Skip to main content

Firefox boosts privacy by giving ‘total cookie protection’ to all users by default

Firefox boosts privacy by giving ‘total cookie protection’ to all users by default

/

The latest feature from Mozilla extends the anti-tracking protections of its browser even further

Share this story

If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.

The Firefox logo on a black background
Illustration by Alex Castro / The Verge

The Firefox browser, already known for its privacy protections, is about to become even more private thanks to a new cookie-restricting feature announced by Mozilla on Tuesday.

The design change, labeled “Total Cookie Protection,” aims to give enhanced protection against online tracking by limiting the ability of websites to read cookies created by third-party services. According to a blog post from Mozilla, access to any given cookie will be restricted to the website that deposited the cookie in a user’s browser, so a cookie created by one website or service will not be readable by other websites that a user visits.

Mozilla’s blog post describes the new feature in terms of a separate “cookie jar” for each website, preventing trackers from linking up user behavior across multiple sites. The post explains:

Any time a website, or third-party content embedded in a website, deposits a cookie in your browser, that cookie is confined to the cookie jar assigned to only that website. No other websites can reach into the cookie jars that don’t belong to them and find out what the other websites’ cookies know about you ... This approach strikes the balance between eliminating the worst privacy properties of third-party cookies – in particular the ability to track you – and allowing those cookies to fulfill their less invasive use cases (e.g. to provide accurate analytics).

The cookie protection feature is part of an ongoing privacy-focused development strategy from Mozilla that has also seen Firefox continue to support the most sophisticated forms of ad blocking, in contrast with Google Chrome. In regard to cookies, Google previously announced in 2020 that it would phase out third-party cookies within two years but later pushed back the target date to 2023.

Describing the need for enhanced cookie protection, Mozilla cited various examples of the misuse of tracking, including Facebook’s digital tracking of student loan applicants and the selling of data on visitors to Planned Parenthood. The blog post also references a popular Last Week Tonight episode in which John Oliver took aim at data brokers.

Mozilla’s chief security officer Marshall Erwin told The Verge that the organization wanted to give users control over their own data and offer more defense against its misuse.

“Internet users today are stuck in a vicious cycle in which their data is collected without their knowledge, sold, and used to manipulate them.”

“Internet users today are stuck in a vicious cycle in which their data is collected without their knowledge, sold, and used to manipulate them,” Erwin said via email. “Total Cookie Protection breaks that cycle, putting people first, protecting their privacy, giving them a choice and cutting off Big Tech from the data it vacuums up every day. The feature offers Firefox’s strongest privacy protection to date and is the culmination of years of work to clamp down on online tracking.”

It might take more than cookie protection to curb the major tech companies’ ferocious data intake, but blocking third-party tracking will certainly bring clear privacy gains.

The new cookie protection feature is available now in the latest version of Firefox desktop. Mozilla is operating on a different timeline for mobile rollout, Erwin said, though the technology is already available in the privacy-centric “Focus” version of the Firefox browser on Android. The technology could not be released on iOS because of App Store rules preferring Apple’s browser engine over alternatives, Erwin said.

Despite objections from developers and accusations of anti-competitive practice, Apple continues to require all browsers for iOS be built on the WebKit browser engine, meaning it is difficult for any browser to distinguish itself significantly from Safari. Browser restrictions aside, Apple has won praise from privacy advocates for its aggressive measures to block tracking across iOS applications.