Cookies are in the news as Mozilla rolls out significant privacy changes for Firefox. The idea is to dramatically lessen the risk of privacy-invading tracking across websites without your knowledge. Tracking cookies have been a hot topic in recent months, as advertisers try switching to other methods of tracking. Will this make a noticeable difference to people’s everyday browsing experience?
What are cookies?
Cookies are pieces of information which websites can save in your browser. Sites you visit can request your browser save cookies whenever the browser asks it for data. This can be pictures, downloads, page content, pretty much anything at all. The browser will keep the cookie and send it back to the website whenever requests are made until the cookie expires.
Expires? That’s right. Some cookies, called session cookies, expire once you close the browser. Others, persistent cookies, will remain on board until they eventually expire or you manually delete them. Humorously, some sites allow you to permanently opt-out of cookies and tracking by…asking you to accept permanent cookies which never expire.
Forget me not…but only sometimes
But how do these cookies, session or persistent, actually work?
Browsers and websites converse in a “stateless” fashion. Every message sent is isolated from all of the other messages. There’s no link to join any of these messages up, and that’s where cookies come into play. Cookies act like a sort of bridge for many day to day tasks inside your browser. Websites send browsers cookies, known as first party cookies, tied to a unique ID the first time they converse. The browser fires the unique ID back at the website as these messages continue to be sent.
Through this, the sites you use are able to keep you logged in, remember what you’ve done, and keep the site functional for your specific needs. While sites can read their own cookies, they can’t read cookies from other websites. This is where third-party cookies come into play.
Third party tracking: An advertiser’s dream
A first-party cookie on a website has been placed there by the website itself. A third-party cookie is being set by someone else, like an advertiser or ad network, via code embedded into the page. That cookie is designed to essentially follow you around the internet. This is why you start one day on a website offering up deals on movies you’re interested in, and then see adverts for those films at a cheaper price on another site the day after.
Slowly but surely, ad networks build up an incredibly accurate advertising profile of you as you move from one site to another. Depending on what’s being collected, you may end up with a huge slice of identifiable data tagged to your identity without you ever even seeing it yourself. It’s just there, and there’s not much you can do about it.
The cookie controversy
Third party cookies are not particularly popular. Ad tracking generally, even less so. Numerous questions of privacy and safety exist. Something else which exists: big fines. Not so long ago, Google and Facebook received fines for $157 million and $62 million respectively. This was for making cookies easier to accept than refuse.
Elsewhere, replacements of varying effectiveness have been proposed. Apple blocks default tracking everywhere. Google plans to ditch third party cookies in Chrome by the end of next year. Brave browser is already taking action against something called bounce tracking.
With all this in mind: What is Mozilla doing?
Hands off the cookie jar
Users of Firefox will now find something called Total Cookie Protection ticking along in the background. Mozilla claims that this release makes Firefox:
The most private and secure major browser available across Windows, Mac, and Linux. Total Cookie Protection is Firefox’s strongest privacy protection to date, confining cookies to the site where they were created, thus preventing tracking companies from using these cookies to track your browsing from site to site.
Total Cookie Protection creates individual “cookie jars” for every website you browse. Trackers are no longer able to thread that analytics picture across the web. What you get up to on one site stays on one site. As a result, tracking/advertising services can no longer watch from afar as you move from URL to URL. Your analytics profile is no longer quite as useful to advertisers as it once was.
Those cookies are still able to provide analytics in terms of the site they’re on. The difference is they’re no longer as invasive in terms of building a big picture of your internet activities.
This new stack of cookie jars is in addition to a number of other privacy features already up and running, including Enhanced Tracking Protection. Around since 2018, ETP blocks trackers from a maintained list. If a party is on the list, they lose the ability to use third-party cookies.
A cookie clean up
No matter which browser you use, an occasional cookie clean up is a good idea. Check out our post on removing cookies, which covers removal instructions for Chrome, Firefox, Edge, Opera, Safari, and several mobile browsers too.