Silvano Rebai - Fotolia

How does cross-site tracking increase security risks?

Mozilla's Firefox 63 automatically blocks tracking cookies and other site data from cross-site tracking. Learn what this is and what the benefits of blocking it are with Nick Lewis.

Mozilla added an experimental cookie policy to Firefox 63, enabling users to block cookies and other data from third parties that do cross-site tracking. What are the security risks of cross-site tracking? What are the practical benefits of blocking it?

Due to the volume of commerce on the internet that has evolved into a complex system that depends on advertising to support systems, numerous privacy challenges have arisen, as well as malicious ads.

With endpoint software and security tools attempting to address Malvertising, such as with pop-up and ad blockers, the chance a user will be impacted by malvertising has been reduced, but it cannot be eliminated. In order to positively influence privacy on the internet, Firefox is changing its approach to force many websites and third-party advertisers to change how they operate, which may also help address malvertising.

The privacy aspects of cross-site tracking -- the collection of web browser data across multiple sites using scripts, widgets or images and then using that data to create a profile about a person -- are particularly troublesome. However, there are security aspects from websites that include third-party website content. Some enterprises may review all third-party content before it is included on their websites, and rigorous security assessments on any third party can be performed, though this requires significant effort and might not be done for all content.

Mozilla's announcement that cross-site tracking will be blocked by default in Firefox 63 should reduce the risk that third-party content could be compromised and used to publish malvertising. Another benefit is that this change may reduce the complexity of websites and make it easier to investigate incidents, as an investigation would only include a specific enterprise's website.

Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

Dig Deeper on Application and platform security

Enterprise Desktop
  • Understanding how GPOs and Intune interact

    Group Policy and Microsoft Intune are both mature device management technologies with enterprise use cases. IT should know how to...

  • Comparing MSI vs. MSIX

    While MSI was the preferred method for distributing enterprise applications for decades, the MSIX format promises to improve upon...

  • How to install MSIX and msixbundle

    IT admins should know that one of the simplest ways to deploy Windows applications across a fleet of managed desktops is with an ...

Cloud Computing