Posts Tagged data privacy

Why disabling 3rd party cookies in Firefox 22 is a big mistake!

Monday, April 15th, 2013 | Permalink

Before I start, let me quickly outline two things. I am working in the online advertising industry + this is representing my personal opinion.
I have built several ad serving solutions and tracking engines within the last years and the chance of you having a cookie on your harddisk that comes from one of these solutions is quite likely.

Mozilla recently announced that with the release of Firefox 22 they will, per default, disable 3rd party cookies.
This in the first place looks like a big advantage to users. People fear to be tracked and analyzed across their whole internet behavior. I will come to data privacy a little later in detail.

I believe that data privacy is extremely important, I am just not happy the way Mozilla or to be specific the Firefox developers are handling this.
The idea is simply to avoid 3rd party cookies to be granted as long as the user hasn’t visited the 3rd party and the cookie became a 1st party cookie.

Or in other words, I am an ad network and as long as you haven’t ever clicked on one of my ads, I am not able to know identify the browser, how often you have been exposed to a specific ad and so on. Good? Sounds quite fair.

But the second you are putting this into a different context, the whole thing becomes a little awkward.

What is the default page that a Firefox shows you when you install it? Right that’s a customized Google search page. You just got a 1st party pixel by Google.
What’s the main income stream for Google? Right advertising!

Ever asked yourself how Mozilla is financing their servers, employees etc.? Right donations!


Let me quote Wikipedia on this:

“The Mozilla Foundation is funded by donations and “search royalties”. Since 2005, the vast majority of funds have come from Google Inc. […]
In 2006, the Mozilla Foundation received US$66.8 million in revenues, of which US$61.5 million is attributed to “search royalties” from Google.[9]
The foundation has an ongoing deal with Google to make Google search the default in the Firefox browser search bar and hence send it search referrals; a Firefox themed Google search site has also been made the default home page of Firefox. […] On 20 December 2011 Mozilla announced that the contract was once again renewed for at least three years to November 2014, at three times the amount previously paid, or nearly US$300 million annually.[11][12] Approximately 85% of Mozilla’s revenue for 2006 was derived from this contract.”

Same also counts for Facebook. You are scared by advertising? Facebook knows already a lot about you, but with making the Like Button available across the web, they know your actual browsing behavior. They know what you like and now they also know what you have been exposed to on the web! And as they are everywhere, like Google Analytics, they have the full picture. This is actually not happening for any other advertising network as the market is fragmented across a lot of companies.

Let’s talk a little bit about data privacy. I am working for a pan-european advertising company and we are investing a lot of time and money into data privacy compliance. We are TrustE certified, we have regular audits with lawyers across Europe, we are participating in the Do-Not-Track initiative, we are on the global IAB opt-out page, we don’t store any IP addresses and we have a dedicated page to explain how we handle data privacy. The industry is 100% aware of the situation and we are adopting to all rules and are extremely pro-active in what we are doing.

If you ever thought cookies are the only thing that enables companies to track you, you are absolutely wrong.
Beside standard cookies there is technologies like LSO, LocalStorage, e-tags and lots and lots more. To be more direct on this, every browser plugin brings its own technology. A good collection of these can be found at the Evercookie of Samy Kamkar.

The online industry committed within the last years to not use LSO, also known as Flash cookies, anymore. The most obvious reason is that a plugin cookie like Flash LSO is not being removed when removing cookies. In addition a LSO can be read out across browsers. Means your behavior on Firefox could be read out when you are using Internet Explorer or Safari!
Needless to mention that the Firefox approach is technically not stopping this.
From a data privacy perspective this is a nightmare and that’s exactly why the industry stopped this.

A lot of people are annoyed by commercials and there is a simple trick to stop seeing these ads, but please for one moment think about using an ad blocker.

Internet infrastructure, a team of editors, creators, writers, system administrators and developers are not cheap.
The reason why the majority of the internet is still free is the fact that advertising is paying for this! So instead of having an internet where you need to pay for every article, blog post or video that you are seeing, they show you commercials. So whenever you are talking about net neutrality, keep this in mind!
Or otherwise the internet will look like this in a couple of years.
Btw. same is happening when you are watching TV or buying a magazine. Part of it is paid by advertisement!

Dear Firefox developers, please think again about your approach. The industry has done a lot of things to comply with current law. It would be a shame if this would have been for nothing!
And the bad guys use another technology anyway!