Mozilla today announced a slew of privacy improvements. The company has turned on Enhanced Tracking Protection, which blocks cookies from third-party trackers in Firefox, by default. Mozilla has also improved its Facebook Container extension, released a Firefox desktop extension for its rebranded Lockwise password keeper, and updated Firefox Monitor with a dashboard for multiple email addresses.
But Enhanced Tracking Protection is the big one. Mozilla added basic Tracking Protection to Firefox 42’s private browsing mode in November 2015. The feature blocked website elements (ads, analytics trackers, and social share buttons) based on Disconnect‘s tracking protection rules. With the release of Firefox 57 in November 2017, Mozilla added an option to enable Tracking Protection outside of private browsing. (Tracking Protection was not turned on by default because it can break websites and cut off revenue streams for content creators who depend on third-party advertising.)
In August 2018, Mozilla announced Firefox would block trackers by default. But getting there was slow progress. Firefox 63 arrived in October with Enhanced Tracking Protection, blocking cookies and storage access from third-party trackers. Firefox 65, released in January, added Content Blocking controls, giving users three ways to finely control the blocking feature:
- Standard: The default, where Firefox blocks known trackers and third-party tracking cookies in general.
- Strict: For people who want a bit more protection and don’t mind if some sites break. This setting means Firefox blocks known trackers in all windows.
- Custom: For those who want complete control to pick and choose what trackers and cookies they want to block.
Enhanced Tracking Protection
If you download a fresh copy of Firefox today, Enhanced Tracking Protection will be on by default as part of the Standard setting. That means third-party tracking cookies are blocked without users having to change a thing. You will notice Enhanced Tracking Protection working if there is a shield icon in the address bar. If you click on the shield icon and open the Content Blocking section and then Cookies, you’ll see a Blocking Tracking Cookies section. There you can see the companies listed as third-party cookies and trackers that Firefox has blocked. You can also turn off blocking for a specific site.
If you already have Firefox, Mozilla will be rolling out Enhanced Tracking Protection by default “in the coming months.” You can turn it on yourself sooner by clicking on the small “i” icon in the address bar and clicking on the gear on the right side under Content Blocking. Or you can go to Preferences, Privacy & Security, and then Content Blocking. Choose Custom, mark the Cookies checkbox, and select “Third-party trackers.”
The feature focuses on third-party trackers (the ad industry) while allowing first-party cookies (logins, where you last left off, and so on). Mozilla says it is enabling Enhanced Tracking Protection by default because most users don’t change their browser settings.
“To expect them to do this in order to be assured the privacy they demand places an undue burden on them,” a spokesperson told VentureBeat. “In fact, with our Firefox Quantum launch in 2017 we included a setting that would allow people to turn on tracking protection, and only 3% of users did.”
Enhanced Tracking Protection will block third-party cookies from over 2,500 tracking domains to start. Mozilla plans to grow that list over time.
Comparing to Chrome and Safari
Mozilla made a point of comparing Firefox’s Enhanced Tracking Protection to offerings from Google’s Chrome and Apple’s Safari. Unsurprisingly, Mozilla says Firefox wins:
- Firefox’s Enhanced Tracking Protection blocks pervasive tracking and data collection by ad networks and tech companies. Chrome offers no equivalent to Enhanced Tracking Protection today other than if a user manually disables all third-party cookies in settings (this will break many websites).
- Apple’s intelligent tracking protection differs from Firefox’s Enhanced Tracking Protection because it relies on an algorithm and there is burly evidence that add tracking companies are circumventing that algorithm. In addition, the security that Apple’s intelligent tracking protection provides does not extend beyond the apple hardware ecosystem.
Google and Apple are likely to keep iterating, however, just like Mozilla.
In March 2018, Mozilla launched a Facebook Container add-on. The Firefox tool makes it “much harder” for Facebook to track you when you’re not on its site. Mozilla noted today that the add-on has racked up more than 2 million downloads since launch.
The add-on isolates your web activity from Facebook, and Mozilla is taking this a step further. Today’s version prevents Facebook from tracking you on other sites that have embedded Facebook capabilities, such as the Share and Like buttons.
Facebook Container now blocks Facebook buttons on other sites “and all connections to Facebook’s servers, so that Facebook isn’t able to track your visits to these sites.” Blocking these connections makes it harder for Facebook to build shadow profiles of non-Facebook users.
Firefox Lockwise and Firefox Monitor
Additionally, Mozilla has rebranded its password management app Firefox Lockbox (Android and iOS) as Firefox Lockwise. The company is also bringing the password management app to the desktop and rolling out a Firefox desktop extension. Mozilla promises “a seamless integrated experience in Firefox when you move from desktop to mobile.”
Firefox Lockwise lets you store, edit, and access your passwords. The desktop extension can be used to update and manage your saved list of passwords. You can reference and edit what is being stored or delete any saved password as you please.
Speaking of passwords, Mozilla has also updated Firefox Monitor, its free service that notifies you when your email has been part of a data breach. Since the service’s September launch, Mozilla says more than 635,000 people have signed up for Firefox Monitor alerts. The service now has a breach dashboard that shows which emails are being monitored, how many known data breaches may have exposed your information, and whether any passwords have been leaked. You can now also select a primary email address to serve as the hub for all notifications and alerts. All email addresses must now be verified by email before they are activated.