How does cross-site tracking increase security risks?

Mozilla added an experimental cookie policy to Firefox 63, enabling users to block cookies and other data from third parties that do cross-site tracking. What are the security risks of cross-site tracking? What are the practical benefits of blocking it?

Due to the volume of commerce on the internet that has evolved into a complex system that depends on advertising to support systems, numerous privacy challenges have arisen, as well as malicious ads.

With endpoint software and security tools attempting to address Malvertising, such as with pop-up and ad blockers, the chance a user will be impacted by malvertising has been reduced, but it cannot be eliminated. In order to positively influence privacy on the internet, Firefox is changing its approach to force many websites and third-party advertisers to change how they operate, which may also help address malvertising.

The privacy aspects of cross-site tracking -- the collection of web browser data across multiple sites using scripts, widgets or images and then using that data to create a profile about a person -- are particularly troublesome. However, there are security aspects from websites that include third-party website content. Some enterprises may review all third-party content before it is included on their websites, and rigorous security assessments on any third party can be performed, though this requires significant effort and might not be done for all content.

Mozilla's announcement that cross-site tracking will be blocked by default in Firefox 63 should reduce the risk that third-party content could be compromised and used to publish malvertising. Another benefit is that this change may reduce the complexity of websites and make it easier to investigate incidents, as an investigation would only include a specific enterprise's website.

Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)