Risk
6/20/2013
11:19 AM
50%
50%

Firefox Advances Do Not Track Technology

Mozilla says Firefox, over objections from the advertising industry, soon will begin blocking many types of cookies used to track users.

The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
Despite strong advertising industry opposition, Mozilla is advancing plans to have the Firefox browser block, by default, many types of tracking used by numerous websites, and especially advertisers.

"We're trying to change the dynamic so that trackers behave better," Brendan Eich, CTO of Firefox developer Mozilla, told The Washington Post.

According to NetMarketShare, 21% of the world's computers run Firefox.

Eich said the blocking technology, which is still being refined, will go live in the next few months. The blocking technology is based on that used by Apple's Safari browser, which blocks all third-party cookies. Advertisers use these types of cookies to track users across multiple websites.

[ Will California website owners take a DNT pledge? Read California Proposes 'Do Not Track' Honesty Checker. ]

Advertisers have criticized Mozilla's move. "They're putting this under the cloak of privacy, but it's disrupting a business model," Lou Mastria, the managing director for the Digital Advertising Alliance (DAA), told Adweek. The DAA runs a self-regulated industry program called Ad Choices, which allows consumers to opt out of some types of targeted advertising.

The precise types of cookies to be blocked by Firefox will be determined by the Cookie Clearinghouse, which is chaired by Aleecia M. McDonald, the director of privacy at Stanford University's Center for Internet and Society (CIS), which has spearheaded Do Not Track (DNT).

"Internet users are starting to understand that their online activities are closely monitored, often by companies they have never heard of before," McDonald said in a blog post. "But Internet users currently don't have the tools they need to make online privacy choices. The Cookie Clearinghouse will create, maintain and publish objective information. Web browser companies will be able to choose to adopt the lists we publish to provide new privacy options to their users."

The Cookie Clearinghouse has a six-person advisory panel, which includes representatives from Mozilla, Opera and the Future of Privacy Forum, who will help develop an "allow list" and a "block list" of cookies. As that suggests, not all cookies will be blocked by the Firefox patch, which was developed by Mozilla's Jonathan Meyer, who's on the Cookie Clearinghouse advisory board.

Instead, Meyer's patch will add a cookie-analysis logic engine to Firefox. "The idea is that if you have not visited a site (including the one to which you are navigating currently) and it wants to put a cookie on your computer, the site is likely not one you have heard of or have any relationship with," said Mozilla CTO Eich in a blog post. "But this is only likely, not always true," he said, noting that the engine would continue to be refined to help eliminate false positives, backed by information from the Cookie Clearinghouse.

Mozilla first announced that it would begin blocking third-party advertisers' cookies in February. Advertisers, predictably, weren't pleased -- Mike Zaneis, general counsel for the Interactive Advertising Bureau (IAB), described it as a "nuclear first strike" against advertisers.

In response, Mozilla backed off, at least temporarily, announcing in May that it was delaying its planned July implementation of the blocks in Firefox, pending further testing of the related patch. In response, a group of 979 small businesses from around the world signed a petition on the IAB's website protesting the plans.

Mozilla's cookie-blocking efforts follow a Do Not Track capability being adopted by all major browsers. But the DNT effort stalled in November 2012, after advertisers stopped participating in the program, following Microsoft making DNT active by default in Internet Explorer 10. Advertisers wanted the feature to be not active by default.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
lacertosus
50%
50%
lacertosus,
User Rank: Apprentice
6/21/2013 | 11:27:03 PM
re: Firefox Advances Do Not Track Technology
Blocking cookies is create but no efficient as most common major websites require them to make use of their services.

As I am trialing several Marketing Automation Systems, one common functionality that they all have is installing cookies on the client's machine. Most even take it further and get around privacy settings where they will install a cookie no matter what. Even if you have cookies blocked. Not sure if that's even legal but they do if you opt to do that.
DAVIDINIL
50%
50%
DAVIDINIL,
User Rank: Apprentice
6/21/2013 | 5:16:17 PM
re: Firefox Advances Do Not Track Technology
I am not extremely web savvy, but I can already block all cookies in any browser can't I? Is the controversy simply that Firefox would block them by default?
Number 6
50%
50%
Number 6,
User Rank: Apprentice
6/20/2013 | 9:37:21 PM
re: Firefox Advances Do Not Track Technology
" 'They're putting this under the cloak of privacy, but it's disrupting a business model,' Lou Mastria, the managing director for the Digital Advertising Alliance (DAA), told Adweek."

It's disrupting a business model? Aww, I'm so sorry to hear that. You didn't even HAVE that business model until we developed browser technology. The ad industry will just have to adapt like it did before and like every other industry does.
Cybersecurity's 'Broken' Hiring Process
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/11/2017
Ransomware Grabs Headlines but BEC May Be a Bigger Threat
Marc Wilczek, Digital Strategist & CIO Advisor,  10/12/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Search Cybersecuruty and you will get unicorn.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.