back to article Mozilla doubles down on anti-tracking tech: It'll be tougher for wily ad-biz cookie monsters to track Firefox

A week after Firefox 79 debuted, Mozilla says that it plans to start rolling out version 2.0 of its Enhanced Tracking Protection (ETP) scheme to prevent redirect tracking on the web. On the web there's a distinction between first-party cookies – files stored in your browser by a visited web application or site – and third- …

  1. Pascal Monett Silver badge
    WTF?

    Wait a minute

    We've had Firefox addons that kill redirect and bring you to the intended website since ages. Why do we need this newfangled tracker/blocker thingamajig ?

    It's not really difficult either, if I'm not mistaken. A redirect is like http://ww.redirect.com?goto/http:www.intended.site.com. Just check for the second http and take that.

    It's not hard. At least I think. Why all the hoopla ?

    1. IGotOut Silver badge

      Re: Wait a minute

      Because it's default.

      No need for a plug in...so will cover everyone that uses it.

      1. NATTtrash Silver badge

        Re: Wait a minute

        But... But...

        "Every Body" always tells me they have nothing to hide...

        BTW, am I the only one who is somewhat hesitant when suspects A, and especially G, say they want to reduce tracking?

        1. arctic_haze

          Re: Wait a minute

          If you have nothing to hide, please tell us your credit card number, expiry date and the three digit thingy on its back?

  2. bigtreeman

    are there adds on this page ???

    In Firefox have had adds blocked for years and am astounded each time I see all the adds on my partners web browser (one of the others).

    And Firefox is getting better at it all the time.

    Why do people put up with shite.

  3. Anonymous Coward
    Anonymous Coward

    I can't remember...

    the last time I saw an advert in a browser.

    There again, I don't use IE/Edge or Chrome or actually Google anything. (plus zero social media platforms)

    There is a pattern there but I can't quite see what it is. I need some more coffee.

    [gulp][gulp]

    Oh yes. I've got it now. Google is an ad factory. Use anything with their brand on it (or even their source code) and you know what you are letting yourself in for.

    If I had my way then Google would be made to pay 99% tax on all UK income before they send of offshore to some tax haven just for the damage that they are inflicting on society. Never gonna happen so don't bother downvoting this post.

    1. NATTtrash Silver badge
      Trollface

      Re: I can't remember...

      OK, have an UP then...

    2. Charles 9 Silver badge

      Re: I can't remember...

      "If I had my way then Google would be made to pay 99% tax on all UK income before they send of offshore to some tax haven just for the damage that they are inflicting on society. Never gonna happen so don't bother downvoting this post."

      And if they simply present financial records showing they have NO UK income? That's the sad reality of transnationals: they can play sovereignty against you.

      1. A.P. Veening Silver badge

        Re: I can't remember...

        And if they simply present financial records showing they have NO UK income? That's the sad reality of transnationals: they can play sovereignty against you.

        In that case you just get information on payments made to Google by UK entities (make it mandatory reporting by banks) and double the taxes as punitive measure.

        1. Charles 9 Silver badge

          Re: I can't remember...

          Google moves all British Isles operations to Ireland and out of UK jurisdiction. Like I said, jump jurisdictions. Which do you prefer: 10% of something or 100% of nothing?

          1. A.P. Veening Silver badge

            Re: I can't remember...

            Customers aren't going to pay for international remittance and I am sure Google would like to get that money, so there will have to be a legal UK entity, which can be taxed. Alternatively, Google can stop doing business in the UK and leave that market to competitors, which is also an excellent solution to the problem as the competitors will be paying their taxes and can grow strong without the killing competition from Google.

            1. Charles 9 Silver badge

              Re: I can't remember...

              "Customers aren't going to pay for international remittance..."

              They may not realize they're paying for it if Google plays it savvy. If the customer doesn't realize it, they can probably go for it. Look at eBay and how it handles international transactions, even in foreign currency.

    3. JulieM

      Re: I can't remember...

      We simply need to make it law that if you do any business at all in the UK, you pay taxes depending on your global turnover.

      And yes, I do mean tax turnover, not profit. That puts an instant stop to shell games. If you're still in business, you're obviously making money, even if you are managing to hide it by buying goods and services from your own subsidiary companies at inflated prices. If taxing every pound going into or out of a company's bank accounts is the only way to make sure they pay their fair share, so be it.

      1. SundogUK

        Re: I can't remember...

        So you would tax a business on 100 Bn turnover when only 1 Bn was turned over in the UK? You are a cretin.

        1. JulieM

          Re: I can't remember...

          Yes, why not? If they are doing business in the UK, they must either be making money in the UK, or be deliberately running a loss-making business in the UK to disguise profitability elsewhere in the world. Taxing a small portion of every sum entering or leaving their bank accounts is the only way to be sure they pay their share.

      2. Charles 9 Silver badge

        Re: I can't remember...

        "That puts an instant stop to shell games."

        No, they'll just use more sophisticated shell games, degrees of separation, good lawyers, foreign shenanigans, and so on. Private lawyers tend to get paid more so have more access and more motivation to make their clients happy. I doubt you'll find a method that can't be lawyered around or, at the extreme, challenged in court on various legal grounds. Beyond that, it'll reach a point they'll just pony up to get the government changed altogether, finding that bill to be cheaper.

  4. Novex

    I just use NoScript to block most javascript code anyway. I also always clear my browser out entirely after a browsing session, using a password manager to login rather than relying on saved cookies. So it appears this anti-tracking work won't be much use to me...

    1. Updraft102

      Truly. I clear all cookies (not just known trackers) a lot more often than once a day. Once the tab is closed, cookie is gone. Yeah, I get a lot of "we don't recognize your browser." Well, you're not supposed to, nor should you expect to.

  5. big_D Silver badge

    404ed

    you end up navigating to the redirect tracker first rather than to the retailer.

    Yes, my DNS has over 2,5 million tracking sites blacklisted. I've noticed more and more links on websites that 404, because the redirect tracker is blacklisted.

  6. fpx

    Barking up the wrong tree

    The problem is not first party vs third party cookies. If third party cookies were banned, advertisers would simply make the switch to first party cookies. That would need a bit more server side plumbing but could be done easily by major sites.

    I do not want to be tracked all across the web. What I want is a browser that lets me compartmentalize my cookies into sessions. Like an "Amazon" session, a "Register" session etc. Private tabs are too restrictive, because I want multiple tabs per session. Cookies are limited to one session and not shared between sessions. Then each site could track what I am doing on the site itself, but not my browsing habits elsewhere.

    For example, a browser could manage one session per window. Then I could have multiple sessions/windows, and multiple tabs per session/window.

    Does that exist?

    1. Dazed and Confused

      Re: Barking up the wrong tree

      Isn't that why you have multiple browsers installed?

      One for work

      One for (anti)social-media

      One for ...

      I suppose I should end up using containers or some such

    2. Charles 9 Silver badge

      Re: Barking up the wrong tree

      "Then each site could track what I am doing on the site itself, but not my browsing habits elsewhere."

      But what if the two sites KNOW each other...or partner with someone who knows them both AND has second- or even first-party relationships with both of them, meaning their tracking tech looks no different from first-party tracking?

      Basic point is, this whole shell game will eventually become server-side user tracking tracking which no user will be able to block, even with masquerading. Then it'll be a matter of, "Stop the Internet! I wanna get off!"

      1. fpx

        Re: Barking up the wrong tree

        "But what if the two sites KNOW each other."

        That would not matter. E.g., the Facebook cookie in the Register session would be different from the Facebook cookie in the Amazon session, and both would be different from the Facebook cookie in the Facebook session, meaning that Facebook would not be able to slurp the articles that I looked at.

        So that would work unless they shared identities (i.e., your account information).

        As for "Isn't that why you have multiple browsers installed?" Yes. I have Firefox, Opera, Edge, Chrome and Vivaldi. I am running out of browsers.

        1. Charles 9 Silver badge

          Re: Barking up the wrong tree

          "So that would work unless they shared identities (i.e., your account information)."

          DE-anonymization is a thing, you know? Facebook probably has the ability to connect the dots, by IP or ISP if nothing else, so even if you use physically separate computers, computing habits among other things would probably be able to start linking you together.

          1. Updraft102

            Re: Barking up the wrong tree

            Solution: block facebook.* at the router.

            1. Charles 9 Silver badge

              Re: Barking up the wrong tree

              One, no control over the router. Two, friends or family rely on WhatsApp or Messenger to communicate and have the ability to make things unpleasant for you if you insist.

    3. tfb Silver badge
      Alien

      Re: Barking up the wrong tree

      Yes: Firefox multi-account containers. There's (I think) support built into FF, and then there's an extension which provides the UI, from Mozilla.

      It's OK (I use it to partition off Google & some other toxins) but slightly annoying that you can't write smarter URL-pattern->container rules.

    4. ben kendim

      Re: Barking up the wrong tree

      Why do all other tabs need to see cookies set by a page in one tab?

      Assign a tab ID to each cookie, allow it to be sent only to that tab, and clear it as soon as the tab is closed.

      1. Dazed and Confused

        Re: Barking up the wrong tree

        > Why do all other tabs need to see cookies set by a page in one tab?

        I often use more than one tab when shopping

    5. U1traVio1et

      Re: Barking up the wrong tree

      Firefox do a addon called ‘containers’ which could help you out quite a lot

    6. osmarks

      Re: Barking up the wrong tree

      https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/

  7. Anonymous Coward
    Anonymous Coward

    Time-based cookie clearing

    How about this? A first-party cookie set on a website that is visited for less than 5 seconds is automatically cleared by the browser when leaving the website. This would completely stop the concealed-third-party cookie based tracking, as it would be a new cookie on every visit.

    1. Rich 2 Silver badge

      Re: Time-based cookie clearing

      There is a Firefox addon called “auto cookie delete” or something like that. That does pretty much what you just said

      1. Aleph0

        Re: Time-based cookie clearing

        Exactly that, the add-on is Cookie AutoDelete. Works a treat, you just have to extend the auto-clean timeout a bit (otherwise things like reCAPTCHA don't work as well) and whitelist the sites you log on to like the Reg.

      2. Charles 9 Silver badge

        Re: Time-based cookie clearing

        I think there's a newer one called Forget Me Not, which has the added benefit of enabling cookie blacklisting (the "Instant" option).

  8. JulieM

    Wouldn't it be simpler

    Wouldn't it be simpler just to wipe all cookies set by any site that just redirects without displaying anything?

    Or even return "crumbled" cookies -- deliberately altered from what the site was trying to set, to devalue and poison tracking data (and maybe even crash servers with poor input sanitisation!)

    1. Charles 9 Silver badge

      Re: Wouldn't it be simpler

      Then they just display ads and wait out whatever clock you set up.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021