What's the difference between the 2022 and 2023 editions of Firefox's Total Cookie Protection?

jonah, 10 months ago

You can see that their blog post from June 2022 is nearly the exact same as their blog post "from April 2023," which makes me suspect this was a mistake on their blog which news publications ran with:

• https://web.archive.org/web/20221020015500/https://blog.mozilla.org/en/mozilla/firefox-rolls-out-total-cookie-protection-by-default-to-all-users-worldwide/
• https://web.archive.org/web/20220930064608/https://support.mozilla.org/en-US/kb/total-cookie-protection-and-website-breakage-faq

Weird though!

lo________________ol, 10 months ago

Do you think they accidentally updated the date of the post when changing some of the contents of the article? New sites saw it and reported on it again?

I like to think I'm on top of this stuff, but it definitely threw me for a loop too. Total Cookie Protection is a bit of a misnomer, so I can understand why people might have been confused.

jonah, 10 months ago

New sites saw it and reported on it again?

Right, I think that's basically what I'm saying. Mozilla is not the most fantastic company at communication lol

Equation5565, 10 months ago

Sounds like they are just making noise

However, there was 2 different technologies. One was First Party Isolation, pioneered by the TOR project, and then was re-engineered into dFPI, Dynamic First Party Isolation, which was marketed as Total Cookie Protection as part of the Enhanced Tracking Protection initiative.

It's hard to explain and i did a big study on the exact details once, but i can't even remember anymore. It's so confusing anyway.

lo________________ol, 10 months ago

All the labels are just so nonsensical. I did a little bit of digging into how cross-site tracker blocking is implemented in Firefox, and it took me a while to realize that switching from Standard to Strict ETP in a fresh profile was all I needed to do to beat the EFF's test site.

But the options under ETP still confuse me. Take the Custom > Cookies section.

• Blocking all cookies - makes sense
• Blocking all third party cookies - ditto, only cookies from the current site will be allowed
• Cookies from unvisited sites - this one is a little weird. So if I've been to Google once, does that mean I can get cookies from google.com but not ads.google.com?
• Isolate cross-site cookies - so third party cookies aren't blocked, but for each site that uses the same third party, the third party cookie is different?
• Cross-site and social media trackers - I have no idea. Sounds like the last one (which should cover everything?) and maybe block social media cookies entirely?!

There's also the "tracking content" which appears to be the only thing that is blocked in ETP strict but not ETP standard. I have to assume this is some blacklist of known tracking scripts or something.

It's a lot to wrap my head around. It really could use a checklist.