Mozilla Quietly Integrates Tor Browser Features into Firefox

In 2017, Mozilla developers added several features to Firefox that were borrowed from the Tor Browser. These new features were integrated through the Tor Uplift project, which helps Mozilla incorporate patches used in the Tor Browser into Firefox. Over the past year, the Tor Uplift project has helped improve privacy and security in Firefox.

About 95% of the code in the Tor Browser is based on Mozilla, as Tor is built on an extended version of Mozilla Firefox Extended Support Release (ESR). Earlier this month, Mozilla released Firefox version 57, known as Firefox Quantum, which included a feature from the Tor Browser called First Party Isolation.

What Is First Party Isolation?

In the Tor Browser, this feature is known as Unlinkability of identifiers. First Party Isolation was first added to the stable release of Firefox 55, which came out in August. However, Mozilla did not mention the inclusion of First Party Isolation in the release notes for version 55. The feature was initially introduced in Firefox Nightly, the development version of the browser, in September of the previous year.

When enabled, First Party Isolation restricts access to cache, cookies, DOM storage, and other identifying data to the domain where they originated. This prevents tracking across different websites.

How to Enable First Party Isolation in Firefox

1. Go to about:config in the Firefox address bar.
2. Search for privacy.firstparty.isolate.
3. Change the value to True by double-clicking on the default False value.

Firefox users may encounter issues logging into certain websites with First Party Isolation enabled. To resolve these problems:

1. Go to about:config.
2. Search for privacy.firstparty.isolate.restrict_opener_access.
3. Change the value to False by double-clicking on the True value.

Alternatively, users can enable First Party Isolation by installing a Firefox add-on, which will add a “fishbowl” icon to the address bar.

Other Anti-Tracking Features in Firefox

First Party Isolation is the latest anti-tracking option added to Firefox. In 2015, Mozilla introduced Tracking Protection, which uses a blacklist from Disconnect.me to block third-party trackers. Firefox comes with two blocklists from Disconnect.me: a basic tracking blocklist and a stricter blacklist. Users can choose to enable tracking protection only for private browsing windows.

In 2011, Mozilla added the “Do Not Track” request feature, which sends a “Do Not Track” HTTP header to websites and third-party servers. However, this feature is not very effective, as websites can simply ignore the request.

Font Fingerprinting Protection

In March 2017, Mozilla added another feature from the Tor Browser to Firefox with the release of version 52. This feature prevents websites from tracking users through system fonts by using a whitelist of system fonts that are pre-installed in the operating system. The whitelist is different for each operating system. Font fingerprinting was mainly used by advertising companies, who used Flash or JavaScript code to request a list of fonts installed on the user’s system. Advertisers would use the unique list of fonts, combined with other identifying information, to create a user profile for targeted advertising.

Upcoming Privacy Features

In October 2017, it became clear that Mozilla planned to implement another privacy feature from the Tor Browser in Firefox. However, this feature was not scheduled to be included until the release of Firefox version 58 in January. The new feature, imported from the Tor Browser, blocks HTML5 canvas fingerprinting. With this type of fingerprinting, a website uses the HTML canvas tag to get the browser to generate a unique hash, which can be used to track the user.