Is TC still relevant?

[sikz1]

Hello, long time user here.

Was wondering if this extension is still relevant today and if it provides any additional layer of security/privacy to those already present in recent versions of Firefox.

Specifically, if I enable Total Cookie Protection and use Strict Mode in Enhanced Tracking Protection, is there any good reason to keep temporary-container around?

[pixiekat]

I'm not sure about security or privacy but I've found it's great as an "incognito" without the incognito type of tab; which also bypasses the nag screens from a lot of paywall sites which block incognito window.

Especially if you use temporary deletes history tabs.

[Gitoffthelawn]

@sikz1 I've been wanting to ask this exact question, but I've been too busy, and I think I was also being a bit of a perfectionist about trying to think of how to phrase the question "just right" to yield the best responses.

I think part of the challenge of asking (and answering) this question is that people use Temporary Containers (TC) for different purposes. I'm interested in reading all responses.

BTW, how are you enabling Total Cookie Protection (TCP)? The UI/UX of Firefox's settings page isn't very good in this regard. Total Cookie Protection is only mentioned if you select the relatively weak Standard Mode for Enhanced Tracking Protection. It's not mentioned for the other two modes.

Also, did you mean that you are using Strict Mode for Enhanced Tracking Protection? You mentioned "Enhanced Cookie Protection", but I think that was likely a typo.

Separately, is Total Cookie Protection enabled when Custom Mode is enabled for Enhanced Tracking Protection and "All cross-site cookies" are blocked? Despite the warning on the Firefox settings page, I have literally only found a single site that had any issues with that option enabled, and it was a minor issue (the rather useless chat function didn't work on that site).

[sikz1]

@Gitoffthelawn Total Cookie Protection is enabled by default, you can check it's active looking at the value of network.cookie.cookieBehavior. If it's 5, TCP is enabled. More info here: https://support.mozilla.org/en-US/kb/total-cookie-protection-and-website-breakage-faq#w_what-is-the-difference-between-enhanced-tracking-protection-and-total-cookie-protection.

Also, yes it was Enhanced Tracking Protection. Fixed it, thanks.

[Gitoffthelawn]

@sikz1 Thanks, and you're welcome.

I've actually been setting network.cookie.cookieBehavior to 1, which allows first-party cookies only (rejects all third-party cookies). Surprisingly, except for the minor breakage on a single site, this hasn't caused any issues at all. I started using that setting before Total Cookie Protection (TCP) was implemented by Mozilla.

As I understand it (and I don't consider myself an authority on the topic), if I changed its value from 1 to 5, third-party cookies would then be allowed, but would be isolated per site. Here are the tradeoffs I perceive:

1. Possibly less site breakage, but I never had any significant breakage while blocking all third-party cookies.
2. Possibly more tracking. The browser would now be accepting third-party cookies, which could hypothetically lead to more tracking because trackers would now be more likely to run their code as they wouldn't be encountering a somewhat locked-down browser.
3. Possibly less tracking. The browser would now be accepting third-party cookies, which could hypothetically lead to less tracking because trackers think they are doing their job, and therefore will not resort to other types of fingerprinting and tracking.
4. Risk of tracking if Mozilla didn't do a good job with TCP. With no third-party cookies allowed, one does not have to concern themselves with the quality of TCP implementation. With TCP enabled, one must trust TCP is working correctly. I think Mozilla invested considerable resources into TCP, so I think it's reasonable to believe that it works correctly and thoroughly, but I suppose it involves a little more risk than simply rejecting all third-party cookies.

Either way, I don't think it changes the decision on whether or not to use Temporary Containers.

Feel free to provide feedback on the above analysis. I'm speculating quite a bit in it because I don't write tracking code, and I've only analyzed several trackers, so I'm left to speculate largely based of hypotheticals.

[OutshineIssue]

@Gitoffthelawn I share the same concerns. I haven't seen the TCP labeling in the browser for a while now, so it's tough to know if it's still around, been rebranded, or what. Plus, the fact that Mozilla still has their own Facebook Container add-on listed and updated on AMO as recently as 2023, when TCP was already on by default, just makes things more confusing.

If anything, TCP would just take the place of Multi-Account Containers. Temporary Containers is still useful for keeping things separate within the same domain. For instance, when I search for videos on YouTube (without being logged in ofc), each search and video is contained, so I don't get recommendations based on those. My homepage stays clean. The same goes for Google; ideally, each search shouldn’t create a shadow profile of my interests.

Once again, for all I know, it could all just be a placebo effect until Mozilla decides to clarify things.

Side note: I found this page to supposedly test TCP but it displays nothing on my end https://total-cookie-protection-test.netlify.app/.