Firefox 43: Tracking Protection with blocklist selection
Firefox 42 Stable, which will be released on November 3, 2015 if the schedule holds, will ship with Tracking Protection, a new feature enabled in Firefox's private browsing mode to improve a user's privacy while using the mode.
The feature blocks certain connections from being made to limit the exposure to tracking on the Internet. This works similar to how blocking extensions and programs
While privacy is certainly the main feature of Tracking Protection, a recent study has shown that it will reduce the load time of websites by 44% on average. The actual mileage varies for obvious reasons, as the feature won't help improve the load time if a site does not display advertisement or other tracking related scripts.
Side note: Nightly users have the option to enable the feature browser-wide so that it is not limited to the browser's private browsing mode only.
The initial version of Tracking Protection that will launch in Firefox 42 supports one list only that is either active or disabled.
This changes with the release of Firefox 43, scheduled to come out on December 5, 2015, as it will ship with blocklist selection options.
Instead of relying on a single list that you cannot change to protect you from Internet tracking, Firefox users can then select different lists based on personal preference and a desired level of protection.
Firefox 43 Tracking Protection Blocklist selection
Firefox 43 will ship with two lists by default that users can select between. The initial list that ships with Firefox 42 is enabled by default, and options to switch to another list are provided in the preferences.
- Load about:preferences#privacy in the Firefox address bar.
- Locate "Use Tracking Protection in Private Windows" and make sure it is checked.
- Click on the "Change Block List" button next to it to display all available blocklists.
- A prompt appears as an overlay displaying all lists and a selection option to switch between them.
Both lists that ship with Firefox 43 are powered by Disconnect.me.
- Basic Protection (recommended). Allows some trackers so websites function properly.
- Strict Protection. Blocks known trackers. Some sites may not function properly.
The Strict Protection policy blocks additional trackers that you may encounter on the Internet. The trade off is that you may run into sites that don't work properly because of the blocking.
Simply select the other list and click save changes to switch to it. You may switch back to the basic protection list at any time if websites fail to work properly after enabling the stricter list.
Firefox indicates blocked elements with a shield icon on the far left side of the browser's address bar. A click on it reveals additional information and an option to disable Tracking Protection for the session.
Options to display all servers and sites blocked by a tracking protection list, to bypass individual entries, to add new ones, or to add your own lists are not available currently. (via Sören Hentzschel)
Does anyone know how much Disconnect, (a for profit corporation), paid
for integration, in what was formally a function handled by add-ons?
This isn’t, as far as I can tell, any different than Hello and Pocket.
Am I wrong? Corrections or insight sought.
That’s an interesting question, Kulm. I doubt we’ll ever hear the exact terms of the Disconnect+Mozilla “partnership” contract.
Far too many comments posted to ghacks articles (including my own) are knee-jerk, repetitive… laughingly, as someone above observed, almost seem like they could have been posted by autobots.
Here, I would criticize the (par for the course) “forced choice” mozilla is providing.
option A: “use our (our partner -provided) list”, or
option B: “use our (our partner -provided) list”
Yes, using neither (IOW, “opt out”) could be considered to be another option.
My point of criticism is that mozilla has chosen a mechanism which excludes support
for additional, user-selectable, community-created blocklists (ala easylist, etc.)
The new capability is default, though it’s easily disabled, (unchecked), allowing
one to use a different/stand alone, add-on.
I think, given that Mozilla needs funding, that this is a fairly innocuous way
to achieve that. As long as choice and customization remain I guess
it isn’t a problem.
Ps; I was just curious how much moola Disconnect had to pay.
For instance, the public won’t know anything about the Yahoo Search deal
until November 2016. Interestingly, Bing runs the back-end of Yahoo Search, yep, Microsoft.
True, but let us not forget that built-in options aim primarily the mass of users of which many know little or nothing of privacy enhancements. As such, and providing the new features are not an obligation, let’s agree that it’s better than nothing?
Microsoft created Tracking Protection years ago and submitted it to the W3C so that it can be standardized. That is one of the reasons for Mozilla’s adoption of the feature.
http://blogs.msdn.com/b/interoperability/archive/2011/02/24/w3c-accepts-microsoft-s-tracking-protection-standard-submission.aspx
http://www.w3.org/2011/tracking-protection/
http://www.w3.org/Submission/web-tracking-protection/
How secure is PaleMoon in relation to Firefox 40 ? Any serious problems?
Pale Moon is a TRUE fork of Firefox. The two cannot be compared anymore. Pale Moon contains all security updates “that are applicable to its code.” So the short answer to your question is: There are no serious problems. For a brief explanation, see this link:
http://forum.palemoon.org/viewtopic.php?f=24&t=5075
@Andy: You also may want to read rumor control as it explains what is false and true about Pale Moon, here: http://forum.palemoon.org/viewtopic.php?f=4&t=7818
Microsoft’s motto must be, “No one is allowed to spy but us!” Google tracking gets blocked, but MS Telemetry lives on.
Google should start selling “Scroogled” mugs, but with the original Chrome logo crossed out and a Windows/Bing/Cortana one on it instead. ;)
https://regmedia.co.uk/2015/09/01/windows_keep_calm_mug_648.jpg
Telemetry is consented, Google’s tracking isn’t. It doesn’t matter how hard you try to twist it, you must give consent to Microsoft in order for them to collect telemetry data.
By consent you mean the end-user license agreement?
As far as trackers are concerned I don’t understand very well how strict protection may block certain sites from functioning properly unless to consider that a given external called site provides and valid data/scripts and tracking scripts/cookies (worst scenario) in which case a granular approach only provided by add-ons such as uBlock Origin, uMatrix or Policeman can do the job correctly. Otherwise it’ll be correct display & tracking verses no tracking & bad rendering. Nevertheless a good start. As a user of a 80,000+ address HOSTS file together with PeerBlock managing 26,000,000+ IPs, both including trackers’ data I very, very seldom meet a site which would display incorrectly because of one of those two. It gets more complex with greater granular protection and that’s where an add-on such as uBlock Origin makes the difference.
I’m not surprised by the gain in page display speed (44%?!), mainly on certain sites which can make up to (and more?) 30 calls to external sites (when sometimes the site runs perfectly well all by itself!) : those Websites are not giving a damn about the user. Total lack of respect.
So, Firefox’s trend/move to blocking at the source this exponential hysteria aiming to condition a site to more, and more, and more ads, trackers and all the scum a non protected Web user encounters is a good, a very good thing, even if, as it is planned at this time, far, very far from insuring the best privacy shield possible.
Its easier then you may think. For example built-in firefox privacy protection blocks all inclusion of Yandex (russian search engine) on all sites. That ok, right? Hell no, Yandex also provides quite popular maps widgets for many sites anf privacy protection breaks them all. There is no way to tell Firefox to block yandex, but not its maps, so if you get on such site and want to see map you WILL have to disable it for that site and that makes everything pointless.
Privacy protection works fine for blocking small niche trackers, but not to fight Big companies with complex services.
If you want a current in-use implementation of Firefox’s Tracking Protection, then take a look at Internet Explorer 9/10/11. Tracking Protection Lists can be obtained from the Internet Explorer Gallery: http://www.iegallery.com/en-us/trackingprotectionlists
Microsoft’s documentation: https://msdn.microsoft.com/en-us/library/hh273400%28v=vs.85%29.aspx
IEBlog post: http://blogs.msdn.com/b/ie/archive/2010/12/07/ie9-and-privacy-introducing-tracking-protection-v8.aspx
Mozilla’s documentation: https://wiki.mozilla.org/Security/Tracking_protection
Internet Explorer’s Tracking Protection Lists also prevent Google from spying on users: http://blogs.msdn.com/b/ie/archive/2012/02/20/google-bypassing-user-privacy-settings.aspx
Microsoft added Strict P3P Validation as another countermeasure: http://blogs.msdn.com/b/ieinternals/archive/2013/10/16/strict-p3p-validation-option-rejects-invalid-p3p-policies.aspx
I forgot to mention that I do NOT use uBlock’s 3rd-party unbreak list, with no issue up to now, on the ground that I do not and will not make a privacy/security exception for a site on the ground that I’d have no choice : if I’m driven to choose I avoid the site never my privacy. Fortunately granular settings provided by (my!) uBlock Origin make it possible in almost all scenarios to combine no exception and total site’s functionality.
Martin, since this is somewhat related, do you plan on adding HTTPS to gHacks? :) I guess you’re waiting for this first: https://letsencrypt.org/
I plan to enable this soon ;)
I wonder if Firefox’s Tracking Protection or EFF’s Privacy Badger is a better option.
@not_black: I use both. And the Disconnect plugin. No problems or performance hit that I can see.
no one can stop server-side tracking.
So, looks like the Firefox I once knew is gone!! I just had it in my head that maybe Mozilla will reconsider their unnecessary decisions, I guess not.
Well it’s a good thing the Pale Moon Team has my back.
How is this feature a bad thing? People will crap on literally any decision Mozilla makes these days, its ridiculous.
@Dave @LimboSlam Mozilla is only supporting Microsoft in their submission of Tracking Protection as a proposed W3C standard. See my post below for more info.
Let me rephrase what I said up above, ok.
Yes, there’s nothing wrong with Firefox doing everything an add-on can do, for the average user at least. Now here’s what I see it as:
Who needs add-ons when we have an all-in-one package, who needs to read up on how to properly protect themselves with programs and use add-ons to extend the browser functionality when we have our browser/ant-malware/social-media with built in live video chat and more!
This is not good, just like having an anti-virus/security suite doing to much all at once is not good. This is because it will slow down you system and may even compromise your privacy and security. Plus, it feels more and more of a less flexible /configurable Firefox I once new; what happened to users choice??
But hey, if it works for that’s great. For me, it’s not my cup of tea, sorry guys.
It’s bad because it bloats the browser and removes user choice. You can still install uBlock Origin, but you must have the Mozilla version as well, even if you turn it off. This is the opposite of what Firefox was built for.
On top of this, they could easily bundle the feature as a first-party extension and put it in the install directory. That would be OK, but they are baking the code into the browser instead.
Add this feature to Chome, yes. Opera, yes, IE, yes, Safari, yes. But do not add it to the free browser. This browser is as sacred as a piece of software can get. That’s why people are on Mozilla’s case when they add unnecessary services to it, and that’s why even a security measure like Signed Extensions is opposed. That goes against the core of what Firefox is.
Martin, do a feature on why Firefox matters please and how Mozilla Corp is ruining it.
@svim, that’s human nature. There is a rational, legitimate anger (all of us here of course!) but also a trend to participate to runs of hatred, even more on social sites. I’ve often noticed that an article, a post, a simple comment attracts much more users when its content condemns than when it glorifies (this does NOT imply it is the author’s aim). I guess life is tough for many of us and that abandoning oneself to negative comments appears as a relief or/and as a way to persuade ourselves that we are not of those that accept to be tricked because we know better, and we say it! — Trying to be objective is an option we may not even think of when emotion is involved. We, human beings, are indeed very special :)
>> People will crap on literally any decision Mozilla makes these days, its ridiculous.
I agree, it has gotten quite ridiculous. Funny thing is no one is being forced to use Firefox, it’s completely free to use or avoid. But the haters gotta hate and the trolls gotta troll.
You sound like a shill to me.
What’s the problem with Firefox allowing users to block tracking services directly from optsions? o.O You make it sound like it’s a bad thing. I only wish they’d allow me to add my own filter list ABP-like so I can block everything; may be in future.
I’m not saying Pale Moon may not be a good browser, but really, such a comment towards a feature that actually helps the user indicates blind fanboyism and nothing more.
_____________________
It really sounds more like a bot now that I’m reading your comment again. Could fit any Firefox-related article, lol.
Pale Moon is shit. It’s not even a decent Firefox fork. It’s being “developed” (or rather compiled) by one guy from older Firefox source code. From a security point of view, it’s a disaster.
@not_black: Please read rumor control here: http://forum.palemoon.org/viewtopic.php?f=4&t=7818, but to answer your specific feedback, please read these two facts:
1.) Rumor: “Pale Moon is a one-man show and does not have the manpower to keep up with Firefox”
***FALSE***
“Pale Moon is no longer “just me” and hasn’t been for the majority of its life. There are some talented and dedicated people at work in our little community to make Pale Moon what it is, and actually has seen support in many ways by many people over the years. The fact that I am the one leading this project and holding the keys and making the overall decisions about direction doesn’t mean that no others are involved. To name a few other people currently actively helping with the project’s core development: Matt A. Tobin, Travis W. (trava90), BitVapor, Axiomatic. Don’t forget our beta testing team, either. Or the people helping with extensions and extension compatibility. Or theme porting (thanks Ryan!). Or even the community as a whole providing support to users. People doing translations. I can go on. One man? I think not. Of course since it’s crowdsourced, it’s easy to forget the numerous people in the background who play their part, but please don’t forget them.”
2.) Rumor: “Pale Moon is just a rebranded rebuild of an old Firefox version”
***FALSE***
“Pale Moon has been on a divergent path with its own code for a long time already. It was a rebuild in 2009, yes. It was a rebuild with minor changes in the Firefox 4.0 era, yes. But we’ve come a very long way since then with an increasing amount of different code being carried over each time it was re-based on later Firefox code. It’s a true fork now and has been employing rapid development (as opposed to rapid release) to solidify this independent direction with its own focus and attempt at keeping the browser sane, lean, and offering users choice and stability. At the same time, Pale Moon’s focus on security and evolving networking standards has added features and kept pace with those developments in other browsers, by e.g. adding TLS 1.1/1.2 support a while back, by offering OCSP-stapling, by keeping a close eye on encryption and the browser’s security by continuing to port or re-implement security fixes that apply to Pale Moon as a browser. It is neither old nor outdated, it is not a “rebuild” and it does not use obsolete technologies or have security holes.”
@Ron C. I agree, Pale Moon is definitely not a disaster, only another approach, and it’s no longer meant to be a fork as it has emancipated from its referent for some time now. The debate remains opened between pro and anti specific browsers but none IMHO (or perhaps unknown exotic ones) deserve the qualification of “disaster”. There’s a lot of work in Pale Moon, much more than a simple fork requires.
EDIT : where did Ron C.’s comment go ?!
You’re either a troll, or completely ignorant. Pale Moon is NOT a security disaster. Stop lying.
http://forum.palemoon.org/viewtopic.php?f=24&t=5075
Don’t forget that Internet Explorer already has this feature and has had for years. Microsoft unfortunately decided to not bring it back in Edge because they believe that extensions will cover the needs of those who want it.
Yes, and it admits lists as Easy list, easy list + fr, etc
It seems it’s an euphemism for “ad blocker” : it has the same result as an adblock extension in FF or Chrome
Edge is a very light program : there is nothing in it