03/14/2013

Most people have never heard of the Mozilla Foundation, so it may come as a surprise to hear it being lambasted as a major threat to the survival of American small business.

Yet that's the somewhat over-the-top claim being made by the Interactive Advertising Bureau (IAB), the trade association for Internet advertisers and publishers. The mad men (and, presumably, women) are irate at Mozilla's plan to make future versions of its Firefox web browser block third-party cookies by default.

IAB insists that the move by Firefox, which has about a 20% market share, far behind Google Chrome and Microsoft Explorer, will imperil small publishers.

“Thousands of small businesses that make up the diversity of content and services online will be forced to close their doors,” said Randall Rothenberg, IAB's president. “This move will not put the interest of users first. Nor does it promote transparency or ‘move the web forward’ as Mozilla claims in its announcement."

It sounds pretty drastic for a policy that would, in simple terms, make it harder for advertisers and market-research firms to follow you around the web and serve up ads based on your online behavior. This freedom from tracking, of course, is something most consumers say they want, even though it could theoretically cause some of the web's free content to dry up and blow away, an argument not everyone buys.

"I think the IAB's rhetoric is overblown," said David Jacobs, consumer protection counsel at the Electronic Privacy Information Center (EPIC). "Apple has operated under a similar third-party cookie blocking policy for a decade, with no harm to small businesses. And only a small portion of advertising is conducted using behavioral tracking via third party cookies."

Small publishers

The IAB pointed specifically to the impact it said the ban would have on small internet publishers, which it says depend on such cookie technology to sell advertising to niche audience segments.

“These small businesses can’t afford to hire large advertising sales teams,” Rothenberg said. “Advertisers can’t afford the time to make individual buys across thousands of websites. The technology that brings these two interests together is the third-party cookie.”

The IAB also said that blocking third-party cookies would "disempower" consumers by eliminating their ability to opt out of receiving targeted advertising. Or to remove a few of the double negatives, consumers wouldn't have to opt out of being flooded with targeted ads; whether that "disempowers" them or just saves them a step is open to debate.

But EPIC's Jacobs says the ad industry's failure to develop a workable solution on its own has left Firefox to guard the henhouse.

"Ultimately, everyone wants to avoid a privacy arms race. Doing this, however, requires the development of a viable do-not-track mechanism. Last year, representatives from the online ad industry promised to develop such a mechanism by the end of the year, but failed to do so," he noted. "Given the lack of industry action and the presence of consumer demand for increased control over tracking, it was inevitable that a company like Mozilla would step up and try to achieve something."

Not exactly new

Blocking third-party cookies is not exactly new. As Jacobs noted, Apple's Safari browser has done it for quite some time and Mozilla's Alex Fowler says Apple's experience played a role in Mozilla's decision, as did rapid expansion in the number of third-party cookies and user demands for more control.

"Mozilla is passionate about putting its users first and moving the web forward. That mission requires taking a leadership role on privacy, which we have repeatedly done," Fowler said, noting that Mozilla was chosen as the Most Trusted Internet Company for Privacy in 2012.

Fowler, who leads privacy and public policy for Mozilla, said he recently tested the proposed new configuration. He followed his typical daily browsing habits, starting with surfing conditions, local news, national news and a tech news site.

Here’s how Fowler said the new configuration changed the extent to which he was tracked during his visit to those four sites:

Current Default:

Allow All Cookies Proposed New Default:

Allow Cookies Only From Visited Domains 4 web sites used 8 first party domains 4 web sites used 8 first party domains 81 cookies from first party domains 75 cookies from first party domains 117 third party domains 0 third party domains 304 cookies from third party domains 0 cookies from third party domains Total: 385 first & third party cookies Total: 75 first party cookies

Fowler said he was surprised that he wound up with 304 cookies from third parties simply by visiting four sites so he repeated the test a few times.

"I cleared all my cookies before visiting these sites and then re-performed this process several times, as I wanted to verify that in fact four sites did lead to over 300 cookies from more than 100 companies I had not visited," he said. "Display ads and sharing widgets on the sites worked fine, and as I clicked on them, the various parties involved were able to set cookies."

What it is

What is this third-party cookie anyway? It's a small piece of text downloaded to your computer that allows sites to store information about you.

It differs from a first-party cookie in one important way: A first-party cookie is planted by a site that you have actually visited. A first-party cookie can save you a lot of time and trouble. For example, it can supply your user ID when you return to a site that you visit often. It can also personalize what you see on a site you visit regularly.

A third-party cookie, on the other hand, is planted anonymously by a site you have not visited, acting through one of the sites you have visited or through an ad on a site you've visited.

The IAB and other industry groups have a voluntary standard called Do Not Track that notifies advertisers you don't want them to stalk you but whether anyone actually pays attention to this is open to question. The Firefox change goes a big step farther and simply shuts out third-party cookies unless you tell it otherwise.

Small business at risk?

In support of its sky-is-falling argument that the non-profit Mozilla Foundation will destroy American business, the advertising group cites a recent IAB-funded study by Harvard Business School researchers, which found that the ad-supported internet was responsible for 5.1 million U.S. jobs and contributed $530 billion to the U.S. economy in 2011 alone.

Sole proprietors and very small firms were identified as a vital part of the ecosystem by the research team, with tiny entrepreneurial digital ventures across the country generating more jobs than such internet giants as Google, Microsoft and Yahoo.

The IAB, which portrays itself as the champion of small publishers, represents about 1,000 small digital publishers, along with 500 giants of the Google, Microsoft and Yahoo variety.

What can you do?

The proposed Firefox configuration will be undergoing testing for a few months. So what can you do in the meantime if you want to restrict the number of sites that are able to plop cookies onto your machine?

The short answer is: it depends. Different browsers offer different options. You can find a fairly complete list at AboutCookies.org.

Keep in mind that disabling all cookies may make some of your regular sites a bit harder to work with. And if you want to take a macro view of the universe, you might pause to consider those poor small publishers the IAB says it is so concerned about.