
Help Test Private Browsing with Tracking Protection in Firefox Beta 42 - cpeterso
https://blog.mozilla.org/futurereleases/2015/09/23/help-test-private-browsing-with-tracking-protection-in-firefox-beta/
======
verusfossa
I'm pretty far in the pro-user privacy camp, but I feel this conflates things
unnecessarily and confuses the end user. Private browsing now keeps your local
clean of history and site data on close, but also kind of does some other
disconnect/ghostery stuff? If you're privacy conscious you've already tuned
your browser, if you're not and believe private browsing does that, you're
misinformed.

~~~
gajjanag
Information regarding a lot of the configuration options for this purpose is
scattered across the web. To get some idea for what settings are useful for
privacy and security in Firefox, I have found
[https://github.com/pyllyukko/user.js](https://github.com/pyllyukko/user.js)
an extremely useful starting point.

------
AdmiralAsshat
IIRC "Tracking Protect" has been available for some time in Firefox, it was
just located somewhere in the about:config menu as an experimental feature. Is
this the same option simply moved to a menu option visible to the end-user, or
something different?

~~~
ehsanakhgari
Yes, this is using the same built-in Tracking Protection feature.

------
hrjet
While I like the mechanism, I am not too certain about the policies. From the
paper [1], they use "a subset of approximately 1500 domains from Disconnect’s
privacy-oriented blocklist to identify these unsafe origins". Further, they
update the block list every 45 minutes. Which means, a service which wants to
track the user can use domain names outside that block list of 1500, and
change it every 45 minutes (in case it becomes popular and the block list
catches up).

Am I understanding this right?

Aside, I realize that there are no easy solutions for this. As the paper also
says, it is hard to identify which requests belong to third parties because of
the prevalent practice of using third-party CDNs.

I believe one approach is to disable cookies, javascripts and other sensitive
functionality from _all_ third-parties, without any biases or curation, and to
provide the tools to enable them selectively. The only drawback is that it
won't fly with non-tech-savvy users. However, I think the tech-savvy segment
is large enough and growing, to make it worthwhile.

This is the approach that the uMatrix addon, and gngr, the browser that we are
developing, take. It would make me very happy if other browsers integrate such
a facility within them.

[1]:
[https://kontaxis.github.io/trackingprotectionfirefox/resourc...](https://kontaxis.github.io/trackingprotectionfirefox/resources/papers/trackingprotectionfirefox.w2sp15.pdf)

------
abhv
Would be great if you could explain exactly how this differs from using an
ad/tracking blocker, e.g. Disrupt or mu-block.

~~~
aroch
See the whitepaper[1] and blogs by Monica and Mozilla[2].

It works like a combination of safebrowsing and Disconnect. Basically they
cache a list of "bad" URIs and block them at request-time

[1]
[https://kontaxis.github.io/trackingprotectionfirefox/resourc...](https://kontaxis.github.io/trackingprotectionfirefox/resources/papers/trackingprotectionfirefox.w2sp15.pdf)

[2] monica-at-mozilla.blogspot.com

