Firefox 44 Deletes Fine-Grained Cookie Management

ewhac writes: Among its other desirable features, Firefox included a feature allowing very fine-grained cookie management. When enabled, every time a Web site asked to set a cookie, Firefox would raise a dialog containing information about the cookie requested, which you could then approve or deny. An "exception" list also allowed you to mark selected domains as "Always allow" or "Always deny", so that the dialog would not appear for frequently-visited sites. It was an excellent way to maintain close, custom control over which sites could set cookies, and which specific cookies they could set. It also helped easily identify poorly-coded sites that unnecessarily requested cookies for every single asset, or which would hit the browser with a "cookie storm" — hundreds of concurrent cookie requests.

Mozilla quietly deleted this feature from Firefox 44, with no functional equivalent put in its place. Further, users who had enabled the "Ask before accept" feature have had that preference silently changed to, "Accept normally." The proffered excuse for the removal was that the feature was unmaintained, and that its users were, "probably crashing multiple times a day as a result" (although no evidence was presented to support this assertion). Mozilla's apparent position is that users wishing fine-grained cookie control should be using a third-party add-on instead, and that an "Ask before accept" option was, "not really nice to use on today's Web."

Deny ALL Cookies

[zenlessyank]

Seems to be as fine grained as I need.

Re: Deny ALL Cookies

And I don't want to hear you whine when people stop visiting your site because of your fucking annoying popups.

Re:Deny ALL Cookies

[AmiMoJo]

Says the guy logged in to Slashdot.

Re:Deny ALL Cookies

[LordKronos]

Session variables. If people would use those and not just cookies. It'd be better.

And how exactly do you think session variables work? How do you link a browser to the session? Cookies!!!

Yes, I know you can put a god damn session id in the URL query string, but that's annoying, unreliable, and insecure. IF someone navigates your website for a bit, puts some stuff in the shopping cart, then just goes back to your homepage by stripping everything but the domain name off the URL...TADA!!! You've lost their session!!! Or if they jump to a different part of your website via a bookmark from a previous session...TADA!!!! You've lost their session. Or if they copy their URL and pass it to someone else/post it on a forum...TADA!!!! Someone else is now using their session (yes, you can "solve" that issue by linking the session by a secondary authentication variable like IP, but then you run the risk of having your website broken for anyone that moves between IP addresses).

In short, I've never seen a good, clean, reliable way to link a user to a session that doesn't involve cookies. If you've got the magic solution to that, please...I'm all ears.

Now if you mean websites should only use session cookies instead of persistent cookies, and the "deny all cookies" option only denied persistent cookies (does it do that already? I have no idea), then yes...that is a workable solution for most cases. Off the top of my head, I think the only thing you lose there is the ability to persist your login between browser sessions. But then again, if someone doesn't mind session cookie but dislikes persistent cookies, they could already set their browser to clear all cookies on exit or use a private browsing mode, and then all current websites would work perfectly fine.

The gun is pointing at the foot

[phoenix0783]

They seem to be really trying to shoot themselves in the foot lately.

Re:The gun is pointing at the foot

maybe 12 will soon be the number of employees they have

It's already their average emotional age.

Re:The gun is pointing at the foot

When Australis was forced into FF, my relatives whose machines I have maintained all called me that their internet was broken. People could not access or use the bookmarks anymore. While waiting for my help, half of them were already googled for "how to fix internet" and installed Chrome..
Firefox just does not get it that each time they prevent existing users from using the browser, they will lose some part of customer base. Not a single user will install FF just because some some feature was removed from it.

Re:There's an add-on for that..

Please identify WHICH add-on.

Re:Add-ons?

[narcc]

after another year or so of breaking them with nearly every damned release?

You guys just can't be satisfied. "This or that feature should be a plugin!" Mozilla removes features and suggests they are better handled by plugins "No! Not that feature!"

Their plugins sometimes break between releases because of the way plugins are structured, so they announce that they're replacing their plugin architecture with something guaranteed to have a more stable API. "No! You're destroying everything! NoScript will never work again!" "We're working with NoScript to ensure it continues to function in the manner users expect." "Liar! I hate you!"

Mozilla's users, at least on Slashdot, seem absolutely determined to jump the shark...

Why the fuck isn't Mozilla panicking?!

When I eyeball the January 2016 browser market share stats, it looks like Firefox is now at or just under 7% of the browser market. That's across all versions on all platforms!

IE 11 alone has almost as many users as Firefox does in total. The same goes for iOS Safari 9.2. Hell, even Opera Mini almost has more users than Firefox does! Desktop Chrome 47 has over 3 times as many users as Firefox does in total. Chrome for Android 47 has 2.5 times as many users.

These numbers should be scaring the living shit out of Mozilla. They should be in a constant state of panic right now. Firefox is getting decimated.

Maybe Mozilla doesn't realize it, but Firefox is the only product they have left that has any sort of a user base. Seamonkey, Thunderbird and Persona have been left to flounder. Firefox OS was a massive disaster, maybe even worse than GNOME 3 was. Rust and Servo are dead end projects. Bugzilla is a relic.

Why the fuck will anyone, especially the big players in the game, give a damn about what Mozilla thinks or wants? Mozilla already has so little influence. Soon enough Firefox will have so few users that nobody will give a fuck about it or its users, which in turn means that Mozilla will lose whatever small amount of influence it does have left.

It's fucking insane how Mozilla isn't reacting to this. It's fucking insane! It's like they're nearing the edge of a cliff, but they're running faster and faster!

I don't want Mozilla as an organization to vanish. They play such an important role in keeping the web free and open. Yet they also seem to be so intent on destroying themselves! Please, Mozilla, wake up! Please, Mozilla! PLEASE! Stop ruining Firefox! Stop making yourself irrelevant! Please, Mozilla! Please stop it!

Fuck Mozilla

[sexconker]

I built a new Windows image for our workstation PXE deployments, this time without Firefox.
If you're going to be just another trash browser you're no longer getting installed on the systems I'm responsible for.

In true Mozilla fashion, the discussion on the bug tracker has been censored, so people can't even effectively complain about it.

Re:Fuck Mozilla

[sexconker]

And in true Mozilla fashion, my post to the mailing list, where Mozilla told people to discuss the issue, was rejected by the moderator:

To: firefox-dev@mozilla.org
Subject: Cookies in Firefox 44

The recent change to how cookies were handled in Firefox 44 should be reverted.
Stifling discussion on the bug tracker is also bad form.

Your request to the firefox-dev mailing list

Posting of your message titled "Cookies in Firefox 44"

has been rejected by the list moderator. The moderator gave the
following reason for rejecting your request:

"Bugzilla is for tracking technical work, it's not a debate forum.
Firefox-dev is the proper place to discuss such things, but as your
message isn't adding substantive to the discussion I'm rejecting it."

Any questions or comments should be directed to the list administrator
at:

firefox-dev-owner@mozilla.org

Bye, Mozilla.

Re:Proud to have self-destructing cookies installe

^^^ This

Self-Destructing Cookies was a genuine break-through in cookie privacy.

I wish the idea would be extended to other tracker-enabling downloads like fonts and HTML5 web storage.

Re:No options for you

No, its the "FUCK YOU! we know how to use our browser better than you" philosophy.

LOL even Brendan Eich is using Chromium for Brave!

Everything we need to know about the sorry state of Firefox is shown by the new Brave web browser that Brendan Eich is creating.

Look at what Brave's FAQ page says:

5. Why aren’t you using Mozilla’s Gecko engine on laptops?

We were, under a partially sandboxed, multi-process architecture called Graphene. But we did a careful head-to-head comparison and by every measure, Electron/chromium won. We wish Mozilla well, but as a startup, we must use all sound leverage available to us. For web compatibility and in particular Chrome compatibility, this means chromium.

For those who don't know, Brendan Eich worked at Netscape, created JavaScript, co-founded the Mozilla project, and was even the CEO of Mozilla as recently as 2014. He has a very long history with the technology behind Gecko and Firefox.

Yet despite having so much experience with Mozilla's technology, his team has gone with Chromium as the basis of their browser. Like their FAQ says, Chromium is better than Firefox "by every measure".

The problem for Mozilla is that while Firefox has become total shit, they have no better alternative to offer. The Servo project is sputtering, at least partially due to it using Rust, which itself is an immature programming language.

I don't know what Mozilla is going to do. The only option available now is to throw away Servo, throw away Rust, and try as hard as they can to get Firefox fixed up. But even that probably won't be enough. Things are looking extremely bleak for Firefox.

NOT EVEN CLOSE TO THE SAME!!!

[dltaylor]

Yes, I "shouted". Obviously to OP has no clue.

Denying the creation of a cookie in the first place has nothing to do with deleting them when Firefox is closed (whoever closes ALL of their FF windows anyway?).

I hope Pale Moon keeps the feature, but, IMO, FF44 is now nearly useless.

Re:Add-ons?

[sumdumass]

Sure we can be satisfied. All they have to do is give control to the user instead of making inane changes because they know better for us.

If no one was maintaining this feature, the proper thing to do would be disable on new installs, check settings on upgrades, and put a job posting out for someone to volunteer to maintain it. While they are at it, notify the users of the problem and stop pretending their shit don't stink.

In fewer words, show the users some respect.