Turn on Firefox “Total Cookie Protection” to Reduce Web Tracking
It’s unlikely we’ll ever be able to live online without trackers, but we appreciate companies doing their best to at least make tracking users that much more technologically challenging. If you’re a Firefox fan, Mozilla just launched a new “Full Cookie Protection” mode that basically isolates all of the website’s cookies. Each website gets its own cookie jar, to use the Mozilla metaphor, and the cookies are stored there; they cannot be shared with other websites.
As Mozilla writes :
Total Cookie Protection makes a limited exception for cross-site cookies when they are required for non-tracking purposes, such as those used by popular third party login providers. Only when Total Cookie Protection detects that you intend to use a provider will it give that provider permission to use cross-site cookies specifically for the site you are currently visiting. These instant exceptions provide strong privacy protection without affecting your browsing experience.
Combined with Supercookie Protections, which we announced last month, Total Cookie Protection ensures that cookies and other site data are completely separated between websites in Firefox. Together, these features prevent websites from “tagging” your browser, thereby eliminating the most common method of cross-site tracking.
This approach should allow Firefox to more effectively block cookie-based tracking, period, rather than relying on a list that Mozilla has no control over to fuel its usual blocking implementation – improved tracking protection. The problem, as Johann Hofmann and Tim Huang of Mozilla write, is pretty obvious :
To combat web tracking, Firefox currently relies on Enhanced Tracking Protection (ETP), which blocks cookies and other general health from known trackers based on a disable list. This form of cookie blocking is an effective way to stop tracking, but it has its limitations. ETP protects users from the 3,000 most common and widespread identifiable trackers, but its protection depends on the list being complete and always up to date. It is difficult to ensure completeness, and trackers may try to bypass the list by registering new domain names. In addition, identifying trackers is a cumbersome task and usually adds a delay of months before a new tracking domain is added to the list.
In theory, the cookie jar exceptions that Mozilla threw in Firefox should still allow users to do things like sign in to websites using SSO. And let’s just cross our fingers that companies won’t find a way to take advantage of the flexibility Mozilla has provided for these otherwise legitimate third-party cookie uses.
As always, the best approach is to use Firefox’s defenses as one , but not the only tool in your anti-ad arsenal. First, you need to enable the strict version of Firefox Enhanced Tracking Protection to take advantage of the new cookie jar approach. Standard mode will fail:
From there, install a few of your favorite other tracking and ad-limiting extensions and you’re good to go. Our favorites include:
- uBlock Origin (or even more interesting tool like AdNauseum )
- Privacy Badger
- Decentraleyes
- uMatrix
- NoScript
- Containers with multiple accounts
- ClearURLs