45
Privacy-Preserving Attribution: Testing for a New Era of Privacy in Digital Advertising
(blog.mozilla.org)
A place to discuss the news and latest developments on the open-source browser Firefox
I would be more okay with this if Firefox did more to block the tracking techniques that advertisers are currently using. They block third party cookies and compartmentalize social media cookies which is fine but they do almost nothing to stop the more insidious tracking techniques like device fingerprinting.
Mozilla really wants to push me to Brave
What more do you think should be done to stop fingerprinting, and does that involve sacrificing usability?
(Also, "almost nothing" feels like a gross exaggeration? Just the Tor Uplift project brought in lots of measures, quite a few of which could even be enabled by default.)
Brave randomizes the output of fingerprinting techniques like canvas rendering, system fonts, installed devices, etc in a way that makes you look like a real, consistent user providing real data that still allows the site to work, while still changing the output from one session to the next enough that sites can't tell you're the same person.
Firefox claims to block all this but if you check their site they explain how it actually works:
This does nothing to actually disguise you. It's the equivalent of putting a paper bag over your head when you think there's a security camera. You stand out because of the bag and you don't know where all the cameras are so you're still being tracked when you don't know it.
I hate the idea of Brave because Chromium's dominance will ruin the web but Firefox does not protect us.
That is a bit confusing, but the feature called "Fingerprint Protection" (i.e. blocking known fingerprinters) isn't the only protection built in. I'm not motivated enough to find a full list right now, but it also includes e.g. limiting the information in the User Agent header. I did at least find a list of things that were worked on at some point by searching for "Tor uplift", which is a good starting point if you'd like to find more: https://wiki.mozilla.org/Security/Fingerprinting
I'd also add that actually blocking requests to known fingerprinters does help. It's more like camera's getting disabled when you're around: sure, from the point of view of the camera, it's suspicious that it stopped working, but it can't see you, so it doesn't know who is standing out.