Mozilla’s Firefox 91, released this morning, includes a new privacy management feature called Enhanced Cookie Clearing. The new feature allows users to manage all cookies and locally stored data generated by a particular website—regardless of whether they’re cookies tagged to that site’s domain or cookies placed from that site but belonging to a third-party domain, eg Facebook or Google.
Building on Total Cookie Protection
The new feature builds and depends upon Total Cookie Protection, introduced in February with Firefox 86. Total Cookie Protection partitions cookies by the site that placed them, rather than the domain that owns them—which means that if a hypothetical third party we’ll call “Forkbook” places tracking (or authentication) cookies on both
grandmascookies.com, it can’t reliably tie the two together.
Without cookie partitioning, a single Forkbook cookie would contain the site data for both
grandmascookies.com. With cookie partitioning, Forkbook must set two separate cookies—one for each site—and can’t necessarily relate one to the other.
Even if the cookies are used for third-party Forkbook login, tying the two together would need to be done on the back end—since both presumably are for the same Forkbook account—rather than Forkbook being able to simply, cheaply, and easily read all tracking data from a single cookie. If the sites don’t use Forkbook for authentication, the two probably can’t be tied together at all—because even if the user is logged in to Forkbook in a different tab, that cookie is split apart from the ones used on mom’s and grandma’s cookie sites.
Clearing data site-wide
Once you understand that websites routinely place cookies that belong to third-party domains, it becomes obvious why it might be difficult to clear all traces of data stored by that site—returning to our “Forkbook” example above, clearing all data belonging directly to
momscookies.com wouldn’t clear the Forkbook cookie, and clearing a universal Forkbook cookie would necessarily log the user out of all websites using Forkbook authentication.
forkbook.com itself—it becomes possible to easily manage all data stored locally by that individual site.
When using Total Cookie Protection, you can empty the entire bucket for
momscookies.com including its own cookies, Forkbook’s cookies, and anything else. This breaks Forkbook’s record of your browsing activities on
momscookies.com—because although it will set a new cookie the next time you visit, it won’t have a reliable way to tie that cookie to the previous cookie you deleted or to other Forkbook cookies set by other sites.
In addition to organizing locally stored data by the website that placed it rather than the domain that owns it, Firefox 91 gives users the ability to quickly and easily remove all local traces of visiting a site using the History feature. When browsing your own History timeline in Firefox 91, you can right-click a site’s entry and select Forget About This Site. Doing so removes both the entry in History and all cookies, images, cached scripts, and so forth set during visits to that site.
In order to use the new privacy management features, you’ll first have to make sure that Strict Tracking Protection is enabled. Without Strict Tracking Protection, cookies aren’t separated by the site that sets them in the first place.
To enable Strict Tracking Protection, click the shield to the left of the address bar and select Protection Settings. This opens Privacy and Security in a new tab—from there, just make sure the radio-button option for Enhanced Tracking Protection is set to Strict, not Standard.
Although Firefox’s Privacy and Security dialog warns you—accurately—that Strict protection may cause some sites or content to break, those breakages have so far been few and minor in our own testing. The majority of the web—including the bits using third-party authentication and tracking—should continue to work just fine.