Total Cookie Protection is a privacy feature that has been introduced by Mozilla over the past few years into different Firefox settings. As of this week, Total Cookie Protection has been rolled out globally to all desktop Firefox users as a default feature. This new update ensures users of Firefox on Windows, Mac, and Linux, have the highest available privacy enabled in Standard Mode, without the need to manually configure any settings. 

Total Cookie Protection works by restricting a website’s ability to track the user, by only giving them access to cookies dropped on their own domain. Cookies are stored in ‘cookie jars’ for each website, preventing cross-site tracking, and therefore reducing the amount of personal information any one website can gather about the user and their browsing habits. Firefox TCP automatically blocks any attempt from a website to use cookies to track users across the web, including restricting the scope of third-party cookies to the website they were dropped on. 

In 2018, Firefox introduced Enhanced Tracking Protection (ETP), a precursor to TCP. ETP used a list of domains to prevent known trackers from using third-party cookies. However, if any tracker was not on this list, then they were still able to track users. If an attacker wanted to track a user and bypass ETP they could also do so by creating a new tracking domain that wasn’t included in the maintained list. This week’s update to Total Cookie Protection by default does not use a defined list, and restricts the use of all cookies on any site other than their own, therefore offering much greater privacy protection for the user. 

Other browsers such as Google Chrome do have features that perform similar privacy settings, and prevent the cross-site tracking of third-party cookies by utilising ‘partitioned’ cookie storage much like the Firefox definition of separate cookie ‘jars’. This has to be enabled in the Chrome settings, where cookie privacy settings can be configured manually, and the option to block all cookies is also available. The Chrome Privacy Sandbox Cookies Having Independent Partitioned State (CHIPS) allows developers to opt-in to third-party cookies, and bypass these user privacy settings if they have a legitimate business reason to do so. However, this CHIPS system can still be abused by websites wanting to track users across the web for advertising reasons. Safari also enabled cookie partitioning back in 2019, however since then have moved to fully blocking third-party cookie activity. Similar to Chrome, Safari have now expressed interest in an opt-in model for cookie handling.