Firefox 102: Query Parameter Stripping improves privacy
Mozilla plans to introduce a new privacy feature in the upcoming Firefox 102 web browser. Called Query Parameter Stripping, it is designed to remove tracking parameters from web addresses to improve user privacy.
Mozilla integrated the privacy feature in Firefox Nightly 96 originally for testing purposes. Some sites and services add tracking parameters to links to track users across sites. Facebook, for example, appends a unique fbclid string to all outgoing links, which is unique for all users on the site.
The parameter may be used to identify and track users. Facebook can use it if one if the service's scripts is running on the target site, but others may use it as well, as the identifier is unique.
One of the main advantages of using URL query string identifiers is that these don't rely on cookies or other data bits.
The initial query parameter stripping version in Firefox 102 uses a blocklist to strip known tracking parameters from top-level URLs; this includes navigational events such as opening a new tab, clicking on links, redirects or window.open() events.
Mozilla decided to limit the processing to top-level navigation events to reduce the likelihood of web compatibility issues. Navigational events across the same site are not processed because of that.
Navigational tracking protection is enabled in Private Browsing Mode and when Firefox's Enhanced Tracking Protection feature is set to Strict. Firefox supports standard (default), strict and custom Enhanced Tracking Protection modes.
The preference privacy.query_stripping.enabled determines whether the feature is enabled or disabled in Firefox. Set the preference to TRUE on about:config to enable the parameter stripping.
Mozilla added support for custom parameters that users can add to Firefox to have them stripped automatically with the rest of the built-in stripping. The preference privacy.query_stripping.strip_list accepts query strings and uses space as the delimiter.
Brave Browser has a similar feature that is removing query strings from web addresses. The list that Brave uses is public; it includes Facebook's tracking strings, but also strings that other services use to track users across the web.
Firefox's query string protection improves user privacy, but only in private browsing windows or when the browser's Enhanced Tracking Protection setting is set to strict; this is a limitation, and most Firefox users may not benefit as much from the privacy improvement because of that.
Still, it is a step in the right direction, and there is a chance that Mozilla is enabling the feature for the standard mode as well. Most Firefox users may want to switch to strict tracking protection in the browser, as it improves their privacy while using the browser.
Now You: do you use your browser's tracking protection features?Advertisement