A few wishes for privacy settings in Firefox

Florens Verschelde

This article is a public draft, which means I published it early to get feedback or to counter my perfectionism (probably both).
Draft Alert Level: Low. Minimal changes expected.

Firefox could do more to limit online tracking. Recently with the Quantum effort, Mozilla rebranded Firefox along three attributes: speed, customization and privacy. Yet the browser’s defaults allow most tracking techniques by default, for the sake of compatibility with existing websites.

About tracking

Most web browsers leak a lot of user data by default. For instance:

  1. They allow third-party services (which a website almost always uses, e.g. Google Analytics, Facebook Connect, and ad providers) to track users’ activity across many websites, using third-party and first-party cookies.
  2. They allow sites to know where a user is coming from (with the Referer HTTP header).
  3. Through JavaScript, they give access to a lot of information on the browser itself, the operating system I’m using, my time zone, how many processor cores I have, and some of my preferences (e.g. whether I allow cookies, which languages I prefer reading). This and other technical information can be used to identify you uniquely across the web, a practice dubbed “fingerprinting”.

I’m probably forgetting a few things. Try the EFF’s Panopticlick tool to get an idea of how resistant your browser is to tracking and fingerprinting.

Most users don’t realize how much random companies they never deal with (such as ad networks) and other companies they do deal with (such as Google and Facebook) manage to know about them.

I’ve had a few friends and relatives asking how to remove a virus from their browser… where by “a virus” they meant “many sites I visit show me the same ads that seem to know too much about me, so a virus must be spying everything I do and inject ads in my computer”. After explaining a bit, I cleaned their cookies and installed uBlock Origin for them.

Why browsers don’t do more

Of course all the technical features I mentioned are not provided for tracking users, they are simply abused that way. But why won’t browsers stop this abuse? Why even load scripts — executable code with access to a bunch of information and features! — from other domains, why enable cookies for third-parties, etc.

In short: since it was possible before, most sites rely on these loose permissions now, and would break if they were tightened.

There are still opportunities for tightening these features and preventing at least some of the massive tracking going on, but different browser vendors have different priorities:

  1. Chrome has a good focus on security but is all-in on tracking, because spying on users is Google’s business model.
  2. Firefox is in a strange position because their brand is about independence and privacy but ultimately the bulk of their money comes from ad-and-tracking companies: Google, Yahoo and perhaps one of their competitors in the future. Also if a website stops working in Firefox then users are likely to blame Firefox for the breakage (and not the website for their invasive tracking techniques), and jump ship to Chrome.
  3. Upstarts like Brave target a niche of tech-savvy privacy-conscious users, which want an on-by-default ad blocker, so they have some breathing room here. Also they’re based on Chromium so that limits other kinds of breakage (e.g. all the “Chrome only” web apps launching these days, from Google and others), which buys them some goodwill.
  4. Safari enjoys a monopolistic position on iOS (since other browsers on iOS must use WebKit for rendering pages), and has good usage numbers on macOS, so they can get away with off-by-default third-party cookies and more recent things such as Intelligent Tracking Protection.

What Mozilla is doing

Note: I’m not an employee and not a big contributor to Mozilla projects. The information in this section comes from reading updates on Mozilla blogs and Twitter accounts.

Back to Firefox. While I wish Mozilla would have their Tracking Protection feature on by default, I understand that it can be a hard sell: many Firefox users would not be aware of that feature or what its advantages are, and they would resent the occasional site breakage.

Which is why Mozilla is experimenting with such features in Private Browsing Mode only: in this mode, users can expect things to maybe break, and are warned about it.

Screenshot of Firefox’s Private Browsing new tab page

In Private Browsing windows, Tracking Protection is on by default, and Mozilla is working on shortening the Referer HTTP header for third-party domains so that sites can only know which site you’re coming from and not which specific page (or worse, what private information the URL contained, in some bad cases).

Mozilla is also researching how often privacy-centric restrictions break websites; basically they’re trying to figure out what they can do without losing a bunch of users.

Firefox Focus is another attempt at privacy-by-default, launched as a separate product (and sub-brand).

Privacy settings should be simpler

Currently, a more private setup in Firefox requires:

  1. Activating Tracking Protection for all sites in the “Privacy” page of the browser preferences. This setting is also way down in the page.
  2. Tweaking some settings in the “Privacy” page, some being a bit painful to get right (blocking third-party cookies or restricting cookies to the current section only).
  3. If you’re feeling even more adventurous, there are a bunch of settings to tweak in about:config, for HTTP Referer and more.

This should be simpler, and more palatable to most users.

My wish would be for Mozilla to design a combo of privacy features which users could activate in one click. And because nothing is ever new, in spirit it would be somewhat close to what Microsoft did with Internet Explorer’s security levels:

The security pane of IE7’s Internet Options

I don’t have fond memories of this setting because, as a developer, it meant that a client’s IE6 or IE7 would sometimes block all scripting. But in retrospect I do find that it had some merits as a preference, if not always in the specific technical choices that were made.

Two, maybe three levels of protection could be offered:

  1. Default (current behavior, which should not stop Mozilla from upgrading its privacy by blocking third-party cookies and maybe offering something similar to Safari’s Intelligent Tracking Protection…)
  2. More Private (enables Tracking Protection, disables third-party cookies altogether or limits them to the current session, and maybe adds some other technical restrictions such as truncating Referer and fingerprinting resistance.)
  3. Private Browsing Only (same as #2, with some added technical restrictions and all browsing is in Private Browsing Mode)

That’s a very rough idea and maybe these specific profiles don’t make sense. But I think it’s an idea worth pursuing, to offer better privacy defaults and options to all users.

What’s more, this setting should not be hidden in the “Privacy” settings page, but should be near the top of the “General” settings page or at the top of the “Privacy” page at worst. It should also come with an onboarding campaign to explain the trade-offs of each mode and offer a chance to switch modes right there. Finally, there might be ways to reflect this setting — and maybe offer a chance to switch — on each tab, in the navigation bar or on the New Tab page itself.

I have no idea if the rambling post can be of any help achieving better privacy by default in Firefox or any browser, but here it is anyway. Thanks for reading.