We saw how Firefox implemented measures to block so-called supercookies that misuse how browsers cache images. These caching is to improve performance, but supercookies encode tracking information in images to track people across websites even when cookies themselves are blocked.
Today, I learnt that Firefox is taking another, more assertive step to blocking tracking through removing specific parts of the information that sites add to the link when pointing visitors to other websites:
referrer URLs can expose an extensive array of other sensitive info, including but not limited to Internal hostnames for government and enterprise entities that most likely should not be public.
Malicious actors could then pull sensitive info like internal names from their web servers’ access logs or their analytics software if they can trick a target into visiting a site hosted on servers under their control.
– Mozilla Firefox adopts new privacy-enhancing Referrer Policy
Now,
Mozilla has announced that it will introduce a more privacy-focused default Referrer Policy to protect Firefox users’ privacy, starting with the web browser’s next version.
The new user privacy protection feature against accidental leaking of sensitive user data will be introduced in Firefox 87.
With that update, Firefox will apply the new default Referrer Policy to all navigational requests, redirected requests, and subresource (image, style, script) requests, thereby providing a significantly more private browsing experience.
The new Referrer Policy simply drops specific parts of the referrer URL. This sounds simple, but this is the fist time that I’ve seen a browser actually intervene and edit a URL to remove information – not add it.
The Supercookies update was defensive in nature. This is a lot more assertive.
In my view, the time for debating whether a browser should be a neutral application or not is long past. Trackers on the web are widely used and aggressively collect browsing metadata to build visitor profiles. Websites push ads, videos, subscription popups and popunders to the point where they drain your attention. The act of simply browsing the web is an experience akin to harassment and surveillance.
Everyone needs technology that’s on their side, works to protect their privacy and attention. We should start with the web browser. That is what Firefox is doing,
Update: I just came across this. The same release also includes “Smart Block”, which
takes an additional step to improve the rendering on pages that embed third-party trackers—instead of just pulling the script and leaving a “hole” where it used to be, Smart Block replaces it with what Mozilla describes as “stand-in” scripts. These stand-in scripts function just enough like the original trackers to restore the intended page-rendering sequence and results without actually leaking data to third parties.
– Firefox 87 is out today, adds Smart Block for improved private browsing