Mozilla drags its feet on blocking cookies from unvisited websites

Mozilla has been courting controversy with its move toward blocking some third-party cookies by default in Firefox. While preventing unvisited websites from setting cookies is undoubtedly good for consumers, advertisers are none too happy about it. Sadly, Mozilla is now delaying this feature thanks to the complaints it has received from “concerned site owners.”

For many years now, Apple’s Safari has declined to set third-party cookies from unvisited sites by default. Recently, Mozilla moved to mimic this behavior with a patch submitted by Stanford grad student Jonathan Mayer. In the Firefox Aurora (pre-beta) release channel, this behavior is on by default. Earlier this week, the feature made its way to the Firefox Beta release channel, but it is now off by default. Considering how progressive Mozilla has been with enabling pro-consumer features, this caused something of a small panic in its privacy-focused community.

In a post on his personal blog, Mozilla CTO Brendan Eich explains the reasons behind wanting to block cookies from unvisited websites, and why this feature is taking longer than most to be fully implemented. Essentially, Mozilla is worried about false positives and negatives making the default browsing experience slightly more annoying for casual users. While it is certainly possible to accidentally block cookies from legitimate content delivery networks (CDNs), it doesn’t seem to be much of a problem. Millions of Safari users, including me, don’t set cookies from unvisited sites, and there hasn’t been any significant widespread problems there. Even if the Mozilla team has good intentions, it seems like they’re being overly cautious in an attempt to keep the advertising industry from revolting.

That said, Mozilla isn’t backing away from default unvisited third-party cookie-blocking completely. Eich goes on to say that “We are always committed to user privacy, and remain committed to shipping a version of the patch that is ‘on’ by default.” He then promises that Mozilla will update the public within six weeks about its intentions on modifying Mayer’s implementation. Mozilla’s bread and butter has always been user empowerment, so don’t think for a second that it will let this go. More or less, this seems like a song and dance to appear receptive to the ad industry’s concerns.

While complete blocking of third-party cookies might be right for some users, this compromise of only blocking third-party cookies from unvisited sites is a good middle ground. The vast majority of sites will continue to function perfectly, and it makes it harder for uncouth advertisers to track consumers. Let’s just hope that Mozilla has the guts to move forward with this feature for its next release instead of dragging its feet for six more weeks.