Firefox To Offer 'Do Not Track' Option By Default
Mozilla is moving forward with plans to block Internet tracking, allowing users of the popular Firefox browser to limit who watches their movements across the Web.
Websites may place small files called "cookies" on an Internet user's machine, and some types of cookies can be used to collect information about the user without his or her consent.
Mozilla had initially released a Safari-like third-party cookie patch, designed to block cookies set for domains users have not visited according to their browser's cookie database. Apple's Safari browser blocks all "third-party" cookies, meaning bit of tracking codes from sites that users do not intentionally visit. However, Mozilla did not progress the patch to Firefox Beta, as many "false positives" and "false negative" issues could occur. For example, say you visit a site named foo.com, which embeds cookie-setting content from a site named foocdn.com. With the patch, Firefox sets cookies from foo.com because you visited it, yet blocks cookies from foocdn.com because you never visited foocdn.com directly, even though there is actually just one company behind both sites. Meanwhile, in the other direction, just because you visit a site once does not mean you are ok with it tracking you all over the Internet on unrelated sites, forever more. Suppose you click on an ad by accident, for example. Or a site you trust directly starts setting third-party cookies you do not want.
Mozilla seems to now be ready to address these sorts of cases, by taking advantage of the Cookie Clearinghouse (CCH) - a list-based exception mechanism developed by Aleecia McDonald of the Center for Internet and Society at Stanford.
The Cookie Clearinghouse will develop and maintain an "allow list" and "block list" to help Internet users make privacy choices as they move through the Internet. The Clearinghouse will identify instances where tracking is being conducted without the user's consent, such as by third parties that the user never visited. To establish the lists, the Cookie Clearinghouse is consulting with an advisory board that will include individuals from browser companies including Mozilla and Opera Software, academic privacy researchers, as well as individuals with expertise in small businesses and in European law.
The CCH proposal is at an early stage, meaning that Mozilla will hold the visited-based cookie-blocking patch in Firefox Aurora while they bring up CCH and its Firefox integration, and test them.
Mozilla is planning a public "brown bag" event for July 2nd at Mozilla to provide an update on where things stand and to gather feedback.
Mozilla's decision to block cookies comes despite intense resistance from advertising groups, which have argued that tracking is essential to delivering well-targeted ads that pay for many popular Internet services.
On the other hand, Consumer Watchdog praised Mozilla's move to block cookies by default.
"Most people don't want to be spied on when they go online," said John M. Simpson, Consumer Watchdog's Privacy Director. "Mozilla is now making privacy protection the default. You can't get any more user-friendly than that."
"Mozilla should be congratulated for their dedication to protect consumer privacy in the face of extreme industry pressure," said Simpson. "They have also demonstrated a justifiable concern about getting this right from a technical point of view and Stanford's Cookie Clearinghouse was key to solving those issues. Kudos to both."
Mozilla's announcement comes at a critical point for online privacy as the US Senate is considering a bill that would use a different technology ? Do Not Track ? to protect consumers online. Introduced by Senators Rockefeller (D-WV) and Blumenthal (D-CT) it would charge the Federal Trade Commission with establishing standards by which consumers could tell online companies, including mobile applications, that they do not want their information collected. And in turn, the FTC would be charged with ensuring that companies respect a consumer's Do Not Track choice.
Mozilla had initially released a Safari-like third-party cookie patch, designed to block cookies set for domains users have not visited according to their browser's cookie database. Apple's Safari browser blocks all "third-party" cookies, meaning bit of tracking codes from sites that users do not intentionally visit. However, Mozilla did not progress the patch to Firefox Beta, as many "false positives" and "false negative" issues could occur. For example, say you visit a site named foo.com, which embeds cookie-setting content from a site named foocdn.com. With the patch, Firefox sets cookies from foo.com because you visited it, yet blocks cookies from foocdn.com because you never visited foocdn.com directly, even though there is actually just one company behind both sites. Meanwhile, in the other direction, just because you visit a site once does not mean you are ok with it tracking you all over the Internet on unrelated sites, forever more. Suppose you click on an ad by accident, for example. Or a site you trust directly starts setting third-party cookies you do not want.
Mozilla seems to now be ready to address these sorts of cases, by taking advantage of the Cookie Clearinghouse (CCH) - a list-based exception mechanism developed by Aleecia McDonald of the Center for Internet and Society at Stanford.
The Cookie Clearinghouse will develop and maintain an "allow list" and "block list" to help Internet users make privacy choices as they move through the Internet. The Clearinghouse will identify instances where tracking is being conducted without the user's consent, such as by third parties that the user never visited. To establish the lists, the Cookie Clearinghouse is consulting with an advisory board that will include individuals from browser companies including Mozilla and Opera Software, academic privacy researchers, as well as individuals with expertise in small businesses and in European law.
The CCH proposal is at an early stage, meaning that Mozilla will hold the visited-based cookie-blocking patch in Firefox Aurora while they bring up CCH and its Firefox integration, and test them.
Mozilla is planning a public "brown bag" event for July 2nd at Mozilla to provide an update on where things stand and to gather feedback.
Mozilla's decision to block cookies comes despite intense resistance from advertising groups, which have argued that tracking is essential to delivering well-targeted ads that pay for many popular Internet services.
On the other hand, Consumer Watchdog praised Mozilla's move to block cookies by default.
"Most people don't want to be spied on when they go online," said John M. Simpson, Consumer Watchdog's Privacy Director. "Mozilla is now making privacy protection the default. You can't get any more user-friendly than that."
"Mozilla should be congratulated for their dedication to protect consumer privacy in the face of extreme industry pressure," said Simpson. "They have also demonstrated a justifiable concern about getting this right from a technical point of view and Stanford's Cookie Clearinghouse was key to solving those issues. Kudos to both."
Mozilla's announcement comes at a critical point for online privacy as the US Senate is considering a bill that would use a different technology ? Do Not Track ? to protect consumers online. Introduced by Senators Rockefeller (D-WV) and Blumenthal (D-CT) it would charge the Federal Trade Commission with establishing standards by which consumers could tell online companies, including mobile applications, that they do not want their information collected. And in turn, the FTC would be charged with ensuring that companies respect a consumer's Do Not Track choice.