Firefox to block third-party cookies: about time!
I just saw a thread on the Mozilla dev-privacy list about a new patch, to land in Firefox 22, which would block third-party cookies from sites that the user hasn't visited. It's being written by a guy from Stanford.
I'm hugely in favor of this change. At Mozilla I often argued in favor of blocking all third-party cookies, and just as often heard the objection that it would "break the Web". This more limited cookie blocking seems like a good compromise. A third-party cookie from a site you've never visited is almost by definition going to be a tracking cookie set by an advertising network in order to make ads follow you around the Web. (Like this ad for GRE prep services that I started seeing everywhere after I signed up to take the GRE.) If you've ever looked at a Collusion graph, these are exactly the cookies that make up the nefarious center of the spider-web.
So I'm extremely happy that we're going to start blocking them. There are some issues to work out, but today I dropped by the Mozilla office to talk to some of the privacy/security guys about how I can contribute to the patches to help make sure this happens.
In other Mozilla news, they just announced that they have deals with eighteen mobile carriers around the world to support the Firefox OS smart phones. So iOS and Android are going to have some real open-web-based competition soon. Congratulations, guys! This is huge.