Firefox won’t increase privacy by blocking third party cookies by default

Posted on Posted in Cookies, firefox, internet explorer, microsoft, mozilla No Comments
Firefox won’t increase privacy by blocking third party cookies by default

Mozilla and Microsoft have both got themselves in a bit of a privacy tizz over their respective browsers. First Microsoft decided to make Internet Explorer 10 come with ‘Do Not Track’ turned on by default, now Mozilla is thinking of a ‘Safari like third party cookie patch‘ where third party cookies won’t be accepted from domains that you have never visited before.

Do Not Track

Do not track‘ (DNT) is a browser parameter first implemented by Firefox. If a user selects the box in the settings saying “do not track”, then the browser sends a signal across with every request along with the IP address, browser and a whole host of other things.

This is a great way for users to tell websites and advertisers that they don’t want to be tracked. The websites don’t have to do anything technically different on the pages to make it work, they just pay attention to the data that they get in the background.

The trouble with Do Not Track is that:

  1. It is entirely voluntary for the website at the end on whether they pay attention to it and it is near on impossible as a user to tell if they are or not. When I say near on impossible, ‘near on’ just left town.
  2. As far as I can tell, uptake by websites and advertisers have been low. I just spent half an hour googling around and I still can’t tell you with 100% certainty whether Google Analytics pays attention to it. I’m fairly sure it doesn’t.
  3. Hardly any users seem to know what it is and so uptake has been low.
Uptake was low, until Microsoft decided that Internet Explorer 10 was going to have it turned on by default.

Microsoft even use it as a USP in their advertising.

Except of course now that Microsoft have implemented it by default, all the advertisers have decided that because it is no longer set by a user, they can complete ignore it. Microsoft might as well have implemented a setting that gave a couple of magic beans to the user, given how much use what they have implemented.

Effectively what Microsoft have done by setting it by default is to turn around to the FDA and say to them

“Make this law or we’ll destroy it as an opt out option”

The FDA, notorious for their light touch regulation, are desperately hoping that advertisers take it seriously so that they don’t have to do anything. Unfortunately they aren’t winning that battle at the moment.

Third Party Cookies

Safari has a unique position when it comes to third party cookies, they block them by default. When you are using Safari on your iPad or iPhone then you won’t be receiving any third party cookies.

Firefox is thinking of implementing something similar, as they said in their blog post back in February:

Mozilla has a long running interest in fostering greater transparency, trust and accountability related to privacy and the many cookie-based practices we see today.

So they are thinking of implementing something similar, although that has evolved a bit over the last couple of months. Firefox’s plan is to block third party cookies except in situations where you have already accepted a first party cookie from the same company.

What is the impact of such a change? Well Mozilla have been taking it very seriously and have highlighted two potential problems:

  1. False negatives where a site gives you a third party cookie from the company, but not necessarily from the same domain (eg if you go to google.com and you get a cookie from google.co.uk)
  2. False positives where you get a cookie from a site once, but they are then allowed to track you around everything that you do from then on (eg everything that facebook, twitter, google and all those other popular social networking sites do)
And herein lies the problem with making this about increasing the amount of privacy that you are going to get. Any system that allows cookies from Google, Facebook and co isn’t going to give you any more privacy, all it does is drive out of business the smaller organisations.
Just to recap, this is how contextual display advertising works:
  1. You view an advert and the advertising agency drops a cookie from their domain
  2. The next advert looks for the cookie and based on rule sets will decide which advert to give you next time, based on your clicks of the previous adverts and the pages that the adverts were on
  3. Company wants to buy advertising so allows advertiser to put tracking code on their site too, sometimes passing through parameters for products alongside the cookie id
  4. The next advert that the user looks at, the advertiser has a profile of the user based on the adverts and the site, so provides a contextual advert based on a rule set
As I argued with the EU cookie laws, the problem here isn’t the cookie. The cookie is an enabler for this process that it is used for lots of other things outside of contextual advertising. The problem is that the user is kept in the dark on the processes and these processes aren’t regulated in any way.

Objectives

Without wanting to sound like a smug strategy consultant, but Mozilla and Firefox have replicated a problem that I see regularly on websites. They’ve forgotten why they are doing these things and are implementing solutions based on who shouts loudest and shiny objects.
Firefox need to go back to that line that is at the start of their blog. This is their objective:

Mozilla has a long running interest in fostering greater transparency, trust and accountability related to privacy and the many cookie-based practices we see today.

We’ve already seen that through IE’s automatic on DNT that this doesn’t increase transparency. All it does is create a false culture where people think they are covered when they aren’t. This doesn’t increase transparency at all – it does the opposite.
The third party cookies are the same. They are going to create a culture where we think that we are avoiding the contextual advertising and we aren’t. This reduces trust in any future measures implemented because we won’t believe that they will work.
So how does Mozilla get a culture of greater transparency? Well if I had the magic answer I’d be a millionaire by now. Blocking things, however isn’t the answer. Transparency has to be.

Leave a Reply

Your email address will not be published. Required fields are marked *

*