Mozilla plans to push Tracking Protection in Firefox
Mozilla plans to push the built-in Tracking Protection feature of the organization's Firefox web browser in the coming releases.
Firefox will display Tracking Protection options in the browser's user interface more prominently, and Mozilla plans to rename the feature to Smart Blocking eventually as it will block other potentially unwanted content in the future as well.
The organization launched Tracking Protection in 2014 in development versions of Firefox for desktop operating systems and Android, and integrated Tracking Protection in Firefox 39 Stable for the first time in a release version of the browser but in disabled state.
Work continued on Tracking Protection and several new features landed: first the ability to select Tracking Protection lists, and then a Firefox Test Pilot experiment to gather additional date.
It took until Firefox 57 to extend Tracking Protection to all browsing and not private browsing sessions.
Tracking Protection in UI
Firefox users can enable Tracking Protection under Privacy & Security on the browser's options page currently. An option to switch from the private-windows exclusive mode to always is provided, and as are options to add exceptions and change blocklists.
Mozilla will add a Tracking Protection link to the main menu of the Firefox web browser, and display Tracking Protection controls when users click on the shield icon next to the address bar as well if content on the site is blocked. Plans are underway to rename Tracking Protection to Smart Blocking eventually. Tracking Protection will also be displayed when users click on the info icon so that the feature can be turned on without having to do so in the browsing preferences.
The organization revealed recently that it plans to add more protective features to Tracking protection, namely crypto-mining and fingerprinting protections. Since some of the new blocking options have nothing to do with tracking, it was clear that the feature needed to be renamed to reflect the functionality increase.
The final stage of the rollout displays Smart Blocking controls when users click on the shield icon that Firefox displays if content is blocked. There users may enable or disable protections individually and report site breakage to Mozilla. Some sites may break if you access them with Smart Blocking enabled; you can report breakage to Mozilla and select which issue you experienced, loading issues, missing content, malfunctioning, or other, that you experienced.
Users may "trust the site" as well using the menu to add it to the whitelist.
Closing Words
Mozilla seems to be inclined to push Tracking Protection in Firefox finally. I still think that Mozilla lost a big chance back in 2015 when it did not make the protective feature a major component of the browser. Considering that Tracking Protection speed up the loading of web pages by up to 44%, it would have given Firefox a much needed boost in its fight against Chrome's dominance on the desktop.
The improved Smart Blocking feature is a welcome feature nevertheless. Check out this bug for additional information.
Now You: Will you use Tracking Protection / Smart Blocking? If so, on its own, or with other content blockers?
“Will you use Tracking Protection / Smart Blocking? If so, on its own, or with other content blockers?”
I habitually enable all the privacy protections a browser has to offer, so yes. However, I don’t consider such protections to be my primary defense or rely on them to actually be effective. Instead, I use multiple other methods to protect against tracking (including NoScript in the browser, very strict firewall rules, and using the host file to prevent accesses to known bad domains.
Behind the scenes connections cannot be blocked.
Who protects the user from Mozilla
Thanks God Mozlla won´t prevent me from buying crypto, as I am crypto addicted, buying several different coins at ccshop.info very easily. But not mining at all, that is too complicated for me.
Please don’t use “crypto” as shorthand for “cryptocurrency”. “Crypto” has a long-established use as shorthand for “cryptography”.
Pedantic, I know, but I’ve been seeing an increasing number of people using “crypto” this way, and it’s causing an increasing amount of confusion.
@Coriy
“Now if there was just some way to kill Mozilla’s built-in tracking, you know the one, called Sync.”
Try the Tor Browser Bundle.
If you want to use a real hosts file:
https://github.com/StevenBlack/hosts
Now if there was just some way to kill Mozilla’s built-in tracking, you know the one, called Sync.
Sync is not on by default, you have to sign up to it and can log out at any point. And it’s end-to-end-encrypted. You can also run your own Sync server, if you don’t even trust the encryption.
It’s a mystery to me why Firefox in 2014/2015 did not aggressively push anti-tracking measures. It’s extremely easy to implement and would have been an enourmous advantage for their marketing.
Because of politics. As a browser, you have to cater not just to your users, but also to webpage owners, who would like to run personalized ads, know what people look at on their site etc.
If you push anti-tracking too much, those webpage owners will not be making money off of people using your browser to visit their webpage anymore. So, they’ll stop building things against it, fixing bugs for it etc.
Which is especially the case, when your market share is low to begin with.
And webpage owners not building things against your browser will again have a negative effect on happiness of your users, on your market share.
This dynamic hasn’t changed.
What has changed, is the public eye for this. The Cambridge Analytica scandal made people watch out for this sort of thing more again, meaning it is currently actually probably worth for Firefox to piss off webpage owners to please users, to generate more market share.
Also, they are technologically in a better position. Another factor in this is how dependent you are on webpage owners to do custom things for your browser. If you support all of the same technologies in the same way as the other major browsers, and without bugs, you can piss off webpage owners all day long.
And in this respect, they gained in performance and just general cleanliness of their code base, i.e. likelihood that they can quickly implement new technologies.
However, they often don’t want to support all of the same technologies in the same way as as Google, Apple or Microsoft.
Those three for example were very happy to throw in DRM. Mozilla caved in and implemented it, too, so people watching Netflix maybe would not all leave the browser immediately (though they still don’t support the same level of DRM, which would grant them higher resolution).
Another such example is the battery API. At some point, it became clear that no one was using it, except trackers. So, Mozilla nerfed it, to only allow rough readouts.
And there’s probably thousands of these tiny difference between the browser engines.
And in this respect, Google has actually come closer. They’ve started using their browser to block out ad tech competitors. Their “acceptable ads” concept is obviously tailored to have their ads be acceptable, effectively mostly blocking competitors’ ads. So, they too are making life harder for webpage owners, even if they’re absolutely not dealing in the interest of the user.
And as a result, Mozilla can, too, be more annoying to webpage owners.
Yeah, and that is just a rough image of all the stupid politics surrounding browsers.
If you are a user, please vote for Firefox, or at least not for Chrome/-ium.
The problem with this ‘Because of politics’ view is that a browser like Firefox has to be pro-active about user protection and change, otherwise it is not “For the users” like Mozilla claims.
It got so absurd with the passive stance of Mozilla that Safari (ITP2, upcoming Fingerprint Protection.) and Chrome (Adblocking, SSL push, First Party Isolation and other security enhancements) are more pro-active about security and privacy than the self-proclaimed privacy browser.
I think you’re overestimating the contribution and power of webpage owners and underestimating the usage share of Firefox when you say that if Mozilla had blocked trackers before they would have found ways to cripple it significantly in retaliation.
You might be more right about the DRM problem. But the FSF estimates that if Mozilla had not caved in and if more generally the DRM had not become a sort of official web standard, corporations like netflix might not have risked losing all non-DRM browser users by enforcing its use, and they wouldn’t have risked using non-browser applications instead of the web. I don’t know who is right here but I know that I can’t trust Mozilla for giving a fully honest account of the balance of power here because they love being corrupted.
I’ve always liked Firefox for its emphasis on privacy control, but it seems that within the last few years that aspect got de-emphasized in the rush to add new features. I’m glad to see them re-emphasizing basic privacy/tracking control. It’s clearly something that many people want.
You need to see beyond the hype.
Mozilla just doesn’t want to share your data so it will be more profitable to them.
…to the non-profit. Right.
They legally cannot make profit. No, the Mozilla Corporation not either. They are a 100% subsidiary of the Foundation, meaning any profit they do make, which they do not choose to reinvest, they have to pay out to the Foundation, where it is again in non-profit hands.
As I said in another comment, the bottom line is that Mozilla’s business practices are too dirty to fit alone inside a non-profit. So yes it’s technically for-profit, and most importantly in practice they behave like the worst of for profit.
While we’re talking about tracking, do you plan to get rid of Cloudflare ?
http://cryto.net/~joepie91/blog/2016/07/14/cloudflare-we-have-a-problem/
Your readers would be grateful for this sign of respect !
Let me guess, still using Disconnect’s craptastic lists and no option to change it? Nothankyou. I disabled every option related to this feature and blanked all fields related to its updating in about:config. Waste of resources on my PC and waste of development time on their end.
https://wiki.mozilla.org/Security/Tracking_protection#Lists
It is better to use uBlock Origin (uBO) because it is more complete in its blocking, and the author is more trustworthy than Mozilla.
It is also better in addition to leave tracking protection off, because this way you have more control, you can see in the uBO logger what is blocked/ignored/whitelisted and by which list and solve the problems in case of bad or missing blocking rules, while Mozilla Tracking Protection is more opaque.
And now comes the part where you explain how exactly the uBlock Origin dev is more trustworthy than Mozilla.
I do trust him, but that claim is ridiculous.
The Mozilla Foundation is a multi-national non-profit organization with thousands of journalists watching their every move.
Yes, the Mozilla Corporation is not legally a non-profit, but it’s a 100% subsidiary of the Mozilla Foundation, meaning any profit they make, which they do not choose to reinvest, is paid out to the Mozilla Foundation.
The uBlock Origin dev on the other hand is a single guy, with no profit limitations. He could change his mind about not making a profit at any point. Might even get extorted by the NSA to track users. Sure, he’d also be relatively replaceable, if that was discovered, but there’s some hardly discoverable things, he can easily do.
Like making it so that uBlock Origin does not actually block Google Analytics properly, seemingly because of a bug.
Furthermore, that claim is ridiculous, because you are using an entire browser made by Mozilla. If they wanted to keep anti-tracking from working, it would be absolutely no problem for them to patch the API-implementation that uBlock Origin and others interact with, to only seemingly block most tracking.
So, you already have to trust Mozilla anyways. It’s extremely unlikely that an evil Mozilla would make their native anti-tracking feature dysfunctional while not also killing extension blockers.
“So, you already have to trust Mozilla anyways”
No, you really don’t. It’s just very convenient to do so. There are numerous methods to protect yourself from tracking that don’t require the support or cooperation of the browser manufacturer.
“The Mozilla Foundation is a multi-national non-profit organization with thousands of journalists watching their every move.
Yes, the Mozilla Corporation is not legally a non-profit, but it’s a 100% subsidiary of the Mozilla Foundation, meaning any profit they make, which they do not choose to reinvest, is paid out to the Mozilla Foundation.”
The bottom line is that Mozilla’s business practices are too dirty to fit alone inside a non-profit. This already tells a lot about them, but let’s judge their acts now.
“And now comes the part where you explain how exactly the uBlock Origin dev is more trustworthy than Mozilla.”
For how long have you lived inside a grotto ? uBlock Origin author not only has never betrayed us, but he has shown zeal in always making the pro-user choices at every possible place. On the contrary, Mozilla keeps adding spyware, adware, DRM anti-features and pissing off its users to please the web business and its corporate partners-in-crime like Google, Pocket, Cloudflare, Cliqz… in a way that should make the traditional ethics-oriented free software community puke. Did you ever hear about the Looking Glass and Cliqz scandals just to name those ? And now they’d like users to send their browsing data to the famous NSA friend Cloudflare. And please don’t tell me it’s because the poor guys need money to eat, a huge sector of the free software community, including some for-profit, has grown for many years until now without ever needing to screw the users, it’s just plain corruption here.
“Like making it so that uBlock Origin does not actually block Google Analytics properly, seemingly because of a bug.”
Your example is illuminating because it’s precisely because of Mozilla’s change to webextensions that uBlock Origin can no longer block Google Analytics spyware on internal browser pages or on strategic Mozilla sites, should it appear there. And no it’s not a bug, it’s a feature !
“Furthermore, that claim is ridiculous, because you are using an entire browser made by Mozilla. If they wanted to keep anti-tracking from working, it would be absolutely no problem for them to patch the API-implementation that uBlock Origin and others interact with, to only seemingly block most tracking.
So, you already have to trust Mozilla anyways. It’s extremely unlikely that an evil Mozilla would make their native anti-tracking feature dysfunctional while not also killing extension blockers.”
You misunderstood my claim. I said that I trust uBO to block more things than Mozilla TP. Not only because Mozilla TP doesn’t even claim to block as much as uBO but also because even if it did, I wouldn’t trust it not to whitelist or “omit” more things that shouldn’t be because Mozilla likes to betray users for money. I also said that if TP is on you probably can’t see the requests they block on the uBO logger which this time is not a trust issue but a convenience problem, so you might want to leave TP off if you use uBO.
But actually, exactly what you thought I was afraid about actually happened too. Again, when enforcing webextensions, they modified the API so that uBO was looking like if it was blocking internal page spyware requests, while it was not ! Can’t find for now the github issue where he discovered that but it’s somewhere there… Mozilla justified these google analytics requests such as those on the about:addons page by saying they have the right to do whatever they want on their “property” (our browser).
I guess they can do it now since their market share is dropping to a low number that it doesn’t matter advertisers anymore.
Their market share isn’t dropping, their “number-of-Firefox-users-as-estimated-from-reported-tracking-urls” is dropping which could be caused by the enabled by the tracking protection that is enabled by default in private browsing. Thank you!
check your facts. Market share stats reflect the user-agent string presented via http header. Unless enabling “tracking protection” causes this header to be spoofed, it would not skew the stats.
@ams it’s yoou that should check the facts, they can’t get user-agent strings in the first place when they’re blocked!
@Blocked ffactss: ” they can’t get user-agent strings in the first place when they’re blocked!”
As a blanket statement, this isn’t true. It depends on how they’re doing the tracking. If they’re using beacons, buttons, or requesting any scripts, images, or HTML from a tracking service’s servers, they absolutely have access to the user-agent string.
I’ve enabled tracking protection a long time ago, but I don’t know if it’s really useful because of addons like NoScript, uBlock, and others already doing the job…
Mozilla uses the disconnect.me anti-tracking list. Seems to work well.