The non-profit organization released Firefox Aurora on April 5 with a patch by Jonathan Mayer built into it which would only allow cookies from those websites which the user has visited and would block the ones from sites which haven’t been visited yet.
Mozilla’s plans were criticized by online advertisers, many of whom were of the opinion that not only were the cookies useful in advertising they also served the purpose of analytics and data theft protection.
Despite the delay, Mozilla is not going to go back out or soften its stand on online privacy and putting users first notes Mozilla’s CTO and senior vice president of engineering, Brendan Eich in a blog post.
The reason for change in plans is that as of Mozilla is currently looking more deeply into “false positives,” which would result into blocking of cookies from sites which may be part of the same group of sites that the user had visited. Giving an example of CDNs which are used heavily by websites across the globe, Eich notes “say you visit a site named foo.com, which embeds cookie-setting content from a site named foocdn.com. With the patch, Firefox sets cookies from foo.com because you visited it, yet blocks cookies from foocdn.com because you never visited foocdn.com directly, even though there is actually just one company behind both sites.”
Looking on the other side of the coin, there are “false negatives” whereby a user may have visited a particular site but he/she is not comfortable with the idea of being tracked across the Internet – even on sites which are not related to the ones they have visited in the first place.
This is the reason Mozilla needs more time to collect and analyze more data that would allow it to refine the third-party cookie-blocking code before it goes out as a default ‘on’ option and starts blocking cookies from unvisited sites.
Eich notes that they will be adding “privacy-preserving code” enabling them to “measure how the patch affects real websites.”
Mayer’s patch has been moved to beta versions of Firefox 22 but, is not enabled by default. The final version is scheduled for release on June 24.