Forgot your password?
typodupeerror
Mozilla Advertising Firefox Privacy The Internet

Firefox Advances Do-Not-Track Technology 148

Posted by Soulskill
from the just-barely-able-to-track-their-progress dept.
CowboyRobot writes "Despite strong advertising industry opposition, Mozilla is advancing plans to have the Firefox browser block, by default, many types of tracking used by numerous websites, and especially advertisers. 'We're trying to change the dynamic so that trackers behave better,' Brendan Eich, CTO of Firefox developer Mozilla, told The Washington Post. According to NetMarketShare, 21% of the world's computers run Firefox. Eich said the blocking technology, which is still being refined, will go live in the next few months. The blocking technology is based on that used by Apple's Safari browser, which blocks all third-party cookies. Advertisers use these types of cookies to track users across multiple websites. Mozilla's cookie-blocking efforts follow a Do Not Track capability being adopted by all major browsers. But the DNT effort stalled in November 2012, after advertisers stopped participating in the program, following Microsoft making DNT active by default in Internet Explorer 10. Advertisers wanted the feature to be not active by default."
This discussion has been archived. No new comments can be posted.

Firefox Advances Do-Not-Track Technology

Comments Filter:
  • about:config
    NSA=false
  • by girlintraining (1395911) on Saturday June 22, 2013 @11:48AM (#44078677)

    I can update my 'do not track' tech even further. It's called Tor, and the more people who use it, the safer it becomes. Bonus: Comes with free tin foil hat, extended digital middle finger to pervasive electronic surveillance.

    Captcha: Doesn't work on Slashdot, which hates Tor and has banned all the exit nodes. "Slashdot is a Dice Holdings, Inc. service." *cough*

    But seriously; if they can't link you to an IP address (which let's face it: with all the DNT in the world, your IP is logged by your ISP and your ISP is only too happy to whore out your realworld identity for a few scheckles, and it's trivial to link all your activity now to you, whether you login or not, use cookies, or all the browser magic in the world.

    The only tech that can help you right now is one that mixes in all your traffic into everyone else's so you can't mine the data.

    • by ebno-10db (1459097) on Saturday June 22, 2013 @12:10PM (#44078797)

      Good idea. There's something interesting about Tor I didn't realize before reading the the Wikipedia article [wikipedia.org]:

      Originally sponsored by the U.S. Naval Research Laboratory ... As of 2012, 80% of the Tor Project's $2M annual budget comes from the United States government, with the Swedish government

      Yet the NSA takes Tor as a "definitely track this". Fact is stranger than fiction.

    • by arth1 (260657)

      Captcha: Doesn't work on Slashdot, which hates Tor and has banned all the exit nodes. "Slashdot is a Dice Holdings, Inc. service." *cough*

      That's a very strange captcha.

    • Doesn't work on Slashdot, which hates Tor and has banned all the exit nodes.

      See, that's the problem with TOR. It can't hide its exits nodes and blend in with all the other traffic. An exit node shouldn't look any different than any other http(s) request.

      • See, that's the problem with TOR. It can't hide its exits nodes and blend in with all the other traffic. An exit node shouldn't look any different than any other http(s) request.

        See, that's the problem with Internet. It can't hide its gateways and blend in with all the other traffic. A gateway shouldn't look any different than any other.

        -_- Dude, this isn't a problem with Tor. It's a problem with certain for-profit companies that hate anonymity. An exit node contains a sampling of all the Tor traffic in aggregate. Sure, the exit nodes are published... but so are your ISP's BGP routes. The difference is that unlike your ISP's traffic, which has your IP address tacked to every reques

        • by Anonymous Coward

          It's a problem with certain for-profit companies that hate anonymity.

          It's not just for-profit, I've banned all exit nodes on several non-profit community sites, because all TOR-traffic was bad traffic nobody wants.

        • "See, that's the problem with Internet. It can't hide its gateways and blend in with all the other traffic. A gateway shouldn't look any different than any other."

          Yes, it IS a problem with Tor. It CAN'T hide the exit nodes. The most well established of them are closely watched by government.

          There are only a couple of answers to that, and preferably a combination of both: lots more exit nodes, or switching them on and off randomly. Lots and lots more exit nodes that are switched on and off randomly would be best.

          The whole concept of Tor relies on exit nodes not being easily monitored. Easy or not, the government has been monitoring them. So make it not worth the

        • BUT... I have been saying for years that the only way to get a really safe and secure Internet is to invent a truly distributed DNS system. Anything else is too prone to government control and abuse.
    • "It's called Tor, and the more people who use it, the safer it becomes."

      There's a potential problem with that. [slashdot.org]

      While it is true that the more people who use it (or more accurately, the more people who host exit-nodes) the better, as it stands the government has been singling out those who use privacy-enhancing technologies, like Tor and encryption.

      Bad, BAD Government! (Seriously, it IS bad. It's an attack on the whole "right to communicate privately" concept.)

      Having said all that, the more people who use these technologies the better. I particularly recommend Tor [torproject.org] and O [oneswarm.org]

    • by chihowa (366380)

      As much as I hate the Dice Holdings situation, Slashdot has banned Tor since long long before Dice bought them. At least as early as 2005, Slashdot was not allowing logins or posts from Tor exit nodes.

      Slashdot (the company) is about as luddite as a tech oriented site can get.

    • by tlhIngan (30335)

      I can update my 'do not track' tech even further. It's called Tor, and the more people who use it, the safer it becomes. Bonus: Comes with free tin foil hat, extended digital middle finger to pervasive electronic surveillance.

      Captcha: Doesn't work on Slashdot, which hates Tor and has banned all the exit nodes. "Slashdot is a Dice Holdings, Inc. service." *cough*

      But seriously; if they can't link you to an IP address (which let's face it: with all the DNT in the world, your IP is logged by your ISP and your I

  • This will simply not work - it's a technical solution to a social problem (the article mentions the oligopoly currently in place). It's also a technical solution implemented unilaterally by Mozilla.

    As the summary mentions: the original Do-Not-Track effort only failed when Microsoft made the boneheaded, unilateral decision to make it the default. Starting out this way will only start an arms race between Mozilla and advertisers.

    • by kthreadd (1558445)

      The problem was there from the start. Do-Not-Track is built on the premise that most users won't know about it. Only those who have enough knowledge about the situation will go to the preferences and turn it on.

      What we should have is legislation which says that you are not allowed to track unless a Do-Track header exists and is set to true. Let people opt in to tracking and see how many will do it. And if it's that important that you are able to track your visitors then by all mans check that the header is

    • This will simply not work - it's a technical solution to a social problem

      When the social problem (spying on people in order to improve the mind control that is advertising) is an abuse of technology (cookies, Javascript), a technical solution can be appropriate.

    • "This will simply not work - it's a technical solution to a social problem (the article mentions the oligopoly currently in place). It's also a technical solution implemented unilaterally by Mozilla."

      Nonsense on both counts.

      It is not a "social problem". It's a corporate and government abuse problem. Those are 2 very different things.

      And it's not implemented only by Mozilla. Safari has had the feature for a while, and there have been plug-ins that do this available on various browsers for at least a couple of years.

      Further, Firefox has had a setting to turn off 3rd Party Cookies for a long time now. It's just not turned on by default (yet), but most people with half a brain use it. The other pro

      • by cbhacking (979169)

        IE has also been able to block third-party cookies (for longer than Firefox has even existed). The capability for this is nothing new.

    • the original Do-Not-Track effort only failed when Microsoft made the boneheaded, unilateral decision to make it the default.

      Please stop regurgitating this propaganda from Apache that MS did anything wrong. Microsoft did not make DNT1 the default, they recommended it to their users by default, during the first-use setup. The user still chose whether to accept the recommendations, decline (which left DNT null), or customise the settings.

      The ad industry (and hence Apache) were never going to honour DNT once enough people knew about it. The IE10 episode merely demonstrated that. It didn't make any difference how MS presented it to u

  • by Anonymous Coward

    Can we get a standard profile to defeat this form of tracking:
    https://panopticlick.eff.org/

    (browser profiling, unique in my case to at least 1 in 2.5 million, and thus able to identify one person behind a session based NAT out of 2.5 million others).

    Also first-time-exchange public keys for Thunderbird. There's a lot of things in privacy that Mozilla can do, that Google and others won't.

    • Using NoScript helps reduce the amount of profiling information you leak. Granted, the fact that javascript is disabled is also a distinguishing itentifier but it plugs up more holes than it creates.

  • Neither sending a DNT request, nor compiling a list of known trackers requires any new technology. Blocking third-party cookies is relatively efficient already, but doesn't work when the site collaborates with the advertisers to track you. Coming up with a solution to that would be actual development.
    Making some settings default is simply a business decision, and a bad one at that. Users who don't take the trouble of changing a few settings probably don't care much about their privacy.

  • by Secret Agent Man (915574) on Saturday June 22, 2013 @12:26PM (#44078909) Homepage
    Do Not Track was silly, being opt-in and so on. And, surprise surprise, advertisers backed out when it started getting turned on by default. Now a fire is lit under their hindquarters since Firefox and Safari (and hopefully others) will simply do away with third party cookie support altogether. Taking away an advertiser's tracking tools is the best way to fight.
    • By default it is turned on. The web server software is opt in. Advertisers quickly threatened Apache and gave patches and they caved in. So again they win and decide for us

    • What will happen is that advertisers will implement systems to collect data with cooperation from site operators to eliminate the need for 3rd party cookies.

    • by khchung (462899)

      Do Not Track was silly, being opt-in and so on. And, surprise surprise, advertisers backed out when it started getting turned on by default. Now a fire is lit under their hindquarters since Firefox and Safari (and hopefully others) will simply do away with third party cookie support altogether. Taking away an advertiser's tracking tools is the best way to fight.

      Exactly. This is no different than the police handing out "Do Not Rob" stickers to tourists, imagining that if few enough people put it on, then the thieves would spare those in return for the police focusing less effort to catch them. Anyone with half a brain will realize every tourist will put on the stickers, thus immediately making it totally pointless.

    • by thegarbz (1787294)

      Yes surprise surprise people stopped supporting an opt-in system by design when it became opt-out.

      Advertisers supported it when it represented consumer preference. It no longer does. You can thank one company in an attempt at standing up for your privacy in a way that only a marketing department could think of, they have effectively made privacy worse for everyone.

      But hey we shouldn't expect any improvements in any experience we get from Microsoft.

  • They already disabled IE10s dnt. I was surprised by the la k of outrage here but people defended the advertisers who fund apache as they hate ms more than Apache caving in to advertisers

  • Some sites block you if you do not allow their cookies unfettered access. One example is target.com (the department store). You cannot get past the home page unless you open up your browser to all the cookies they want to place on your disk. It doesn't make sense for a store to prevent customers from using their website to shop.

    .
    Target needs to re-evaluate their purpose for having a website - do they want to use the website to place cookies on peoples' disks? Or does target want to use the website t

    • by swillden (191260)

      Target needs to re-evaluate their purpose for having a website - do they want to use the website to place cookies on peoples' disks? Or does target want to use the website to sell merchandise?

      Clearly, Target wants to track the users to whom they sell merchandise so they can sell them more merchandise. These aren't conflicting goals, unless users actually refuse to use Target's web site because they don't want to be tracked. But hardly any users refuse, so the net value to Target favors tracking. I'm sure Target has carefully evaluated the situation, and the result is the decisions they've made.

      • unless users actually refuse to use Target's web site because they don't want to be tracked.

        Target's website refuses entry for those customers who do not have tracking cookies enabled. It is Target's choice, not the customers'.

        I'm sure Target has carefully evaluated the situation, and the result is the decisions they've made.

        Yeah, preventing customers from walking through the main entrance and buy things is always a good thing for a store to do.

        • by swillden (191260)

          unless users actually refuse to use Target's web site because they don't want to be tracked.

          Target's website refuses entry for those customers who do not have tracking cookies enabled. It is Target's choice, not the customers'.

          It's the customers' choice to enable cookies.

          I'm sure Target has carefully evaluated the situation, and the result is the decisions they've made.

          Yeah, preventing customers from walking through the main entrance and buy things is always a good thing for a store to do.

          Sure it is, if it allows the store to profit even more from those who do come in. Are you also going to tell me that Costco is foolish for refusing entry to non-members?

    • by mjr167 (2477430)
      Simple solution: do not use Target's website.
      • Simple solution: do not use Target's website

        Target has already made that decision for me --- they do not allow me to use their website.

      • Simple solution: do not use Target's website.

        Or use it, then delete the cookies. You are allowing only session cookies except for a handful of sites, right? Restart your browser, cookies go away.

    • by Stan92057 (737634)
      i have 3rd party cookies blocked and had no warnings from target. I do allow site cookies and run 2 ad blocker and nothing from Target
    • I recommend configuring your browser to keep cookies only until you close your browser. This is quite easy to do in Firefox - go to the options, in the Privacy tab, and under the checkbox for whether to accept cookies there's a dropdown labelled "Keep until:". Set that to "Keep until: I close Firefox". Then you can grab something like Cookie Monster [mozilla.org] to make it easy to whitelist those site where you do want persistent cookies. Which browser are you using, by the way?

      • by cbhacking (979169)

        FWIW, IE offers a different take on this: block third-party *requests* from sites you don't like/don't trust/are on EasyList (yes, EasyList for AdBlock Plus also publishes their block list for IE, as do many other such lists). I don't hugely care if a site wants to set a cookie on my browser, so long as they can't retrieve that cookie when I'm on any other sites.

        It also breaks that stupid "X of your friends of Facebook liked this! ::THUMBSUP:: if you do too!" thing that a bunch of sites use; the request fro

        • Now that's interesting - I didn't know about IE9's tracking protection, or that it let you subscribe to blocklists. Thanks for sharing.

  • by Skapare (16644) on Saturday June 22, 2013 @12:54PM (#44079055) Homepage

    Every domain name needs to be fully isolated from each other. This includes blocking link referrers (that misspelled Referer header), as well as cookies, that provide any info to one domain about another. So if you click on a link that takes you to another site, it should NOT include the Referer header at all, unless you opt in to that (which should allow opt-ing per domain).

    • by Fastolfe (1470)

      Think this through, for a moment.

      The advertiser and content provider are working together. The content provider wants ads on their site, and they want you to click on those ads, because the advertiser makes money, and shares that money with the content provider. The two parties have an incentive to cooperate. Both parties want those ads to be relevant to you, because that increases the chances you'll click on them.

      Today, if you are known to the advertiser, but unknown to the content provider, you get sho

    • By default, a browser should not give a referrer, unless explicitly told to do so. Eg. RefControl for Firefox.

      By default, a browser should not accept cookies, unless explicitly told to do so. Eg. CookieMonster for Firefox.

      By default, a browser should not execute scripts or run plugins unless explicitly told to do so. Eg. NoScript for Firefox.

      By default, a browser should not provide the info panopticlick [eff.org] obtains, such as the detailed user agent. That should be outright blank or generic and immutable from now

  • According to my Ghostery window right now for this page. I have blocked:

    Three Double Clicks.
    One Google Adwords
    One Google Analytics
    One Scorecard Beacon
    and Four Jainrain

    Anybody ever try it on Weather.com or CNN.com? Everybody is into tracking..

  • Too many times I have to wait for the ads to load on a web page. If the ads and cookies were hosted on the parent web site, I think pages would load faster. Mozilla doing this, I believe, does not solve the tracking problem but it may speed things up. Mozilla should also include same domain ads with the cookies.
  • Great to see some support for block-by-deafult from another Browser. IE was going it alone and taking all the heat. Now the pressure is on Google to do the same for Chrome.

If a thing's worth having, it's worth cheating for. -- W.C. Fields

Working...