Security Experts:

Firefox 87 Adds Stronger User Privacy Protections

Mozilla today announced the release of Firefox 87 in the stable channel fitted with a new intelligent tracker blocking mechanism.

Called SmartBlock, the feature works in Firefox Private Browsing and Strict Mode and is meant to improve users’ browsing experience through fixing pages that Mozilla’s tracking protections break.

Firefox has had a built-in Content Blocking feature since 2015, providing increased protections to those who use Private Browsing windows and Strict Tracking Protection Mode. The feature was designed to block third-party scripts, images, and other content if loaded from known cross-site tracking companies.

Thus, Firefox Private Browsing windows could prevent these companies from tracking users across the web, but the privacy protections often resulted in the blocking of components essential for the proper functioning of some websites.

Some of the effects users have been experiencing include poor website performance, images that would not appear on the web page, certain features not working, and even pages that would fail to load entirely.

“To reduce this breakage, Firefox 87 is now introducing a new privacy feature we are calling SmartBlock. SmartBlock intelligently fixes up web pages that are broken by our tracking protections, without compromising user privacy,” Mozilla announced.

To improve user experience, SmartBlock provides local stand-ins for the third-party tracking scripts that are blocked. Designed to “behave just enough like the original ones,” these scripts ensure that websites load and that their functionality is intact.

With the SmartBlock stand-ins bundled with Firefox, no third-party tracking content is loaded, thus fully preventing potential tracking attempts. SmartBlock automatically replaces specific common scripts that are classified as trackers on the Disconnect Tracking Protection List.

The new browser release also brings along a stricter, more privacy-focused Referrer Policy, where the browser, by default, “will trim path and query string information from referrer headers to prevent sites from accidentally leaking sensitive user data.”

HTTP Referrer headers that browsers send to websites (such as the full URL of the referring document) with navigation or subresource requests may include information that could be used for analytics, logging, or cache optimization, caching, but also private user data, including details on a user’s account on a website.

The Referrer Policy was meant to provide a mechanism for websites to protect their users’ privacy, but there are websites that haven’t set a referrer policy, which results in browsers defaulting to ‘no-referrer-when-downgrade’ policy: they send full query information except for when navigating to a less secure destination.

Firefox 87 sets the default Referrer Policy to ‘strict-origin-when-cross-origin’, meaning that user sensitive information that is accessible in the URL will always be trimmed, for all “navigational requests, redirected requests, and subresource (image, style, script) requests.” The new policy will be enforced automatically upon updating to Firefox 87.

Related: Firefox Cracks Down on Supercookies to Improve User Privacy

Related: Firefox Improves Privacy Protections With Encrypted Client Hello

view counter