Cookies and Cream
Cookies and Cream
If you have browsed the tech news recently, you probably saw a pair of stories about an important open source browser the world knows as Firefox. If it matters to you, I will add that, despite the logo, a Firefox is really not supposed to be a fox at all but is actually a red panda. The news stories? The first was that Firefox just had its ninth birthday. The browser was born when the Mozilla Foundation (remnants of the once great Netscape Communications Corp.) realized its old Mozilla browser was getting too bloated and wanted a fresh start.
If you have browsed the tech news recently, you probably saw a pair of stories about an important open source browser the world knows as Firefox. If it matters to you, I will add that, despite the logo, a Firefox is really not supposed to be a fox at all but is actually a red panda. The news stories? The first was that Firefox just had its ninth birthday. The browser was born when the Mozilla Foundation  (remnants of the once great Netscape Communications Corp.) realized its old Mozilla browser was getting too bloated and wanted a fresh start.
The second item in the news was that Firefox is wavering in its previously announced goal to start blocking third-party cookies by default. This plan received the strongest endorsements from privacy groups, but as you might predict, the online ad industry didn't like it one bit. In fact, I would way, the scornful rhetoric of the ad industry spokesmen made the FUD of the Microsoft era seem positively tame.
For a little background, third-party cookies are cookies that get placed on your computer, even though they aren't related to the website you are visiting. In other words, you have taken no action to start a relationship with the vendor who owns a third-party cookie – it is just left on your computer because you visited a site that has an advertising deal with the vendor.
The immediate reaction to Mozilla's wavering resolve is to assume they were intimidated by the ad industry. The asymmetry of non-profit board members going up against paid professional lobbyists is really a little disturbing: well-intentioned do-gooders going to work in the morning and getting called arrogant, anti-American, job killers by mysterious lawyers with fat expense accounts and dark suits. Still, it seems like that cat had been out of that bag since April – Mozilla had already announced the new policy and had already taken heat for it: Why not follow through?
You might be wondering how the Mozilla Foundation gets all its money, since they aren't directly affiliated with a big company and they don't sell any products. Firefox is the third most popular browser (after Google Chrome/Chromium and Microsoft IE). How do they fund all that development? It turns out they get most of their money from Google. According to Wikipedia , Mozilla gets around US$ 300 million per year from Google – all for making Google the default search engine in Mozilla's applications. Is Google, the king of online advertising, behind this effort to slow down Mozilla's move to block third-party cookies?
Although I'm no expert in online advertising policy, I kind of doubt it. Google has its own ways of tracking your behavior through search activity, email scanning, and social networking. In many ways, Google would become even more powerful if third-party vendors could not track your activities independently.
Perhaps a better way to look at it is, Mozilla is in the middle of an elaborate multiparty negotiation – a dance in muddy, uncharted waters that has no rules, no roadmap, and no clear way of determining right or wrong. In such situations, one has power to a point, but if you overplay your hand, the other parties cut you out of the deal and you lose all your power. The exact point at which power wanes and irrelevance begins is just a guess, influenced by theatrics, personality, and the unpredictable effects of public opinion.
Annoying or intrusive as they might seem, cookies are a fairly benign feature. Given the general insecurity of the web environment, one could easily imagine far more insidious assaults on personal privacy if advertisers were forced to give up cookies and go deeper to get information on web users. By refraining from "going nuclear" and shutting out third-party cookies, Mozilla keeps its place at the negotiating table and is able to use its influence to help determine policies for how and when cookies are used. Consequently, they have thrown their support behind a group known as the Cookie Clearinghouse . On the other hand, some would say that this argument of wanting to "keep a place at the table" is all too often an excuse for appeasement.
Who's right? I don't know. But the real point is, no one knows. It is a negotiation, a poker game, a flimflam fest, where one can only guess. After all, this is the web we're talking about.
Buy this article as PDF
Lennart Poettering wants to change the way Linux developers talk to each other.
Enterprise giant frees itself from ink and home PCs (and visa versa).
Mozilla’s product think tank sinks silently into history.
TODO group will focus on open source tools in large-scale environments.
New tool will look like GParted but support a wider range of storage technologies.
New public key pinning feature will help prevent man-in-the-middle attacks.
Carnegie Mellon researchers say 3 million pages could fall down the phishing hole in the next year.
The US government rolls new best-practice rules for protecting SSH.
Klaus Knopper announces the latest version of his iconic Live Linux system.
All websites that use these popular CMS tools could be vulnerable to denial of service attacks if users don't install the updates.