This week, Mozilla's Firefox began automatically blocking tracking cookies for all users.
“This milestone marks a major step in our multi-year effort to bring stronger, usable privacy protections to everyone using Firefox,” the company wrote in a blog post announcing the move.
With the new setting, Mozilla's Firefox joins Apple's Safari in preventing ad-tech companies from using cookies to track people around the web in order to serve them targeted ads.
Google, which operates the most widely used browser, shows no sign of following suit. The company said in May that it will offer a tool to allow Chrome users to block cookies set by ad-tech companies -- including its own DoubleClick. But the company made clear that users will have to activate that tool.
Since then, Google has made even more clear that it disapproves of automatic cookie blocking. Late last month, the company went so far as to make the dubious claim that blocking cookies harms privacy by spurring ad companies to turn to more invasive forms of tracking.
Given Google's ad-tech business, it makes sense that the company would want to discourage cookie blocking. At the same time, Google also is obviously preparing contingency plans for tracking people without cookies. For example, the company recently proposed a system for profiling users that would draw on data from their Chrome browsing history.
That idea has drawn criticism from the digital rights group Electronic Frontier Foundation, which calls the proposal “the opposite of privacy-preserving.”
The EFF says Google's system would “study browsing patterns and generate groups of similar users, then assign each user to a group,” which would be called a flock.
“At the end of the process, each browser will receive a 'flock name' which identifies it as a certain kind of web user,” the EFF writes, adding that the flock names would then be incorporated into headers that people transmit via their browsers.
“This is, in a word, bad for privacy,” the EFF says. “A flock name would essentially be a behavioral credit score: a tattoo on your digital forehead that gives a succinct summary of who you are, what you like, where you go, what you buy, and with whom you associate.”
Google isn't the only one preparing for the possibility of a web without tracking cookies. This week, the IAB Tech Lab floated a proposal to replace cookies with a “standardized identifier” that would travel with consumers.
The idea was quickly panned by Brendan Eich, co-founder and CEO of the Brave browser.
“Who’re they kidding? A single 'token' will uniquely identify you & be linked to your name & personal data in a trice among sites sharing info w/ their 3rd parties,” he tweeted.
The IAB Tech Lab didn't elaborate on the technical details of its proposal, but offered that the identifier could also include information about people's privacy preferences.
“Just as we have standardized telephone numbers and addresses, to which we as consumers may attach our preferences, we need a neutral, standardized online identifier to which we attach our privacy preferences,” IAB Tech Lab Senior Vice President Jordan Mitchell wrote. “In order for any party to access the former, they must consistently demonstrate compliance with the latter.”
Of course, most people already have a very simple way to transmit their privacy preferences to third parties: Do-not-track headers. Years ago, the major browser developers began offering do-not-track settings, which allow consumers to signal that they don't want to be tracked for ad purposes. Those settings remain widely ignored by online publishers and ad-tech companies.