[jefftk]

Total Cookie Protection, built into Firefox, makes sure that facebook.com can’t use cookies to track you across websites. It does this by partitioning data storage into one cookie jar per website, rather than using one big jar for all of facebook.com’s storage. With Enhanced Cookie Clearing, if you clear site data for comfypants.com, the entire cookie jar is emptied, including any data facebook.com set while embedded in comfypants.com.

This seems exactly right: now that we have partitioned cookies, cookie clearing should clear cookies for the whole partition.

[faichai]

It’s insane that this hasn’t been the default all along across all browsers.

Just shows how Google et al, strive to safeguard and profit from the status quo, at the expense of every internet user.

[crazygringo]

It's ridiculous to suggest that this was somehow all nefariously intended by Google et al. How do you then explain that's what Firefox has done all the way up until now?

No -- it's just how cookies were meant to work from the start, the most obvious implementation before the privacy/security/tracking implications got worked out, which has taken many years.

And Google's working to make similar improvements to Chrome:

https://blog.chromium.org/2020/01/building-more-private-web-...

So not "insane" at all. To the contrary, it was entirely reasonable at the beginning, and now we see browsers reasonably addressing the problems that have arisen.

[notinsaneatall]

> How do you then explain that's what Firefox has done all the way up until now?

The fact that for a long, long time the vast majority of Firefox's income has come from search engine partnerships, a category google dominates?

Also: Firefox has been rather poor about user privacy. Integrating third party stuff that's difficult to remove, like Pocket, for example.

There was the whole "Looking Glass" debacle where they dropped in a Mr. Robot promotional plugin into Firefox completely silently.

When someone posted in bugzilla about it, the project manager for the plugin made the thread employee-only. It was then changed back to public briefly, before disappearing for good, reportedly being locked so even employees can't see it:

https://bugzilla.mozilla.org/show_bug.cgi?id=1424977#c21

Ask yourself: "why is a bug files about a promotional plugin so secretive that not even employees can view it?"

BTW: Guess where that project manager used to work before she worked at Mozilla? Answer: an online advertising and analytics firm (according to her LinkedIn profile at the time.)

[dralley]

>Also: Firefox has been rather poor about user privacy. Integrating third party stuff that's difficult to remove, like Pocket, for example.

1) Mozilla owns pocket, it's not third party. https://blog.mozilla.org/en/mozilla/news/mozilla-acquires-po...

2) This is completely irrelevant to user privacy, because Pocket doesn't exfiltrate any data. The source code for the integration is open source, you can go look this up yourself.

[SilasX]

Couldn't a smart person have figured out exactly how that cookie model could be abused like, within days of it existing? Was it really something that only got figured out with time?

[ElderKorihor]

You have hindsight.

In the early days, the internet was seen as a massively playfield-leveling and decentralizing force ("the net interprets censorship as damage and routes around it"), not a massively centralizing one (Facebook is the world's only newspaper).

In a model where everything is decentralized and leveled , no player is big enough to worry about.

[tuatoru]

A smart person could have figured it out, but it was extremely unlikely.

The economics sub-discipline of economic geography was being developed at about the same time as Eternal September.

The key insight (one of the key insights) from that research is that as the absolute cost of transport goes down, previously insignificant differences in cost become important. This leads to to the development of "hubs" - centralization.

(Here we're talking about information transport, and the cost being time per bit.)

But as you say, at the time the tech world could never have believed that centralization was the default expectation, nor designed things to compensate.

[testermelon]

Can you provide further reading on the insight that shows the formation of hubs/centralization? It seems interesting.

[Dudeman112]

>A smart person could have figured it out, but it was extremely unlikely.

Additionally, would they have been listened to?

[joe_the_user]

Sure, the realization might taken a decade but the change took two decades at least. So it seems a little late.

[jefftk]

Someone could, and people did. DoubleClick was founded in 1995 and was using cookies for tracking user interest across sites by 1997 (or earlier; hard to pin down). There was lots of discussion of this at the time:

Any web site that knows your identity and has cookie for you could set up procedures to exchange their data with the companies that buy advertising space from them, synchronizing the cookies they both have on your computer. This possibility means that once your identity becomes known to a single company listed in your cookies file, any of the others might know who you are every time you visit their sites. The result is that a web site about gardening that you never told your name could sell not only your name to mail-order companies, but also the fact that you spent a lot of time one Saturday night last June reading about how to fertilize roses. More disturbing scenarios along the same lines could be imagined. There are of course many convenient and legitimate uses for cookies, as Netscape explains. But because of the possibilities of misuse we recommend disabling cookies unless you really need them. https://web.archive.org/web/19970713104838/http://www.junkbu...

(Disclosure: I work in a part of Google that's descended in part from DoubleClick. Speaking only for myself.)

[SilasX]

Thanks, that’s what I was thinking, that advertisers figured it out early on, and they aren’t smarter or dumber than the rest of the professional population, so this shouldn’t be some surprise that took years to work out.

(I personally remember thinking exactly that, that cookies allow universal tracking, as soon as I learned of the concept, but I don’t want to put too much stock into that belief because of the possibility of hindsight bias and misremembering.)

[toomanybeersies]

The entire internet was built on the assumption of good actors and until recently non-secure protocols & models were the default.

Only in the past decade has there been serious consideration for encryption and security on the internet.

Before Let's Encrypt was launched in 2014, HTTPS was the exception, rather than the norm. It was only in 2016 that greater than 50% of internet traffic was encrypted.

Secure DNS is still very much a work in progress.

BGP was built with the assumption of good actors, and doesn't include any security mechanisms.

Email still doesn't have any good options for E2E encryption.

[musicale]

> Couldn't a smart person have figured out exactly how that cookie model could be abused like, within days of it existing?

They almost certainly did, and considered it acceptable at the time.

[jefftk]

The first cookie RFC, rfc2109 (1997), was even more conservative:

An origin server could create a Set-Cookie header to track the path of a user through the server. Users may object to this behavior as an intrusive accumulation of information, even if their identity is not evident. (Identity might become evident if a user subsequently fills out a form that contains identifying information.) This state management specification therefore requires that a user agent give the user control over such a possible intrusion... --https://datatracker.ietf.org/doc/html/rfc2109#section-7.1

[Too]

Early versions of Internet Explorer used to follow this and prompt about cookie storage all the time, to everybody’s great annoyance. Eventually it defaulted to always allow.

Now with GDPR prompts we’ve come full circle, but instead get the UI of the web site instead of the user agent, allowing all kinds of dark patterns to be exploited and requiring re-prompts all the time for those of us who don’t allow the page to keep cookies in the agent.

[teawrecks]

> How do you then explain that's what Firefox has done all the way up until now?

Google is historically the largest financial contributor to Mozilla (paying for spot as default search engine) and thus has always had leverage on what they do with FF.

There were a few years there where Moz flexed on google by making Yahoo the default, but then switched back to Google last year. My guess is they had to show google they were willing to go elsewhere in order to regain some of their autonomy, which is why it's only in the last couple of years that FF has been willing to add default customer privacy features despite directly hurting FB/Google's ability to track users.

[o8r3oFTZPE]

Advertising targets1 trust Google. There is no reason for them not to trust this company. Google has the privacy of its advertising targets as its highest priority.

Mozilla gets 90+% of it operating budget via a deal with Google, but Firefox developement is not influenced at all by Chrome. Totally independent.

Big Tech exists for users, not advertisers. Privacy must come first and money must come second. Thats why we have more privacy than ever and Google does not make much money. Government regulation is totally unnecessary. All incentives are aligned toward greater privacy.

Google will "build a more private web" for its advertising targets. Sorry advertisers. :(

1. Also known as "users".

[zaphar]

Mozilla was doing this literally before Google existed. The origins of how cookies work predate Google as a company let alone as an advertiser platform. At the time Netscape was not beholden to an advertising company at all.

The previous poster is correct on their historical analysis. Your comment does not change the accuracy at all.

[jefftk]

> It’s insane that this hasn’t been the default all along across all browsers

Historically cookies weren't partitioned by site. So if you went to clear the cookies for https://publisher.example, then the browser wouldn't know whether to also clear cookies for https://other.example.

(Cookies are still not partitioned by default in Firefox; it requires turning on Total Cookie Protection)

[sp332]

This is two huge changes away from how every browser historically stored and cleared cookies, including old Opera, IE, Firefox, Safari, everybody.

[tgsovlerkhgsel]

It isn't insane, it's a leftover from when you didn't have to assume that most sites you use are actively hostile to you.

If it didn't come with all the tracking and privacy implications, being able to see your friends' comments on a site first, use social widgets etc. is a feature.

This will also break some sites, some of which will never get fixed, so this is a hard change to make (but necessary at this point).

[SilasX]

As others noted, I'm not sure there's a profit motive to blame here, but yeah it feels like browsers are constantly playing catch-up, indicated by ever-stronger words for the features, rather than switch to a better-engineered, more robust model -- reminds me of PHP's treadmill of "no-really-totes-secure-this-time-sql-call".

[1vuio0pswjnm7]

What if there were browsers and protocols written by users instead of companies set up to exploit users.

[jimmaswell]

The world kept turning all these years before people got unreasonably paranoid about cookies and ad networks. I think it's all pointless theater. I wish Mozilla would focus more on browser customizability and other extension powers like we used to have with XUL and bringing the mobile browser up to speed instead. I couldn't care less about a Facebook tracking cookie.

[amenod]

I agree with the mobile browser (the only recent change they made, afaics, was to artificially disable most of the extensions and to make tab switching worse), however it is not just about ad networks that people are paranoid about. Tracking is pervasive and there are many players which know way too much about what users are doing on the net.

I don't even care if they track me - what I care about is that they track mostly everybody. Such power should not be underestimated.

[jimmaswell]

Law enforcement is exempt from GDPR and other online privacy acts and we all know how much intelligence agencies know. The people who it matters if they track you are still tracking you. All that changed is it's harder to make money from ads and it's more expensive and dangerous to run your own web service.

[mnot]

Not true; a substantial part of the Schrems II decision was about how the GDPR applies not only to law enforcement, but also national security surveillance. See eg ‘European Essential Guarantees.’

[xorcist]

This sounds like cookies should have worked from the start.

I suspect this is going to help against some CSRF as well?

[jefftk]

How would this help with CSRF? The new feature only applies when someone intentionally clears their cookies.

[Terretta]

Not how I read it. To me it says Facebook.com cookies set through site A are separate from those stored through site B. Even if you never clear, fb cookies would no longer be a single cookie to link these, but separate.

The jar is the key new thing, not the emptying.

[jefftk]

The approach to the cookie jar isn't new in Firefox 91; that's Total Cookie Protection, added in Firefox 86: https://blog.mozilla.org/security/2021/02/23/total-cookie-pr...

[Terretta]

Delete the word “new”, emphasis on “key”.

[jrochkind1]

Should also make it easier to defeat some paywalls by clearing cookies just for that site.