etc that states the argument to use secure methods and undercut those IT professionals that hold back thinks like prevention of privacy violating cross site cookies, stupid password requirements (no "-" or >8 but <13 ascii only etc) and of course preventing secure form and login automation (auto completion)