Mozilla’s Firefox 91, released this morning, includes a new privacy control feature called Enhanced Cookie Clearing. This feature allows users to manage all cookies and locally stored data generated by a website, whether they are cookies tagged to that site’s domain or cookies that have been placed by join that site Unpleasant a third-party domain, e.g. Facebook or Google.
Building on total cookie protection
Mozilla
The new feature builds on and relies on Total Cookie Protection, introduced in February with Firefox 86. Total Cookie Protection distributes cookies based on the site that placed them rather than the domain that owns them – meaning that if a hypothetical third party we call “Forkbook” places tracking (or authentication) cookies on both momscookies.com And grandmascookies.comit cannot reliably connect the two.
Without cookie partitioning, a single Forkbook cookie would contain the site data for both momscookies.com And grandmascookies.com. With cookie partitioning, Forkbook has to set two separate cookies – one for each site – and cannot necessarily relate one to the other.
Even if the cookies are used for a third party Forkbook login, linking the two together should be done on the backend – as both are likely for the same Forkbook account – rather than Forkbook being simple, cheap and easy can read all tracking data from a single cookie. If the sites don’t use Forkbook for authentication, the two probably can’t be linked at all because even if the user is logged into Forkbook in a different tab, that cookie will be split separately from the cookies used on Mom’s and Grandma’s cookie sites.
Clear data across the site
Mozilla
Once you understand that websites routinely place cookies that belong to third-party domains, it becomes clear why it can be difficult to erase all traces of data stored by that site. momscookies.com would not clear the Forkbook cookie, and clearing a universal Forkbook cookie would necessarily log the user out of all websites using Forkbook authentication.
However, when each site has its own individual cookie jar, meaning Forkbook has to place separate cookies, separate copies of embedded javascript libraries, separate copies of images, and so on between momscookies.com And grandmascookies.com And forkbook.com yourself – it becomes possible to manage easily all data stored locally by that individual site.
When using Total Cookie Protection you can empty the entire bucket for momscookies.com, including its own cookies, cookies from Forkbook and everything else. This breaks Forkbook’s record of your browsing activities momscookies.com– because although it sets a new cookie the next time you visit the site, it has no reliable way of linking that cookie to the previous cookie you deleted or to other Forkbook cookies placed by other sites.
Fuhgeddaboudit
Mozilla
In addition to organizing locally stored data by the website that posted it rather than by the domain that owns it, Firefox 91 gives users the ability to quickly and easily remove all local traces of visiting a site. When browsing your own history timeline in Firefox 91, you can right-click on a site’s entry and select Forget This Site. Doing so will delete the history entry as well as any cookies, images, cached scripts, etc. that were set during visits to that site.
Get strict
To use the new privacy management features, you must first ensure that Strict Tracking Protection is enabled. Without strict tracking protection, cookies are not separated by the site that set them in the first place.
To enable Strict Tracking Protection, click the shield to the left of the address bar and select Security Settings. This will open Privacy and Security in a new tab. From there, make sure the radio button for Enhanced Tracking Protection is set to Strict, not Default.
While Firefox’s privacy and security dialog accurately warns you that strict security may cause some sites or content to break, those breaches are few and far between in our own tests so far. Most of the web, including the bits that use third-party authentication and tracking, should continue to work just fine.