{"id":2695,"date":"2021-02-23T05:55:25","date_gmt":"2021-02-23T13:55:25","guid":{"rendered":"https:\/\/blog.mozilla.org\/security\/?p=2695"},"modified":"2021-05-31T00:27:32","modified_gmt":"2021-05-31T07:27:32","slug":"total-cookie-protection","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/security\/2021\/02\/23\/total-cookie-protection\/","title":{"rendered":"Firefox 86 Introduces Total Cookie Protection"},"content":{"rendered":"<p>Today we are pleased to announce Total Cookie Protection, a major privacy advance in Firefox built into <a href=\"https:\/\/support.mozilla.org\/en-US\/kb\/enhanced-tracking-protection-firefox-desktop#w_adjust-your-global-enhanced-tracking-protection-settings\">ETP Strict Mode<\/a>. Total Cookie Protection confines cookies to the site where they were created, which prevents tracking companies from using these cookies to track your browsing from site to site.<\/p>\n<p>Cookies, those well-known morsels of data that web browsers store on a website\u2019s behalf, are a useful technology, but also a serious privacy vulnerability. That\u2019s because the prevailing behavior of web browsers allows cookies to be shared between websites, thereby enabling those who would spy on you to \u201ctag\u201d your browser and track you as you browse. This type of cookie-based tracking has long been the most prevalent method for gathering intelligence on users. It\u2019s a key component of the mass commercial tracking that allows advertising companies to quietly build a detailed personal profile of you.<\/p>\n<p>In 2019, Firefox introduced Enhanced Tracking Protection by default, blocking cookies from companies that have been identified as trackers by our partners at Disconnect. But we wanted to take protections to the next level and create even more comprehensive protections against cookie-based tracking to ensure that no cookies can be used to track you from site to site as you browse the web.<\/p>\n<p>Our new feature, Total Cookie Protection, works by maintaining a separate \u201ccookie jar\u201d for each website you visit. Any time a website, or third-party content embedded in a website, deposits a cookie in your browser, that cookie is confined to the cookie jar assigned to that website, such that it is not allowed to be shared with any other website.<\/p>\n<div id=\"attachment_2698\" style=\"width: 902px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/blog.mozilla.org\/security\/files\/2021\/02\/panels-3.png\"><img aria-describedby=\"caption-attachment-2698\" decoding=\"async\" loading=\"lazy\" class=\" wp-image-2698\" src=\"https:\/\/blog.mozilla.org\/security\/files\/2021\/02\/panels-3-300x150.png\" alt=\"\" width=\"892\" height=\"446\" srcset=\"https:\/\/blog.mozilla.org\/security\/files\/2021\/02\/panels-3-300x150.png 300w, https:\/\/blog.mozilla.org\/security\/files\/2021\/02\/panels-3-600x300.png 600w, https:\/\/blog.mozilla.org\/security\/files\/2021\/02\/panels-3-768x384.png 768w, https:\/\/blog.mozilla.org\/security\/files\/2021\/02\/panels-3-1536x768.png 1536w, https:\/\/blog.mozilla.org\/security\/files\/2021\/02\/panels-3-2048x1024.png 2048w, https:\/\/blog.mozilla.org\/security\/files\/2021\/02\/panels-3-1000x500.png 1000w\" sizes=\"(max-width: 892px) 100vw, 892px\" \/><\/a><p id=\"caption-attachment-2698\" class=\"wp-caption-text\">Total Cookie Protection creates a separate cookie jar for each website you visit. (Illustration: Meghan Newell)<\/p><\/div>\n<p>In addition, Total Cookie Protection makes a limited exception for cross-site cookies when they are needed for non-tracking purposes, such as those used by popular third-party login providers. Only when Total Cookie Protection detects that you intend to use a provider, will it give that provider permission to use a cross-site cookie specifically for the site you\u2019re currently visiting. Such momentary exceptions allow for strong privacy protection without affecting your browsing experience.<\/p>\n<p>In combination with the <a href=\"https:\/\/blog.mozilla.org\/security\/2021\/01\/26\/supercookie-protections\/\">Supercookie Protections<\/a> we announced last month, Total Cookie Protection provides comprehensive partitioning of cookies and other site data between websites in Firefox. Together these features prevent websites from being able to \u201ctag\u201d your browser,\u00a0 thereby eliminating the most pervasive cross-site tracking technique.<\/p>\n<p>To learn more technical details about how Total Cookie Protection works under the hood, you can read the <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Mozilla\/Firefox\/Privacy\/State_Partitioning\">MDN page on State Partitioning<\/a> and our <a href=\"https:\/\/hacks.mozilla.org\/2021\/02\/introducing-state-partitioning\/\">blog post on Mozilla Hacks<\/a>.<\/p>\n<h2>Thank you<\/h2>\n<p>Total Cookie Protection touches many parts of Firefox, and was the work of many members of our engineering team: Andrea Marchesini, Gary Chen, Nihanth Subramanya, Paul Z\u00fchlcke, Steven Englehardt, Tanvi Vyas, Anne van Kesteren, Ethan Tseng, Prangya Basu, Wennie Leung, Ehsan Akhgari, and Dimi Lee.<\/p>\n<p>We wish to express our gratitude to the many Mozillians who contributed to and supported this work, including: Selena Deckelmann, Mikal Lewis, Tom Ritter, Eric Rescorla, Olli Pettay, Kim Moir, Gregory Mierzwinski, Doug Thayer, and Vicky Chin.<\/p>\n<p>Total Cookie Protection is an evolution of the First-Party-Isolation feature, a privacy protection that is shipped in Tor Browser. We are thankful to the Tor Project for that close collaboration.<\/p>\n<p>We also want to acknowledge past and ongoing work by colleagues in the Brave, Chrome, and Safari teams to develop state partitioning in their own browsers.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Today we are pleased to announce Total Cookie Protection, a major privacy advance in Firefox built into ETP Strict Mode. Total Cookie Protection confines cookies to the site where they &hellip; <a class=\"go\" href=\"https:\/\/blog.mozilla.org\/security\/2021\/02\/23\/total-cookie-protection\/\">Read more<\/a><\/p>\n","protected":false},"author":1836,"featured_media":2698,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[847,69],"tags":[327154],"coauthors":[454649,327146,318213],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Firefox 86 Introduces Total Cookie Protection - Mozilla Security Blog<\/title>\n<meta name=\"description\" content=\"Total Cookie Protection is a major anti-tracking advance in Firefox that confines cookies to the site where they were created.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/security\/2021\/02\/23\/total-cookie-protection\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tim Huang, Johann Hofmann, Arthur Edelstein\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2021\/02\/23\/total-cookie-protection\/\",\"url\":\"https:\/\/blog.mozilla.org\/security\/2021\/02\/23\/total-cookie-protection\/\",\"name\":\"Firefox 86 Introduces Total Cookie Protection - Mozilla Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2021\/02\/23\/total-cookie-protection\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2021\/02\/23\/total-cookie-protection\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blog.mozilla.org\/security\/files\/2021\/02\/panels-3.png\",\"datePublished\":\"2021-02-23T13:55:25+00:00\",\"dateModified\":\"2021-05-31T07:27:32+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/8b1d094582c63bfc7b4d416e51355dda\"},\"description\":\"Total Cookie Protection is a major anti-tracking advance in Firefox that confines cookies to the site where they were created.\",\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2021\/02\/23\/total-cookie-protection\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/security\/2021\/02\/23\/total-cookie-protection\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2021\/02\/23\/total-cookie-protection\/#primaryimage\",\"url\":\"https:\/\/blog.mozilla.org\/security\/files\/2021\/02\/panels-3.png\",\"contentUrl\":\"https:\/\/blog.mozilla.org\/security\/files\/2021\/02\/panels-3.png\",\"width\":2160,\"height\":1080,\"caption\":\"Total Cookie Protection gives each website its own cookie jar. (Illustration: Meghan Newell)\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2021\/02\/23\/total-cookie-protection\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Firefox 86 Introduces Total Cookie Protection\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/security\/\",\"name\":\"Mozilla Security Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/8b1d094582c63bfc7b4d416e51355dda\",\"name\":\"Tim Huang\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/664ef78451453eaf8e9e426af3c54cb4\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9c043b04a6702f66940ab8ea398e08a3?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9c043b04a6702f66940ab8ea398e08a3?s=96&d=identicon&r=g\",\"caption\":\"Tim Huang\"},\"description\":\"Firefox Privacy Engineer\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/tim-huang-83857172\/\",\"https:\/\/x.com\/artines1\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Firefox 86 Introduces Total Cookie Protection - Mozilla Security Blog","description":"Total Cookie Protection is a major anti-tracking advance in Firefox that confines cookies to the site where they were created.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/security\/2021\/02\/23\/total-cookie-protection\/","twitter_misc":{"Written by":"Tim Huang, Johann Hofmann, Arthur Edelstein","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/security\/2021\/02\/23\/total-cookie-protection\/","url":"https:\/\/blog.mozilla.org\/security\/2021\/02\/23\/total-cookie-protection\/","name":"Firefox 86 Introduces Total Cookie Protection - Mozilla Security Blog","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/security\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.mozilla.org\/security\/2021\/02\/23\/total-cookie-protection\/#primaryimage"},"image":{"@id":"https:\/\/blog.mozilla.org\/security\/2021\/02\/23\/total-cookie-protection\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.mozilla.org\/security\/files\/2021\/02\/panels-3.png","datePublished":"2021-02-23T13:55:25+00:00","dateModified":"2021-05-31T07:27:32+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/8b1d094582c63bfc7b4d416e51355dda"},"description":"Total Cookie Protection is a major anti-tracking advance in Firefox that confines cookies to the site where they were created.","breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/security\/2021\/02\/23\/total-cookie-protection\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/security\/2021\/02\/23\/total-cookie-protection\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/2021\/02\/23\/total-cookie-protection\/#primaryimage","url":"https:\/\/blog.mozilla.org\/security\/files\/2021\/02\/panels-3.png","contentUrl":"https:\/\/blog.mozilla.org\/security\/files\/2021\/02\/panels-3.png","width":2160,"height":1080,"caption":"Total Cookie Protection gives each website its own cookie jar. (Illustration: Meghan Newell)"},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/security\/2021\/02\/23\/total-cookie-protection\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/security\/"},{"@type":"ListItem","position":2,"name":"Firefox 86 Introduces Total Cookie Protection"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/security\/#website","url":"https:\/\/blog.mozilla.org\/security\/","name":"Mozilla Security Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/8b1d094582c63bfc7b4d416e51355dda","name":"Tim Huang","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/664ef78451453eaf8e9e426af3c54cb4","url":"https:\/\/secure.gravatar.com\/avatar\/9c043b04a6702f66940ab8ea398e08a3?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9c043b04a6702f66940ab8ea398e08a3?s=96&d=identicon&r=g","caption":"Tim Huang"},"description":"Firefox Privacy Engineer","sameAs":["https:\/\/www.linkedin.com\/in\/tim-huang-83857172\/","https:\/\/x.com\/artines1"]}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/2695"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/users\/1836"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/comments?post=2695"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/2695\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/media\/2698"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/media?parent=2695"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/categories?post=2695"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/tags?post=2695"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/coauthors?post=2695"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}