Jack Wallen explains what supercookies are and how to protect your web browsing against them with Firefox’s new privacy feature.
Mozilla announced recently a new take on privacy for its open source web browser Firefox. This new approach is called Total Cookie Protection and makes a limited exception for cross-site cookies only when they are needed for non-tracking purposes, such as those used by third-party login providers. Outside of that, permissions will not be given to any cross-site cookies.
Why is this important? Because of a little thing called a supercookie, which is a type of tracking cookie found within an HTTP header used to collect data about browsing history and habits. The main difference between supercookies and regular cookies is that there is no easy method for a user to know when a supercookie was added–in other words, supercookies are pretty stealthy. Also, regular cookies can be quickly deleted simply by flushing your browser cache, while supercookies cannot because they aren’t really cookies, and they aren’t stored by your browser or even stored on your device–they’re injected at the network level by your ISP as Unique Identifier Headers.
Firefox Total Cookie Protection comprehensively partitions cookies and other site data between websites. With sites partitioned off from one another, they cannot “tag” your browser for cross-site tracking. For anyone who values privacy, this should be considered a must-have feature for a web browser, and it has me heading back to Firefox more and more.
SEE: Navigating data privacy (free PDF) (TechRepublic)
Mozilla has added Total Cookie Protection to both the desktop and mobile versions of its browser, though the feature isn’t enabled by default. I’ll show you how to enable Total Cookie Protection on Firefox mobile on Android. Once you know how, you’ll be able to easily do the same on the desktop version.
What you’ll need
The only thing you need to follow the steps in this tutorial is the latest version of Firefox installed on your mobile device. I tend to use the Nightly version, but the stable version has the feature as well. You can get Firefox for either Android or iOS.
How to enable Firefox Total Cookie Protection on Android
Mozilla’s new feature is not actually called Total Cookie Protection within the browser, which might make you think it isn’t available on your combination of platform and browser release number; fortunately, the feature is available on all platforms–as long as you have the latest version of the browser.
This feature is hiding under Privacy And Security. If you open the Firefox Settings window, scroll down to Privacy And Security and tap Enhanced Tracking Protection. In the resulting window (Figure A), make sure Enhanced Tracking Protection is enabled (it is by default) and then tap to enable Strict protection.
It’s important to note that Strict protection blocks the following:
When you enable Strict Protection on the mobile version of Firefox, you’re done; on the desktop version, you must either restart Firefox or allow it to reload all tabs.
You’ll know Firefox has blocked cookies when the shield in the address bar turns purple (Figure B).
How to enable exceptions to Firefox’s Total Cookie Protection
With Total Cookie Protection enabled, you might find that some sites don’t work properly. When you come across a site that exhibits such behavior, you’ll want to add an exception. Although this might be an inconvenience at first, it’s far better to give permission than to ask yourself for forgiveness later for not protecting your privacy.
Exceptions are added on a site-by-site basis. When a site isn’t behaving properly after you enable Total Cookie Protection, visit the site and tap the purple shield, which will open a popup (Figure C). Tap the On/Off slider to the Off position, to disable Total Cookie Protection for the site. Now the site in question should behave properly.
And that’s how you can gain even more privacy and protection from the Firefox web browser. This is an important feature, and until someone figures out a way to circumvent the protection, you’d be best served by enabling the Strict mode within Firefox’s Enhanced Tracking Protection.