Web Browser Safety: Cookie Control in Firefox

I’m a huge fan of Firefox and use it as my main browser. I found myself reviewing my cookie settings recently and thought it might be worth documenting this for future reference and in case anyone finds it helpful.

The issue I’m concerned with here is the profusion of cookies for tracking, auto-complete forms, and so forth. Call me paranoid, but the potential for 3rd party cookies to be in collusion activities is something I’d prefer to avoid (try the Firefox Collusion Add-on if you’d like a picture of potential collusion interactions). If you’re a regular web user and don’t have any cookie controls in place then you might get a scare by looking in Tools > Options > Privacy > Show Cookies.

Many cookies are quite unnecessary – try switching to private browsing in Firefox to see how life would look if you deleted all your cookies. However, some cookies do make life a lot easier. At Oxford University a lot of websites are secured with Webauth and use “session” cookies to store information needed for single sign-on to work; cookies also help to make interactive websites work smoothly.

I use some Firefox settings that enable me to approve the helpful cookies – on a long-term basis – but filter out the advertising, tracking, and otherwise unnecessary stuff. Here’s how I set it up…

Step 1: Configure Firefox to ask your permission when a website wants to set/change a cookie

Open the privacy settings options at Tools > Options > Privacy and set the History and Cookie options highlighted in the screenshot below:

FF_Cookies-Privacy_Settings

Step 2: Clear out your old cookies

Still in the privacy settings dialog, click “Show Cookies” on the screen above, choose Remove All Cookies

FF_Cookies-Privacy_Cookies

Step 3: Work normally and selectively allow / deny cookies

Just go ahead and browse. When a website wants to set/change a cookie, Firefox will pop up a dialog like the one below. Roughly speaking, for sites you recognise and trust you want to tick the “Use my choice for all cookies from this site” and allow the operation, and for sites that look undesirable (e.g. ads.doubleclick.com) you’ll want to tick that box and deny the operation. For sites that you’re not sure about you could “Allow for session” which will clear the cookie out when you close Firefox.

FF_Cookies-Confirm_Cookie

Step 4: Check your cookies in a few weeks/months time and be amazed!

Obviously, in your first few hours you’ll find yourself allowing/denying a lot of cookies. This will die down as you build up a list of sites that you allow cookies for though. If you go back to your list of cookies (Step 2, above), then you should find that it is much shorter than before – and you’ll recognise nearly all of the sites on there.

You may have spotted a number of additional privacy options in the screenshots above. Personally, I normally set “Accept third-party cookies” to Never – but this can cause problems with some sites. You can find more information in the Mozilla support article Disable third-party cookies in Firefox to stop some types of tracking by advertisers. The tracking options at the top of that dialog can also help discourage some “nice” tracking sites from setting cookies or using other tracking mechanisms – but it’s a bit like the olden days of robots.txt files: you’re dependent on someone else honoring the preference you’ve expressed.