It's off by default. To enable it you have to go into about:config. I'm saying it should be on by default, or at least exposed in the Settings for people to find. The concern about doing that was that some sites would break, but their definition of break included things which should break because they were previously abusing the lack of FPI. I have been browsing with FPI on for a while and nothing has broken. Protecting our privacy should be the default state of affairs. Mozilla did say Firefox would be opinionated...
Mozilla did a study with user testing. Breaks lots of federated logins / Single-sign on solutions. Too much breakage to enable it by default. If you confuse users with this, they switch to GChrome and all you did for them is a privacy disservice.
There's a First Party Isolation add-on though if you want a reachable toggle button.
I have it enabled and I can attest that it breaks a fair amount of sites. I think it’s fair to expose that as an expert level setting. It could benefit from a bit of advertising though.
This is extremely easy to do in uMatrix. If you don't want to use the other features, just set a default policy of allow all, then block third party cookies. You can then selectively allow access to cookies on a site by site basis.
