Firefox adds enhanced cookie clearing, HTTPS by default in private browsing

Mozilla says that starting with Firefox 91, users will be able to fully erase the browser history for all visited websites, thus preventing privacy violations due to "sneaky third-party cookies sticking around."

 

This change builds on the inclusion of default blocks for cross-site tracking in private browsing, first introduced after Total Cookie Protection was released with Firefox 86 in February.

 

The new feature, dubbed Enhanced Cookie Clearing, helps you delete all cookies and supercookies stored on your computer by websites or web trackers.

 

Enhanced Cookie Clearing is triggered automatically whenever you're clearing cookies and other site data after enabling Strict Tracking Protection.

 

"When you decide to tell Firefox to forget about a website, Firefox will automatically throw away all cookies, supercookies and other data stored in that website's cookie jar," Mozilla said.

 

"This 'Enhanced Cookie Clearing' makes it easy to delete all traces of a website in your browser without the possibility of sneaky third-party cookies sticking around."

HTTPS enabled by default in private browsing

Mozilla also announced today that, starting with Firefox 91, private browsing windows will automatically switch to secure HTTPS connections by default.

 

By upgrading all connections to HTTPS, Mozilla aims to protect users from man-in-the-middle (MITM) attacks trying to snoop on or alter data exchanged with web servers over the unencrypted HTTP protocol.

 

"Whenever you enter an insecure (HTTP) URL in Firefox's address bar, or you click on an insecure link on a web page, Firefox will now first try to establish a secure, encrypted HTTPS connection to the website," Mozilla explained.

 

"In the cases where the website does not support HTTPS, Firefox will automatically fall back and establish a connection using the legacy HTTP protocol instead."

 

Mozilla has added an HTTPS-Only Mode starting with Firefox 83 to secure web browsing by rewriting URLs to use HTTPS (even though this feature is disabled by default, it can be easily enabled from the browser's settings).

 

Microsoft Edge can also be configured to switch secure HTTPS connections when connecting over HTTP by enabling an experimental Automatic HTTPS option available in the Canary and Developer preview channels.

 

In April, Google updated Chrome to default to HTTPS for all URLs typed in the address bar if the user doesn't specify a protocol.

According to Mozilla, while browsing the web in private mode, Firefox defends your privacy using several privacy protection technologies, all enabled by default:

 

• Total Cookie Protection isolates cookies to the site where they were created
• Supercookie protections stop supercookies from following you from site to site
• Cookies and caches are cleared at the end of every Private Browsing session and aren't shared with standard windows
• Trackers are blocked, including cookies, scripts, tracking pixels, and other resources from domains on Disconnect's list of known trackers
• Many fingerprinting scripts are blocked, according to Disconnect's list of invasive fingerprinting domains
• SmartBlock intelligently fixes up web pages that were previously broken when tracking scripts were blocked

 

To go into private browsing mode, you have to open the Application Menu by clicking the button (☰) on the top right and choosing "New Private Window."

 

You can also use keyboard shortcuts to enable private browsing mode using Ctrl + Shift + P (or Cmd + Shift + P on macOS)