Firefox 89 blocks cross-site cookie tracking by default in private browsing - Mozilla Security Blog
Categories: Privacy

Firefox 89 blocks cross-site cookie tracking by default in private browsing

At Mozilla, we believe that your right to privacy is fundamental. Unfortunately, for too long cookies have been used by tracking companies to gather data about you as you browse the web. Today, with the launch of Firefox 89, we are happy to announce that Firefox Private Browsing windows now include our innovative Total Cookie Protection by default. That means: when you open a Private Browsing window, each website you visit is given a separate cookie jar that keeps cookies confined to that site. Cookies can no longer be used to follow you from site to site and gather your browsing history.

What is Total Cookie Protection?

In February of this year we introduced Total Cookie Protection, a new, extra-strong protection against cross-site tracking cookies. Since Firefox 86, Total Cookie Protection has been available for users who have ETP Strict Mode enabled. Now, with Firefox 89, we are extending this same protection to Private Browsing windows.

To recap: a cookie is a small piece of data that websites can ask your browser to store on your computer. Traditionally, browsers have allowed websites to share cookies in what is effectively a single cookie jar. Firefox’s Total Cookie Protection is a sophisticated set of privacy improvements that enforce a simple, revolutionary principle: your browser should not allow the sharing of cookies between websites. This principle is now enforced in Firefox Private Browsing windows by creating a separate cookie jar for every website you visit, as illustrated here:

Previously, third-party cookies were shared between websites. Now, every website gets its own cookie jar so that cookies can’t be used to share data between them. (Illustration: Meghan Newell)

As we described in February, Total Cookie Protection covers not just cookies but a variety of browser technologies that previously were able to be used for cross-site tracking. To ensure a smooth browsing experience, Total Cookie Protection makes occasional exceptions to share cookies between websites when they are needed for cross-site logins or similar cross-site functionality.

Firefox Private Browsing Windows, now with even more privacy

With the addition of Total Cookie Protection, Firefox’s Private Browsing windows have the most advanced privacy protections of any major browser’s private browsing mode. The following protections are included in Private Browsing windows by default:

If you have Firefox installed, you don’t need to do anything special to benefit from this upgrade to Private Browsing windows. To open a Private Browsing window, click on the Application Menu button (☰) and choose “New Private Window”:

Screenshot of the application menu with New Private Window selected.Or, if you like keyboard shortcuts, just press Ctrl + Shift + P (Cmd + Shift + P on Mac). When you are done with that private browsing session, you can simply close all your Private Browsing windows. All the cookies and other stored data from the websites you visited will be immediately deleted!

As we continue to strengthen Firefox’s privacy protections, Mozilla is committed to maintaining state-of-the-art performance and a first-class browsing experience. Stay tuned for more privacy advances in the coming months!

Thank you

We are grateful to the many Mozillians who have contributed to or supported this new enhancement to Firefox, including Steven Englehardt, Andrea Marchesini, Tim Huang, Johann Hofmann, Gary Chen, Nihanth Subramanya, Paul Zühlcke, Tanvi Vyas, Anne van Kesteren, Ethan Tseng, Prangya Basu, Wennie Leung, Ehsan Akhgari, Dimi Lee, Selena Deckelmann, Mikal Lewis, Tom Ritter, Eric Rescorla, Olli Pettay, Philip Luk, Kim Moir, Gregory Mierzwinski, Doug Thayer, and Vicky Chin.