Mozilla is rolling out Total Cookie Protection to more Firefox users

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
9,973

Firefox users may receive a prompt on startup of the web browser that gives them an option to enable the browser's Total Cookie Protection feature.​


firefox total cookie protection
Total Cookie Protection separates cookies in the browser so that only the site that planted it in the browser has access to it. The protective feature limits cross-site tracking in the Firefox web browser. Some sites and services require third-party cookies to work properly; these providers get automatic permission to use cross-site cookies when Total Cookie Protection detects that a Firefox user intends to use that provider.

Mozilla describes Total Cookie Protection in the following way:
Total Cookie Protection builds a fence around cookies, limiting them to the site you're on so third parties can't use those same tracking beacons to follow you from one site to the next. For example, if you visit socialnetwork.example, the site won’t be able to view your activity on shopping.example, healthinsurance.example, or your cousin’s cooking blog later.

First introduced in Firefox 86 Stable, released in February 2021, Total Cookie Protection has been restricted to Firefox's strict tracking protection feature. Mozilla enabled the feature in Firefox 89 for the browser's private browsing mode.

The roll out in Firefox brings the feature to the default tracking protection configuration in the browser when enabled. Firefox users who get the prompt in the browser may activate the "turn on Total Cookie Protection" button to add the protective feature to the browser.

When they do that, a new checkbox appears in the privacy settings to toggle the functionality.

firefox-total cookie protection setting
Total Cookie Protection is in early access currently according to Mozilla. No additional data is collected when the feature is enabled. Mozilla states that the rollout helps the organization improve the feature before it is enabled by default for all users of the web browser in a future version.

Firefox users may activate the Shield icon on sites with broken functionality, after enabling Total Cookie Protection, to turn off the feature for the site and optionally inform Mozilla about that.

Firefox users who do not get the prompt or the setting in the browser may set the preference browser.privacySegmentation.preferences.show to TRUE on about:config to display it in the browser. According to Mozilla, it may also be possible to enable this by setting network.cookie.cookieBehavior to 5 on about:config. Others may prefer to enable the Strict privacy setting, as it includes the new functionality already.

How does it differ from blocking third-party cookies outright? If you enable the setting, sites are blocked from setting third-party cookies; this may break some site functionality, unless exceptions are set. Total Cookie Protection allows the setting of third-party cookies, but it restricts access to these cookies.

Mozilla has yet to reveal when the feature will become available as a default for all users of the web browser.
 

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
9,973

Firefox rolls out Total Cookie Protection by default to all users worldwide​

Starting today, Firefox is rolling out Total Cookie Protection by default to all Firefox users worldwide, making Firefox the most private and secure major browser available across Windows and Mac. Total Cookie Protection is Firefox’s strongest privacy protection to date, confining cookies to the site where they were created, thus preventing tracking companies from using these cookies to track your browsing from site to site.
 

Gandalf_The_Grey

Level 75
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,450
Mozilla Firefox is the "most secure" web browser with Total Cookie Protection on by default
Mozilla is now offering Total Cookie Protection as a default setting for all desktop users of the Firefox web browser. The company claims this feature makes Firefox “the most secure and private web browser” on Windows, Linux, and Mac PCs.

Total Cookie Protection could be Firefox’s most promising and strong privacy protection to date. The feature essentially confines cookies to the site where they were created. This should help prevent tracking companies from using cookies to track an internet user’s browsing patterns as they move from site to site.

Mozilla assures that Total Cookie Protection offers strong protections against tracking. However, the feature does not affect a user’s browsing experience. It works by creating a separate “cookie jar” for each website users will visit. Previously, any and all cookies generated by any one website were pooled inside a common container. Needless to mention, this container, stored locally, was accessible to all websites and tracking companies that were interested.
 

rain2reign

Level 8
Verified
Well-known
Jun 21, 2020
363
It is my understanding that by doing so, you lose TCP. If someone else can confirm this, please do.
That was supposed to be the case, according to my understanding as well. However, it still confuses me whether it's still the case now, with the TCP enabled by default from newer versions on.

Since you need to disable ETP, for the rare occasion, when blocking third-party cookies becomes a problem.
 

Kongo

Level 35
Verified
Top Poster
Well-known
Feb 25, 2017
2,462
Does this also mean its enabled at custom settings when blocking all third-party cookies?
We literaly discussed this in another thread a week ago.. :unsure:


 

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
9,973

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
9,973
Mozilla has brought Total Cookie Protection to the public with Standard Enhanced Tracking Protection in Firefox. The feature means less tracking and more privacy to you,
here is how it can be enabled or disabled if it causes issues.
 

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
9,973
Firefox is rolling out Total Cookie Protection by default to more Firefox users worldwide, making Firefox the most private and secure major browser available across Windows, Mac, Linux and Android. Total Cookie Protection is Firefox’s strongest privacy protection to date, confining cookies to the site where they were created, thus preventing tracking companies from using these cookies to track your browsing from site to site.
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814
Does whitelisting, even temporarily, a site via FF/Librewolf's Enhanced Tracking Protection also disable dFPI for that site? 🤔
Have gone through every piece of documentation I could find about ETP, TCP and (d)FPI but simply can't find an answer. I did find this while searching:
EXEMPT SPECIFIC ORIGINS FROM PARTITIONING
Dynamic State Partitioning can also be disabled for specific origins with the privacy.restrict3rdpartystorage.skip_list preference. This pref holds a comma separated list of origins to exempt. The pref value should follow the following format first-party_origin_1,third-party_origin_1;first-party_origin_2,third-party_origin_2;....

For example, to disable partitioning for tracker.example on example.com and for social.example on news.example, you would set the pref to the following:
https://tracker.example,http://example.com;https://social.example,https://news.example
It's not a direct answer, and I'm not even sure if this is referencing dFPI, but if it is, the fact you have to dig into about:config to disable it at all would suggest to me that no, ETP whitelisting doesn't disable dFPI. But that's just my read of it, I could be wrong.

Figured I'd also ask ChatGPT and see what it says:
As of my last update in September 2021, whitelisting a website in Firefox's Enhanced Tracking Protection doesn't automatically disable Dynamic First-Party Isolation. These are separate features with distinct purposes.
Whether this information's correct is anyone's guess.
 
Last edited:

oldschool

Level 80
Verified
Top Poster
Well-known
Mar 29, 2018
6,970
Figured I'd also ask ChatGPT and see what it says:
Whether this information's correct is anyone's guess.
This may be the first AI answer I've seen that might make any sense. Thanks for digging! :cool:👍

Edit:
Dynamic State Partitioning can also be disabled for specific origins with the privacy.restrict3rdpartystorage.skip_list preference.
Notice the words "can also" be disabled. I wonder what other way there is?
 
Last edited:

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814
Notice the words "can also" be disabled. I wonder what other way there is?
Refers to disabling it for all sites with a separate preference:
To disable dynamic storage partitioning for all sites you can use the network.cookie.cookieBehavior pref:

Value / Description
5 / Reject (known) trackers and partition third-party storage.
4 / Only reject trackers (Storage partitioning disabled).
0 / Allow all
Comes before how to do so on individual websites in the documentation. I just didn't include it in my post.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top