Mozilla this week announced further improvements to user privacy in Firefox, through the isolation of network connections and caches, thus essentially cracking down on supercookies.
Used instead of ordinary cookies, supercookies collect information about users’ Internet browsing habits, are difficult to detect and block, and are often abused to follow users around the web. Trackers may store supercookies in Flash storage, ETags, and HSTS flags, to make them difficult to remove.
For years, browser makers have been looking for ways to improve user privacy, and Mozilla now says it has found a solution to ensure that users won’t be easily tracked cross-site: isolation.
Specifically, Firefox 85 is arriving with an updated network architecture, where network connections and caches are isolated to the website being visited.
“Trackers can abuse caches to create supercookies and can use connection identifiers to track users. But by isolating caches and network connections to the website they were created on, we make them useless for cross-site tracking,” Mozilla says.
[ RELATED: Google Details Chrome Cookie Replacement Plan ]
Firefox 85, Mozilla argues, should make cache-based supercookies largely useless, as it aims to prevent trackers from using these supercookies across websites.
Firefox relies on cache to reduce overhead, sharing some internal resources between websites, such as images, and reusing a single network connection for the loading of resources that come from the same party, even if they are embedded on multiple websites.
Trackers abuse these shared resources to create supercookies, through identifiers encoded in cached images, which are then retrieved on all websites on which the same images are embedded.
“To prevent this possibility, Firefox 85 uses a different image cache for every website a user visits. That means we still load cached images when a user revisits the same site, but we don’t share those caches across sites,” Mozilla says.
[ PREVIOUSLY: Mozilla Boosts Security in Firefox With HTTPS-Only ]
To prevent trackers from abusing caches to create supercookies, Firefox 85 isolates a range of caches by the top-level site: Alt-Svc cache, DNS cache, font cache, favicon cache, HSTS cache, HTTP Authentication cache, HTTP cache, image cache, OCSP cache, style sheet cache, and TLS certificate cache.
Furthermore, the browser aims to prevent connection-based tracking through partitioning preconnect, prefetch, pooled, and speculative connections, along with TLS session identifiers.
“This partitioning applies to all third-party resources embedded on a website, regardless of whether Firefox considers that resource to have loaded from a tracking domain,” Mozilla explains, adding that the changes will have a very low impact on page load time.
More from Ionut Arghire
- Critical Infrastructure Services Firm Ventia Takes Systems Offline Due to Cyberattack
- PoC Exploit Published for Recent Ubiquiti EdgeRouter Vulnerability
- Critical Vulnerability Can Allow Takeover of Mastodon Servers
- Iranian Cyberspies Target US-Based Think Tank With New macOS Malware
- Security Firm Finds Over 130k Internet-Exposed Photovoltaic Diagnostics Systems
- Two Apps Hosted on Google Play Caught Sending User Data to Chinese Servers
- Android Security Updates Patch 3 Exploited Vulnerabilities
- 28,000 Impacted by Data Breach at Pepsi Bottling Ventures
Latest News
- Apple Ships Urgent iOS Patch for WebKit Zero-Day
- Exploit Code Published for Remote Root Flaw in VMware Logging Software
- Europe Signs Off on a New Privacy Pact That Allows People’s Data to Keep Flowing to US
- TPG to Acquire Forcepoint’s Government Cybersecurity Business Unit
- Critical Infrastructure Services Firm Ventia Takes Systems Offline Due to Cyberattack
- A Cybersecurity Wish List Ahead of NATO Summit
- Honeywell Boosting OT Cybersecurity Offering With Acquisition of SCADAfence
- PoC Exploit Published for Recent Ubiquiti EdgeRouter Vulnerability
