As the ad technology industry tries to function in a less cookie-filled environment, browsers like Mozilla Firefox are seizing the opportunity to expand their user base with features like Total Cookie Protection (TCP). The feature was first introduced in February 2021 and was initially limited to Firefox’s tracking protection feature – Enhanced Tracking Protection Strict Mode. It was then enabled by default in private browser windows with the launch of Firefox 89 later that year. As of today, Total Cookie Protection is now standard for all users worldwide, not just in private windows or if you opt for stricter settings.
Compared to its competitors like Google Chrome and Microsoft Edge, Mozilla Firefox claims to be “the most private and secure major browser available for Windows and Mac,” and Marshall Erwin, Mozilla’s Chief Security Officer, tells Vidak For Congress that Total Cookie Protection is Firefox’s ” strongest privacy protection yet.”
Mozilla hopes that by making TCP the standard for all users, they will stay safe online.
“Internet users today are trapped in a vicious circle where their data is collected, sold and used to manipulate it without their knowledge. Total Cookie Protection breaks that cycle by putting people first, protecting their privacy, giving them a choice and cutting off Big Tech from the data it sucks up every day,” added Erwin.
This is how it works. The TCP feature creates a separate “cookie pot” for each website you visit and limits the cookies to the site where they were created. The trackers can only see your behavior on that individual site. This in turn prevents tracking companies from using these cookies to track your browsing from site to site. This reduces the amount of information companies collect from you, as well as all the invasive and sometimes too close to home advertisements you see every day.
In addition, Total Cookie Protection provides additional privacy protections through existing anti-tracking features such as Enhanced Tracking Protection (ETP), which Mozilla launched in 2018 and became standard for all Firefox users in 2019. ETP blocks trackers based on a list that still had some shortcomings because there were still ways for trackers to avoid being blocked. For example, many have just set up a new tracking domain that was not on the list. Meanwhile, TCP limits the functionality of all cookies, no matter what.
Completely blocking third-party cookies may break some site functionality. So this is part of the reason why Firefox’s Total Cookie Protection doesn’t completely eliminate third-party cookies. Access to these cookies is only limited. That way, the browsing experience is not affected, as TCP continues to provide strong protection against tracking.
In addition, cross-site cookies are an exception, as they are needed for non-tracking purposes, such as those used by popular third-party login providers. This means that the website and the login provider have access to the same cookie jar, so that the user can easily log in. Firefox remembers the user’s preference for 30 days.
It is important to note that TCP in Firefox does not protect users against: all pop-ups for cookies. The company informed Vidak For Congress that while it protects users from third-party tracking that may occur on websites that ask you to accept or decline their privacy policies in a cookie banner, TCP does not protect against third-party tracking, so choose to click “accept.” or clicking “decline” is still required for first-party cookies.
When Mozilla first tested the feature in February, the company checked for breaches and even partnered with websites to refactor their site to work with cookie storage isolation technologies such as TCP, often through the use of the Storage Access API. encourage, the company told Vidak For Congress. The Storage Access API provides a way for embedded resources to see if they currently have access to their first-party storage and then allows them to request access from the user agent.
As Mozilla became more aware of common breaking patterns, the company developed heuristics and SmartBlock in Firefox that allow sites using these patterns to continue to operate without breaking while still taking advantage of the privacy benefits of TCP. In general, the amount of breakage was limited, according to Mozilla.
In total, the Firefox browser has more than 200 million monthly active users, according to its own data, and is known as a popular browser among users with privacy concerns. However, in early 2021, Firefox reported that it had lost up to 12% of its user base, according to StatCounter.
It’s likely that this drop was due to complaints that the Firefox design introduced in version 89 was “slow and buggy,” wrote one Reddit user. Then in May 2022, Firefox 100 was hacked in seven seconds, but Mozilla quickly released 100.0.2 within 48 hours. This month, Firefox 101.0.1 was released with no zero-day security holes fixed, and no patches deemed critical, so perhaps users will flock to the browser.
Earlier this month, Safari reached one billion global users, while Google Chrome has more than three billion. Microsoft Edge has 212 million users, according to Atlas VPN’s findings.
While the browser struggles to retain as many users as its competitors — and had some speed bumps with updates — Firefox’s tracking protection is much more comprehensive than Microsoft Edge and Google Chrome, which don’t disable third-party cookies by default. Meanwhile, Apple’s Safari browser and Firefox have been blocking third-party cookies since 2013. In addition, the privacy-focused browsers Tor, Brave, Epic, and Min also block third-party cookies by default.
In 2020, Google announced that it plans to phase out support for third-party cookies in Chrome over the next two years. This was postponed to 2023.
Google has objected to Mozilla’s approach to blocking third-party cookies, saying it will only push the industry to find workarounds. Mozilla believes that while advertising is central to the Internet economy, consumer privacy should not be optional. The nonprofit never sells or buys your data — it still collects it, though — and Firefox developers are driven to work for a “healthier internet,” the company once wrote.