Mozilla gives details of what types of websites and abusive user tracking practices Firefox versions intend to block in the future.
Mozilla today published a wiki page describing for the first time its official Firefox anti-tracking policy. Check for mozilla vulnerability scanner here.
These anti-tracking policies are at the heart of Firefox’s newly redesigned Enhanced Tracking Protection (or Content Blocking) tracker blocking feature, which was added to Firefox by the browser vendor last October with version 63. “We are releasing today an anti-tracking policy outlining the tracking practices that Firefox is blocking by default, “Mozilla said today.
“At a high level, this new policy will reduce the tracking techniques used to build browsing profiles of users. In the policy, we describe the types of tracking practices that users cannot control significantly, “said the organization.
According to the wiki page, Firefox relies on a list of abusive ad trackers compiled and curated by Disconnect.me, a non-tracking company. This is nothing new, as this has been common to many Firefox users.
What’s new are the rules that Firefox adds or removes domains in this list. Sites are considered trackers and added to this list if (1) they are loaded as third-party scripts on other sites and (2) abuse client-side browser storage mechanisms (cookies, DOM storage, etc.) to track user details.
Back in October, Mozilla shipped a Firefox feature blocking third-party scripts from abusing cookies or other browser storage systems to store data for tracking purposes in a user’s browser, which means that some domains are blocked at the browser level, even if they are not yet on the Disconnect.me block list.
In addition, according to the same anti-tracking policy page, Mozilla intends to block websites which abuse URL parameters for storing and transmitting user identifiers in the near future. This type of tracker blocking is not currently supported in Firefox, but Mozilla seems to consider updating it to its Enhanced Tracking Protection feature in the future.
Mozilla also plans to block trackers, which abuse legitimate user tracking features. This rule applies to all websites that currently use supercookies and use fingerprints.
Just as tracker domains that abuse URL parameters are blocked, this type of tracker blocking is not supported yet, but Firefox devs have been experimenting with it for a while.
For example, starting with Firefox 52, Firefox has blocked scripts using system fonts for fingerprint users, a tracker blocking feature that is “stolen “from the Tor browser.
Mozilla said that his new anti-tracking policies are not set in stone and that he intends, where appropriate, to make exceptions to his rules. For example, the browser manufacturer will allow tracking techniques to improve the security of online services, such as login providers, authentication systems or e-payment processors, services that often require bots protection systems or unauthorized logins.
Ironically, these user protection systems often depend on the same techniques used by online advertising companies for the tracking of users. “Techniques are dual-use in some cases […]. We’ll deal with these techniques case by case, “said Mozilla.
