Firefox 48: blocklist against plugin fingerprinting
Firefox 48, out August 2, 2016, will block known plugin fingerprinting services thanks to a new blocklist that Mozilla developed to improve user privacy.
Fingerprinting techniques use various methods to identify and distinguish devices. Anything that the browser reveals on its own is used for instance. Methods may parse the user agent header which reveals the operating system, browser version and other information.
Apart from information that is revealed on connect automatically, scripts may be used to get additional information.
If Adobe Flash is installed for instance, sites may grab the list of fonts and other information.
Firefox plugin blocklist
And that is the area that Mozilla improves in Firefox 48. The browser ships with a new blocklist listing Flash SWF files that were identified by Mozilla as fingerprinting files.
Basically, what happens is that Firefox blocks connections to these fingerprinting files automatically starting with version 48.
The feature is useful to Firefox users who have Flash installed on their system and enabled in Firefox.
Mozilla did crawl the top 10,000 Alexa websites and analyzed SWF files loaded on those sites. The organization plans to run crawls regularly to catch new files.
The list distinguishes between fingerprinting and supercookie SWFs.
- Any file smaller than 5x5 pixels that called enumerateFonts() and ExternalInterface was categorized as fingerprinting SWF and put on the blocklist.
- Any file smaller than 5x5 pixels that called SharedObject and contained the string "cookie" was categorized as a supercookie SWF and put on the blocklist.
The blocklist covers only Flash functions. One reason for that is that all other plugins are set to click to play in Firefox. Another, that Mozilla will disable all plugins but Flash in Firefox 52 (with an override), and all but Flash completely in Firefox 53.
Control the blocklist preference
The plugin blocklist feature is already available in Firefox 47 but disabled by default. You may enable it however to make use of the blocklist feature right away instead of waiting for the Firefox 48 release.
- Type about:config in Firefox's address bar and hit enter.
- Confirm you will be careful if a prompt appears.
- Search for firefox-safebrowsing-blocklist.
- Double-click on the preference.
Setting the value of the preference to true turns the feature on, a value of false disables it. If you have no need for it, or if you notice issues on sites then this may be what you need to do. Some users may run extensions that block these type of files automatically as well so that they have no need for it.
You may take a look at the blocklist on the project's Github page. This may be useful if you want to know what gets blocked, or if you want to port the list to another browser.
Better protection against browser fingerprinting is always welcome. It appears that Mozilla is starting to put the focus on privacy enhancing features in Firefox. While Firefox provides you with better privacy controls than other browsers already, it is one area in which Mozilla can outshine Google's Chrome by a large margin.
The organization announced recently that it will integrate Tor privacy settings in Firefox natively as well.