Firefox Tracking Protection

[naman]

No description provided.

[bishtawi]

For these settings, you want to enable them, correct?

[joshua-curtis-smith]

Yes, they should be set to enabled, though I'm 99% sure that advertisers ignore these.

[initbar]

If I'm not mistaken, the DNT protection is double edged - like @joshua-curtis-smith mentioned, 99% of advertisers tend to ignore those requests, and ironically use it as an identifier. Could we put a (optional) tag next to this header? Kind of like:

Firefox Tracking Protection (optional)

[dmarti]

There's a difference between Tracking Protection and DNT.

DNT is just a header, which most third parties ignore.

Tracking Protection will actually make Firefox refuse to connect to a third-party tracking server. This can save substantial network traffic and battery. Monica Chew has an explanation of how it can save 44% in page load times:

http://monica-at-mozilla.blogspot.com/2015/05/tracking-protection-for-firefox-at-web.html

More discussion of Tracking Protection and DNT: https://lwn.net/Articles/646339/

[initbar]

Ooo I see, thanks @dmarti

[amq]

I've added Tracking Protection, but I think it is not something that will last. Most probably the feature won't be actively maintained and we are better off with uBlock or similar.

[bishtawi]

We should place special emphasis that this option should be set to true. All the other options you set to false, this one is the odd man out. A person reading the doc might just go through and set everything to false.

[freddyb]

Is this project aimed towards making Firefox less talkative? Or "better for the user"?
I am asking because Tracking Protection talks to a classification server. It uses the same API as Google Safe Browsing (which obfuscates and normalizes URLs before sending them over the wire).

Does this mean this is as unwanted as the Safe Browsing API or does the feature it brings (performance, speed, privacy) outweigh this risk?
There is a a bit documentation on the Mozilla wiki, but you'll have to read the source code if you want the whole thing explained.

Not my call to make, surely. But I wanted to raise this.

(Disclaimer: I work for Mozilla, but I speak with my Mozilla hat off.)

[amq]

The main goal is disabling core Firefox features that leak data to third-party services (meaning that the data is actively sent by Firefox, not passively snooped by the sites).

The secondary goal is disabling the most critical data faucets which can be misused by the sites, like WebRTC and Geolocation, while attempting not to break web functionality.

It looks like I will have to remove Tracking Protection based on your comment, it doesn't fit in the general idea anyway.

[gcp]

I am asking because Tracking Protection talks to a classification server. It uses the same API as
Google Safe Browsing (which obfuscates and normalizes URLs before sending them over the wire).

It uses the same API, yes. An API gives an implementation a certain amount of leeway how to use it to achieve the desired effect.

The Tracking Protection implementation is written in such a way that a hit on the tracking blocklist will not generate a lookup to a remote server.

(Note that SafeBrowsing also won't "Leak the browsing history to Google.". What SafeBrowsing does and does not leak was a very carefully attained compromise between privacy and security that takes few paragraphs to explain, but "leaking the browsing history to Google" is about as misleading a summary as you can get.)

but you'll have to read the source code if you want the whole thing explained.

Look for code dealing with the preference "urlclassifier.disallow_completions" and you'll see "mozpub-track-digest256" is in that list.

(Disclaimer: I work for Mozilla

[freddyb]

Thanks for the clarification, Gian-Carlo!