Firefox: Our new cookie protection will stop companies tracking you across sites

Firefox puts website-tracking cookies in a "cookie jar" to fence them in exclusively to the site that dropped the cookie.
Written by Liam Tung, Contributing Writer
Image: Getty/MoMo Productions

Mozilla has rolled out a privacy protection it calls "Total Cookie Protection" as the default for the Firefox browser on Windows, Mac and Linux. 

The idea behind Total Cookie Protection is that cookies remain limited to the site from which they were added to a browser. Mozilla's analogy for the functionality of Total Cookie Protection is a "cookie jar", which is assigned exclusively to the site that dropped the cookie file in the browser. No other site can access that assigned cookie jar, fencing cookies in to give advertisers a limited view of site visitors rather than a detailed multi-site view of them. 

This approch aims to thwart cross-site tracking, which happens when a website or third-party content embedded on websites (such as Facebook "Like" buttons) drops a cookie into a browser that can be read by advertisers on other sites the user visits in future.

SEE: Cloud computing security: Where it is, where it's going

"If you visit Facebook, Facebook won't be able to view your activity on Etsy, One Medical or your cousin's cooking blog later," Mozilla explains on a support page for Total Cookie Protection.

Mozilla argues this makes Firefox "the most private and secure" of the major browsers. 

"Total Cookie Protection works by creating a separate "cookie jar" for each website you visit. Instead of allowing trackers to link up your behavior on multiple sites, they just get to see behavior on individual sites," Mozilla explains in a blogpost.    

"Any time a website, or third-party content embedded in a website, deposits a cookie in your browser, that cookie is confined to the cookie jar assigned to only that website.

"No other websites can reach into the cookie jars that don't belong to them and find out what the other websites' cookies know about you – giving you freedom from invasive ads and reducing the amount of information companies gather about you."  

Total Cookie Protection is enabled by default in Standard Mode. It was previously available in Firefox Nightly, Enhanced Tracking Protection (ETP) Strict Mode and private mode.

Total Cookie Protection builds on ETP, which it rolled out to users between 2018 and 2020 and is now on by default. Firefox's ETP relies on a maintained blocklist that prevents select trackers from using third-party cookies. 

SEE: Don't let your cloud cybersecurity choices leave the door open for hackers

Third-party cookies allow an advertiser to drop a cookie file inside the user's browser from an ad. The advertiser could then read the user's local cookie from within ads on different sites, allowing cross-site tracking-enabled interest profiling. 

Mozilla admits ETP's shortcoming was that it only prevented trackers on the maintained list from using third-party cookies. It also allowed trackers to circumvent the list by creating a new tracking domain that isn't on the blocklist. 

"Total Cookie Protection avoids these problems by restricting the functionality for all cookies, not just for those on a defined list," Mozilla says. 

Editorial standards