Mozilla to integrate tracking protection in future Firefox versions
Tracking is an integral part of advertisement on the Internet. While there are websites that display ads without tracking users to gather information, most forms of advertisement rely on profiles and tracking.
The reason is simple: the more you know about a user the more targeted ads you can display.
Do Not Track (DNT), a method to inform sites that a user does not want to be tracked, may have been a step in the right direction but since it is completely up to the company to honor it, it is not very practicable for users.
Mozilla is working on a tracking protection feature in Firefox currently that goes a step further than this. It basically enforces DNT on the user side of things by blocking known tracking scripts on the Internet.
Update: Mozilla enabled Tracking Protection by default in Firefox Stable in 2019. You can check out our Tracking Protection guide for Firefox to find out all about the feature. End
Part of the feature has been integrated into Firefox 34 Nightly already, but it is not enabled right now. Mozilla has created special test builds however where the current state of the tracking protection feature can be tested in.
Note: The following information and designs are not final and subject to change.
To use tracking protection in those builds, do the following:
- Type about:config in the browser's address bar.
- Search for privacy.trackingprotection.enabled.
- Double-click the entry.
This sets it to true the first time which in turn enables the protection. To disable it again, repeat the steps outlined above.
Side Note: Tracking Protection relies on Safe Browsing. If you have disabled the feature, you cannot use Tracking Protection. You can enable Safe Browsing in the options under Security.
A website tracking you is indicated with an icon next to its address. This is the same icon that is also being used to highlight insecure content (meaning mixed http and https) content on a web page.
You find a learn more link there that does not load a web page currently because it has not been created yet. This page will provide users with information about the tracking protection feature.
There is also an option to turn it off or on again for that domain to whitelist it.
What is being blocked?
So what is tracking protection blocking? A couple of tests showed that it blocks select resources from first and third party domains. If you open the Developer Tools of Firefox with a tap on F12, switch to Network, and reload a page after enabling tracking protection, you will notice that some elements are listed with a size of 0 KB and a loading time of 0 ms.
This indicates that the file has been blocked from loading by tracking protection. If you disable tracking protection on the domain, you will notice that those resources will get loaded normally.
It is unclear how the list is curated and how Mozilla determines if a resource is tracking related.
The feature should not be confused with Internet Explorer's Tracking Protection feature which Microsoft launched in Internet Explorer 9. The core difference is that you need to enable lists, either your own custom list or third-party lists, to use the feature.
According to Mozilla, the feature may be disabled by default. Users will find it listed under Privacy in the options of the browser eventually so that it is not required to modify the preference on the about:config page. (thanks Sören)
I tried IE’s tracking protection without a list. It works but it’s not so good. Nothing in the settings even changing the number
I think Ghostery is the best, with Ghost-Rank disabled.
IE’s tracking protection you can use without a list. Just enable the personalized list and set it to automatically block, and it will build a list for you as you visit new web sites. There’s a bug in the settings page so that it might not show any trackers initially. Change the number of websites field and then click Refresh.
In IE11, “tracking protection” seems to be an euphemism for “adblock” (a built-in adblock)
“Enhanced protection mode” is another euphemism for 64 bits
I have not found the feature in Nightly options. It exists in about:config
Thks for the article
Actually, Tracking Protection in IE should be considered more as a euphemism for Ghostery or Disconnect, since it does more than just hide ads. Just wondering, how is EPM a euphemism for 64-bit IE when it can be enabled in 32-bit IE?
OK for tracking protection, i hadn’t noticed it.
When you are in a 64 bits Windows, EPM makes IE11 (and previous IE10) run as a 64 bits process instead of 32 (verify)
it is the only and official way to run IE11 in 64 bits.
In previous versions (IE9 ?) there were 2 programs, a 32 and a 64
when you are in a 32 bits Windows, I don’t know : I guess it runs the other features EPM provides
a Windows restart is necessary
I think I’ll continue with Disconnect for this purpose
Disconnect is one of the data sources of the current prototype:
https://github.com/monicachew/abp-hostblocking/blob/master/Makefile
(https://bugzilla.mozilla.org/show_bug.cgi?id=1035910#c0)
So basically I would have to protect myself from tracking by using a Google service? Allow me to be skeptical about the reliability of this approach…
@Sören Hentzschel – you are of course totally correct :) But you misunderstood me, and I wasn’t clear enough (I tend to ramble a bit)
I didn’t say anything about Safe Browsing sending data anywhere. The sentence “any “tracking protection” that sends back information on what I try to load to whoever is a step in the wrong direction” is a statement in its own right, and “Safe Browsing” is mentioned many sentences and a paragraph later. The Safe Browsing comment has more to do with “I don’t want my FF to ask for anything I don’t initiate myself”. I know Safe Browsing uses a local list. I mentioned Safe Browsing in the vain of it connecting and downloading/updating all the time. Not because I don’t trust it, but because I don’t really need it and I want to cut down on all the “behind the scenes automated outbound traffic”, not just FF but anything.
“not even counting the fact that google funds the vast majority of mozilla” – the point is not that any collusion or corrupting or google-strong-arming would happen (I certainly don’t mean that), but that Mozilla would not necessarily wish to unnecessarily jeopardise or upset this funding – besides, as I already said, I think blocking any google analytics etc would just break things for too many end users. As for the google funding, I think its very relevant. Agreements may be signed, but they need to be renewed. Google, IMO, would clearly not be impressed if FF’s large percentage of the market suddenly started blocking parts of their tracking by default. Then again, maybe google don’t care. Who am I to know. I was speculating and alluding but never actually stated it.
I should have made myself a bit clearer, soz :)
“it is unclear if the list how the list is curated”
However, I agree – any “tracking protection” that sends back information on what I try to load to whoever is a step in the wrong direction. If there is none of that then sure – especially if it makes it simple and easier for the vast majority of users. Also, I wonder just what Mozilla would deem to block – certainly not the likes of facebook or google/youtube as this would upset too many end users – not even counting the fact that google funds the vast majority of mozilla ( https://en.wikipedia.org/wiki/Mozilla_Foundation#Financing ). Nebulus is spot on here. Google is slowly gobbling up all sorts of online services (google dns, virus total, google drive, search, youtube, google-analytics etc and far more to come) to the point that sometime in the short future, almost everything will be touched by them. Just wait until your smoke detector and “google shower” laugh behind your back about the size of your weiner. Seriously – google’s even got their hands DEEP into a standardizing of Internet of Everything architecture and APIs – so they can offer its services for free and use the data. But I digress …
Personally – I don’t want my FF to ask for anything I don’t initiate myself. A default block-everything RequestPolicy with white-listed origin-destinations etc does me perfectly fine for the sites I visit regularly (along with browser wide noscript settings, extra element blocking, greasemonkey scripts, etc – along with other tracking disablers eg redirects/extra-code-tokens-whatever in links etc – too many tracking tricks to list here)
That said, if I have to enable Safe Browsing in order to use a blocking list – screw that, there are better options already :)
“any “tracking protection” that sends back information on what I try to load to whoever is a step in the wrong direction.”
Please read how Safe Browsing works, the browser compares against a local list:
https://developers.google.com/safe-browsing/firefox3_privacy_faq?csw=1
And regarding the cookie, Firefox uses a different cookie jar for Safe Browsing than for web content.
“not even counting the fact that google funds the vast majority of mozilla”
And what’s about the option to switch your search engine in Firefox? Why is Google not the default search provider of Firefox Search (Android)? “Most money comes from Google” is no argument for anything. Mozilla and Google have a business deal with clear agreements, no more, no less. The deal is about the default search provider in desktop Firefox, not about tracking protection.
Google API does not mean that you have to use a Google server and Google data. In fact Mozilla uses a own server (https://tracking.services.mozilla.com): http://dxr.mozilla.org/mozilla-central/source/modules/libpref/init/all.js#4208