Mozilla Developers Reveal How Firefox Will Combat Online Tracking
Mozilla engineers have shared details about upcoming improvements in Firefox’s fight against user tracking. The anti-tracking mechanisms, first introduced in Firefox in the fall of 2018 (starting with version 63 through the revamped Enhanced Tracking Protection), will now be fully activated with the release of Firefox 65. Mozilla has dedicated a special wiki page to these updates.
How Firefox Identifies Trackers
Initially, Firefox will rely on tracker lists compiled by experts at Disconnect.me, a third-party company specializing in anti-tracking solutions. While this isn’t new for Firefox users, Mozilla engineers explain that what’s new are the rules for adding or removing domains from these lists.
A website will be considered as tracking users if it:
- Loads as a third-party script on other websites;
- Abuses client-side storage mechanisms (such as cookies, DOM storage, etc.) to save user information for tracking purposes.
Blocking Trackers Beyond the List
Since October 2018, Firefox has included features that prevent third-party scripts from abusing cookies or other storage mechanisms. Now, domains can be blocked at the browser level even if they are not on the Disconnect.me lists.
Future Enhancements to Enhanced Tracking Protection
Mozilla reports that Enhanced Tracking Protection will continue to evolve. For example, future updates will include features to prevent websites from storing and transmitting user data through URL parameters. This type of blocking is not yet implemented in the browser.
Developers also plan to fight tracking through the misuse of legitimate browser functions. This includes the use of supercookies and other fingerprinting methods, such as analyzing system fonts, screen resolution, mouse and keyboard behavior, and more.
Exceptions and User Security
Mozilla engineers emphasize that these rules may change and exceptions may be made, especially when user security is at stake. For instance, authentication systems, login providers, and electronic payment services may track users to enhance security, often using the same techniques as advertising companies.