Mozilla to Take Action on Web Trackers

Mozilla to Take Action on Web Trackers

KRYPSYS has long been a supporter of Mozilla Foundation and the Firefox Browser, so we were pleased to hear that Mozilla has announced its intention to reduce the ability of websites to track the browsing habits of users of the Firefox browser.

Backing up its decision at the back end of 2018, Mozilla is taking initial steps to reduce the amount of tracking it permits. It has now published a tracking policy to tell people what it plans to block. Mozilla says that the focus of its policy is to put an end to tracking techniques that “cannot be meaningfully understood or controlled by users”.

Intrusive tracking techniques allow users to be followed and profiled around the web from site to site. Facebook placing trackers wherever a site has a Facebook “Like” button is a typical example. This approach means that a user without a Facebook account can still be tracked as a unique individual as they visit different news sites.

Mozilla’s policy says that these “stateful identifiers are often used by third parties to associate browsing across multiple websites by the same user and to build profiles of those users, in violation of the user’s expectation”. Mozilla’s firm view is that this should not be allowed to continue.

As you are probably aware, that’s not the only technique used for cross-site tracking. As detailed in Mozilla’s policy, some websites “decorate” URLs with user identifiers so as to make the user’s identity available to other websites. Although Firefox isn’t yet ready to block that kind of behaviour, Mozilla said: “We may apply additional restrictions to the third parties engaged in this type of tracking in future.”

The policy goes on to say, that so long as it is not abused to identify individuals, sites will be able to use URL parameters for activities such as advertisement conversion tracking,

Mozilla has also flagged browser fingerprinting (tagging an individual by the fonts they have installed is the most familiar example) and supercookies as targets for future clamp-downs. Reasonable, script activity will keep working, if user action indicates a clear intention, such as clicking on a link.

The references to future activity in Mozilla’s policy seem frustratingly conditional. But, on the positive side, it is at least an indication that Mozilla is taking user privacy seriously and, hopefully, leading where others will follow. Its pleasing that, following many months of consideration and preparation, Mozilla have decided to take this hard stance on certain kinds of tracking techniques.

Firefox will begin the blocking of scripts behaving in an “unacceptable manner”, such as tracking or unconventional methods of identification via fingerprinting, sending a strong message that the misuse of certain web browser features is no longer welcome.

Facebooktwittergoogle_plusredditpinterestlinkedinmail
Subscribe to Receive Our Newsletter

Information Security Audit and Testing