Mozilla: there is a high probability that your browsing history can be used to identify you
There is a very high probability that individual Internet users can be identified by analyzing the browsing history alone, according to a new study by Mozilla.
Mozilla published the results of a recent study in the research paper "Replication: Why We Still Can't Browse in Peace: On the Uniqueness and Reidentifiability of Web Browsing Histories" [PDF link] which it presented at the USENIX security conference earlier this month.
Last year, Mozilla asked Firefox users to participate in an experiment to find out how effective the browsing history is in identifying users on the Internet. The collected data resembles the data that third-parties may collect through various tracking mechanisms on the Internet.
About 52,000 Firefox users agreed to participate in the study which ran over the course of two weeks. Users would share the browsing history in the first week and in the second, and Mozilla would analyze the data to find out if the first week data could be used to identify users based on the second week data.
The researchers managed to identify nearly 49,000 "distinct browsing profiles" and discovered that 99% were unique.
50% of users could be identified using the top 10,000 websites if the users visited at least 50 distinct websites in the period. If users visited 150 or more sites, the probability of identification increased to 80% using the top 10,000 websites as the data pool.
The data confirms a study from 2012 which used a different way of gathering the data. Back then, researchers set up a test site and used CSS code to identify sites from a 6000 domains list to find out which of these sites users had visited. The 2012 study concluded that 97% of visitors had a unique list of sites based on the 6000 domains list, and that the data alone could be used to track users across the web.
Mozilla's data was more accurate because it received the entire browsing history of users who participate in the studies.
The study confirms that third-parties may use the browsing history to create user profiles and track users across the Internet provided that they manage to gain access to a large portion of a user's browsing history. Facebook and Alphabet, Google's parent company, observe large portions of the web based on the analysis of third-party scripts in the browsing data. Alphabet access (Google) was found on 9823 of the top 10,000 websites, Facebook access on 7348 sites. "Numerous companies" with access in the 2000-5000 range of the top 10,000 sites were also detected.
The researchers recommend that users enable privacy protections in their browser of choice to reduce the tracking capabilities of these companies.Â Disabling or limiting third-party cookies, using Containers ( a unique Firefox feature), modifying default privacy settings, deleting data regularly, and installing privacy extensions may limit a company's ability to identify a user based on the browsing profile but these methods may not eliminate the thread entirely.
Now You: Do you protect your privacy online?
I’ve been using the Never Remember History feature (basically launches Firefox in Private Browsing mode), since it was introduced.
I don’t know but I get attracted towards articles when I see Mozilla or Firefox in the title.
White said on September 1, 2020 at 9:18 am
I donâ€™t know
@Chrome is better
Yeah, but why? ;-)
Yeah, but he’s hoping he could draw out some sort of a response that would allow him to name drop Brave again.
You are acting as if I was sitting next to you, holding a gun to your head while threatening to press the Firefox uninstall button, lol. Jeez, don’t be ridiculous. I can’t influence what you use anyway, nor do I want to.
I am convinced of my browser for reasons, you are convinced of your browser for reasons, we don’t need to convince each other of our own particular reasons, peace out. Happy to discuss browsers in general, in case anyone is interested in a real discussion instead of fruitless hating.
I mean no offence, but as an impartial witness to the truth of things here, it’s clear to me that foolishgrunt did not act as if you were sitting next to him, holding a gun to his head while threatening to press the Firefox uninstall button, which you claimed.
Right or wrong, foolishgrunt simply predicted what he thought what your motives were here, which based or your past behaviors, was a rather logical deduction, and not “ridiculous” at all, as you also claimed.
As it is, I think you are the one guilty of “fruitless hating” here, but then I’m often wrong about such things, at least that they are often far worse than I assumed.
Also, please keep in mind that many of us don’t have a great need to be “convinced” why we use what we do, as if such requires some moral imperative to take sides and battle over, again, and again, and again..
None of my posts contain hate, actually. They contain facts that are 100% provable. These facts stand contrary to how Mozilla advertises Firefox, and since many people believe their marketing claims willingly, they feel offended when they hear something diametrically opposed to their established belief system. Only very few are capable to discuss points of contention rationally, most just take offense and cry like petulant children, attacking me as a hater or troll or what not in the process. All wrong. If I were a hater, I would post things like “Firefox is shit!” or “Don’t use this crap!” or “Ugly logo!” or similar stuff – you get the point – under articles. But I don’t, I point out that their marketing is misaligned with their actions and that’s that. End of story, if you think that I am wrong, discuss it rationally without resorting to ad hominem responses.
You or @foolishgrunt can deduce whatever you want from my behavior, claiming to know better what I do here than I myself do, it’s not like I care. If you don’t want to read my posts, there is an incredibly easy fix to that problem: Don’t read them. Problem solved.
1. Yes, you most certainly mean offence because ironically the rest of you post is invidious.
2. An impartial witness? Really? You need to look up the term.
You’re absolutely right, many here do need to be shown reality when a lot of nonsense about browsers is spewed out intentionally or unintentionally.
OMG, the OP’s post stands on its own. I can think of myriad (used it right, ppfffhhhttt!!!) questions to ask but not to a banal harmless statement of feelings.
Browsers are free, I use four of them and apparently vastly underestimate my importance to the browser world. I feel half as important as when I used only two.
Doubtful, since I run https://trackthis.link/ once daily.
Beware, this is like a benchmark for your PC :D
Let’s be clear: Mozilla announces a likely history related privacy issue on all browsers.
First, what do we understand by a browser’s history? I emphasize on this because I’ve met several users (not technically inclined) who were confused with the difference between history as a log of all visited sites and so-called ‘tab history’ which logs only each tab’s own history (go back/go forward one page).
Personally I’ve disabled ‘history’ for some time now, but not ‘tab history’ given the latter when disabled is really a handicap, IMO.
Pasting Ghacks-user.js settings/descriptions :
// 0862: disable browsing and download history
pref(“places.history.enabled”, false); // Default=true — I disable
// 1020: exclude “Undo Closed Tabs” in Session Restore (maximum number of closed tabs stored/restorable for each window)
// WARNING : This also disables the “Recently Closed Tabs” feature but not “Recently Closed Windows” or any history
// pref(“browser.sessionstore.max_tabs_undo”, 0); // Default=10 — I do not disable.
This is clear.
About the article and Mozilla’s publication. Doesn’t surprise me. In fact I’d subscribe to the idea that almost all settings have a double face, that of serving the user, that of tracking him, should I be ready to accept suspicion without technical evidence. Even one’s disk and even memory cache can reveal a user’s specificity according to the developer of the first cookie autodelete legacy addon I had contacted (his addon would not only clean cookies but also cache at predefined intervals).
More you dig more you discover inquisition behind an angel’s smile. Be it browsers themselves, be it Websites, be it in life when whatever commerce is included in a relationship and increasingly in modern times and their crisis. Fortunately worthy aims nested in worthy souls remain, and those help us all live more happily.
max_tabs_undo is 25 (gasp) as default on my system, though I do remember it as 10.
I’ve had it set to 2 for a loooooong time without issue which is not to say others don’t need higher. Five should be the default IMHO.
// 1020: exclude “Undo Closed Tabs” in Session Restore (maximum number of closed tabs stored/restorable for each window)
// WARNING : This also disables the “Recently Closed Tabs” feature but not “Recently Closed Windows” or any history
pref(“browser.sessionstore.max_tabs_undo”, 25); // Default=10 | WE SET TO 25 ( limitation of the WebExtensions API)
Filed under ‘No shit, Sherlock’.
I commend Mozilla on their advocacy for privacy on the web, I just don’t think many web users really care that much to switch to Firefox. Seems like Mozilla has been banging that drum for some time now and it really has not paid off for them.
Why was my comment blocked? It’s just an opinion I have my reasons for.
Well, the more privacy addons you use the more uniqueness fingerprinting you have. Am I right?
So you can never escape identification except with the Tor browser.
“There is a very high probability that individual Internet users can be identified by analyzing the browsing history alone, according to a new study by Mozilla.”
So, my unschooled question is: Why? Assuming I am not a spy for a foreign country or a mega conglomerate, what possible use could my identity be to anyone?
You’re basically the prime target for identity theft. You’ll be framed for a Mossad hit next week.
They say it’s just for advertising and such, but it’s clearly far worse than that. They clearly want to put chips in our heads and turn us into robotic slaves! Unplug before it’s too late!
For more of the truth, watch Slipstream (2007), if you so dare!
I use a VPN and regularly switch servers based in different countries. Other than that I usually delete search engine browsing history a few times a day.
I’ve also installed the usual array of addons to protect my privacy i.e. Privacy Badger, CanvasBlocker, Decentralize, ClearURLs etc.
Browserleaks.com always says I have a unique fingerprint though (0 of 528769 user agents have the same signature). Don’t know what to make of that.
Regarding Decentraleyes, this one seems to be pretty much abandoned now, which is why I replaced it with LocalCDN. See these comments:
Also, have you noticed my reply to you here?
Worrying about fingerprinting is okay, but last time I checked only about 3.5% of all websites actually did it. Using various browser extensions makes you more fingerprintable, however, without those, you are weakening your privacy in other ways, lifting your protection against threats you’ll encounter far more often.
@ Iron Heart,
Yes, I’ve seen it already, but Waterfox Classic doesn’t support LocalCDN so I don’t have a choice.
But I’m glad your post popped up when I opened the link to this page since I’ve just installed Brave. I’d already made a copy of all your settings from the other link, but I regret to say I’m disappointed with it.
My main reason is that there’s no option to use a VPN with it. In that respect I use Mullvad, but connect via the Wireguard client which requires a private and a public key. For that I need browser access to the Advanced / Network setup where I can enable a SOCKS5. When I try to find something similar in Brave it just opens IE11 LAN settings menu. That’s no good to me.
Now bear with me if you will….
Secondly, much to my disgust I discovered about an hour ago that all my privacy settings in Waterfox don’t help to prevent a site identifying my location. That happened after reading an article on nos.nl about a parliamentary party called PNVD. This party a.k.a. the ‘Pedo-party’ in the Netherlands advocates sex with children which I find absolutely abhorrent. The NOS article contains a link to an online petition to lobby the Dutch parliament to ban them. Here’s the link to that: https://secure.avaaz.org/community_petitions/nl/tweede_kamer_stop_de_pnvd/
So this brings to where Brave fails as well in that even after enabling all your settings the petition site still identifies my location. So where’s the privacy?
Maybe there’s no way to make yourself anonymous regardless of which browser you use. Perhaps Tor would be the answer, but I don’t need Brave for that.
I’ll go check with Mullvad in a minute to ascertain what their view is of Brave is, but it’s not looking good so far.
You can configure a SOCKS proxy server in Chromium, the same instructions have to be followed in Brave which is Chromium-based:
As for the other problem, make sure to disable DNS over HTTPS first, as that might interfere with any other settings you apply:
Also, always deny access to your location here:
This is the equivalent of the Firefox about:config setting “geo.enabled” being set to “false”, by the way. Now, websites can still, even with those settings disabled, monitor your location via your IP address, which gives them an approximate location at least. The only way to prevent this is to obfuscate your IP address, this is possible either via VPN or via the Tor network.
If your real location was found out on both Waterfox (which is based on FF / Gecko) and Brave (which is based on Chromium / Blink), then I suspect the “problem” lies deeper and extends beyond browser choice. You might want to make sure whether or not your VPN is set up correctly.
The highest anonymity is provided by Tor because it is built for said purpose, however, keep in mind that…
– Tor is more willing than other browsers to break websites in order to ensure privacy, this might sometimes compromise your browsing experience.
– Tor is slower by design (relay system).
– If the exit node is used by criminals as well as you, investigations might erroneously implicate you even if you were not the criminal in question at all. Yes, stuff like this has happened, unfortunately.
Brave, Firefox, Chrome, Edge, Safari, Vivaldi… All of them, are general use browsers, of which some try to achieve a solid privacy level without being as extreme as Tor (with all consequences that entails). I think Brave, Firefox, Ungoogled Chromium properly set up with a VPN should be enough for anyone who’s life isn’t necessarily at risk (e.g. investigative journalism in totalitarian regimes), provided your setup is operational.
You might also want to check out ProxySwitchyOmega in case the native method of Chromium I linked to doesn’t for you:
It’s also 100% open source and extremely popular (see download count Chrome Web Store).
@ Iron Heart,
It’s OK, Mullvad gave me the necessary path to be added to the Brave shortcut Target. I’ve tested it already on browserleaks.com.
@TelV That online petition indeed did know my location. Then I switched Nano Adblocker to advanced user and blocked 1st-party scripts, 3rd-party scripts, and 3rd-party frames for this site. Now avaaz.org doesn’t see my location anymore.
Of course I signed the petition then.
Stupid me. Yes, blocking the script that sniffs for the location would work as well. Thank you for giving @TelV this useful hint. It has been a long day for me and it shows…
@Iron Heart and I forgot that TelV is using Waterfox Classic, so my hint is useless for him.
Seems we are all a bit tired :-)
Thanks for the tip. Unfortunately Nano Adblocker is not supported in Waterfox Classic (read Firefox 56.3).
@ Iron Heart,
More not so good news re: Brave.
I ran browserleaks.com WebRTC test and Brave doesn’t fair so well in the results. Here’s a screenshot: https://imgbox.com/IxBVPw9t
The image on the left was taken from Waterfox Classic with “media.peerconnection.enabled” and “media.navigator.enabled” both disabled in about:config.
However, there’s no about:config in Brave as we both know so I installed the WebRTC Network Limiter (recommended by Browserleaks). But none of the settings serve to produce the same results as using about:config in Waterfox as can be seen in the right hand half of the image.
You don’t need Nano Adblocker specifically, uBlock Origin can be used to the same effect.
As for WebRTC, setting the WebRTC policy of Brave to “Disable Non-Proxied UDP” under brave://settings/privacy will already prevent the IP leak. There is also a setting in uBlock Origin / Nano Adblocker that can be used to the very same effect. This is where I stopped, personally.
However, one can also disable WebRTC completely in Chromium / Brave. The extension WebRTC Network Limiter is not the tool to do that, though. You need WebRTC Control instead:
Go into the extension settings and disable all WebRTC features. After you have done that, go here to check for WebRTC support, it shouldn’t show support anymore:
Don’t forget to allow the extension in private browsing mode, as well.
There’s a post coming up which Martin hasn’t approved yet presumably, but in it I thanked you for the tip, but said I couldn’t use it because Nano Adblocker isn’t supported in Waterfox Classic.
But due to a mental aberration on my part I forgot that we’re talking about Brave and not Waterfox. So please ignore my comment when it arrives. ;)
Oh..and I combined it with comments intended for Iron Heart.
@TelV Ik was ook in de war, vergat dat jij Waterfox Classic gebruikt :-)
Bedankt voor de tips. Ik zal ze in de gaten houden. Maar let op. Als je de petitie heb ondertekend bestaat de mogelijkheid dat je binnenkort bestoken wordt met reklame. Hierbij wat info over Avaaz: https://www.theguardian.com/world/2011/jul/20/avaaz-activism-slactivism-clicktivism
De mazzel :)
Start the VPN, then open a browser window. Don’t ever, ever use a VPN that’s a browser extension. Too many attack vectors in a browser.
Use a real VPN, Mullvad’s excellent. I tried Nord recently and believe it set a record for being uninstalled. Lasted less than a day; the client’s adware. Express is worse!
Make privacy too complicated and it’ll be lost; you’ll never be able to remember and monitor everything done. Only 2-3 tools are needed.
I hit shift-ctrl-delete on a regular basis, especially prior to opening sites like banking, shopping, etc.
I have set it to Everything and all items checked except Site Preferences.
I used to use a toolbar button for that, but it stopped working a few FF versions ago.
I’ve been aware of this for probably a decade if not longer. It’s one of the reasons I started using a blocking hosts file that blocks most trackers and web beacons present on many websites (besides also blocking known malicious ones and ad networks). Also been blocking all third party cookies as well as always clearing browser history. I even go so far as to use a batch file that clears all kinds of cache and temp files including deleting Firefox’s webappsstore.sqlite file.
Another step I’ve been doing for some time is once a week change the MAC address on my firewall router then power cycle the cable modem so it picks up a new IP address. I have about a dozen MAC addresses (from current and past devices) to cycle through so it can be up to three months before I may get the same IP address again.
Thanks to EvilCorp Hosts file has become useless, the only way to prevent certain corporations and bad actors from snooping Your data is a web filtering firewall that accepts wildcards. ( *adjust* , *analytics*.js , *settings.services.mozilla.com , *data.microsoft* , … )
Raspberry Pi-hole is another good option where you can setup wildcards. As to the hosts file I wouldn’t call it useless, it’s better than nothing and does actually block sites that are listed in it at the OS level (assuming one isn’t using DNS over HTTPS in the browser). However you choose to setup some kind of blocking it’s a constant cat and mouse game not a set it and forget it (just like computer security!). So it takes some effort and a constant vigilance in order to try to protect your privacy (or security). Otherwise the only other solution is to get off the Internet all together.
Telv – It’s because CanvasBlocker gives you a random fingerprint each time a page loads, depending on your settings, which is unique but only for the session, page reloads or when the page closes. You could also use the ‘all white’ blank generator simular to the Tor browser fingerprint but you’re better off just using the ‘persistent’ option which is a little harder to detect by websites.
Thanks for the tip. I’ve set it to the ‘all white’ option combined with faking the alpha channel which appears to be recommended when you hover the mouse over the setting.
So are the “trackers” actually analyzing the browser’s built-in history or your history of visiting a variety of websites, viewed via 3rd-party cookies etc. Random websites don’t have access to your browsers history record or am I naive?
If there is data there they want, they often find ways to get at it. Regardless to that, the sites you visit can fingerprint your computer and thus give it a ID number, and then such sites can share those IDs and related data with each other in near real time, to track you. They may never know who you actually are yet, but via some further algorithmic analyzing, they can track specific individuals with a profile ID, regardless to what computer they use. For example, the way you type, the words you use, the way you use your mouse, the way you use your smart phone, the times you do what you do and more, all add up to provide a profile ID for you. Such processes are often automatic and improve with AI. Furthermore, your ISP may be part of such tracking, thus they can all have a good idea of who you actually are, wherever you go on the web. But most of us have little to be concerned with, as they often just want to sell us some crap.
Bizarre. What’s Mozilla going to do with the info? This stuff’s blatantly obvious, surprised it was only 99% with all browsing history available.
So, if you give up all your browsing history, you’re identifiable. Uh, you are anyway through a number of aspects of browser design even with history blocked.
Reality is most users browse with default settings, don’t have clue one about what can be changed beside themes and are so used to swimming in ads, the idea of privacy is lost on them.
I regret to say Brave is not for me. There are too many things wrong with it for my liking and I uninstalled it earlier today. In order of merit these are my gripes.
* 1. Tabs on top. The main reason I hate them so much is because you can’t just grap the top of the browser and move it to one side to block an animation like you can with them below the location bar. The Chrome store is a typical example with a constantly changing image moving rapidly sideways all the time while I’m using the search tool to find something. Same thing happens on Amazon.
* 2. Brave doesn’t like buttons it seems. I installed UBO, but why no button on the toolbar? Why do I have to click the Extensions button and then click in this particular case the extension in the list? I’ve no idea how you would employ the UBO’s zapper without the button. In that respect Brave’s philosophy seems to be “Why makes things easy when you can make them difficult for the user”.
* 3. That ugly color mixture when you open a new tab. What happened to plain ‘ol white?
* 4. Even with both Iron Heart’s recommended extensions enabled to block WebRTC browserleaks.com displays my public IP for both IPv4 and IPv6. I tried them both individually, but it didn’t help.
* 5. I don’t like pale grey fonts and have to enlarge the page several times to turn them to a darker tone to make it easier to read. That in turn means scrolling from side to side in order to read a sentence. No thank you.
* 6. Extensions layout. It’s much easier to jump vertically alphabetically to a given extension rather than have them sitting side-by-side. It might look prettier Brave’s way, but it isn’t efficient.
* 7. There’s no text toolbar which you can still enable in FF and of course Waterfox.
I’m going to have a look at Waterfox Current later to see if both can be used on the same machine. That has tabs on top, but the addition of the text menu adds an additional line on top of the tabs which I can grab with the mouse if need be.
(1) Unfixable, there is no option to set tabs on the bottom. Please note though that this is not a typical feature of browsers these days, only Pale Moon and Safari support it natively. Even FF (and by extension Waterfox Current) need userChrome.css mods. Vivaldi also supports that via CSS mods.
(2) Go to the extension button, and then pin the extensions you want to make permanently visible by hitting the pin button of each extension that you want to be permanently visible.
(3) You’d need an extension modifying the New Tab Page, plenty of those in the Chrome Web Store. I personally never saw the need for myself because I like the pictures.
(4) This was an odd one and is also the only one related to privacy. I checked by installing WebRTC Control myself. Turns out that it was initially disabled on all websites, which is why the browserleaks test failed for you. I pinned the extension, left licked on the extension button, went into its settings, and allowed it specifically on browserleaks, after that it showed no WebRTC support. I then switched the setting to “Allow on all websites” and it now works on all websites.
(5) brave://settings/fonts or if you need even more settings, the extension Stylus.
(6) See (2), you can also rearrange pinned extensions by dragginng their icons around (right click, hold, move).
(7) There is the bookmarks toolbar which you can activate under brave://settings/appearance … That being said, it is not possible to drag any icon there except bookmarks and folders containing bookmarks. For the extension icons see (6) and (2).
Only (1) is absolutely unfixable, but then, use what suits you best. If Brave is not for you, it is not for you. I merely provide help and advice, because it seems you have got some things wrong here that are absolutely fixable. Cheers.
@Iron Heart: you have provided some good comments and advice on this page, and not only to TeIV. And you have shown a lot of patience, something I have in short supply at times ;-)
There is a lot of good stuff that can be picked up from Tom Hawack and you.
Keep up the good work.
You browse and: 1-you give away your IP 2-you have a unique MAC Addr. 3-You have a computer name(logged in user) 4-You log into the same urls again and again.
All of the aforementioned points can be made dynamic via tools/CLI. Particularly, a good way to create a little havoc is to use something that browses randomnly. Extensions, scripts… there are options for that.
@ Iron Heart,
With regards to #2 why does Brave REMOVE buttons which are placed on the toolbar by extensions when you install them. That’s my point. When I installed UBO, the button appeared there, but subsequently disappeared after the installation finished. It just make hard work of everything.
No doubt your advice will be valuable to some, but on the subject of what is fixable and what isn’t, configuring Brave is much more time-consuming to work with than say Firefox. Or in other words, the Brave devs need to put a bit more effort into their browser to reduce the workload for users if they want to attract more of them.
> With regards to #2 why does Brave REMOVE buttons which are placed on the toolbar by extensions when you install them. Thatâ€™s my point. When I installed UBO, the button appeared there, but subsequently disappeared after the installation finished. It just make hard work of everything.
Yes, it arranges them under the extension button in order to unclutter the space at the right side of the task bar. You need to pin the extension icons that you want to see permanently. I find this a good idea in principle, because some extension icons I don’t need to see all the time. For those that you do need to see all the time, it’s a one time pin.
> No doubt your advice will be valuable to some, but on the subject of what is fixable and what isnâ€™t, configuring Brave is much more time-consuming to work with than say Firefox.
Yes, I agree, though it really depends on your needs. I also think that Firefox is headed in a direction of reducing customization and configurability, if the Android version is any indication. Just saying, it might be a good idea to evaluate alternatives on a regular basis. Not only Brave, but also others like Vivaldi.
> Or in other words, the Brave devs need to put a bit more effort into their browser to reduce the workload for users if they want to attract more of them.
I agree, that would be appreciated of course.
I discovered something which I consider a bit odd. In Windows Reliability History there’s an for a successful installation of Google Update Helper. I don’t know where it came from, but research points to it being a Google tool to update Chrome browsers. Since Brave was the only Chrome based browser I had installed I assume it was connected to that.
After subsequently uninstalling Brave another entry appears for the successful uninstallation of same.
The exact syntax reads: “Windows Installer installed the product. Product Name: Google Update Helper. Product Version: 22.214.171.124. Product Language: 1033. Manufacturer: Google Inc.. Installation success or error status: 0″.
And: Windows Installer removed the product. Product Name: Google Update Helper. Product Version: 126.96.36.199. Product Language: 1033. Manufacturer: Google Inc.. Removal success or error status: 0”.
Some info on the tool: https://www.shouldiremoveit.com/Google-Update-Helper-5020-program.aspx
Brave uses the same type of updater Chrome uses, they have just exchanged the domains it contacts with their own. Nothing wrong with that; the application needs such a service, as otherwise the updater would get terminated when the application is restarted during the update process – this is why the updater is a separate service. Firefox has a similar service running in the background.
As for why it is named “Chrome Update Helper” instead of “Brave Update Helper” – chances are they’ve forgotten to rename one string. Cheers.
Firefox sends DNS queries to Cloudflare by default in some places, lots of the download history to Google by default, what is typed in the address bar to Google by default, they promote and integrate their Pocket service to make remote bookmarks on their servers of the news you read, they use the browsing history to personalize Firefox Pocket ads by default in some regions, and what else.
After all that, their evangelism that browsing data is something very private sounds a bit hypocritical.
I think the title of the article is confusing: “Mozilla: there is a high probability that your browsing history can be used to identify you”.
It’s not your local browser history (unless you allowed some add-ons or browser feature to access it). It’s your browsing habits seen by a third-party observing your traffic, i.e. your ISP, your favorite search engine, your DNS provider, etc.
“The collected data resembles the data that third-parties may collect through various tracking mechanisms on the Internet.”
Maybe Mozilla accessed the local browser history of volunteers for their study, I don’t know. But third-parties (again, unless allowed i.e. when installing a browser add-on) don’t have access to your local browser browsing history.
So, using private tabs, erasing your browser history, using a VPN, etc. does nothing here. The tracking mechanisms are on the Internet.
Beyond which computer you use, which software you use, where do you access the Internet from, how private you keep your local computer browser browsing history, you have some browsing habits which are unique to you and can be used to identify you. That’s the point this article is making.
Indeed, deleting your history is an effective way to hide your browsing history from â˜…yourselfâ˜…, or parents/spouses/thieves and law enforcement (but not really).
I don’t feel the need to hide from my ISP (yet), so I don’t use DNS-over-HTTPS with all the annoyances that entails, like having to set up a Pi-hole/private DNS resolver running 24/7 just to do IP-based filtering like the good old HOSTS file does on demand.
â€¢ I use browsers I mostly trust (Firefox, Chromium, Vivaldi, Naked Browser on Android), and others sparingly (like Kiwi and Brave – i.e. some guy in Estonia, and a bunch of crypto-currency shills with a track record of dodgy self-promotion stunts that involve money, (1) https://davidgerard.co.uk/blockchain/2020/06/06/the-brave-web-browser-is-hijacking-links-and-inserting-affiliate-codes/ (2) https://davidgerard.co.uk/blockchain/2019/01/13/brave-web-browser-no-longer-claims-to-fundraise-on-behalf-of-others-so-thats-nice/)
â€¢ I periodically clear everything (except site settings, passwords and history) or use a browser/extension that does it automatically
â€¢ If I can, I disable geolocation, beacons, auto-refresh, autoplay, WebRTC IP leakage and punycode display (whereby a spoofing site can trick you by using non-Western characters in its URL)
â€¢ I’m aware that whatever I do, this battle is already lost.
But at least I feel safer, and don’t see many ads.