New Stanford Initiative Helps Browser Developers Refine Cookie-Blocking
Privacy advocates at Stanford on Tuesday unveiled a new initiative that could pave the way for browser developers to block cookies set by ad networks.
The new Cookie Clearinghouse, helmed by Stanford privacy expert Aleecia McDonald, hopes to enable browser developers to block third-party cookies -- such as those set by ad networks -- without also inadvertently blocking cookies from companies that have relationships with consumers.
The new group's advisory board includes representatives from the browser developers Mozilla and Opera. Other members include computer scientist and privacy advocate Jonathan Mayer, computer science researcher Rob van Eijk, and Future of Privacy Forum Director Jules Polonetsky.
With the launch of the Cookie Clearinghouse, Mozilla moves one step closer to automatically blocking third-party cookies for Firefox users. Mozilla's Chief Technology Officer Brendan Eich blogged on Wednesday that the company intends to help develop the Cookie Clearinghouse “so that browsers can use its lists to manage exceptions to a visited-based third-party cookie block.”
Earlier this year, the browser developer said it intended to roll out a cookie-blocking patch. But the company delayed its plans after early testing showed the software also sometimes blocked first-party cookies. At the time, Eich said in a blog post that the patch resulted in false negatives because companies sometimes use more than one domain name.
For instance, he said, a company could offer a consumer-facing site, “foo.com,” which embeds cookies from “foocdn.com.” The patch would have blocked those cookies because it didn't recognize that foo.com and foocdn.com were owned by the same company.
The Cookie Clearinghouse hopes to solve that problem by developing standards to determine whether cookies should be considered first-party or third-party. The clearinghouse intends to publish whitelists as well as blacklists that will guide browser developers in determining whether to consider companies as third parties.
The group will start by presuming that sites should be able to set cookies if users have visited those sites, but not if a user has not visited that site. But the clearinghouse intends to set up a procedure to allow sites to challenge that presumption.
McDonald says the organization intends to spend the next several months developing criteria for evaluating when particular domains should be blocked.
Cookie Clearinghouse also is considering placing ad networks on a whitelist if they honor do-not-track signals sent by browsers. All browser manufacturers currently offer do-not-track headers, but the
ad industry hasn't yet figured out how to interpret them.
The Internet standards group World Wide Web Consortium, made up of computer scientists, privacy advocates and ad industry representatives, has so far been unable to reach a consensus about how to respond to the headers.