Mozilla has unveiled new anti-tracking policies and redesigned privacy controls in tandem with the release of Firefox 65 on Tuesday.
The company announced a new set of redesigned controls for the Content Blocking section, where users can choose their desired level of privacy protection. These are rolling out as part of Firefox 65, released on Tuesday.
These newest steps up the ante on Mozilla’s long-standing initiative toward anti-tracking measures, a goal that it originally outlined in August.
“We’ve always made privacy for our users a priority, and we saw the appetite for more privacy-focused features that protect our users’ data and put them in control,” said Nick Nguyen, vice president of Firefox Product at Mozilla, in a Tuesday post. “So, we knew it was a no-brainer for us to meet this need. It’s one of the reasons we broadened our approach to anti-tracking.”
The new Content Blocking controls, outlined in the video below, enable a “standard” default setting, where users can block known trackers in Private Browsing Mode. In the future, this setting will also block third-party tracking cookies.
Users can also pick from a “strict” setting that blocks all known trackers by Firefox in all windows; or a “custom” setting that enables users to pick and choose which trackers and cookies they would like to block.
In addition to new redesigned controls, Mozilla on Monday also lifted the curtain on a new “Security/ Anti-Tracking policy” that describes the online tracking practices that Mozilla believes should be blocked by default by web browsers.
“At a high level, this new policy will curtail tracking techniques that are used to build profiles of users’ browsing activity,” Steven Englehardt, privacy engineer with Mozilla, said in a post outlining the policy. “In the policy, we outline the types of tracking practices that users cannot meaningfully control. Firefox may apply technical restrictions to the parties found using each of these techniques.”
The policy breaks down the types of tracking that Mozilla plans to block or has already blocked as part of its larger anti-tracking initiative. That includes cross-site tracking with cookies, or URL parameter-based tracking.
It also covers tracking via “unintended identification techniques” like browser fingerprinting, which can identify users over time, track them across websites and store data in their servers to build an advertising profile of them; or supercookies, which is a collection of methods that involve storing tracking identifiers in areas of the browser that are not cleared when the standards-defined locations are cleared.
“The policy is in support of the anti-tracking plan we discussed here, specifically in regards to our Enhanced Tracking Protection, otherwise known as removing cross-site tracking,” a Mozilla spokesperson told Threatpost via email.
Mozilla’s Privacy Initiative
The newest privacy step stems from an announcement Mozilla made back in August regarding plans to release a slew of key initiatives aimed at anti-tracking efforts in Firefox.
That includes removing cross-site tracking by stripping cookies and blocking storage access from third-party tracking content, said Nguyen in a post at the time.
“This is about more than protecting users — it’s about giving them a voice,” he said. “Some sites will continue to want user data in exchange for content, but now they will have to ask for it, a positive change for people who up until now had no idea of the value exchange they were asked to make.”
In October, Firefox then rolled out (off-by-default) enhanced tracking protection features, which gives users the option to block cookies and storage access from third-party trackers. The feature will be eventually enabled by-default on systems after a “few more experiments,” Nguyen said.
Mozilla’s privacy features have been lauded by security engineers and researchers like Matthias Ott, who praised the company’s stand against tracking techniques like super cookies and browser fingerprinting.
— Matthias Ott (@m_ott) January 29, 2019
Other tech giants have found that privacy is steadily becoming a top issue for consumers. Google in September for instance sought to clarify its data privacy initiatives after several critics panned issues in Chrome 69 – including cryptographer and professor at Johns Hopkins University Matthew Green, who blasted Google for what he said were questionable privacy policies. He noted that Google automatically signs users into the Chrome browser when they sign into any other Google service.
The Electronic Frontier Foundation in a report issued in June decried websites participating in sneaky tracking methods like browser fingerprinting, which the organization claimed were trying to skirt privacy regulations like GDPR.