It is usually based on difficulty. Not a first seen basis. It does I suppose have an element of first seen, in that you can only orphan so many blocks.. usually 6 or 12 at a time.
Of course, the primary rule is usually based difficulty or chain length. Afaik, some coins do use "first seen" as a secondary rule to select between chains that have the same difficulty/length.
If you are within the same modifier interval, then it is actually extremely likely that you will get the same stake kernel on both chains. Why wouldn't you?
The modifier interval is a method applied by some PoS coins in order to protect against N@S attacks. Naive PoS schemes in which the next block's hash target is derived from the previous block, are susceptible for this kind of attack. At least this is how I understand Vitalik's blog post:
The issue is this: suppose that you have 1% stake, and thus every block there is a 1% chance that you will be able to produce (hereinafter, “sign”) it. Now, suppose there is a fork between chain A and chain B, with chain A being the “correct” chain. The “honest” strategy is to try to generate blocks just on A, getting an expected 0.01 A-coins per block. An alternative strategy, however, is to try to generate blocks on both A and B, and if you find a block on both at the same time then discarding B. The payout per block is one A-coin if you get lucky on A (0.99% chance), one B-coin if you get lucky on B (0.99% chance) and one A-coin, but no B-coins, if you get lucky on both; hence, the expected payout is 0.01 A-coins plus 0.0099 B-coins if you double-vote. If the stakeholders that need to sign a particular block are decided in advance, however (ie. specifically, decided before a fork starts), then there is no possibility of having the opportunity to vote on A but not B; you either have the opportunity on both or neither. Hence, the “dishonest” strategy simply collapses into being the same thing as the “honest” strategy.
This only works if the coin has never had any checkpoints added to it. And even if it hasn't had checkpoints added, then it would have to be a coin that uses coin age, which a lot of the modern PoS clones don't do.
Really all you have to do is add a checkpoint after the coins have had a decent distribution, and then this argument #2 is pretty much void.
I agree, checkpoints (whether centralized or decentralized) can offer a solution against this kind of attack. My post was based on the naive implementation of a PoS coin with no special protective measures against N@S.