Firefox to spit out third-party cookies The Mozilla Foundation has set up camp alongside Apple in the “cookies are bad” section of the Internet, decreeing that three versions hence its flagship Firefox browser won't accept cookies from anyone other than the publisher of websites it visits. That version will be number 22 and is due for release on June 25th, 2013. …
It, and Ad Block Plus along with No Script are three addons NO Firefox user should be without, if you value controlling your privacy and web browser. I have Firefox setup to ask each time a new cookie request is made, and I generally "Allow For Session" the majority of times.
Only certain sites get to keep cookies permanently (elReg is one).
What is this superior cookie handling of which you speak? I've used FF for years but I'm also aware that IE has had the ability to block/allow cookies per site for yonks. In fact, IIRC FF started out without this feature, which IE had for some time before FF finally adopted it.
Can't comment on Chrome as I never use it.
>"What is this superior cookie handling of which you speak?"
FF has some beautiful options to frequently delete all non-whitelisted cookies. The same can be accomplished on Chrome with the "Vanilla Cookie Manager" add-on, which can auto-delete cookies up to once every 5 minutes if you feel extremely paranoid (and can do your online banking extremely quickly).
I find that Blocking Unwanted Connections with a Hosts File works very well. I find it quite rewarding to see all those pop-under pages opening with no content.
Useful if can lock-down the hosts files as well.
It will make tracking harder for about a day, assuming the ad companies fall asleep at the wheel, before they switch to another method that works. Long term all this will accomplish is to make it harder for users to see what's going on and frankly, cookies are too hard for most users to make any sense of anyway.
I think it would be a better idea to have a think about who is going to pay for the web, users or advertisers, and after that amazingly short discussion, how to design a system that allows the advertisers to target a particular audience with a high degree of confidence that doesn't require them to maintain a database of individual users, which of course raises even more questions about who would host and be responsible for such a system.
On second thoughts, I believe cookies are the lesser of many evils.
Not working IS the desired result.
You know which mega-corp pwns Mozilla. Just about everyone visits their services: search, webmail, maps, etc... So, that mega-corp just happens to be granted exemption from Mozilla's latest tracking-blocking charade in just about everyone's browser. Who'd have thunked? The de-facto tracking/advertising monopoly being granted carte blanche to go on as before... meanwhile any vestige of competition will be snuffed out by the carefully contrived "solution". Oops. Couldn't have seen that coming.
"Do no evil" my arse. Perhaps they like to pretend it doesn't count as long they're getting someone else to do their evil for them.
This "third party cookie" problem has been a perennial war of attrition at Mozilla. An endless stream of noobs getting excited about "solving" the "problem" while the management throw up endless roadblocks and diversions. All manner of bizarre excuses and brazen fobbing off. "Third party? I don't even understand what that means"... "If we implement it, some people will set who'll then be confused when some sites stop working"... "Sites could redirect you to the tracking domain for it to do its cookie stuff and then redirect you back, it's beyond our wits to resolve that problemoid"... and so on... Patches have been applied, then broken, then removed. If you want to thoroughly depress yourself, have a look through some of the bugzilla threads. Many have been running for more than a decade!
These should get you started... 67447 87388 836281 818340 818337
"Opera has had the facility to block 3rd party cookies for quite some time"
And so has Firefox amongst others. As I understand it the difference here is twofold:
1. A change in the definition of what is considered a third party cookie (i.e., one from a site you have never actually visited before).
2. A policy change that automatically blocks third party cookies (according to 1. above), rather than asking the user to set a preference.
"1. A change in the definition of what is considered a third party cookie"
The current FF cookie blocking is worse than useless. Block them and some sites simply won't work, even if you allow it to ask for permission - the GAME website spreads it's load across multiple internal URLs and I never managed to get it to work. If a change can get the blocking to actually be controllable on most sites it might be worth turning back on.
What's rather more urgently needed is more effort to stop killing add-ons with every sodding FF update. That way I can stick with one cookie control solution without losing my permission settings. Not breaking existing addons has never been a priority with Mozilla though.
About bloody time; making this standard will force the issue for many sites and their content providers, which break for Ghostery and other security plugins; so that they fix the sites or lose traffic! Kill offsite Flash cookies too!
I'm so bored having to temporarily disable one of more security plugins because of these snooping and lazy turds, in the faint hope of seeing some maybe useful content.
I really hope Flash dies soon too, it is a festering security risk, and enable ridiculous site viewing restrictions; please ban crApple Quicktime too, so that I don't have to work around not having it installed!
Companies should give up trying to profile people, be satisfied with discrete adverts, and stop bugging people; any more and I compulsively Adblock+ all your adverts _everywhere_, especially all BS 'social' media sites!
I curse Edward Bernays, his sponsors and disciples to eternal torment for the hell they unleashed!
Will watch...
Here is my insane foaming at the mouth rant on the subject of advertising........
forums.theregister.co.uk/forum/latest/2013/02/20/google_adblock_plus/
Re: The thinking behind its Android security update
"The maker of Adblock Plus is upset"...
"What about the fucking users????"
OK 2 points.
I am comparatively ignorant about the proxy server issue.... sort of.
My main grips is the oversaturation of advertising that people do not want or need, being incessantly shoved in our fucking faces all the time.
This irritates me on several counts.....
1. I own a pushbike... and I am very happy with that. Therefore:
a) Stuffing adds in my face for cars irritates me - because.
b) I don't want to see the fucking adds, and
c) I don't want to buy a fucking car.
This purchasing to meet my modest needs only, extends to every plethora of gear used in advertising.
There is also the saturation advertising.....
It's like the local shop keepers...
They have Frontage for their own advertising above the shop awnings. They have the edge of the veranda to stick their own advertising on. They have the big shop windows to stick their own advertising on.
They then extend their advertising out of their space and into the public space, by sticking sandwich boards on the foot path for the passing foot traffic.
They then stick MORE of their own advertising, on their own sandwich boards out between the parking bays and the main road.....
(which I complained about - because after a car pulled in to park and another reversed out and I nearly ran into one of the signs - and it's a fucking road, not a empty lot.)
And they also advertise themselves and their wares in the "Proudly supported by" sections...... and in the local news papers.... and mailouts, and the reach has become sort of all pervasive.
Even the Hollywood scum with their "Hollywood accounting" never float a movie unless it has a ton of product placements in them....
Well the main thrust of my case is that the ONLY advertising that is really appropriate, is the advertising of the products or services, on the site of the people who are supplying them.
This assumed right to shove endless amounts of advertising, in peoples faces, at all times, about all things, has gone from something like "the shop keepers, advertising their own services from their own premises", into a fucking plague of advertising.
And many of the advertisers are stupid fucking human beings..... sticking flashing adds in the middle of columns of text..... "Like OH Duh - lets piss off the readers SO much, that they either leave and never come back or they are finally driven into looking for ways to block the adds....."
Then they whine about the loss of readers....
Fucking idiots.
Then you get the adds that slide up or down the sides of the screen, or in from the side of the page, or the pop up layer adds that cover / block the whole page, that you have to click on to get rid of.....
And the fucking arseholes at google, they just don't get it - shoving 10,000 adds a day in peoples faces for shit they generally don't want or need, simply wastes their time, and it's an annoyance.
Much of it is outright stupid.... It's a fucking plague of advertising....
They searches are filled with adds. They have adds in the search results, as well as the search results, they put adds in the Gmail, they put adds in the Youtube, they put in adds about buying adds as adds......
I have read news papers from 200 years ago, and they SOLD the news, where the content of the paper was the news, and there was about 10% of the page space used on adds.
Now news papers have like 90% of their total space used for adds, and they generally have skimpy low IQ stories about stupid brainless bullshit, or the sensationalist headline grabbers - and the spectator sport crap of politics.
And even the most clueless of readers are saying, "There is nothing but shit in them - not worth reading."
Anyway, without Add Block Plus, and Element Hiding helper for Add Block Plus, Flash Block etc., and a few other things....
I would not even come to this site...
But the idiots who run Google, there may indeed be legitimate technical reasons for crunching add blocking in android - but if they were allowed to run rampant - as they have, for every ONE person who becomes so irritated that they go and hunt out and install Add Block Plus and Element Hiding Helper and Flash Block etc., there are probably another 50 people who are seriously irritated by all the adds, and there are probably other 50 other people who simply refuse to use the internet much at all.
Google is like the shop owners who have gone from the sandwich board on the sides of the street, to putting plaquards in the front yard, and signs on your house walls, and then a free interior wall papering as well....
Stickers on your TV screen, labels in the toilet bowl, advertising screen printed on your curtains....
They are just so fucking all intrusive and all pervasive and so fucking unrelenting and........
Out of pure spite, I might just go pay a heap of money to Add Block Plus, just to get my own back on Google.
You are either spending the few hours on the net, between "fucking"! & sleeping.
Your posting would have been somewhat interesting were it not for the fact of the excessive usage of the word "fucking". There is surprisingly enough an abundent number of other words one could use. Sorry it spoilt the posting & was using your own words "so fucking all intrusive and all pervasive"! Completely over the top.
By the way, Ad Blocker + is free. You can donate if you so choose. I would recommend it to everyone. You could spend a little less on donating money to Ad Block & spend some on an English Dictionary!
"Google must track you to exist. They will smother Mozilla if they do this."
Actually, this probably works in Google's favor. This change could drive advertising dollars back into Google search and Google Maps, and away from Facebook and the other social sites that were using cookie trackers to try to hijack a piece of Google's online advertising pie.
The advertising dollars need to go somewhere, and if FB and friends can't track you as well, then those dollars might just flow right back into the basic Google tools.
For google and facebook this is less strict than the current system where users can uncheck the "accept 3rd party cookies" option. By default, firefox users will have google as their homepage, so any google 3rd party cookie will be allowed. Facebook only shows ads on facebook, so if you are ever likely to see their ads then you've visited the domain voluntarily so their 3rd party cookies will not be blocked.
Good points. It is a shame how initiatives to make life better or more secure/private for users are continually undermined by the addition of exceptions which you just know the miscreants will eventually drive a bus through.
The point of all this is that tracking is not desired - full stop. Why not just stick to that simple principle?
Firefox has had good cookie control for years. But for some time it has required selecting "Use custom settings for history" from the "Privacy" section of "Preferences" in order to access the third-party and expire at end of session cookie controls. I never understood the reason for deciding to hide them behind an obscure heading -- unless trying to be nice to their advertising sponsor, at the expense of their users.
The problem with "Use custom settings for history" is that you average Joe (L)user doesn't have the mental capacity to figure them out; and even if Joe (L)user could figure them out; he is too fucking lazy to go ahead and do it.
Too many Joe (L)users consider a computer to be nothing more than a toaster, put in the bread, and push the lever down.
"Who gives a fuck about how it works." bleats Joe (L)user
And companies like Microsoft, introducing dumbed down interfaces for dummies do not help things.
I feel a competency exam should be a ore-requisite for owning a computer, and a license should be required for internet surfing.
Time to get the ignorant (as in lacking knowledge) assholes off of the 'net.
I recommend the use of the Request Policy plug-in for Firefox. It blocks all requests to third party websites and indicates that it is doing so. Then, you can temporarily or permanently lift the block for all requests to that site or only requests from the site you're using at that time. (It's easier to understand if you just use it and play with it.)
On many sites I use, there are an amazing number of third party sites that are blocked by Request Policy without my use of the originating site being affected at all. If an image is blocked, it shows the image box as greyed out with a little red flag in the middle that can be clicked to indicate the name of the site being blocked.
The first time you use it, there is the minor frustration of having to go through the list it presents and deciding which ones to allow, since many sites use third party sites to deliver required content. However, I feel it's worth it to avoid the shedload of crap and all the inevitable tracking stuff that will be there.
I do the same with my cookie settings in Opera. Doesn't that make us the clever ones? But, even with getting close to 20 years experience of the WWW, there are times when I'm not sure which cookies to accept and for how long and there are many times when I have to go back and adjust settings or when, like El Reg, they don't work as they should. It's entirely understandable that most people have no idea what any of this is about: when I drive a car I don't sweep it for GPS trackers.
Third-party, cookie-based advertising on the internet is, I suspect, doomed because it has been so badly handled and abused by the industry. Of course, almost all of what the industry does can be achieved by slightly less intrusive means: they just need to provide decent APIs for an exchange between website owner and advertiser.
As an immediate improvement I'd love to see cookies must come with a manifest explaining what they do and how long they need to be valid for, and we need to come up with a sensible expiry option for never-ending sessions.
Do I understand this correctly?
I visit a site. Let's call it nosuchsite.co.uk.
nosuchsite.co.uk has a lazy webmaster, who uses google APIs instead of writing his own code. So, firefox is saying that because I've previously visited google, firefox thinks its OK to send google my cookies.
It sounds like they've got this completely wrong. It's precisely *because* I've previously visited google that google should *not* be given my google cookie when I visit a third party site. If I had never visited google, either directly or indirectly, then the cookie would contain no information so there would be no harm in giving back the cookie.
Third party cookies should be accepted but automatically converted to session cookies and never shared with other tabs that might be open in the browser at the same time. To every third party site, the user should appear to be making their first visit, no matter whether or not they have visited the site as a first party.
And what's the point of having the exemption for sites that promise to respect Do Not Track? Cookies are for tracking. So, if the site is not tracking, then it needs at the very most a session cookie.
I suppose pages loaded with IFRAME and script loaded with SCRIPT will be excluded otherwise this will be next to useless. It'll be interesting to see if the 3rd party cookie ban includes cookies set by JavaScript.
But they can't use a sledgehammer to crack a nut either otherwise they'll affect too many Ajax and Web 2.0oea sites too.
Can they also consider fixing the situation currently whereby I receive multiple requests to store or update cookies from the same domain even though I've already given my answer once with the relevant checkbox checked. It really is irritating to continually have to respond to requests from a.domain.com one after the other.
Indeed and FF has had the ability since before it existed. I've had 3rd party cookies blocked in Mozilla based browsers since v1.0 of the suite. Of course I also use Ghostery which blocks all trackers and had the nice side effect of removing the advertising that goes with them as well.
Advertisers would have to jump a few more hoops but I doubt it's *that* hard for them to change the JS boiler plate they supply to hosting sites to inject their ads. Javascript can read and write cookies from its own origin so the glue the advertiser supplies could read the cookie from the host's origin, slap it onto the url request for the ad, and then update the cookie again in the host based on the response.
And that's just on the client side. Advertisers could provide modules for PHP, Java, Apache which injects the tracking cookies from the host domain in the request so there is no way to tell it apart from other cookies the site might issue.
Then there's storing data in flash shared objects, silverlight storage, HTML 5 storage and a raft of other places. See Evercookie for the ways this could be done. Basically if an advertiser wanted to track you they will.
You gotta get 'em all! - Just saying 'Cookies' is frankly misleading to most of the public.
There's a dozen different techniques for storing data inside a users browser and unless you are amongst the Uber paranoid who has javascript + Flash disabled then your at risk of having your browser footprint profiled for good measure as well. Not as specific as a cookie but often as good enough.
So rather than track by cookie, they will just track by unique browser fingerprint, cross referenced with IP..
Oh wait.. they already do that...
Otherwise no way would I get the adverts I do after clearing cookies on my PC...
I look for a gift for my wife, clear cookies & history so no reference is left on the PC.. and shocker, I go to websites and see adverts for what I just looked at,(which is dumb as I've already been there and looked at that)
The insurance ones always amuse me.
We've tracked you looking at a bunch of car insurance sites so we've decided to advertise car insurance at you for the next two weeks.
Except of course that I was looking at car insurance sites because I was buying car insurance there and then. I am now the least likely person to care about your ads. Well done.
You were lucky it was just car insurance ... last year I needed to buy a spare part to mend a leaking toilet valve - and google served me with ads for toilet spares (from the same site I'd bought from) for several weeks (at least on browsers where I couldn't use ad block) .... in fact it does have an uncanny abiltiy to show me ads from sites I've just bought something from (and thus (a) know about and (b) probably no longer need to buy anything from!)
"Except of course that I was looking at car insurance sites because I was buying car insurance there and then. I am now the least likely person to care about your ads. Well done."
Agreed, though of course they can either serve you those ads and catch the 20% who haven't yet made up their minds and made a purchase, or they can throw some totally random ad at you and just hope!
" We collect some basic data in server logs, like your web request, the data sent in response to that request, the Internet Protocol address, the browser type, the browser language...." Ghostery Terms of service
Ghostery BTW is not some kids bedroom project funded by goodwill it's owned by a company called Evidon inc.. and their about us page makes interesting reading...
I just don't see how my privacy is protected when a third party is monitoring all my internet traffic.
This is fine by me. They may want to put in a toggle (in case there's anybody using some, possibly internal, site that outrageouly breaks.) Very few sites have problems even with all cookies blocked though, so I doubt this'll be an issue.
I'm all fine with this -- I actually wouldn't mind cookies in order to get more personalized ads that I may actually be interested in, except IT DOESN'T ACTUALLY SEEM TO WORK. Hulu, it asks on some ads if they are relevant to me, and clearly keeps track of ad skips, so I get just ads for stuff I actually am interested in (i.e. it works great!). Other sites it seems I get the same mix of ads as anyone. Therefore, indeed I do not want to be tracked and get absolutely nothing in return.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
