Closed Bug 570630 Opened 10 years ago Closed 10 years ago
Change default to allow third party session cookies
In bug 565475 I implemented the ability to downgrade third party cookies to session, and we made it default. I'm not sure we need to go that far, if we're going to implement bug 565965; it might be a bad UX/privacy tradeoff. Bug 565965 will be much more effective at doing what we want than this change will. More thought needs to be put into it. (This bug might end up WONTFIX.)
A decision on this probably blocks the devpreview, so that we don't end up flip-flopping our policy too much.
blocking2.0: ? → alpha5+
Who needs to make this decision?
This needs discussion more broadly than a bug, since it affects the behaviour of our web platform pretty significantly. I *believe* that Jay, Beltzner and/or Damon are going to convene such a discussion.
Yes -- we have a discussion on Wed. I can roll a patch then, if necessary. Is that in line with the preview schedule?
Per the look of things before I found out about this bug Wednesday's nightly build could have been our alpha 5 (WebM support should be landed by then), so a decision on Wednesday would push that out, which is fine if people agree that this is needed for the alpha, and the discussion can't happen earlier.
I'll have this ready to go for the Wed nightly.
Am I right in saying that bug 565475 already changed the preference? If so, this bug should be re-summarized as "Change default to allow third party session cookies," for clarity. We'll have a decision by Tuesday afternoon PT - Dan, can you put together a patch and attach it on this bug and get review so that if we do decide to flip the preference back, all that needs be done is the checkin?
(In reply to comment #7) > Am I right in saying that bug 565475 already changed the preference? If so, > this bug should be re-summarized as "Change default to allow third party > session cookies," for clarity. Fair 'nuf! > We'll have a decision by Tuesday afternoon PT - Dan, can you put together a > patch and attach it on this bug and get review so that if we do decide to flip > the preference back, all that needs be done is the checkin? Momentarily.
Summary: Flip default pref for third party session-only cookies → Change default to allow third party session cookies
r=sdwilsh verbally from train!
Assignee: nobody → dwitte
Status: NEW → ASSIGNED
Attachment #449876 - Flags: review+
http://hg.mozilla.org/mozilla-central/rev/76e9dd2d9322 Landed per discussion -- this provides no testing benefit in terms of gathering feedback, and doesn't accurately reflect where we want to end up either.
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
From a Slashdot top story today: "Previously, Mozilla stopped working on a similar [Do Not Track] feature for Firefox after pressure from advertisers and other OSS projects as it would hurt their revenue sources from advertisers." http://tech.slashdot.org/story/10/12/07/2216242/Microsoft-Adds-Do-Not-Track-Option-For-IE9 linking to http://tech.slashdot.org/story/10/12/07/011229/Why-We-Shouldnt-Begrudge-Commercial-Open-Source-Companies which links to http://online.wsj.com/article/SB10001424052748704584804575645074178700984.html which quotes Jay Sullivan and Mike Shaver like this: "Mozilla, which is run by a nonprofit foundation that receives the majority of its revenue from Google, has also received pressure from advertisers about its efforts to limit tracking. In May, Mozilla engineer Dan Witte proposed a mechanism that caused cookies to automatically expire when a user closed his or her Web browser. (By comparison, most tracking cookies last for years). It only affected tracking cookies—not cookies that websites use to remember users' passwords or shopping-cart information. Mr. Witte's proposal was inserted into a developers' version of the Firefox browser on May 28. By early June, however, the news trickled out to advertising-industry executive Simeon Simeonov. Mr. Simeonov is the co-founder of a company, Better Advertising, that provides technology to online-ad companies. When he heard about the change, Mr. Simeonov said he worried it "would have broad, unforeseen impact on the consumer experience and perhaps even on the Web ecosystem." Mr. Simeonov reached out to the chief executive of Mozilla, who put him in touch with Jay Sullivan, vice president of products at Mozilla. The two spoke on June 9. Mr. Sullivan said Mr. Simeonov expressed concern that the change would prompt advertisers to "go underground" to conduct even more surreptitious forms of tracking. Mr. Sullivan said that Mr. Simeonov's comments "supported what we were already thinking." Mr. Sullivan added that Mr. Simeonov was one of many people who expressed concerns about the change, including representatives from companies that use tracking tools to provide Web statistics and companies that host content on behalf of other companies. He said the tool would have slowed down or hampered the performance of those companies. The software was removed from the Firefox prototype on June 10. Mr. Sullivan said it isn't unusual for proposed changes to be rejected. "We haven't precluded making all these changes but we didn't want to do it two weeks before the release" of a new test version of the browser, he said. The final version of the browser will be released early next year; it does not include any new tools to limit tracking. Mr. Shaver rejected the notion that Mozilla's decisions may be influenced by the advertising industry. Rather, he said Mozilla is driven by the needs of Web users and its mission that the Internet must remain open and accessible. In its most recent financial statements, Mozilla disclosed about $86 million of its $104 million in 2009 revenue came from an advertising agreement with Google. "I wouldn't say we are under pressure from advertisers," said Mr. Shaver. "They are a big part of the economics of the Web. We want to understand what their needs are."
OS: Mac OS X → All
Hardware: x86 → All
(In reply to comment #12) Please don't copy and paste news stories into bug comments. It's not even clear what point you were trying to make in your comment. In the future, before posting a comment, please consider whether or not your comment follows the bugzilla etiquette: https://bugzilla.mozilla.org/page.cgi?id=etiquette.html
Ah crap, I didn't mean to submit that, but decided to send an email instead and then only wanted to cc myself here. Sorry for spamming.
> Mr. Simeonov reached out to the chief executive of Mozilla, who put him > in touch with Jay Sullivan, vice president of products at Mozilla. The > two spoke on June 9. ... and if you read the bug we'd already decided to revert the change and checked it in by the 8th (comment 11)--before he contacted us. Our decision was based on many things (e.g. add-on bustage in bug 565475 comment 15) but not "pressure from advertisers". It was an experiment that didn't work quite right.
You need to log in before you can comment on or make changes to this bug.