Mozilla will block tracking cookies in future release
Mozilla Firefox will start blocking tracking cookies by default in future releases. Mozilla cites consumer privacy concerns for this move. Web tracking have been the concern of privacy advocates, who say that marketers know entirely too much about individuals' online activities. The same cookies used to track web browsing also has the potential as a security threat. Mozilla is planning to disable cross-site tracking by default in its Firefox browser.
Ads are a necessary part of the internet economy, free access to content is never really free, we pay with targeted ads on websites. Tracking cookies enables websites to push different ads on different viewers based on browsing history. According to a recent article in the Harvard Business Review, targeted ads are preferable to random ads. Cookies also make browsing more convenient, websites will remember us so we can pick up where we left off, automatically sign in to our accounts or have the site remember our user name. They also enable one click access to receipts and account information from things like email confirmations. Cookies allow us to be trusted if we're already signed into another trusted website like how the "Sign in with Facebook" function works.
The downside is that tracking slows down the web. In a analysis this week from Ghostery, 55.4 percent of the total time required to load an average website was spent loading third-party trackers. Cookies allow companies to collect data about user preferences and surfing habits and the amount of data a website seems to know about any given individual can start to feel intrusive. Allowing third-party tracking cookies opens up a privacy hole in the browser that may be larger than most people realize. According to Ghostery's analysis, just visiting a popular page will implant cookies into a user's browser for over 50 different third-party domains. Each of these are built specifically to give visibility to marketeers outside of the website into what a person looks at on that site over days, months or years. Third party tracking cookies are in 24% of facebook.com page loads and 30% of google.com page loads.
Even though many cookie functions may be benign and not used for outside tracking, it's important to note that many of these are opened up to third party scripts that may be running on the page. The service provider running the website has added tracking scripts to their websites and apps to provide analytics, advertising and other plug-in functionality and these scripts may not be carefully implemented, and that these third parties now can potentially have access to all your data. Many unchecked data collection are hidden to users and experts, and are only revealed piecemeal by major data breaches. Tracking cookies opens up threats like CSRF attacks that are based on the concept that users can make a third party request to a site that the browser has previously authenticated with, and the browser will send the credentials with the request. These vulnerabilities can allow hackers to spoof the third party requests and gain access to the credentials allowing them access.
In the beginning, web browsers disabled cookies by default but since most internet sites today require cookies to be enabled before they deliver content, browsers started enabling cookies by default. Mozilla announced that it will reverse this by blocking tracking cookies by default. The company has added a feature in Firefox Nightly that blocks trackers that slow down page loads that are now in beta. If the feature performs well, Mozilla will start blocking slow loading trackers by default in Firefox 63. Mozilla also said that it will block cryptomining scripts by default in an unspecified future version of its browser, along with trackers that fingerprint users' devices. Some sites will continue to want user data in exchange for content, but now they will have to ask for it which is a good change since people have no idea about the value exchange they made by browsing sites.