The Interactive Advertising Bureau, a group that represents hundreds of Internet advertisers, has attacked Mozilla's involvement in a Stanford Law School privacy project to judge whether individual Web sites can be trusted to set behavior-tracking browser cookies.

The IAB doesn't like the Cookie Clearninghouse, which Stanford's Center for Internet and Society and Mozilla announced on June 19. The project aims to rate individual to bring privacy ratings for browser cookies -- the small text files that Web site operators can store on people's computers. Cookies can be useful for remembering that you're logged into a site or for not showing you the same ad over and over, but they can also track behavior across the Web so advertisers see what Web sites you've been visiting.

"The Cookie Clearinghouse will develop and maintain an 'allow list' and 'block list' to help Internet users make privacy choices as they move through the Internet. The Clearinghouse will identify instances where tracking is being conducted without the user's consent, such as by third parties that the user never visited," the project organizers said.

On Tuesday, though, the IAB castigated Mozilla for its involvement, calling the clearinghouse a "Kangaroo cookie court."

"It is not a clearinghouse for cookies -- it is a kangaroo cookie court, an arbitrary group determining who can do business with whom. It replaces the principle of consumer choice with an arrogant 'Mozilla knows best' system," said IAB Chief Executive Randall Rothenberg. Those involved in the clearinghouse have "evinced not an iota of concern for the publishers, small businesses, and hundreds of thousands of people that depend on Internet advertising for their livelihood," he added.

Mozilla said the IAB can influence the clearinghouse policies and suggested it work on helping users better understand its members are doing on the Web.

"The Cookie Clearinghouse is an open project managed by Stanford's Center for Internet and Society, and there is ample time for interested parties to get involved in forming its recommendations," Mozilla said in a statement to CNET. "We hope the IAB and other advertising industry groups will work with us to make the online advertising process more transparent and receptive to Internet users."

The IAB's attack is the latest in a long string of disputes about how to balance privacy with user tracking on the Web. Much of the work has taken place in recent months through discussions about a proposed technology called Do Not Track in a World Wide Web Consortium standards group called the Tracking Protection Working Group. That effort, though, has been fractious and hasn't reached consensus.

IAB

The IAB letter positions the dispute as a battle of David vs. Goliath. "Small publishers, retailers, and other businesses" play the role of David; Mozilla, a "powerful tech company" and "the lucrative nonprofit whose Firefox browser controls 20 percent of the world's access to the Web," is Goliath.

It should be noted, though, that the IAB represents plenty of Goliaths such as Google, Yahoo, eBay, Amazon, Nascar, and CBS (which owns CNET publisher CBS Interactive). And in the browser world, Google, Microsoft, and Apple are vastly better funded than Mozilla.

The current dispute concerns "third-party" cookies in particular. First-party cookies store information for the Internet address of the Web site the browser is visiting, but other parts of a Web site -- an ad-placement service, for example -- can set third-party cookies for other Net addresses. That lets advertisers track user behavior across multiple Web sites.

Apple's Safari browser blocks third-party cookies and cookies from advertisers by default. Mozilla had been considering a similar third-party cookie ban, too, a move that raised the IAB's hackles. But Mozilla chose to put the patch on hold because of two weaknesses, according to Mozilla Chief Technology Officer Brendan Eich: false positives in which cookies from first-party domains appear to be from third parties, and false negatives in which first-party sites can place objectionable cookies.

The author of the patch, Jonathan Mayer, objected to Mozilla's decision to put the third-party cookie blocking on hold, arguing that Mozilla was placing "advertising economics" over "long-demanded user privacy."

But Eich snapped back, "Users who want really hardcore privacy have add-ons, but those users are few, and they do not buy into the paternalistic idea that we know best." And, he added, "No one has undue influence with us. As evidence of this, behold how both you and the ad-tech folks (IAB) are both mad at us right now."