No -- it's just how cookies were meant to work from the start, the most obvious implementation before the privacy/security/tracking implications got worked out, which has taken many years.
And Google's working to make similar improvements to Chrome:
https://blog.chromium.org/2020/01/building-more-private-web-...
So not "insane" at all. To the contrary, it was entirely reasonable at the beginning, and now we see browsers reasonably addressing the problems that have arisen.
The fact that for a long, long time the vast majority of Firefox's income has come from search engine partnerships, a category google dominates?
Also: Firefox has been rather poor about user privacy. Integrating third party stuff that's difficult to remove, like Pocket, for example.
There was the whole "Looking Glass" debacle where they dropped in a Mr. Robot promotional plugin into Firefox completely silently.
When someone posted in bugzilla about it, the project manager for the plugin made the thread employee-only. It was then changed back to public briefly, before disappearing for good, reportedly being locked so even employees can't see it:
https://bugzilla.mozilla.org/show_bug.cgi?id=1424977#c21
Ask yourself: "why is a bug files about a promotional plugin so secretive that not even employees can view it?"
BTW: Guess where that project manager used to work before she worked at Mozilla? Answer: an online advertising and analytics firm (according to her LinkedIn profile at the time.)
1) Mozilla owns pocket, it's not third party. https://blog.mozilla.org/en/mozilla/news/mozilla-acquires-po...
2) This is completely irrelevant to user privacy, because Pocket doesn't exfiltrate any data. The source code for the integration is open source, you can go look this up yourself.
In the early days, the internet was seen as a massively playfield-leveling and decentralizing force ("the net interprets censorship as damage and routes around it"), not a massively centralizing one (Facebook is the world's only newspaper).
In a model where everything is decentralized and leveled , no player is big enough to worry about.
The economics sub-discipline of economic geography was being developed at about the same time as Eternal September.
The key insight (one of the key insights) from that research is that as the absolute cost of transport goes down, previously insignificant differences in cost become important. This leads to to the development of "hubs" - centralization.
(Here we're talking about information transport, and the cost being time per bit.)
But as you say, at the time the tech world could never have believed that centralization was the default expectation, nor designed things to compensate.
Any web site that knows your identity and has cookie for you could set up procedures to exchange their data with the companies that buy advertising space from them, synchronizing the cookies they both have on your computer. This possibility means that once your identity becomes known to a single company listed in your cookies file, any of the others might know who you are every time you visit their sites. The result is that a web site about gardening that you never told your name could sell not only your name to mail-order companies, but also the fact that you spent a lot of time one Saturday night last June reading about how to fertilize roses. More disturbing scenarios along the same lines could be imagined. There are of course many convenient and legitimate uses for cookies, as Netscape explains. But because of the possibilities of misuse we recommend disabling cookies unless you really need them. https://web.archive.org/web/19970713104838/http://www.junkbu...
(Disclosure: I work in a part of Google that's descended in part from DoubleClick. Speaking only for myself.)
(I personally remember thinking exactly that, that cookies allow universal tracking, as soon as I learned of the concept, but I don’t want to put too much stock into that belief because of the possibility of hindsight bias and misremembering.)
Only in the past decade has there been serious consideration for encryption and security on the internet.
Before Let's Encrypt was launched in 2014, HTTPS was the exception, rather than the norm. It was only in 2016 that greater than 50% of internet traffic was encrypted.
Secure DNS is still very much a work in progress.
BGP was built with the assumption of good actors, and doesn't include any security mechanisms.
Email still doesn't have any good options for E2E encryption.
They almost certainly did, and considered it acceptable at the time.
An origin server could create a Set-Cookie header to track the path of a user through the server. Users may object to this behavior as an intrusive accumulation of information, even if their identity is not evident. (Identity might become evident if a user subsequently fills out a form that contains identifying information.) This state management specification therefore requires that a user agent give the user control over such a possible intrusion... --https://datatracker.ietf.org/doc/html/rfc2109#section-7.1
Google is historically the largest financial contributor to Mozilla (paying for spot as default search engine) and thus has always had leverage on what they do with FF.
There were a few years there where Moz flexed on google by making Yahoo the default, but then switched back to Google last year. My guess is they had to show google they were willing to go elsewhere in order to regain some of their autonomy, which is why it's only in the last couple of years that FF has been willing to add default customer privacy features despite directly hurting FB/Google's ability to track users.
Mozilla gets 90+% of it operating budget via a deal with Google, but Firefox developement is not influenced at all by Chrome. Totally independent.
Big Tech exists for users, not advertisers. Privacy must come first and money must come second. Thats why we have more privacy than ever and Google does not make much money. Government regulation is totally unnecessary. All incentives are aligned toward greater privacy.
Google will "build a more private web" for its advertising targets. Sorry advertisers. :(
1. Also known as "users".
The previous poster is correct on their historical analysis. Your comment does not change the accuracy at all.
