POV: Firefox 22 And Cookie Blocking

MINDSHARE POINT OF VIEW – Mozilla has announced that they intend to introduce a cookie blocker into their Firefox 22 release, which is due in June 2013. Although widely reported in the press, the proposal is still under internal discussion at Mozilla.

Firefox and Safari (which has been doing the same for the past 10 years) constitute a fair proportion of Web’s audience who, if Firefox goes ahead with its blocker, will now be largely invisible to third-party data collectors (ad networks, trading desks, research companies and their clients).

Details and Implications

The proposed Firefox policy will allow cookies presented from a domain that users actually visit – dubbed a "first-party" site – but will actually block those generated by a third-party domain unless the user had previously visited the cookie's site-of-origin.

This means that if Firefox goes ahead with the plan, we will have no transparency into their users for targeting or analysis purposes.

The industry has been debating what Do Not Track means with the Worldwide Web Consortium (W3C) and privacy activists for the better part of a year and, frankly, is going nowhere. As recent as February there was another meeting in Boston to try and move the DNT discussion forward, but with no success.

The W3C wants third parties to have to obtain permission before setting cookies on a user’s browser, whilst so called first parties (those parties collecting information off their own site ­ such as Google, Apple, Amazon, Microsoft, Facebook) would be exempt from these requirements.

Mozilla has been a staunch supporter of the W3C point of view.

The advertising industry contends that this is an imbalanced view and it discriminates against the smaller players who are trying to use third-party data for targeting, attribution and research. The W3C view puts the power firmly in the hands of the oligopolies and is prejudicial toward the many companies who use or depend on third-party data.

We also believe that the current AdChoices self-regulatory opt-in model is more privacy friendly. It offers consumers transparency (about who is collecting data) and choice (users can opt-out of data collection). The W3C model, on the other hand, gives users little choice and no transparency: a) you either agree to the first-party terms or are denied access, and b) once you are a user of their services, the first parties offer very little control over how your data is collected and used.

On the surface, Mozilla's move is much more aggressive than Microsoft’s recent decision to include a default DNT header in IE10. Microsoft’s move was widely ignored by the industry because it was a “machine” decision rather than a choice made by the user.


We have to let industry privacy experts manage the discussion with Mozilla. GroupM is engaged in this conversation.

The self-regulatory AdChoices program has gained real momentum. The more AdChoices icons we have accompanying our clients’ advertising impressions, the more consumers will understand how sharing data contributes to a better web experience.

The more transparent we are with consumers, the more they will learn to trust us with their data.