How do i disable 3rd party cookies in firefox 2.0?

eddiejoe67 · Post by **eddiejoe67** » November 4th, 2006, 6:32 am

Maddoktor2 wrote:If you already have FF 1.x already set to block 3rd party cookies, when you upgrade to 2.x the above mentioned 3rd party preference settings should carry over in about:config - I checked and it did in mine, at least.

HTH and Cheers,
Dok

It did not for me.

eddiejoe67 · Post by **eddiejoe67** » November 4th, 2006, 6:55 am

Nevermind, I had a stupid moment. I got it to download...

dmbfan36_23 · Post by **dmbfan36_23** » November 14th, 2006, 12:27 pm

dan. wrote:Does FF2.0 not implement <a href="http://www.w3.org/P3P/">p3p</a> on third-party cookies, as IE does? It's a w3c thing after all..

yes it does...

set Network.cookie.cookieBehavior to 3.

More info:
http://kb.mozillazine.org/Network.cookie.cookieBehavior
http://kb.mozillazine.org/Network.cookie.p3p

Old Amoun · Post by **Old Amoun** » November 15th, 2006, 6:43 am

Hi folks.

I have the following which I think should stop all third party cookies

1. Uncheck 'Accept cookies from sites' (same as setting Network.cookie.cookieBehavior to 2 )

2. list acceptable site under [Exceptions]

h2-1 · Post by **h2-1** » November 24th, 2006, 4:14 pm

I am waiting for the day that firefox devs begin to make firefox more rather than less useable with each release. Third party cookie stuff worked fine, especially in conjunction with adblock plus. And users, most of whom never even heard of something like third party cookies, had a chance to begin learning about how to secure their system. So what if the cookies weren't blocked 100% of the time, 90% is better than 0%, which is about what it will now be for most users. There is no real reason not to block them, what happened? Who made that bad decision, under what pressure? There is almost no legitimate use for third party cookies, they are almost always double click type things. So why is the default now not only to allow them, but to not warn users about their presence, and about the option to block them.

Some of the problems are becoming increasingly absurd with especially the linux builds of firefox. It's taking me longer and longer to learn increasingly arcane configuration locations and options. Currently I spend far more time learning how to configure firefox to become reasonably useable than I do on any other program I use, by a factor of I'd say at least 10 times.

The movement away from advanced configuration options is making firefox harder and harder to run. I hope that firefox devs soon outgrow whatever bad useability dogma that currently seems to have taken over the project. If the cause is a single person, I hope that person finds another project to mutilate as soon as possible.

I don't know that much about windows firefox any more, but linux, especially kde linux, firefox, is getting worse and worse with every release, more and more obscure configs required to make it functional. Firefox appears to be becoming more and more windows centric, which is something of shame as far as I'm concerned for one of the leading open source projects in the world.

Is it all that google ad money? Whatever it is, it's depressing to watch the process, especially since I've loved firefox since phoenix days.

But even within this, the gecko engine remains the best css engine out there, the javascript engine remains one of the weakest, things don't seem to change that much internally, but externally, kick the gtk sickness, relearn the joys of advanced configuration settings while keeping the basics clean and simple. Except the increasing amounts of time spent finding out how to undo the various 'useability' changes and default configs, firefox remains my current browser of choice, but that's primarily because of the great work done by the extension community. But even they seem to be burning out at alarming rates trying to keep up with all the changes each version subjects extension authors to.

However, I'll just add this new about:config tweak to my steadily growing group of required core configs I need to do to prepare firefox to actually be used day to day. Pretty soon I'll just give up and script the changes for the benefit of other people who might also want an easy, useable way to get firefox linux useable again. Too bad I have to do that though.

Old Amoun · Post by **Old Amoun** » November 25th, 2006, 4:31 am

Hi h2.

I think this forum (support) is for those people who want to find solutions to problems in using Firefox not to voice or rant your personal frustrations.

I think there's a (general discussion) forum which may be more appropriate.

See you there

earthsound · Post by **earthsound** » December 1st, 2006, 11:08 am

Actually, Firefox does not implement P3P. See <a href="http://kb.mozillazine.org/Network.cookie.cookieBehavior#Possible_values_and_their_effects">http://kb.mozillazine.org/Network.cookie.cookieBehavior#Possible_values_and_their_effects </a>where it mentions that it is functional in the Mozilla Suite alone.

Also, see <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=202959">bug 202959</a> (implement p3p in Firefox) with a severity of Enhancement and which, until my comment today, hasn't had any visible activity for over 1 1/2 years.

I agree that it would be nice to see something in FF2.0 more than what was included...even FF1.5's functionality is better than nothing...but it will take effort from some one/people in the community to get it going. This change in cookie behavior is one of several reasons why I have not switched to FF2.0 yet.

AT&T's Privacy Bird source code was released, so that is a great place to look for a framework, at least. See <a href="http://www.privacybird.com/dist/privacybird-source.tar.gz">http://www.privacybird.com/dist/privacybird-source.tar.gz</a>

Beware that that file is nearly 25 MB in size due to an error they made: they included two copies of both the unix and windows source code for the app, misnaming one of the tar.gz files as license.htm.

david

dmbfan36_23 wrote:
dan. wrote:Does FF2.0 not implement <a href="http://www.w3.org/P3P/">p3p</a> on third-party cookies, as IE does? It's a w3c thing after all..

yes it does...

set Network.cookie.cookieBehavior to 3.

More info:
http://kb.mozillazine.org/Network.cookie.cookieBehavior
http://kb.mozillazine.org/Network.cookie.p3p

Guest · Post by **Guest** » January 8th, 2007, 4:36 am

My setting wasn't carried over.

A possible reason is that there was one update that changed the cookie behavior to 3 (use p3p). But p3p was dropped, so a subsequent update set the cookie behaviour "back" to 0.

A comment in the bug database explains why 0 and not 1. See below an extract from
https://bugzilla.mozilla.org/show_bug.cgi?id=225287

In my opinion, "dontAcceptForeign" cookie policy is still the way to go. Single sign-on or any legitimate use of third-party cookies should rely on active collaboration between the main web site and the third-party pages.

---------------
Daniel Veditz 2005-01-14 12:19:31 PST

Wouldn't "dontAcceptForeign" be a better default, more in keeping with our
general concern for privacy and security? Too much breaks if we turn off cookies
entirely--let the paranoids do that for themselves--but nothing good comes from
foreign cookies.

Comment #23 Mike Shaver 2005-01-14 13:44:48 PST

"Foreign" cookies -- for varying definitions of foreign -- are sometimes used
as
part of a single-sign-on system for intranet apps. They may well all be
assigned down to the same domain suffix, and therefore not be counted as
"foreign" for our purposes, but it would suck a lot to break those systems.

I'll play with my prefs and see what I can break in Oracle's, when I get a
chance.
---------------

EmLasser · Post by **EmLasser** » January 8th, 2007, 4:57 am

earthsound: If you haven't understood, Firefox 2.0 can act the same way that 1.5 did with 3rd party cookies, if you set the pref to 1.
http://kb.mozillazine.org/Network.cookie.cookieBehavior

The same is true of most other things you may not like about Firefox 2.0- session recovery, tab widths, close button position. There are about:config tweaks that can change back the large majority of changes you may not like. See here for example:
http://forums.mozillazine.org/viewtopic.php?t=477283

In about a half hour of reading and 5 minutes of flipping prefs you should be able to get Firefox 2.0 working a way you will like it. You'll have to do it eventually, as Firefox 1.5.* gets the big flusho in April. Might as well do it whenever you get the chance.

earthsound · Post by **earthsound** » January 9th, 2007, 7:41 am

EmLasser: thanks for the reply.

Yes, I understand that Firefox 2 can behave the same as Firefox 1.x wrt to third-party cookies, however, my complaint was geared toward the fact that the UI for that preference was removed (who wants to have to memorize about:config settings when you're used to changing settings in Options?).

Also, my comment was motivated by the erroneous comment that P3P is implemented in Firefox (it is not, and some have argued for its removal from mozilla suite; see <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=225287" title="Remove p3p from the default build">bug 225287</a>).

As for the other things you mentioned in FF2, only the session recovery is of concern to me. I use session manager which has a number of features not present in FF2's implementation of session recovery.

I'll eventually move over to FF2, but for now 1.5.x is perfectly fine.

Egermeier · Post by **Egermeier** » January 10th, 2007, 7:29 pm

I am responsible for converting a couple hundred corporate, and countless residential desktops, to Mozilla products. Firefox version 1 was a success. I have read many of the complaints about 2.0 and none of those issues were enough to elicit the following:

One of the features I will not do without, is the ability for my customers to DISABLE THIRD PARTY COOKIES. I disable third party cookies on every desktop I touch, including IE. I know there is a "klunky" work-around, but that is not practical for my customers. Disabling cookies altogether is a great idea for those of us here, we can deal with allow lists or bothering to turn it on and off as needed, but it is not practical for regular users.

I am immediately changing to Sea Monkey and abandoning Firefox. It is hard to understand why Mozilla.org would effect such a change. Regardless of what is said, none of my customers have experienced any trouble without third party cookies.

My first browser was Mosaic. I used every Netscape version until AOL. I was an EARLY adopter of Mozilla, only recently installing SeaMonkey on my own desktop. If such a change takes place with Sea Monkey, I will give in to IE7 (much like dying...) and install a script blocker. It IS THAT IMPORTANT to me. At least I will be able to block tracking cookies.

I use Mozilla products because they favor the user's wishes over developers, websites and corporations. I have long suspected, lacking sales revenue, Mozilla would eventually give in to outside revenue sources in exchange for changes in the browser. Please prove me wrong.

Marbee · Post by **Marbee** » January 10th, 2007, 7:41 pm

Egermeier : I do agree that going to about:config and changing http://kb.mozillazine.org/Network.cookie.cookieBehavior to 1 may be too much to expect from corporate people. But you sound pretty competent, I know you could do it in a minute and that would be a lot easier than getting used to Seamonkey or IE7. Is it a bit clunky, yes, but it takes about 60 seconds and blocks just as many 3rd party cookies as Seamonkey does.

Also, nobody ever said that 3rd party cookies were needed for anything. IE has blocked most of them (the ones without P3P) by default for years with no visible bad effects. The problem is that that setting does not block all 3rd party cookies in all cases - if a site opens a frame with an ad, that frame looks like the user intended to visit that site, so Firefox (as does IE) sees it as a 1st party cookie. People were at risk of filing bugs that it wasn't blocking all of the 3rd party cookies, even though the UI was claiming it was.

According to rumor, the CookieSafe extension blocks 3rd party cookies. Maybe that would be a solution for the suits who can't change about:config prefs (or have them changed by you when installing).

Egermeier · Post by **Egermeier** » January 10th, 2007, 8:41 pm

Marbee: I cannot disagree with anything you have said. Convenience is my issue. It is possible to tell a user to go download Firefox, and make these settings changes... and off you go. "See, Mr. Customer, that is easy, quick and painless... Please do it. It has been easy to "sell" firefox so long as it does what I think it should and is uncomplicated.

I don't want it to be complicated. Installing a cookie blocker, though a great solution, is too much to expect if the customer is doing it, as are "about:config" changes. It is more than I should have to do as well. It should be put back in the user settings (IMHO).

I concede, SeaMonkey would be carry a substantial learning curve for a new user. You also mentioned IE7, but those I know who have it did not have much trouble with it's changes from IE6.

My stubbornness about third party cookies won't likely change, though my options seem to be vanishing. Perhaps you are right, switching to SeaMonkey or running IE7 with a script blocker are, perhaps, poor choices as an alternative to FF2, but each thing I favor about FF2 that gets removed or made more complicated, pushes me that much closer to giving up.

Unfortunately, it's more likely that I will simply stop recommending any change in browsers and just go on down the road.

Your reply was appreciated.

Marbee · Post by **Marbee** » January 10th, 2007, 10:41 pm

When I said it would be easier to stay with Firefox 2 than to switch to IE7 or Seamonkey, I actually meant "if you are already a Firefox user."

But I do see the problem in a default that allows so many tracking cookies.
However, I also see the point of the developers that a UI that promises a feature which only works 90% of the time, and will work less in the future, is not so good. It is an embarrassment really, to promise something you can't deliver. Because of this I don't think the preference will ever return to the options.

I *do* think there is some hope. There is NO good reason at all that the default for Network.cookie.cookieBehavior shouldn't be set to 1. I have never seen any harm in my browsing in IE with it set to block 3rd party, and the same was true in Firefox when I used to use that 3rd party blocking feature (for a year or so I have switched to blocking all cookies, and allowing exceptions when desired. I admit, this does break some sites, but it is worth it to me).
This changing of the default, the developers might be willing to accept. They seem to put a lot of faith in mysterious studies done with mysterious users in a lab, so if they found from such a study that there are very few bad effects from setting the default to 1, block foreign cookies, they might be willing to do it.
The money that comes from Google, I'm sure, will make them hesitate to do this, but I think it is the right thing to do.
Also, as I said, the default settings in IE6, for a long time now, have blocked most 3rd party cookies, and nobody complained.

But as for adding back a visible pref that is considered a "feel-good" not-really-working sort of "placebo" option, I would be shocked if they would ever do it.
I suggest that we who care about this try to get someone to research and show that the default of block foreign cookies doesn't break much. Changing the default I think is a realistic goal.

One thing that it might break is "split the difference" referral sites, where you shop by going to a portal site first, then to the place you buy from. The portal gets some ad money from the place you buy from, and they give a bit of it back to you. But even if we break that, I think it is a fair tradeoff for blocking most tracking cookies. And, the portal sites could always tell their users how to go into about:config and change it back.

Personally, I'll stick with Firefox as long as about:config settings or extensions exist that allow me to make it work the way I want it. It would be too hard for me to relearn something else. But I do agree with a lot of your concern. It is just that I also see the motives of the developers in not wanting to make false promises in the visible options.

Egermeier · Post by **Egermeier** » January 11th, 2007, 8:48 pm

I see the logic behind being disappointed with a feature that can be circumvented. It seems more than 90% effective to me, though it seems quite fair for you to use that number.

Today I visited a machine that has been running under my settings for about 8 months since I last touched it. The customer wanted me to scan it for malware. It found 4 third party cookies. I believe that is a lot better than the number normally found during that time period. I'll take that any day.

For Mozilla to throw in the towel because a few get by, seems more lame that my own "throw in the towel" comment at the end of my last post :)

Besides, it seems as though the extra effort required to code this behavior is enough of a deterent to keep the volume low.

I really liked your suggestion regarding default behavior. Of course, if all browsers blocked that "90%", everyone would start using the loophole.

Like you, I browse with cookies turned off except for some sites (mostly on line purchasing for customers) which I allow. But I am not a very good example of logical browsing behavior. I'm running SeaMonkey with cookies blocked and I disable java and javascript. I also have never had any spyware or virus though I run "barefoot".

Well, perhaps we will get lucky and a perfect solution will be found that satisfies all. In the mean time, thanks for the civilized interaction. Greatly appreciated.

How do i disable 3rd party cookies in firefox 2.0?

Re: p3p?

Re: p3p?

Firefox 2.0 and blocking 3rd party cookies

Much to agree about

3rd Party Cookies