Is Mozilla’s latest strategy to betray their users? Mozilla always say they fighting for security and a better web-experience but Mozilla has no power over this – Google, Yahoo & Co. have – they trying to integrate more so-called ‘privacy’ functions into the Browser itself, the fact that nothing is new seems to not disturb the Mozilla Community to hype the Browser. Now we get results about another test study, which is focused on Referer & Cookies among other fingerprint techniques.
Can we improve privacy without breaking the Web?
The answer is no! But Mozilla tries to – based on this question – build strategies to avoid as much as possible fingerprinting – they say they wanted to know whether the enabling of Tracking Protection breaks websites in general or not. In this case, some privacy protections caused lower breakage than others and if broken websites made users leave Firefox or not?!
Over 19000 joined the study and Mozilla assigned each user to a specific branch. The test study added a new button to Firefox’s toolbar that users could interact with to report issues.
- Tracking Protection enabled.
- Session cookies only or Third-Party Cookies — Third-party cookies are deleted when Firefox closes.
- Third-Party Cookies limited to visited — Only sites that the user visited in the past are allowed to set third-party cookies.
- Origin Only Referer to Third-Parties — Trims referer values to origins when sent to third-parties.
- Resist Fingerprinting — Enables fingerprinting protection.
- First Party Isolation — Enables First-Party Isolation.
- First Party Isolation Opener Access — Enables First-Party Isolation and allows pages to access openers.
- No Third-Party Cookies — Firefox blocks sites from setting third-party cookies.
Does Mozilla sell the data?
In the beginning, I wrote something harsh about Mozilla but it seems true that Mozilla works with others together which are known to sell data, e.g. Ghostery. Mozilla often says they care about data but secretly they are adding more and more tracking tools into their products which are mostly enabled by default – This is often criticized. And Mozilla once did make a complaint about exactly this in Google products. While Chrome is more and more ‘clean’ Mozilla seems to go the other way, if you look at Ghostery addon you see the connection between Mozilla and others.
Officially they say they do not share study data or others but who knows, it’s difficult to explain how Mozilla gets more and more money each year without exactly such a question.
I will definitely report and watch this very closely because I do not buy everything just because it sounds good, I always try to look behind the things and ask ‘unpleasant’ question to reveal the truth.
Collecting data is at some point necessary
Because of such study and telemetry we getting new functions and features, Mozilla launched Tracking Protection for regular browsing sessions for all users in Firefox 57 – Mozilla plans to trim Referer values to origins in private browsing in Firefox 59 as a result of such study tests and telemetry – but again why isn’t it enabled for everyone by default? That’s the biggest question, for someone who officially say we care about certain aspects they going the similar way like Google, not enabling every possible method by default and working with exceptions.
My questions to Mozilla!
- Why do you promise your users good protection but not enable everything by default and work with exceptions – wouldn’t that be the better study and strategy?
- Why do you work with someone together which sell ads/data like e.g. Ghostery?
- Let ‘private browsing’ die, instead give people ‘private’ by default – why do you go exactly the way like Google?
- .. among other questions!
Don’t get me wrong, I’m always critical when ‘the big guys’ want to sell us their products. I ask the same questions in the Chrome community too and I get often negative feedback because people seem to defend their products which they love and at some point, this is okay but shouldn’t you use the most secure product? I think yes and that’s why I often switch between products because I prefer the most secure one and not the products which promise the most.
Firefox and Chrome are the leading Browsers in my opinion and everyone should use what they’re comfortable with but at some point, you need to be realistic, they need money to bring the development on the next level – but is that at costs of our privacy? We need to check this more carefully I think and we since the latest MR. Robot story we need even more take a closer look at Mozilla, trust is hard to gain but it only takes seconds to lose everything!
The study might help to gain some information but personally, I see this specific study as nonsense because this stuff was already known long before, the known fingerprint methods are listed widely over the internet.
Testing stuff is okay, but these should not affect the normal user, sometimes some ‘study’ or test things are integrated into the ‘normal’ Firefox Browser without any information, silently in the background – That is what I don’t like and want/expect from Mozilla.
I will keep an eye on it and report back if there are new findings and studies.