Mozilla Delays Default Third-Party Cookie Blocking In Firefox

hypnosec writes "Mozilla is not going ahead with its plans to block third-party cookies by default in the Beta version of its upcoming Firefox 22. Mozilla needs more time to analyze the outcome of blocking these cookies. The non-profit organization released Firefox Aurora on April 5 with a patch by Jonathan Mayer built into it which would only allow cookies from those websites which the user has visited. The patch would block the ones from sites which hadn't been visited yet. The reason for Mozilla's change in plans is that they're currently looking into 'false positives.' If a user visits one part of a group of site, cookies from that part will be allowed, but cookies from related sites in the group may be blocked, and they're worried it will create a poor user experience. On the other side of the coin, there are 'false negatives.' Just because a user may have visited a particular site doesn't mean she is comfortable with the idea of being tracked."

No issue.

[magic+maverick+]

I have third-party cookies (indeed, all cookies, except those from domains specifically whitelisted) blocked. I've never noticed a problem with blocking third-party cookies. I have a heck of a lot more issues with third-party JavaScript (people using Google-hosted or similar JQuery for example).

So, Firefox, take note, there are not going to be any problems for the vast majority of people.

(I use CookieMonster, it works real nice like.)

Re:No issue.

[rudy_wayne]

I have third-party cookies (indeed, all cookies, except those from domains specifically whitelisted) blocked. I've never noticed a problem with blocking third-party cookies. I have a heck of a lot more issues with third-party JavaScript (people using Google-hosted or similar JQuery for example).

So, Firefox, take note, there are not going to be any problems for the vast majority of people.

I find it laughable that one of Mozilla's excuses for not doing this is "they're worried it will create a poor user experience". Over the last few years Mozilla has made a number of changes to Firefox that were met with user complaints, and continue to be a source of user complaints and the developer's response is always a resounding "fuck you".

As far as cookies go, don't forget that Mozilla currently gets $300 Million a year from Google, whose entire gazillion-dollar-a-year business model is based on tracking people.

I block 3rd party cookies by default

The only thing I notice is I can't comment on Disqus (a 3rd party site that handles comments on some blogs). I don't care about it, block them.

Firefox should focus on privacy, its their usp. Google for example, doesn't let you accept cookies for the 'session only', you accept them or not on their Android browser. At some point you have to accept cookies, so this is a fake choice, you'll end up with that feature always on because its too much fuss to turn it on when its needed.

Firefox 'accept cookies for session only' option is my default, it lets me work on sites that use cookies, but throws them away when I close the browser.

Things like this are why I use Firefox.

I've been blocking 3P cookies for years

[KeithH]

and have never noticed a problem. This has always struck me as a no-brainer and it's annoyed the hell out of me that I have to modify the setting on every platform for each of my five family members.

I can't wait for them to change the default behaviour and I'll be very interested to see if they uncover any side effects that could conceivably be considered undesirable by the user.

My biggest worry is what the websites might do to circumvent the change.

Re:Ummmm..

[bazmail]

Blocking third party cookies will not break cross site logins like Google have implemented between google.com and YouTube, as they use the redirect method. Sign into google and watch the address bar. they redirect to YouTube passing a one-time sign-in code in the query string. It has nothing to do with 3rd party cookies as the only cookies you get are from the sites in your address bar.

The only thing 3rd party cookies are useful for is tracking you. Anyone who says otherwise makes their living out of stripping you of your privacy.

Bullshit

[fustakrakich]

They caved to pressure from advertisers

Hasn't been a problem for me

[IntermodalAgain]

I've been managing my cookies with extensions for years. Even most first-party sites have no business leaving cookies and are seldom a problem. I look forward to this becoming standard.

Disqus is the problem

[MobyDisk]

There is one very large product that relies on 3rd-party cookies: Disqus. It is used by a lot of popular sites such as Thingiverse and StackOverflow. Disqus simply needs to fix the problem. There is actually a discussion on StackOverflow about this: http://meta.stackoverflow.com/questions/126764/why-does-registration-require-third-party-cookies-to-be-enabled

The last time I looked at it it claimed the problem was fixed, but I just now tried to register and it says this:

Third Party Cookies Appear To Be Disabled
This site depends on third-party cookies, please add an exception for https://openid.stackexchange.com/.

Re:Disqus is the problem

[Luthair]

Really, who cares about Disqus? I immediately added a filter for them to adblock when I noticed a suggested thread 'Soandsos baby mama' on the AngularJS API docs.

Anyone the least bit privacy conscious should be blocking Disqus along with G+, Facebook, Twitter, etc. on their party sites.

Re:Ummmm..

[Runaway1956]

I block third party cookies. What happens when I land on a page that uses Disqus? I have to coax the browser to log me in to Disqus. And - that is just the way I want things to be. Disqus doesn't need to know where I browse, or what I'm reading, unless and until I CHOOSE to summon Disqus.

Children, if you're going to dabble in the arcane arts, you must learn to control those demons - or you will find that the demons control YOU!