In a post this morning from Mozilla’s CTO Brendan Eich, we announced that we’re working with Stanford’s Center for Internet and Society to develop a Cookie Clearinghouse. The Cookie Clearinghouse will provide users of Firefox, Opera and other browsers an independent service to address privacy concerns related to third party cookies in a rational, trusted, transparent and consistent manner. The current third party cookie patch will require additional modifications over the course of several months, depending on how quickly the new service takes shape and comes online. Note there will be an open, public brown bag meeting on July 2nd where additional info will be presented.
Here’s what Brendan posted:
As you may recall from almost six weeks ago, we held the Safari-like third-party cookie patch, which blocks cookies set for domains you have not visited according to your browser’s cookie database, from progressing to Firefox Beta, because of two problems:
False positives. For example, say you visit a site named
foo.com, which embeds cookie-setting content from a site named
foocdn.com. With the patch, Firefox sets cookies from
foo.combecause you visited it, yet blocks cookies from
foocdn.combecause you never visited
foocdn.comdirectly, even though there is actually just one company behind both sites.
False negatives. Meanwhile, in the other direction, just because you visit a site once does not mean you are ok with it tracking you all over the Internet on unrelated sites, forever more. Suppose you click on an ad by accident, for example. Or a site you trust directly starts setting third-party cookies you do not want.
Our challenge is to find a way to address these sorts of cases. We are looking for more granularity than deciding automatically and exclusively based upon whether you visit a site or not, although that is often a good place to start the decision process.
- Naive visited-based blocking results in significant false negative and false positive errors.
- We need an exception management mechanism to refine the visited-based blocking verdicts.
- This exception mechanism cannot rely solely on the user in the loop, managing exceptions by hand. (When Safari users run into a false positive, they are advised to disable the block, and apparently many do so, permanently.)
- The only credible alternative is a centralized block-list (to cure false negatives) and allow-list (for false positives) service.
Today Mozilla is committing to work with Aleecia and the CCH Advisory Board, whose members include Opera Software, to develop the CCH so that browsers can use its lists to manage exceptions to a visited-based third-party cookie block.
The CCH proposal is at an early stage, so we crave feedback. This means we will hold the visited-based cookie-blocking patch in Firefox Aurora while we bring up CCH and its Firefox integration, and test them.
Of course, browsers would cache the block- and allow-lists, just as we do for safe browsing. I won’t try to anticipate or restate details here, since we’re just starting. Please see the CCH site for the latest.
We are planning a public “brown bag” event for July 2nd at Mozilla to provide an update on where things stand and to gather feedback. I’ll update this post with details as they become available, but I wanted to share the date ASAP.