Execution Delayed —

Mozilla delays turning on third-party cookie killer in Firefox

Firefox 22, now in beta, will also get a new JavaScript compiler.

Mozilla delays turning on third-party cookie killer in Firefox

With Firefox 22 now in beta Mozilla has decided not to enable its new third-party cookie-blocking feature by default. The feature, aimed at preventing cross-site tracking of browser users with cookies not originating from the sites users visit, will still be available in the next Firefox release (due  in June) but will be turned off by default.

Cookies are small sets of data stored locally by the web browser, originally intended to help keep track of where a user was (his or her “state”) within a web application. They’re associated with a particular domain name and carry a set of values such as an application name, a unique identifying number or string for the user or the web session, and an expiration date. While most cookies are increasingly short-lived some can be essentially “immortal” (or last at least until a user purges them) with expiration dates far off in the future. Web sites can also query cookie data from a visiting web browser to gather analytical information about the user as well—and to target specific ads based on identity or web visit history data revealed by them.

Precision strike

In a blog post Mozilla Chief Technology Officer Brendan Eich explained the reasons for the delay in turning on the feature (a patch submitted by Stanford computer science graduate student Jonathan Meyer) by default. He said there were still issues to be resolved in how the feature avoided both “false positives," such as blocking cookies from the companies behind sites visited by the user because they were associated with a different domain name. There’s also still an issue with “false negatives”—unwanted cookies that users pick up from sites they’ve visited that then follow them to other sites.

“Just because you visit a site once does not mean you are ok with it tracking you all over the Internet on unrelated sites, forever more,” Eich wrote. “Suppose you click on an ad by accident, for example. Or a site you trust directly starts setting third-party cookies [such as those used by advertisers, delivered via JavaScript embedded in display ad code] you do not want. Our challenge is to find a way to address these sorts of cases.”

Thinking outside the browser

There are some significant changes in the internals of Firefox 22, some of which will drive whole new classes of web applications.  One of those changes is full support for WebRTC, a real-time communications framework that allows JavaScript applications to communicate peer-to-peer, supporting anything from chat to video conferencing to multiplayer games. There's also an implementation of the Web Notifications API which allows in-browser applications to send desktop and mobile device notifications to the user's screen.

But perhaps more significant is the arrival of support Asm.js, an optimized subset of JavaScript for boosting the performance of generated JavaScript code, arriving in the new OdinMonkey just-in-time JavaScript compiler. (Ars Technica's Peter Bright is pulling together an in-depth analysis of Asm.js.) Mozilla is planning on using Asm.js in both its desktop and mobile browsers, and in the Firefox OS, to allow for what has been hyped as near-compiled performance for large applications including JavaScript apps generated from C and C++ code.

Channel Ars Technica