Security Experts:

Connect with us

Hi, what are you looking for?



New Firefox Feature Ups the Ante Against Cookie-Based Tracking

Mozilla this week announced improved user privacy in Firefox 86, with the introduction of a new feature aimed at preventing the tracking of users from site to site.

Mozilla this week announced improved user privacy in Firefox 86, with the introduction of a new feature aimed at preventing the tracking of users from site to site.

Called Total Cookie Protection and built into Enhanced Tracking Protection (ETP) Strict Mode, the new feature was designed to confine cookies to the websites that created them, and complements the Supercookie Protections that Mozilla introduced in Firefox 85 last month.

“Cookies, those well-known morsels of data that web browsers store on a website’s behalf, are a useful technology, but also a serious privacy vulnerability. That’s because the prevailing behavior of web browsers allows cookies to be shared between websites,” Mozilla notes.

The browser maker underlines that, with cookies shared between sites, tracking companies can tag a user’s browser and follow their browsing activity. Such cookie-based tracking is used for mass commercial tracking, allowing advertising companies to create detailed personal profiles of users.

For more than two years, courtesy of ETP, Firefox has been blocking cookies from companies identified as trackers, but the new feature is meant to take the protections to the next level, and ensure that no cookie can be used to track a user from site to site.

For that, Total Cookie Protection separates cookies by the sites that created them. Thus, when a site or the third-party content on the site stores a cookie in the browser, it is sent to a “cookie jar” assigned to that site, and never shared with other websites.

However, exceptions are made for cross-site cookies needed for non-tracking purposes, such as the cookies used by third-party login providers.

“Only when Total Cookie Protection detects that you intend to use a provider, will it give that provider permission to use a cross-site cookie specifically for the site you’re currently visiting. Such momentary exceptions allow for strong privacy protection without affecting your browsing experience,” Mozilla says.

Related: Google Moves Away From Diet of ‘Cookies’ to Track Users

Related: Google Says Chrome Cookie Replacement Plan Making Progress

Related: Firefox Cracks Down on Supercookies to Improve User Privacy

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Application Security

Less than a week after patching critical security defects affecting multiple enterprise-facing products, VMware is warning that one of the flaws is being exploited...


U.S. fighter jets successfully shot down the high altitude spy balloon launched by and belonging to China.


Meta was fined an additional $5.9 million for violating EU data protection regulations with WhatsApp messaging app.