Mozilla Corp., maker of the Firefox browser, launched a pre-emptive attack on “cookie” tracking this week, announcing it will begin shipping a new way of frustrating the practice — creating a unique bucket in the browser cache for each domain name and walling them off from each other. It calls the innovation “Total Cookie Protection.”

Here’s how Mozilla’s engineers described the change this week in an article explaining how the policy works and how to test it.

“Firefox includes a new storage access policy that blocks cookies and other site data from third-party tracking resources. This policy is designed as an alternative to the older cookie policies, which have been available in Firefox for many years. This policy protects against cross-site tracking while minimizing the site breakage associated with traditional cookie blocking.”

Until now, Firefox has partnered with a nonprofit, Disconnect.me, which manually tracks opaque ad-tech and other “tracker” services and lists their domains in a “blacklist.” Firefox has then used that list, which includes the domains of most the major ad-tech companies,  to deny the historic functioning of third-party cookies in the browser.

“State partitioning is a different approach to preventing cross-site tracking,” Mozilla’s engineers write. Gizmodo’s Shoshana Wodinsky helps to explain in her piece, “Firefox’s Latest Update Promises Complete Cookie Control—With Just a Few Caveats’.

Another tech writer, TechCrunch’s Natasha Lomas, in her account, notes that Google has pledged to deny third-party cookie function in its dominant Chrome browser sometime next year, and is working on controversial alternatives.  Apple’s Safari has had a form of cookie-blocking for a couple of years but is about to role out an effort to frustrate other tracking approaches as well.

In its announcements, Mozilla provided an important note about the effect of its change on so-called federated Single Sign On (SSO) services. In a blog post, “Introducing State Partitioning”, the browser maker explained that when a user from one website is trying to log in via another affiliated website, but in a different domain, “we allow the state to be unpartitioned in certain cases” such as a legitimate SSO service. They continue “the top-level SSO site and the embedded SSO service’s iframe will start to use the same storage key, meaning that they will both access the same cookie jar. So, the iframe can get the login credentials via a third-party cookie.”

Mozilla’s browser maket share has been dropping for years and it is No. 4 after Chrome, Safari and Microsoft’s Edge browser.  It, however, is the only notable browser maker that is owned by a nonprofit, the Mozilla Foundation, and which has little or no revenues from advertising or subscriptions.

RELATED LINKS

• Mozilla tech detail on Firefox change: “Introducing State Partitioning” | Johann Hoffman & I’m Huang, Mozilla Blog
• Firefox’s total cookie protection is the new standard of browser privacy — Here’s why | Darragh Murphy, LapTopMag.com
• Firefox Launches Total Cookie Protection | Rebekah Dunne, Search Engine Journal News
• BACKGROUND: What is State Partitioning? | Mozilla Web Docs | MORE DETAIL

GOOGLE AND AD TECH 

• Is Google Locking Down Chrome to Resist the Rise of Chromium Based Browsers? | John Paul Wohlscheid, itsfossnews.com
• Tech giants vs. cookies: Google has an ingenious plan but there’s one big drawback | Shubham Agarwal, DigitalTrends.com
• RELATED: “Chrome (or Chromium browsers) into the key bottleneck for ad tech” | British competition report
• How will adtech tackle Google, Apple privacy changes? | Joseph Duball, IAPP Privacy Advisor
• TRY THIS: Browser extension shows what happens if all Google/FB calls are blocked | Mitchell Clark, TheVerge.com
• VENDOR VIEW: Permutive’s co-founder: Consent is now table stakes for data use | Elizabeth Brennan, AdAge.com

PERSONAL PRIVACY 

• PROFILE: As world focuses on privacy, DuckDuckGo hopes to seize the moment | Don Steinberg, Philadelphia Magazine
• When it comes to cookies and consent, do consumers prefer fewer choices? | David A. Zetoony, GreenbergTraurig law firm
• Facebook launches ad campaign to defend personalized advertising ahead of Apple privacy change | Margaret Graham, CNBC.com
• Facebook’s personalized ads pitch: The world is full of good ideas needing exposure | Facebook Blog | VIEW AD: Good Ideas Deserve to be Found
• Three ex-Amazon insiders sound alarm about personal-data security | Vincent Manencourt, Politico.EU
• RESEARCH: SEO content platform releases 1,000-person survey of of platform “trust” | Karlene Lukovitz, DigitalNewsDaily/MediaPost.com
• A typology of privacy harms: New academic research | Daniel J. Solovy & Danielle Keats Citron
• In Europe at least, AI and privacy appear on collision course | Paula Whitaker & Ezra Church, Morgan Lewis law firm

New rhetoric and the potential of new initiatives were brewing this week after the Australian government, following a last-minute faceoff with Facebook, enacted a law intended to force Internet platforms to pay for the news they show their users.

Deep questions about copyright and the incentives created by the law — plus whether it is leaving out small publishers — were left in the aftermath. There is talk that European publishers, with the backing of Microsoft Inc., may push something similar. And a larger question: Should journalism become dependent upon platforms such as Google and Facebook whose business models are frequently described as “surveillance capitalism”?  For example, in the midst of the Australian news, smaller platform Twitter announced a plan to charge for content rather than sell more advertising.

An early beneficiary of the Australian situation appears to be Australian-born media mogul Rupert Mudoch, after Google agreed to include his News Corp. in a voluntary payment approach called “News Showcase.”  But this attracted scorn  from a prominent London lawyer, who implied in an op-ed that Murdoch, who has been a consistent and vocal critical of the platforms, was in a “sweetheart deal.” Murdoch’s News Corp. owns both The Times of London and Wall Street Journal.

The British barrister is Tim Cowen, chair of the antitrust practice at Preiskel & Co. LLP and an advisor to a lobby group Marketers for an Open Web (MOW), which has been opposing before the U.K.’s Competition and Markets Authority (CMA) Google’s technology plans post third-party cookies.  MOW has refused to disclose its members, other than to say they include ad-tech companies, advertisers and some publishers — saying they fear Google reprisals.

“MOW has submitted to the CMA that a Google plan to change their browser settings and phase out third party cookies is really designed to undermine publishers’ ability to earn revenue from adverts on their own websites,” Cowen wrote in the op-ed posted on Friday (Feb. 26). They called for interim measures, to protect the public interest and the plurality of media by halting the roll-out of Google’s changes.

PLATFORMS AND JOURNALISM

• Australia passes law forcing Google and Facebook to pay news publications | Daniel Van Boom, Queenie Wong, CNet.com | RELATED STORY | THE NEW LAW | AUSTRALIAN GOVERNMENT MEMORANDUM
• FACEBOOK STATEMENT:  “The real story of what happened in Australia” | Nick Clegg, Facebook Blog
• Australian law is hailed as ‘a big win for the news business’ | Brian Stelter, CNN.com
• ANALYSIS: What is the Australian law? And why does FB keep getting caught for fraud? | Matt Stoller, Substack.com
• Facebook restores news to Australia – who it includes and  terms remains murky | Max Willens, DigiDay.com
• BACKGROUND: Web “inventor” Tim Berners-Lee testified “paying for links” is worrisome | The Associated Press
• Twitter to launch system to allow charging for premium content | Barbara Ortutay, The Associated Press | RELATED STORY

AUSTRALIAN AFTERMATH

• Facebook signs pay deals with 3 Australian news publishers | Rod McGuirk, The Associated Press
• In sidebar to Australian dispute, Facebook mentions it will pay $1B over 3 years to news industry | Tali Arbel, The Associated Press | RELATED STORY
• Facebook got everything it wanted out of Australia by being willing to do what the other guy wouldn’t | Joshua Benton, NiemanLab.org
• After Facebook’s news flex Australia passes bargaining code for platforms | Natasha Lomas, TechCrunch.com
• Microsoft, EU publishers seek Australia-style news payments | Kelvin Chan, The Associated Press
• Days after Australia law, Indian papers ask Google for 85% ad revenue share | Times of India
• What we can learn from the Facebook-Australia news debacle | Justin Hendrix, MIT Technology Review

GLOBAL PRIVACY 

• South African regulator creates voluntary data-handling “code of conduct” | via IAPP Daily Dashboard
• Data Protection Day dawns as global privacy laws, concerns about protectionism increase | Matthew Newman & Mike Swift, Lexis-Nexis mlex.com