Firefox 67: Cryptomining and Fingerprinting protection
Mozilla plans to launch cryptomining and fingerprinting protection in Firefox 67 to improve user privacy.
Cryptomining and fingerprinting protection block JavaScript cryptominers and certain attempts by websites to fingerprint the user.
The organization revealed in 2018 that it had plans to improve privacy in Firefox. Mozilla added content blocking options to Firefox 63 -- an update of the browser's tracking protection functionality -- and that it wanted to add more protective features to future versions of Firefox.
If things go as planned, Firefox 67 will feature options to block JavaScript cryptominers and certain fingerprinting attempts.
Cryptominers use the resources of the connecting device to mine cryptocurrency; this leads to an increase in CPU activity and power consumption. Depending on how the miner is configured, it may slow down the entire system and all operations on it as well.
Fingerprinting protection is not a new feature. Fingerprinting refers to techniques to create user profiles for tracking using information provided by the connecting browser and device, and certain scripts if permitted to run. Mozilla introduced a preference to block some fingerprinting methods in Firefox 41.
First signs of an integration in Firefox's main user interface showed up in May 2018. Mozilla showcased extensions to the content blocking functionality back then that included options to block analytics, fingerprinting, crypto-mining, and social tracking.
Only two of those, fingerprinting and cryptomining protections, will find their way into Firefox 67. The options are displayed when users click on the site information icon next to the site URL, and when they launch the privacy options in the Firefox settings.
Select custom on the settings page under content blocking to display the new options. It is not clear yet if these options will be enabled by default or if users need to enable them manually in Firefox 57.
Just check cryptominers and fingerprinters there to block these on all sites. You may still add exceptions if you want some sites to use the functionality. It is possible that the blocking may block some site functionality from executing correctly.
Firefox 67's release date is May 14, 2019.
Closing Words
The introduction of additional protective features is a long overdue step considering Mozilla's stance in regards to privacy. It remains to be seen if the options are enabled by default or turned off; it would not be of much use to the bulk of users if the latter is the case.
Mozilla is still facing quite the dilemma when it comes to user privacy and content blocking: adding full content blocking options to Firefox would set it apart from Google Chrome. It would improve user privacy, speed up the loading of sites, and be beneficial to security as well. Mozilla's survival depends on its deals with search engine companies, on the other hand. It is doubtful that Google and others would pay Mozilla a premium for being the default search engine if the Firefox browser would block advertisement by default.
Now You: What should Mozilla do in your opinion in regards to content blocking and privacy? (via Sören)
“What should Mozilla do in your opinion in regards to content blocking and privacy?â€
1) Block all malicious ads that can cause users to get infected with malware.
2) Block all trakers that don’t observe Do Not Track.
Even Google couldn’t disagree with these 2 solutions.
Users who don’t protect themselves deserve no protection. When businesses like Mozilla offer protection it means dependency. That is the business itself. The lame user protected undeservedly in exchange for his freedom. It is a modern adaptation of slavery.
The irresponsible demands opportunities, The state(Mozilla) offers “equality”. It all is politics.
This is communism. Mozilla itself can’t create technology, it buys it, it buys men who can, and has the rest working for free. Google does exactly the same. It is corporate parasitism.
Don’t you have something better to complain about than web browsers?
“What should Mozilla do in your opinion in regards to content blocking and privacy?”
Keep up the work and don’t fuck up webRequest API. That’s good enough.
“Firefox 67’s release date is May 14, 2019.”
It is worth mentioning that a full version of so-callde *The Contract for the Web* will be published in May too.
We’ll see if any change would take place by then.
https://contractfortheweb.org/
This is the best update from a very long time, cryptomining using web browser is the worst.
Martin, a quick comment. I disabled uBlock Origin. uBlock Origin helps me a lot on YouTube. =)))) Selected sites I disable it!!
I’m pretty sure Mozilla could implement literally any feature and there’d be a swarm of users criticizing it no matter what here.
Firefox once was a small browser with many extensions to do the special jobs. There are already many anti-coin-mining extensions available, so I see no necessity to implement one. I suppose, they do so for all the people who have never used any extensions and maybe even don’t know, that they exist. ðŸ˜
I’ve tried many variations of these things and you definitely have to pick the right trade offs among anonymity, functionality, tracking and annoyances. I tend to lean toward higher functionality with one blocker, many about:config mods and use a VPN for more anonymity if needed. Sites that break are rare and mostly disposable anyway. Start piling on blocker and tracking add ons and functionality can become very poor.
I doubt the vast majority of users care about privacy enough to do anything about it (maybe that’s not true for FF users) so leaving these settings off so some sites don’t break makes sense as long as the new preferences are highlighted in the release notes when they’re incorporated. One would have to read the release notes, of course…
“What should Mozilla do in your opinion in regards to content blocking and privacy?”
Given the direction that they’re taking Firefox, they don’t really have a lot of good options here. Their plan is probably the best one available.
Caution, many Firefox users are not specialists and don’t use ublock urigin (and sometimes no adblock extension at all) and don’t know what cryptomoney mining is and some adblock erxtensions don’t have the nocoin list by default. This feature may be useful for them. And the feature is not compulsory.
@Anonymous @ADW:
We have to accept the fact that most users will not bother installing privacy-focused extensions, or even take basic precautions for their own digital safety (not to mention privacy). And I’m sure we all have seen this behavior from friends, family, coworkers, etc.: some are not aware of the privacy implications of browsing the web and some simply don’t care enough (or at all) to do something about it.
Therefore this is an actual improvement for the browser, the end user and privacy in general. Is not that I disagree with what you are saying, but I’m just trying to bring another perspective about what is being said before the bombardment against Mozilla starts yet once again.
With that said, I will agree with that uBlock Origin and other extensions do a great job at blocking malicious scripts and I highly recommend it to everyone reading this. It’s a very powerful yet very easy to install and use right out-of-the-box, and is also very well documented if you like to use it to it’s fullest. I would also encourage readers to read a little bit about how to tweak Firefox, and if you are even more curious about ghacks.js:
https://github.com/gorhill/uBlock
https://www.privacytools.io/#about_config
https://github.com/ghacksuserjs/ghacks-user.js
“We have to accept the fact that most users will not bother installing privacy-focused extensions”
That’s why I said they should instead bundle ublock origin, I mean having it included automatically at Firefox installation, with no need for users to install it separately. I’ve seen Firefox forks on linux bundling ad blocking extensions. The problem of slightly higher risk of occasional site breakage compared to Firefox built in content blocker would be more than compensated by the increased security, privacy, browsing speed, and visual space decontamination. Blocking all ads out of the box would be a great selling point for Firefox. But I’m curious if their new extension recommendation system does even recommend ublock origin ?
Firefox can’t do that and in my opinion shouldn’t do because if they do this websites owners become angry and will abandon it and may also prevent its users to browse their website and also like what martin said google also may stop paying to firefox to making google the default search engine for firefox and then may also mozilla and firefox will die in the long term.
This is how I see it too. For my own usage case (that of a semi-advanced user), it makes sense to stick to uBlock Origin and turn off the Firefox protections. But for everyone in my family who doesn’t know enough to use uBO without “breaking the internet”? They will be do much better with the Firefox protections. Plus, the sudden adoption of better tracking protection by millions of people will mean that uBO users won’t stand out from the pack as much.
Looks like Mozilla is preparing for the end of uBlock when they have to copy Chrome and follow Chrome extension manifest v3…
That doesn’t make sense since Firefox already extends the webRequest API beyond what Chrome does, so you have cross browser APIs for add-on developers AND extended capabilities beyond the “standards”.
This move is aimed at protecting more users who run with default or close to default configurations.
Now that Cryptominers are already a thing of the past, and no longer a problem, Firefox includes a protection? lol.
This has to be a joke. The height of this malware was in 2017 already. It is not even profitable anymore.
It should not take more than a couple of hours for a browser maker to implement a standard cryptomining blocker into a browser, as you simply need to block one single script from running (coinhive).
I’m glad Firefox is finally trying to block crypto exploits, but I agree that it’s one year too late.
The culprit is Java (of course) for being a security nightmare.
After the $190 million dollar QuadrigaCX debacle, you’d have to be beyond stupid to invest in crypto (but that won’t stop some people from trying to mine crypto on YOUR computer for free).
Better late than never.
Here’s more background info: https://www.theregister.co.uk/2018/08/15/coinhive_mining_money/
It wasn’t even profitable in 2018.
Their study should be good for creating an efficient blocker: https://arxiv.org/pdf/1808.00811.pdf
Another Firefox feature to turn off by default. Their “protections” only break sites and have no real protection value on any but Mozillla’s tests.
And it will be turned on again against users will or interaction on every Firefox update.
The “reinvention” of uBlock Origin by Failzilla.
And how many percentages of people actually use uBO?
Integrated solutions is good for normal users, even if power users don’t care.
No doubt will be sabotaged by Googlesoft.
If this new part of fingerprinting blocking is just based on content blocking (not advanced techniques like faking canvas readout), then ublock origin does it already out of the box with its anti-tracking lists, and probably better than Mozilla. There is a more advanced anti-fingerprinting mode in Firefox that lies to sites to confuse fingerprinters and may break sites but I doubt that they consider it newbie-friendly enough to expose that part so much in the settings.
ublock origin takes care of miners too out of the box.
There is so much inflation in their built-in content blocker that at that point it would make more sense to just bundle ublock origin. But they want to keep control of what’s being blocked and especially they want us to see ads (until maybe they block non Google ads like Chrome some day). I’m afraid that some day they cross another line and finally become arrogant enough to implement political blocking in line with their foundation’s campaigns.
I don’t have it in my Nightly 67 up to dated