Firefox rolls out Total Cookie Protection as default to all users worldwide

Topic

New Reply

https://blog.mozilla.org/en/products/firefox/firefox-rolls-out-total-cookie-protection-by-default-to-all-users-worldwide/

Take back your privacy

Starting today, Firefox is rolling out Total Cookie Protection by default to all Firefox users worldwide, making Firefox the most private and secure major browser available across Windows and Mac. Total Cookie Protection is Firefox’s strongest privacy protection to date, confining cookies to the site where they were created, thus preventing tracking companies from using these cookies to track your browsing from site to site.

Total Cookie Protection works by creating a separate “cookie jar” for each website you visit. Instead of allowing trackers to link up your behavior on multiple sites, they just get to see behavior on individual sites. Any time a website, or third-party content embedded in a website, deposits a cookie in your browser, that cookie is confined to the cookie jar assigned to only that website. No other websites can reach into the cookie jars that don’t belong to them and find out what the other websites’ cookies know about you — giving you freedom from invasive ads and reducing the amount of information companies gather about you.

2 users thanked author for this post.

JohnW, lmacri

Reply | Quote

Replies

Change “by” to “as” in your title; your background is blue.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

1 user thanked author for this post.

Alex5723

Reply | Quote

Ah yes, the word “by” in the title strikes again! Two “victims” in two weeks…first me and now Alex!

Hopefully the devs can find the root cause of the issue and put a stop to it.

OK, enough about this, as it’s off topic. 😳

Reply | Quote

Alex5723 wrote:

https://blog.mozilla.org/en/products/firefox/firefox-rolls-out-total-cookie-protection-by-default-to-all-users-worldwide/

That article is vague. What about ESR versions? I have the latest ESR version 91.10.0. I don’t want regular Fx but this would be great. I doubt Mozilla will add it to ESR versions. It’s been difficult to get a decent cookie blocker extension for Fx ESR in recent years.

Reply | Quote

Does this mean that we no longer need to use the ‘Firefox Multi-Account Containers’ extension to contain website cookies?

Reply | Quote

This has been an option in Settings > Privacy & Security for quite some time.  I’ve been using it a good while.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

Is this the option you are referring to? See attached.

So, how does this ‘strict’ option, if it is the same as Total Cookies Protection, differ from Firefox Multi-Account Containers?

Reply | Quote

WCHS wrote:

Total Cookies Protection

Total Cookie Protection works by creating a separate “cookie jar” for each website you visit. Instead of allowing trackers to link up your behavior on multiple sites..

Reply | Quote

Alex5723 wrote:

June 15, 2022 at 12:24 am
#2453542

WCHS wrote:

Total Cookies Protection

Total Cookie Protection works by creating a separate “cookie jar” for each website you visit. Instead of allowing trackers to link up your behavior on multiple sites..

I know that already. I have read what Total Cookie Protection is. I have read what Firefox Multi-Account Containers do. They look to me to be doing the same thing. But, I am asking if there is a difference, since I can’t tell from what I read about both of them.

Reply | Quote

Mele20 wrote:

I doubt Mozilla will add it to ESR versions

I doubt they won’t.

Reply | Quote

They won’t be backporting features of new versions of Firefox to existing ESR versions, which are older versions. That is the purpose of ESRs, after all. In time,  the feature (like all other things people may wish to have… or avoid) will work its way to the ESR channel, as the current ESRs reach the end of support date and their users are upgraded to whatever the next ESR is.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

Reply | Quote

Hi Alex5723 / bbearren:

I still don’t understand how Mozilla is enabling Total Cookie Protection for all Firefox users.

Further to WCHS’s question in post # 2453494, does that mean that blocking for “Cross-site cookies in all windows (includes tracking cookies)” will be added to “Standard” Enhanced Tracking Protection (i.e., the way it currently is for “Strict” Enhanced Tracking Protection), or does that mean that “Strict” will become the default setting for Enhanced Tracking Protection?

Note that I currently use “Standard” Enhanced Tracking Protection in FF v101.0.1.
—————
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v21H2 build 19044.1706 * Firefox v101.0.1 * Microsoft Defender v4.18.2203.5-1.1.19200.6 * Malwarebytes Premium v4.5.9.198-1.0.1699

Reply | Quote

My settings for Privacy & Security:

Standard
Balanced for protection and performance. Pages will load normally.
Firefox blocks the following:
Social media trackers (Instead of allowing trackers to link up your behavior on multiple sites.)
Cross-site tracking cookies (Instead of allowing trackers to link up your behavior on multiple sites.)
Cross-site cookies in Private Windows (Instead of allowing trackers to link up your behavior on multiple sites.)
Tracking content in Private Windows
Cryptominers
Fingerprinters

I’m on Version 101.0.1.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

Hi bbearren:

Then I don’t understand your comment in post # 2453491 that Total Cookie Protection “has been an option in Settings > Privacy & Security for quite some time. I’ve been using it a good while“.  If you’re still using “Standard” Enhanced Tracking Protection (the current default) then what setting did you enable to activate Total Cookie Protection, or did I misunderstand your comment?

According to the 11-Jan-2022 ghacks.net article Mozilla Firefox 96.0 Release: Here is What is New “Firefox 96.0 enforces the Same-Site=lax cookie policy by default now. It is one of three available values for the Same-Site policy and blocks cookies from being sent in third-party contexts. Firefox will use the lax value automatically for sites that don’t specify a Same-Site directive“. The 04-Aug-2020 Mozilla Hacks article Changes to SameSite Cookie Behavior – A Call to Action for Web Developers also noted that the SameSite cookie policy was being increased from “none” to “lax” in FF v96.  Does that mean that Total Cookie Protection has actually been in force by default since FF v96 was released, or is there an upcoming change that will further increase the SameSite cookie policy from “lax” to “strict”?

As you can see, I’m still confused about what Firefox setting actually confers Total Cookie Protection.  The 14-Jun-2022 Mozilla blog Firefox Rolls Out Total Cookie Protection by Default to All Users Worldwide that Alex5723 referenced has some nice diagrams of cookie jars but is a bit vague on details.
—————-
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v21H2 build 19044.1706 * Firefox v101.0.1 * Microsoft Defender v4.18.2203.5-1.1.19200.6 * Malwarebytes Premium v4.5.9.198-1.0.1699

1 user thanked author for this post.

WCHS

Reply | Quote

lmacri wrote:

“has been an option in Settings > Privacy & Security for quite some time. I’ve been using it a good while“. If you’re still using “Standard” Enhanced Tracking Protection (the current default) then what setting did you enable to activate Total Cookie Protection, or did I misunderstand your comment?

When I enabled it, it was an option, not default-enabled by Firefox.  Firefox is now enabling it by default.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

Hi bbearren:

Then I’m still confused. The 14-Jun-2022 Mozilla blog Firefox Rolls Out Total Cookie Protection by Default to All Users Worldwide that Alex5723 referenced notes that Enhanced Tracking Protection was turned on by default in 2019 and I’ve always had my Enhanced Tracking Protection set to “Standard”, but I don’t think that automatically conferred Total Cookie Protection. Until now I think you had to manually select “Strict” Enhanced Tracking Protection [i.e., with the additional block called “Cross-site cookies in all windows (includes tracking cookies)” as shown in my image in post # 2453578] in order to get Total Cookie Protection.

I’m guessing that “Standard” Enhanced Tracking Protection will eventually have that extra block [“Cross-site cookies in all windows (includes tracking cookies)”] added once Total Cookie Protection is rolled out as the default setting, but I could be wrong about that.
————
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v21H2 build 19044.1706 * Firefox v101.0.1 * Microsoft Defender v4.18.2203.5-1.1.19200.6 * Malwarebytes Premium v4.5.9.198-1.0.1699

1 user thanked author for this post.

WCHS

Reply | Quote

Further to my post # 2453683, I just noticed the following addendum in the Mozilla support article Enhanced Tracking Protection in Firefox for Desktop:

In addition to Private Browsing Mode and Strict Mode, we are gradually unlocking Total Cookie Protection in Standard Browsing Mode. Total Cookie Protection confines every cookie to the website where it was created. This prevents cookies from tracking you across sites. Strict Mode also includes Enhanced Cookie Clearing, which allows users to clear third-party cookies more effectively.

That would suggest that Total Cookie Protection is currently included with Private Browsing Mode and “Strict” Enhanced Tracking Protection but is just starting to roll out to users who have selected the default “Standard” Enhanced Tracking Protection.  See the  new support article Introducing Total Cookie Protection in Standard Mode for more information.
————-
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v21H2 build 19044.1706 * Firefox v101.0.1 * Microsoft Defender v4.18.2203.5-1.1.19200.6 * Malwarebytes Premium v4.5.9.198-1.0.1699

1 user thanked author for this post.

WCHS

Reply | Quote

Here’s the option on my Firefox (101). It’s in the Standard protection area:

 

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

4 users thanked author for this post.

WCHS, lmacri, Bob99, Alex5723

Reply | Quote

So that’s what it looks like! I imagine that is also what @bbearren has been seeing as well. However, I’m on FF101.0.1 on a Windows 10 21H2 machine, and I don’t see that at all, not even in a couple of FF portable installations I have on this machine. Since I have the Mozilla maintenance service disabled/not installed, that’s probably why I don’t have it yet (i.e. I think that maybe they’ve been pushing it out via the maintenance service).

Given what’s in the post from Mozilla referenced by @Alex5723 in the very first post of this topic, I would imagine that FF102 will ship with the feature at the location shown in @Ascaris ‘ post above, and it will be there on all OSes, from Windows to Android to Linux.

BTW, I also noticed that in @lmacri ‘s screenshot in post number 2453578 above, the Total Cookie Protection was absent from the Standard settings in Enhanced Tracking Protection as it is for me…missing, with the latest version of FF (101.0.1) in use.

Reply | Quote

Hi Ascaris:

Thanks for the screenshot you posted <above>.  Do you have Settings | Privacy & Security | Firefox Data Collection and Use | Allow Firefox to Install and Run Studies ENABLED in your Firefox browser?  I definitely don’t have that check box for testing of Total Cookie Protection in my “Standard” Enhanced Tracking Protection settings, and I’m wondering if  testing was (or still is) part of a SHIELD study?

————
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v21H2 build 19044.1706 * Firefox v101.0.1 * Microsoft Defender v4.18.2203.5-1.1.19200.6 * Malwarebytes Premium v4.5.9.198-1.0.1699

Reply | Quote

No, I don’t have that enabled. I have the same settings as you in that section, with the exception of the last checkbox, for the backlogged crash reports. I have that unchecked as well as the others.

My Firefox is on Linux, FWIW, but that does not seem to be the reason some people are not seeing the option, as @bbearren is using Windows.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

lmacri

Reply | Quote

lmacri wrote:

I still don’t understand how Mozilla is enabling Total Cookie Protection for all Firefox users.

It seems like a server side update. When launching FF the browser connects to Mozilla’s servers (unless you blocked connection due to telemetry) and updates FF..

Reply | Quote

Alex5723 wrote:

It seems like a server side update. When launching FF the browser connects to Mozilla’s servers (unless you blocked connection due to telemetry) and updates FF.

Hi Alex5723:

I meant I didn’t understand how I would be able to tell if I had received the update (e.g., if there would be a “silent” change in one of the advanced settings at about:config, if the list of blocked items in the Privacy & Security settings would simply be revised for “Standard” Enhanced Tracking Protection , etc.). After seeing Ascaris’ image in post # 2453757 I now understand what setting I should be looking for.  A picture says a thousand words, as they say.

I still haven’t received the Firefox Suggest feature that started rolling in Firefox v92 and displays “Top Pick” suggestions from third-party partners when I search from my address bar (thankfully), but the support article How to Customize Firefox Suggest Settings states that “As we continue this rollout, Top pick is currently only available to select users in the US“.  I live in Canada so perhaps Total Cookie Protection for “Standard” Enhanced Tracking Protection will be a bit slower rolling out in my region as well.
—————-
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v21H2 build 19044.1706 * Firefox v101.0.1 * Microsoft Defender v4.18.2203.5-1.1.19200.6 * Malwarebytes Premium v4.5.10.200-1.0.1702

Reply | Quote

Bob99 wrote:

Given what’s in the post from Mozilla referenced by @Alex5723 in the very first post of this topic, I would imagine that FF102 will ship with the feature at the location shown in @Ascaris ‘ post above

Firefox is rolling out Total Cookie Protection by default to all Firefox users worldwide. The feature is rolling to current versions not in some future versions…Like any worldwide updates it takes time.

Reply | Quote

Alex5723 wrote:

The feature is rolling to current versions not in some future versions…

so does that mean they will revoke the settings in the future?

Windows - commercial by definition and now function...

Reply | Quote

[RESOLVED]
Decided to give FF a try again. However, It won’t allow me to autologon to my my.yahoo.com home page like chrome does. I’ve tried all the settings I can think of to no avail. Ideas?

Don’t know what the issue was but I tried it on my test machine and had no problems. So I reinstalled and synced with the Test machine setup and all is OK!

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

1 user thanked author for this post.

WCHS

Reply | Quote

Just an FYI that my Firefox browser updated to v102.0.0 today (see the release notes <here>) and I still don’t see the checkbox to enable Total Cookie Protection under my “Standard” Enhanced Tracking Protection that was shown in Ascaris’ image in post # 2453757, in spite of the fact that the Mozilla support article Enhanced Tracking Protection in Firefox for Desktop says that “Total Cookie Protection is enabled by default in Standard Browsing Mode…“. I live in Canada so perhaps I’ll have to wait a bit longer for this option to be rolled out to my system.

From Settings | Privacy & Security | Browser Privacy | Enhanced Tracking Protection | Standard in my FF v102.0.0 browser:

—————
Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.1766 * Firefox v102.0.0 * Microsoft Defender v4.18.2205.7-1.1.19300.2 * Malwarebytes Premium v4.5.10.200-1.0.1702 * Macrium Reflect Free v8.0.6758

Reply | Quote

I don’t think there IS a checkbox; your .png shows the types of cookies being already blocked. There is a section above that screen for exceptions.

Zig

Reply | Quote

Zig wrote:

I don’t think there IS a checkbox…

Hi Zig:

Please see the check box shown in Ascaris’ image of their “Standard” Enhanced Tracking Protection (ETP) in post # 2453757 that is labeled “Test pilot our most powerful feature ever. Total Cookie Protection contains cookies to the site you’re on, so trackers can’t use them to follow you between sites“.  I assume I should see a similar check box once Total Cookie Protection is pushed out to my Firefox browser.

Microfix wrote:

Look for network.cookie.cookieBehavior This may or not be there in older versions but, if it is, edit the value from default 4 to 5 to activate cookie isolation and exit about:config.

Hi Microfix:

According to the 27-May-2022 ghacks.net article Mozilla is Rolling Out Total Cookie Protection to More Firefox Users:

“Firefox users who do not get the prompt or the setting in the browser may set the preference browser.privacySegmentation.preferences.show to TRUE on about:config to display it in the browser. According to Mozilla, it may also be possible to enable this by setting network.cookie.cookieBehavior to 5 on about:config. Others may prefer to enable the Strict privacy setting, as it includes the new functionality already.”

Changing browser.privacySegmentation.preferences.show from FALSE (the default) to TRUE did not seem to have any effect so I also changed network.cookie.cookieBehavior from 4 (the default) to 5.  Instead of  adding Total Cookie Protection to my “Standard” ETP it disabled my “Standard” ETP and enabled “Custom” ETP instead.

—————–
Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.1766 * Firefox v102.0.0 * Microsoft Defender v4.18.2205.7-1.1.19300.2 * Malwarebytes Premium v4.5.10.200-1.0.1702 * Macrium Reflect Free v8.0.6758

Reply | Quote

Using about:config: (my preference)
Look for network.cookie.cookieBehavior
This may or not be there in older versions but, if it is,
edit the value from default 4 to 5 to activate cookie isolation and exit about:config.

I like the 2 part stripping of tracking within adresses 🙂
privacy.query_stripping.enabled.pbmode set to TRUE
privacy.query_stripping.enabled set to TRUE
although these are exclusive to FF102.0 and FF102.0.0esr going forward..

this is my panel settings:

Windows - commercial by definition and now function...

Reply | Quote

lmacri wrote:

Please see the check box shown in Ascaris’ image of their “Standard” Enhanced Tracking Protection (ETP) in post # 2453757 that is labeled “Test pilot our most powerful feature ever. Total Cookie Protection contains cookies to the site you’re on, so trackers can’t use them to follow you between sites“.

Total protection is build-in now. It is on by default

https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop?as=u&utm_source=inproduct

Protections Dashboard

To see what’s been blocked on all sites over the past week, visit your Protections Dashboard. Click the shield in the address bar and select Protections Dashboard or type about:protections into the address bar. This will open the Protections Dashboard page in a new tab.
What Enhanced Tracking Protection blocks

Firefox uses a list of known trackers provided by Disconnect. By default, Firefox blocks the following types of trackers and scripts.

Social media trackers
Cross-site tracking cookies (also isolates remaining cookies)
Fingerprinters
Cryptominers

Tracking content: These trackers are hidden in ads, videos, and other in-page content. In Standard mode, tracking content is blocked in Private Windows. To add this protection in all windows, visit your privacy preferences and select Strict or Custom as explained below. ..

1 user thanked author for this post.

windbg

Reply | Quote

PS: Firefox 91.11.0esr portable.

Reply | Quote

Alex5723 wrote:

Total protection is build-in now. It is on by default

Hi Alex5723:

Total Cookie Protection doesn’t appear to be turned on by default in my FF v102.0.0. browser.

According to the the Mozilla support article Total Cookie Protection and Website Breakage FAQ :

“…Advanced users can visit the about:config page and check if the preference network.cookie.cookieBehavior is set to 4. This means that Total Cookie Protection is disabled.”

My default setting for network.cookie.cookieBehavior is still 4 in my FF v102.0.0 browser, which suggests that Total Cookie Protection is disabled by default on my system.

I currently use “Standard” Enhanced Tracking Protection and, as expected, my Protection Dashboard at about:protections shows that Enhanced Tracking Protection (ETP) is enabled and that it blocked 28 cross-site tracking cookies in the past week (see attached image of my expanded dashboard).  However, I thought that simple blocking of third-party (cross-site) tracking cookies was built in to “Standard” ETP long ago, or am I wrong about that?

Exactly how do I know that the more comprehensive Total Cookie Protection is enabled and protecting me from tracking cookies that can be used to track me from site to site as I browse the web? When I go to Settings | Privacy & Security | Browser Privacy | Enhanced Tracking Protection | Standard I can see it includes “Cross-site tracking cookies“, but if Total Cookie Protection is truly enabled in “Standard” ETP and there is no check box to enable/disable Total Cookie Protection shouldn’t it at least say something like “Cross-site cookies in all windows (includes tracking cookies)” and “Tracking content in all windows” as it does for “Strict” ETP?

——————–
Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.1766 * Firefox v102.0.0 * Microsoft Defender v4.18.2205.7-1.1.19300.2 * Malwarebytes Premium v4.5.10.200-1.0.1702

2 users thanked author for this post.

Charlie, NaNoNyMouse

Reply | Quote

Do you have a “shield” (Total Cookie Protection = ON) icon near the URL on sites ?
Click on that.

Reply | Quote

Alex5723 wrote:

Do you have a “shield” (Total Cookie Protection = ON) icon near the URL on sites ? Click on that.

Hi Alex5723:

The shield icon has been displayed on the address bar since Enhanced Tracking Protection (ETP) was turned on by default in Firefox 70, per the ghacks.net 13-Aug-2019 article Mozilla Revamps Firefox’s HTTPS Address Bar Information and the FF v70 release notes <here>.

In my images below for ghacks.net it shows that Tracking Content is allowed (not blocked) for https: // securepubads.g.doubleclick. net for my “Standard” ETP (which I would expect since I wasn’t using Private Browsing), but  there are no Cross-Site (third-party) Tracking Cookies (and no social media trackers, fingerprinters or cryptominers) detected on ghacks.net.

If I go to the AskWoody.com site (as in your example) it shows “No known trackers known to Firefox were detected on this page” but I assume that’s because AskWoody.com does not use trackers.

———————
Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.1766 * Firefox v102.0.0 * Microsoft Defender v4.18.2205.7-1.1.19300.2 * Malwarebytes Premium v4.5.10.200-1.0.1702

Reply | Quote

That support article is kind of poorly written, but I gathered from it that if you select “Strict” ETP, then you will get Total Cookie Protection. Like you, I also normally use “Standard”, so I tried that and saw that network.cookie.cookieBehavior changed from 4 to 5 in about:config.

1 user thanked author for this post.

lmacri

Reply | Quote

Progress at last. I just updated to Firefox v103.0.0 (rel. 26-Jul-2022) and Total Cookie Protection has finally been added to the Standard option of my Enhanced Tracking Protection.

Settings | Privacy & Security | Browser Privacy | Enhanced Tracking Protection | Standard now looks like this (compare with my 28-Jun-2022 image for FF v102.0.0 in post # 2457142) …

… and about:config shows that network.cookie.cookieBehavior now has a default setting of 5 (compare with the default of 4 shown in my 30-Jun-2022 image for FF 102.0.0 in post # 2457493).

———–
Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.1826 * Firefox v103.0.0 * Microsoft Defender v4.18.2205.7-1.1.19400.3 * Malwarebytes Premium v4.5.11.202-1.0.1716 * Macrium Reflect Free v8.0.6867

Reply | Quote

Not yet in Firefox esr 102.1.0.

Reply | Quote

Hi,
Does this mean that even if “yes” is clicked, Firefox will deny the third party cookies? And also, what about the cookies that piled up before the protection began?

Reply | Quote