The New Firefox Cookie Policy: Winners, Losers and Implications


We’ve watched with interest as Jonathan Mayer and the Firefox team introduced functionality that stands to make Firefox treat cookies more like Safari does.  It appears that within a few releases the No. 3 web browser will, by default, reject third-party cookies.  But what does that really mean?  First-party cookies are mysterious and beautiful creatures, and here at TruEffect understanding them is kind of our thing.

When is a Cookie First- or Third-Party?

Mayer emphasizes an important point when considering potential fallout from this decision: From a browser’s standpoint, whether a cookie is first-party or third-party has nothing to do with whether it is owned by an ad network, or even whether it matches the domain that’s currently in your browser address bar; it is any cookie with which the “user appears to have intentionally interacted…” and that is an important distinction.

A first-party cookie is one from a domain
with which you have deliberately established a relationship.

You visited the site.  You’re there now.  You had a meaningful interaction with a widget or other content served from the domain.  If you go to manually delete your cookies and you see one from Google or Amazon or Facebook you’ll know how it got there because you have a relationship with the site.  You might even elect not to delete it.

Most third-party ad networks don’t have that direct relationship, and it’s the cookies that make those ad networks go that will be rejected by Firefox.

Overall Implications?

In the short term, probably not much.  We’ve seen cookie acceptance steadily decrease during the same time frame that retargeting, programmatic buying and other cookie-dependent behaviors have really come into their own.  But every visitor who chooses to become anonymous incrementally hurts our overall ability to measure advertising and thereby support better content.  Every boost that an ethical marketer has in identifying which programs work and which don’t benefits our industry and our consumers.

‘Nuclear First-Strike’?

Earlier this morning Mike Zaneis at the IAB referred to this impending functionality as, “a nuclear first strike against [the] ad industry.”  Aside from being just an awesome tweet, it’s understandable.  The IAB and NAI (and I proudly represent my company as an active member of both) and other industry organizations have really gone out of their way to establish and enforce best practices and give consumers power tools to control their own privacy.  Responsible, well-managed cookies lie at the heart of network advertising, and this is an assault on most online advertising networks.

But not every digital marketing technology provider will be threatened by this.  A few of them are (metaphorically) gathered in the corner, giggling.

Try an Experiment: Head to the NAI Consumer Opt-Out Manager and check out the NAI member companies.  Scroll down the list and see how many there are with whom you already have a direct (first-party) relationship.  Those ad networks are and will continue to be able to read and typically write first-party cookies wherever they see you online.

The Implications?

If this development leads to a crisis in third-party ad networks:

  • Portals and other ad networks that have direct relationships with consumers stand to be the big winners: Google, Yahoo, Facebook, Amazon, etc.
  • Those same companies will start to see benefits in consolidating the domains they own and use for advertising and making them sub-domains of the domains they use for content: becomes, becomes, etc.

However this plays out, the trend toward greater visitor privacy and control shows no signs of slowing.  We as marketers have an obligation to educate the public, to regulate ourselves, and to help consumers see and appreciate the relationship between safe, effective advertising and great free content.

It’s going to be interesting, as always…



Please enter your comment!
Please enter your name here