Risk
6/20/2013
11:19 AM
50%
50%

Firefox Advances Do Not Track Technology

Mozilla says Firefox, over objections from the advertising industry, soon will begin blocking many types of cookies used to track users.

The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
Despite strong advertising industry opposition, Mozilla is advancing plans to have the Firefox browser block, by default, many types of tracking used by numerous websites, and especially advertisers.

"We're trying to change the dynamic so that trackers behave better," Brendan Eich, CTO of Firefox developer Mozilla, told The Washington Post.

According to NetMarketShare, 21% of the world's computers run Firefox.

Eich said the blocking technology, which is still being refined, will go live in the next few months. The blocking technology is based on that used by Apple's Safari browser, which blocks all third-party cookies. Advertisers use these types of cookies to track users across multiple websites.

[ Will California website owners take a DNT pledge? Read California Proposes 'Do Not Track' Honesty Checker. ]

Advertisers have criticized Mozilla's move. "They're putting this under the cloak of privacy, but it's disrupting a business model," Lou Mastria, the managing director for the Digital Advertising Alliance (DAA), told Adweek. The DAA runs a self-regulated industry program called Ad Choices, which allows consumers to opt out of some types of targeted advertising.

The precise types of cookies to be blocked by Firefox will be determined by the Cookie Clearinghouse, which is chaired by Aleecia M. McDonald, the director of privacy at Stanford University's Center for Internet and Society (CIS), which has spearheaded Do Not Track (DNT).

"Internet users are starting to understand that their online activities are closely monitored, often by companies they have never heard of before," McDonald said in a blog post. "But Internet users currently don't have the tools they need to make online privacy choices. The Cookie Clearinghouse will create, maintain and publish objective information. Web browser companies will be able to choose to adopt the lists we publish to provide new privacy options to their users."

The Cookie Clearinghouse has a six-person advisory panel, which includes representatives from Mozilla, Opera and the Future of Privacy Forum, who will help develop an "allow list" and a "block list" of cookies. As that suggests, not all cookies will be blocked by the Firefox patch, which was developed by Mozilla's Jonathan Meyer, who's on the Cookie Clearinghouse advisory board.

Instead, Meyer's patch will add a cookie-analysis logic engine to Firefox. "The idea is that if you have not visited a site (including the one to which you are navigating currently) and it wants to put a cookie on your computer, the site is likely not one you have heard of or have any relationship with," said Mozilla CTO Eich in a blog post. "But this is only likely, not always true," he said, noting that the engine would continue to be refined to help eliminate false positives, backed by information from the Cookie Clearinghouse.

Mozilla first announced that it would begin blocking third-party advertisers' cookies in February. Advertisers, predictably, weren't pleased -- Mike Zaneis, general counsel for the Interactive Advertising Bureau (IAB), described it as a "nuclear first strike" against advertisers.

In response, Mozilla backed off, at least temporarily, announcing in May that it was delaying its planned July implementation of the blocks in Firefox, pending further testing of the related patch. In response, a group of 979 small businesses from around the world signed a petition on the IAB's website protesting the plans.

Mozilla's cookie-blocking efforts follow a Do Not Track capability being adopted by all major browsers. But the DNT effort stalled in November 2012, after advertisers stopped participating in the program, following Microsoft making DNT active by default in Internet Explorer 10. Advertisers wanted the feature to be not active by default.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Number 6
50%
50%
Number 6,
User Rank: Apprentice
6/20/2013 | 9:37:21 PM
re: Firefox Advances Do Not Track Technology
" 'They're putting this under the cloak of privacy, but it's disrupting a business model,' Lou Mastria, the managing director for the Digital Advertising Alliance (DAA), told Adweek."

It's disrupting a business model? Aww, I'm so sorry to hear that. You didn't even HAVE that business model until we developed browser technology. The ad industry will just have to adapt like it did before and like every other industry does.
DAVIDINIL
50%
50%
DAVIDINIL,
User Rank: Apprentice
6/21/2013 | 5:16:17 PM
re: Firefox Advances Do Not Track Technology
I am not extremely web savvy, but I can already block all cookies in any browser can't I? Is the controversy simply that Firefox would block them by default?
lacertosus
50%
50%
lacertosus,
User Rank: Apprentice
6/21/2013 | 11:27:03 PM
re: Firefox Advances Do Not Track Technology
Blocking cookies is create but no efficient as most common major websites require them to make use of their services.

As I am trialing several Marketing Automation Systems, one common functionality that they all have is installing cookies on the client's machine. Most even take it further and get around privacy settings where they will install a cookie no matter what. Even if you have cookies blocked. Not sure if that's even legal but they do if you opt to do that.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9710
Published: 2015-05-27
The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time windo...

CVE-2014-9715
Published: 2015-05-27
include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that trig...

CVE-2015-1157
Published: 2015-05-27
CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2)...

CVE-2015-2666
Published: 2015-05-27
Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to t...

CVE-2015-2830
Published: 2015-05-27
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrate...

Dark Reading Radio
Archived Dark Reading Radio
After a serious cybersecurity incident, everyone will be looking to you for answers -- but you’ll never have complete information and you’ll never have enough time. So in those heated moments, when a business is on the brink of collapse, how will you and the rest of the board room executives respond?