Slashdot Mirror
Mozilla Backtracks On Third-Party Cookie Blocking
An anonymous reader writes "Remember when Mozilla announced that it would soon block third-party cookies by default? Not so fast. According to a new behind-the-scenes report in the San Francisco Chronicle, 'it's not clear when it will happen — or if it will at all.' Mozilla's leadership is apparently no longer committed to the feature, and the related Cookie Clearinghouse collaboration is delayed well into 2014. Who's to blame? According to Dan Auerbach, Staff Technologist at the Electronic Frontier Foundation, 'The ad industry has a ton of people, basically lobbyists, who spent a lot of time trying to convince Mozilla this was bad for the economy... I think they were somewhat successful.' Not a good showing for the purportedly pro-user organization."
Mozilla is not free, they get a boatloads of money from various organizations which depend on AD tracking.
Internet sales and related advertising churn a hell of a lot of money through the world economy. I'm playing devil's advocate here, but is it possible that Mozilla saw that there was some merit to what these lobbyists were saying and made the decision based on the fact that as maker of one of the biggest browsers in the world their decisions really can affect economies on a global scale?
Although a good idea in general, one totally not needed.
Turn on permanent private/incognito Browsing mode. Done.
I let sites I visit set whatever obnoxious privacy-stealing cookies they want - Because those cookies cease to exist outside the current tab.
Someone at the Mozilla Foundation must have found a horse's head in his bed.
Ahhh those "lobbyists" and their quirky italian accent... That'sa badda forr dee economee...
Is it? You can still enable blocking of third-party-cookies, can't you? As long as most people can be tracked easily, advertisers may leave us "advanced users" alone. Not worth the effort. When everybody blocks third party cookies, how long do you think it will take for the advertisers to track everybody in a different way? Personally I think we should stop pushing privacy enhancements on people who clearly do not give a rats ass about being tracked. People still subscribe to Facebook and Whatsapp. Giving these people privacy enhancements is a waste. Pearls before swine.
"purportedly pro-user organization"
Yeah right. Someone hasnt been paying attention to them for many years, it does appear.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
Why should web marketers feel entitled to additional data just because of the media change. When I read a newspaper, marketers can't even tell I read an ad much less who I am or what I did before or after reading the ad. They have the ability to tell the browser requested the ad, that should be all info they get about anyone.
Digital is, by definition, imperfect. Analog is the way to go.
All open source projects are heavily vulnerable to bribery; honesty alone triumphs.
http://slashdot.org/comments.pl?sid=4411077&cid=45334083
Ad industry goons have gazillions more cash to throw than ideologists in the open source world can say no to.
If you keep throwing chairs, one day you'll break windows....
Dan Auerbach? That guy makes great music...
Time to fork Firefox and have a totally privacy minded browser , no advertisement , no user tracking possible and no third party cookies.
We need to be secure and free from the tyranny of advertisers and spying agencies. Time to make a browser that have OUR ( We the Users ) interests in mind.
It's time to make a fork and may the man who has the interests of the users in mind win .
Names should be named.
Lets make it recursive and then name the names of the named
Informed users have any number of plugins to ensure their privacy while browsing. I personally use ghostery (breaks a minimum of sites), Adblock (currently disabled, but doesn't reall break anything) and NoScript (which makes browsing hell, but does a damn good job). Plus I block third party cookies and clear all other cookies on browser restart, clear all flash cookies on restart via Ghostery (and store them in a ramdisk for good measure) and disable HTTP referers (depressingly spelled incorrectly). Nothing's more annoying than sites that use referers as a form of authentication, so I generally just sign on to those services less. Finally, I've started doing sensitive things (logging into email/banking) in a private tab, thanks to LinkedIn's kindly alerting us to how people may like to abuse your sessions on other sites. If I get really paranoid about this, then I'll just start doing this stuff in a VM instead. I'm sure that there's more that can be done, which I'll research in my spare time, but as long as I have control of my device (which you damn well better believe I do... I hope) then tracking is a game that's bent towards those being tracked, and we should be able to adapt to whatever they do.
But for those users who don't know/care, fine with me. Advertisers prey on the ignorant and they are the ones that make the market work. They're also the ones that make the market crash due to vulnerability to idiotic schemes like the sub-prime mortage crisis and ponzi schemes a la Madoff, but it's a valid trade-off.
I have left slashdot and am now on Soylent News. FUCK YOU DICE.
The real problem is that sites are starting to expect this behavior by default. Someone with a lot of clout needs to ship a browser with 3rd-party cookies disabled, so sites stop relying on it.
When did Mozilla enable 3rd-party cookies? The original Netscape cookie specification back in the 90s specifically stated rules to prevent 3rd-party cookie usage. Yet somehow today it is on by default in most browsers. How and why did that change? There's simply no reason for it.
That's odd, because I've been running with third-party cookies blocked for years with no obvious problems.
The organization I most expected to be working towards our privacy and telling lobbyists to piss off has now sold out, apparently.
Do you have any idea how many metrics and tracking companies have their shit on pages? Do you think that we want all of that crap so that some marketing asshole can know everything we do and monetize it?
Apple is apparently incompetent at blocking 3rd party cookies in Safari (because it doesn't work), and now Mozilla is deciding not to do it. I doubt very much Google is going to do anything in Chrome which would cut into their revenues.
So, I have to conclude that Mozilla has decided they no longer want to be the ones to champion our privacy and keep the ugly bits of the internet at bay.
On behalf of your users, let me say: you suck, and you've sold out.
Lost at C:>. Found at C.
You want a free & open internet? Remove you ad blocker & help pay for the services you use for free.
We had a 'free and open internet' long before ads appeared.
Concerned about your privacy with ads? Wait till everyone starts "pay-walling" their websites (eg WSJ, NYT etc) and you have to shell out cash AND give up your credit card.
I have a simpler solution: I just don't go to paywalled sites.
In a example everyone can relate to: if you don't know anything about mechanics it's ok for the gas stations to fuel you up with shitty gasoline. At the same price. Everyone deserves a certain amount (the more the better in my pov) of passive protection, even if they engage in risky behavior (use Facebook for one).
No, the internet runs on computers. It's being co-opted by advertisers.
Not my fucking problem. I don't give a rats ass about the profitability of online advertisers, I care about my privacy.
Or stop using them. The day I need to pay money to a website and provide them with credit card details is the day I stop visiting a site.
Lost at C:>. Found at C.
Apple's Safari already blocks third party cookies by default, and it is the number one browser on mobile devices. So why is the advertising industry is fighting hard to prevent Mozilla from blocking third party cookies by default while keeping quiet about Apple's Safari browser? Something is wrong here!
...about an setting that takes me seconds to adjust?
Every single time something sh#tty happens which adversely affects the common population, there is a lobbyist. Has anything 'good' ever happened when these people were involved?
Join the Slashcott! Feb 10 thru Feb 17!
You must have turned off *all* cookies.
Verified by visa only reliably works on a vulnerable version of IE. Anything else and it's completely random whether a particular card/website combination will work.
In the end I changed my credit card to one that doesn't use VbV actually it's Mastercard so securecode (I think) because I got fed up of not being charged, being double charged, getting stuck half way through the process, forgetting my password which I then couldn't reset to something I wouldn't forget because it remembers the last 10^20 passwords, not being able to reset my password at all because it didn't give me the option.
It's particularly bizarre because my card might fail but my girlfriends card might work - for the same account in the same browser session.
God said, "div D = rho, div B = 0, curl E = -@B/@t, curl H = J + @D/@t," and there was light.
I work in the online ad industry. I can assure you that the /. crowd is not the target audience. If you turn off third-party cookies or use an ad blocker then chances are that even if you did see our ads you wouldn't click on them and certainly wouldn't make a follow up purchase - so serving ads to you is a waste of resources. The industry is looking for the folks that don't mind the ads. Hopefully we can deliver targeted ads that you might care about - turns out we really do care about the quality of the ads and which ads are delivered to which users.
Computers cost money... How do you think companies pay for them? Advertising.
You must have turned off *all* cookies.
No.
That's odd, because I've been running with third-party cookies blocked for years with no obvious problems.
What have you got in your exeption list? I started building a list (with google.com so that 3rd party sites could log in, etc) but gave up.
As usual.
If someone is trying to stop being tracked, then the response is NOT "Find other ways to track them", but to realise that anything you get from them will only cause them to get pissed off at you even more.
And what do you think pissing people off when you want something from them does?
That's right: means they won't cooperate or even deliberately sabotage your efforts.
So how about, you know, respecting that some people do not want to be tracked and that any data you may get will be essentially worthless anyway and, well, stop trying to track them.
How about this as a business model. I pay the ISP for access to the internet. The ISP's need some sort of justification to attract people to pay for internet connections, so the ISP's start paying websites that generate traffic.
that VbyV stuff never seemed to matter when I encountered it. for newegg (a few yrs ago) they would always pop that crap up and I'd ^w it immediately.
my sale always went thru and newegg never cared.
not sure what VbyV is about, but it sure seemed optional.
--
"It is now safe to switch off your computer."
There is a way to deliver targeted ads to hardcore slashdot users. It require a different approach.
The ad industry mostly puts ads into pages about other stuff, which everybody hate. The different approach is to make ad pages. A page with ads for computers, a page with ads for peripherals, and so on. Possibly with price comparisons for different vendors.
The only people surfing to such a site, is those that want to see ads for some particular equipment. No need to track them, they will come by their own effort - because they want to see what's available and then buy something. The amount of viewers might be low, but the click-through percentage will be very high. After all, they were looking at the ad pages because they already made a decision to purchase something of that sort.
Now, keep the ads out of every other kind of webpage - or I'll block them for you anyway . . .
we never gave micropayments a try.
a penny or a fraction of it to see a website. sounds reasonable to me. you get your damned funding and you stop the stupid blinking shit and tracking shit!
win/win.
but we'll never do it. because, well, FUCK YOU, is why.
(ie, no reason at all)
--
"It is now safe to switch off your computer."
Yeah, it used to be optional (provided you never did it - once you'd done it once you were committed forever more) but eventually it became mandatory.
My current card I usually get a "Your card has been enrolled in VbyV and you're being redirected" but provided I allow the "cross site scripting attacks" that are generated it then goes through without any further prompting.
I remember that gner (now eastcoast) only used to work if I disabled javascript just before clicking on the BUY button
God said, "div D = rho, div B = 0, curl E = -@B/@t, curl H = J + @D/@t," and there was light.
Computers cost money... How do you think companies pay for them? Advertising.
Not really.
Currently my company has 6 web servers online, happily serving up content. Right now our Sonicwall is moving data at 30mbps, to make sure all those little users get their little content. Traffic should peak for today at around 35mbps within a couple of hours from now.
How do we pay for those servers and that network connection and the Sonicwall and everything else we have sitting on our network at the data center that we rent space from? We provide a useful service. Our customers pay us for the service that we provide because they find it useful, we charge them more than the cost to us, and that difference is what we call "profit". We use that "profit" to do things like update our network infrastructure, to improve our quality of service. Tonight we'll be installing a new Sonicwall NSA 2600 in fact, that will boost our max throughput to 150mbps (also, thanks to Dell for explicitly naming their devices "NSA" and removing all doubt).
We do all of this - managing and maintaining the network infrastructure necessary to deliver the content that our customers pay us for - without ever hosting a single advertisement on any of our servers, or without showing an ad on any of our pages. This is because we provide a service that people feel is valuable enough to pay us more money than it costs us to provide the service and produce the content. That's our business model - providing a valuable service. That's why we show up more than once on the first page of Google's results when people search for our targeted keywords, even though we don't pay Google.
Maybe more companies should get into the business of providing something valuable and useful, and then they wouldn't need to depend on annoying their users in order to make a profit. As a user, I certainly don't feel the need to support any site that depends on advertising (sorry, Slashdot - I would pay a monthly fee before I see ads). That is why I use Ghostery to block all ad networks, and NoScript helps out as well. Opera's content blocker picks up any slack.
If you want my money, provide something I want.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
Hardware, software, energy, somebody's gotta pay for these things. If you don't pay directly, then the advertisers do.
It sounds like what you want is a free lunch. There is no such thing.
"If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
I use verified by visa all the time, and have always blocked third-party cookies. No issues.
how long do you think it will take for the advertisers to track everybody in a different way?
About zero seconds.
I've set Firefox to never accept 3rd party cookies and always delete all cookies on exit. My exception list has three entries: one forum and two internet radio stations so that their auto-logins work. I haven't encountered any problems with online shopping or anything else.
Would you still think they deserve high quality gasoline if they themselves routinely added water? Anyway, third party cookies add functionality, and if they want things to simply work and don't care about being tracked, isn't disabling third party cookies a disservice to them?
Amazing, I wonder what advertising platform paid for the Internet before this generation of marketers declared themselves essential to pay for the Internet? I can host a website for $4.99 a month, buy a Linux VM for $20 a month. Plenty of content is made by people not paid by your advertising dollars. Advertisers, we don't need you, don't test us.
The different approach is to make ad pages. A page with ads for computers, a page with ads for peripherals, and so on. Possibly with price comparisons for different vendors.
See, this idea I like. Instead of shitting all over hell and creation with increasingly hostile and abusive techniques, I'd love some kind of meta-catalog (these days, I and people I know tend to use Amazon as a make-do, but that brings its own issue). Something like pricewatch, but with a UI that doesn't make me do a double-take to make sure I didn't mistype the URL and end up on some domain squatter's landing page.
The ad industry mostly puts ads into pages about other stuff,
You mean like TV, newspapers, magazines, etc?
We had a 'free and open internet' long before ads appeared.
Only in the sense of a hand-out sheet as opposed to a magazine. I was there too. Tip jar buttons are ads as well, just small, specific to site and somewhat (not always) unobtrusive.
Oh fucking please. You requested the page. You do not get to determine what someone else puts on ***their*** page, only discontinue visiting or suppress portions with browser options.
I'm a developer who writes free "apps".
And I'm the god of the universe. You're an AC who is delivering an anecdote. I need to believe you and/or change to your stated view of things why?
That's a very good method if you have very few sites to log into that you want to remember your authentication. The problem is, I have way too many sites to waste time whitelisting a bunch, and then realizing that I forgot one. So I just disable all third-party cookies and leave it alone. After all--I don't really mind the sites I'm actually visiting storing cookies for the most part. It's the people I never intended to communicate with that can fuck off. I use Adblock Plus, NoScript, DoNotTrackMe and a few other extensions to complete the effect.
Then based on that claim, I can install and run AdBlock Plus, NoScript, DoNotTrackMe, etc. in my web browser to display the sites that I request the way I would prefer to view them and the advertisers can just shut the fuck up. But no, they seem to think that it's "wrong" to render HTML as you see fit and to block their garbage. Shit, this article alone is yet another confirmation that the assholes don't want us to block their cookies (ie. tracking method). Fuck them, I'll block it as I damn well please--I want nothing to do with their shit.
Actually, use it in Safari, too... https://www.abine.com/dntdetail.php
Aside from the advertising issue, blocking third party cookies could break behaviour that the user is expecting
Blocking third party cookies is the Safari default. If the site works for Mac and iOS users, it'll work for Firefox users too.
IIRC, fewer than 10% of Safari users have gone and turned on third-party cookies.
Good point, but Safari will still fetch web bugs and run any 3rd-party code.
Mozilla's "threat" is just tweaking the edges of the problem. Anti-tracking needs to be comprehensive and implemented fully on the client by an independent coder (the 'other' anti-tracking addon is in partnership with the ad industry).