Skip to main content

Mozilla plotting block- and allow-lists for tracking Firefox cookies

Mozilla has provided more details on how it will handle tracking cookies in upcoming versions of Firefox, announcing a partnership with the Center for Internet and Society (CIS) at Stanford to create a "block" and "allow" list of websites.

Cookie-blocking by default, which was originally planned for Firefox 22, is still on hold as Mozilla works out the details, Mozilla CTO Brendan Eich wrote in a blog post.

The CIS has developed a centralised list of websites that would either be blocked from collecting data - known as cookies - or allowed to gather that data on participating browsers.

Cookies can be useful, like remembering passwords and settings on sites that you surf to frequently. But there are also concerns about targeted advertising and how much data is really collected.

As a result, browser makers like Mozilla have been toughening up their cookie rules with "do not track" technology. This type of blocking is already in place on Apple's Safari, while Microsoft irked advertisers by turning on "do not track" by default in IE10.

Last month, however, Mozilla announced that, for now, it would put on hold plans to block cookies by default in stable versions of Firefox. Mozilla was testing a patch from Stanford grad student Jonathan Mayer that would basically allow cookies from sites that you visited before, but block those from sites to which you had never navigated. It sounded good, but there were complications, Eich explained, like false positives and negatives.

"For example, say you visit a site named, which embeds cookie-setting content from a site named With the patch, Firefox sets cookies from because you visited it, yet blocks cookies from because you never visited directly, even though there is actually just one company behind both sites," Eich said in May. "Meanwhile, in the other direction, just because you visit a site once does not mean you are ok with it tracking you all over the Internet on unrelated sites, forever more."

So, Mozilla has been trying to address these issues, and has now landed on the Cookie Clearinghouse (CCH) from CIS.

"Today Mozilla is committing to work with Aleecia [McDonald of CIS] and the CCH Advisory Board, whose members include Opera Software, to develop the CCH so that browsers can use its lists to manage exceptions to a visited-based third-party cookie block," Eich said.

The effort is still in its early stages, and "we crave feedback," so Mozilla is limiting CCH to the pre-beta Aurora version of Firefox. Average users probably won't see it in the stable version of Firefox for another few iterations; Firefox 21 was released last month.

"Of course, browsers would cache the block- and allow-lists, just as we do for safe browsing. I won't try to anticipate or restate details here, since we're just starting. Please see the CCH site for the latest," Eich concluded.

Mozilla is planning a 2 July event at its offices to provide more details about the project; further information about that are expected soon.