While Chrome dallies on the third-party cookie question, Firefox keeps releasing new anti-tracking features.
In June, Mozilla made Total Cookie Protection the default for Firefox. Cookies can’t leave the site on which they were first dropped. This move essentially creates what Marshall Erwin, Mozilla’s chief security officer, refers to as “a separate cookie jar for each website.”
Firefox isn’t stopping all third-party trackers from dropping cookies. So-called “noninvasive” cookies, like those for site analytics, can still function. But all cookies are confined to a single site and can’t be shared across the web.
“This actually breaks the mechanism for cross-site tracking,” Erwin said.
Total Cookie Protection is more nuanced than what Firefox already offers with Enhanced Tracking Protection (ETP).
ETP, which Firefox first released in 2018, takes a sort of scorched earth approach to third-party cookie blocking. It relies on a list of known trackers provided by anti-tracking tool Disconnect. Every single third-party cookie from any entity that appears on that list is automatically blocked.
Problem is, killing all third-party cookies could break parts of a user’s browsing experience, which is why Mozilla is fine-tuning its technique.
“We never want a privacy feature to degrade the user experience in any way,” Erwin said. “Privacy protection should not be the thing that pushes someone to opt for a different, less protective browser.”
Erwin spoke with AdExchanger.
AdExchanger: Is Total Cookie Protection like the next phase of ETP?
MARSHALL ERWIN: Although Enhanced Tracking Protection was a major step forward for us at the time, we recognized that there are some drawbacks to the list-based approach. For example, maybe there are trackers that should be on the list but aren’t, and trackers can also thwart ETP by just setting up a new domain.
Total Cookie Protection solves these problems for us because it changes the technical functionality of third-party cookies in the browser.
This helps us prevent tracking by some of the most dominant parties, including Google, Microsoft, Amazon and Meta. These are parties that have a huge number of tracking domains, many, but not all, of which were already on our ETP list.
Speaking of Meta, though, Mozilla is working with Meta on a joint proposal for privacy-preserving attribution that’s being discussed at the W3C right now. Interesting to see Mozilla collaborate with a company it’s been so publicly critical of.
We’ve been critical of their tracking practices going back more than a decade and I’d expect us to continue to be critical when appropriate. But, at the same time, if a company has a good proposal that we think is viable and that can represent a step forward for privacy, we’re going to partner with them on it.
We think there are ways to facilitate conversion tracking that don’t compromise user privacy by relying on third-party cookies or some sort of witchcraft, like link decoration, which is when tracking identifiers are embedded in the URL.
One of the things that distinguishes us from other parties that take more of a stone-throwing approach is that we care about what I’d call “privacy-preserving advertising” beyond just our own features. If that means working together with Meta, then we’re game.
But Mozilla isn’t a huge fan of Private Click Measurement on Safari, which uses aggregated campaign performance data to measure web events. Mozilla even wrote a whole report pointing out how PCM doesn’t fully crack down on cross-site tracking and that there’s no incentive for advertisers to actually use it.
PCM is an idea that was put forward in good faith by Apple, but the details of it just don’t quite hold up. It doesn’t prevent sites from tracking people and at the same time it isn’t useful enough for advertisers.
I wouldn’t say it’s the worst of both worlds, but it’s not protecting privacy as much as we would like and it’s also not facilitating the advertising use case.
Back to link decoration for a sec, Firefox added a new feature to ETP at the end of June that strips tracking parameters from URLs, but the feature has to be turned on manually. Is your next step to make it a default for all users?
Link decoration is used for a bunch of things, so if we were to remove that functionality by default without also releasing a good replacement, then it could cause a lot of experience problems for our users.
But our goal with all of these features is to eventually have them be on by default. That represents a big shift from our strategy of four or five years ago when we were happy to just build these features and let them be optional. We realized in retrospect, that puts too much of the onus on consumers to protect themselves from opaque practices.
Is Firefox not blocking fingerprinting by default because it would mess with the browsing experience?
We already block some fingerprinting using a list provided by Disconnect and, over time, we’re removing as many fingerprinting surfaces as possible. [A fingerprinting surface is any interaction point at which a site can learn something about a user.]
But it’s a hard task. Fingerprinting takes advantage of functionality that’s built directly into the browser, some of which websites do benefit from. Removing those surfaces would negatively affect the experience. Blocking fingerprinting is much more difficult than unilaterally blocking third-party cookies.
Is that why you don’t see Apple enforcing its policy against fingerprinting?
Yes. Apple is taking a policy-based approach.
What do you make of Google delaying third-party cookie deprecation in Chrome yet again?
Google’s proposed replacements for third-party cookies require more community input and we’re glad to see these technologies are not being rushed into deployment. Still, developing these technologies shouldn’t stand in the way of protecting people’s privacy.
We’re disappointed.
This interview has been edited and condensed.