BRENDAN EICH: The third-party cookie patch is still something that we’re testing.
Firefox has a kind of six-week release cycle where we get our latest code out to testers before all of our users. Through this progressively larger cohort of testers, we get all the bugs out and make sure we’re holding the technology up to our standards.
We’re holding the cookie-blocking patch in our first alpha-testing tier. The number of people testing it for us goes from tens of thousands to 100,000 to a million more in beta testing, before it reaches hundreds of millions of users.
It’s important that we not move things further into the testing cycle if we’re not ready to ship it. That doesn’t benefit our beta users. We realized that the cookie patch had two edges to it. One of them was that it [the patch] blocked cookies that were valuable to the user and sometimes it would allow cookies that shouldn’t have been set. So those were false positives and false negatives.
DENELLE DIXON-THAYER: Another issue with the patch was it presumed that first-party cookies were good and third-party cookies were bad. That’s one of the things that we don’t necessarily agree with. That’s why it’s still in our testing stage.
The Cookie Clearinghouse is another way for us to be able to fix a part of the patch that we think needs some assistance, which is to be able to create an exception-management system for the user because the user isn’t going to have all the information available to him or her or understand all of the different third-party cookies that are being pushed to them. Putting the exception-management system on the user would just create confusion or the user would just ignore it and we wouldn’t have any benefits to solving these false positives and negatives.
We’re working with Stanford and we’re also working internally to figure out other mechanisms we may need to put in place, either on top of the Cookie Clearinghouse or in place of it. We’re exploring this in the same way we’re testing the patch itself.
There is a lot of concern among advertisers about the criteria you’re using for the Cookie Clearinghouse and the cookie-blocking patch. Are you seeking input from advertisers on these projects?
DDT: We’re meeting with publishers, advertisers and exchanges. We need to understand what their concerns are so we can figure out if there is a way to get to an agreement here. … We’re never going to please everyone but we’d like to get to a place where there’s an undersanding of what we’re doing. We’re not doing this to mess up businesses but to give the user a voice.
BE: One of the options is already the DAA opt-out and we’re always carrying the torch for Do Not Track as an individual user’s expression of "don’t track me." We think that DNT as an idea matches our mission. It’s about serving people above all agendas.
If someone says, "I don’t want to be tracked," they send that signal out to websites and we would like integrations not to set third-party cookies. DNT has been adopted by around 17% in the US and 11% globally and we’ve heard from some players who say they would comply with it if it were just a tracking preference. They would lose about 20% of their audience but they could live with that.
The trick is getting that individual expression to be unadulterated and not automatically set, for example by Microsoft, which started presetting it in Internet Explorer.
What is the timeframe for completing these projects?
BE: We were hoping for progress with the Cookie Clearinghouse and DNT as a standard through the W3C, but the timeframe is indefinite. We don’t want to beta test something we know we won’t ship.
DDT: We don’t expect it to happen this year.
Jonathan Mayer has been very vocal about his contributions at Mozilla, what’s his role at the company?
DDT: Jonathan Mayer doesn’t have an official role at Mozilla. He contributed the patch and it was examined by our other contributors. Jonathan is particularly vocal and sometimes we like that and sometimes we don’t about our contributors.
What’s the process that your contributors follow in working with Mozilla?
BE: We work in a bugzilla bug-tracking system, where the code changes can be proposed and attached by anyone who wants to build. We go through a code review process, peer review it and check changes. We also have people who worry about policies for privacy and other issues. We need to make sure it doesn’t break the Web. "Don’t break the Web" is a big mantra of ours.
What’s your take on California AB 370? Could it have an impact on DNT?
DTT: I suspect it will be signed at some point. In terms of DNT, we see it as a possible step forward with this legislation and we also believe that the industry working together to create what the industry feels will be helpful is a really good approach and from our perspective, the best approach.
It requires for websites to explain what they’re doing in response to a DNT signal. I think there are challenges because of the current state of DNT and so we’re hoping it will get to a standard. We’re still going to push DNT and how it’s important for users to have a voice.
What are your thoughts about mobile? Are there any concerns that Firefox adoption could drop as more people access the Internet on their phone through apps?
BE: Our focus is to bring the Web to the user and the info the Web has to the user. Our OS is an example of how we’re doing that in a way that isn’t browser-based. At the same time, we don’t need to corner the market. Twenty-five percent would be great. There are also studies that show people are starting to use the browser more and more on mobile.
How do you reconcile your advertising arm with being an advocate for consumer privacy?
DDT: I don’t think that they are in conflict. What we would like is to be able to bring personalized content, whether that is advertising or true content, to the user and have the user understand that value exchange. I think if most users understood that in order for them to get this content for free, they may be giving up a little bit of their information, they may choose to do that or choose to pay. There’s no conflict. The conflict is just in the fact that users may not have that information, and so may not be able to make that decision.
BE: There’s also an interesting part about this that gets better at scale — the big data view of people. It’s less invasive in terms of privacy because your value as a unique individual is greater as part of a group that has similar marketing interests or behavior.