Georgios Kontaxis (Columbia), Monica Chew (Mozilla); Tracking Protection in Firefox for Privacy and Performance; In Proceedings of the Web 2.0 Security and Privacy (W2SP); 2015-05-23; 4 pages; copy, slides (18 slides).
We present Tracking Protection in the Mozilla Firefox web browser. Tracking Protection is a new privacy technology to mitigate invasive tracking of users’ online activity by blocking requests to tracking domains. We evaluate our approach and demonstrate a 67.5% reduction in the number of HTTP cookies set during a crawl of the Alexa top 200 news sites. Since Firefox does not download and render content from tracking domains, Tracking Protection also enjoys performance benefits of a 44% median reduction in page load time and 39% reduction in data usage in the Alexa top 200 news sites.
- Mozilla Firefox
- Firefox Nightly
- Firefox 35
- Not committed for any production release?
- 1029886 – tracking bug for tracking protection
- curated blocklist
- Disconnect’s list (not EasyList)
- (Google) SafeBrowsing API
- Cookie Blocking
- Beacon Blocking
- Performance (page latency reduction).
- Sotto voce, surveillance blocking.
- Sotto voce, ad blocking.
- Threat Model
- <quote cite=”ref” page=”2″>Our adversary is a powerful billion-dollar online advertising and social networking industry</quote>
- trackingprotectionfirefoxat some github.
- Performance claims
- some telemetry
- some simulation
Somehow solving similar problems.
- Internet Advertising Bureau (IAB), 2013 Internet ad revenues soar to $42.8 billion, 2014-04-10.
- PageFair, Adobe, Adblocking goes mainstream, 2014; landing.
- B. Ur, P. G. Leon, L. F. Cranor, R. Shay, Y. Wang, Smart, useful, scary, creepy: Perceptions of online behavioral advertising, In Proceedings of the Eighth Symposium on Usable Privacy and Security (SOUPS), 2012, ACM; Technical Report CMU-CyLab-12-007, Carnegie Mellon University, 2012-04-02.
- Pew Research Center, Public perceptions of privacy and security in the post-Snowden era, 2014-11-12.
- G. Acar, C. Eubank, S. Englehardt, M. Juarez, A. Narayanan, C. Diaz, The web never forgets: Persistent tracking mechanisms in the wild, In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS), 2014, ACM; previously noted.
- K. Mowery, H. Shacham, “Pixel perfect: Fingerprinting canvas in HTML5,” In Proceedings of Web 2.0 Security and Privacy (W2SP), 2012, IEEE Computer Society; also filled, filled.
- P. Eckersley, How Unique Is Your Web Browser?, In Proceedings of the 10th International Conference on Privacy Enhancing Technologies (PETS), 2010, Springer-Verlag; also DEFCON-18, Panopticlick.
- Electronic Frontier Foundation, Privacy Badger.
- Google, Safe Browsing API.
- Disconnect, Disconnect.
- S. Lohr, For impatient web users, an eye blink is just too long to wait, In The New York Times (NYT); 2012-03-01.
- W. Palant, Ad Block Plus.
- Ghostery, Ghostery.
- Mozilla, Addons for Firefox.
- N. Nethercote, AdBlock Plus’s effect on Firefox’s memory usage; In His Blog, 2014-05-14.
- F. Roesner, T. Kohno, D. Wetherall, Detecting and defending against third-party tracking on the web, In Proceedings of the 9th USENIX Conference on Networked Systems Design and Implementation (NSDI), 2012, USENIX Association; previously filled.
- J. Bau, J. Mayer, H. Paskov, J. C. Mitchell, A Promising Direction for Web Tracking Countermeasures, In Proceedings of Web 2.0 Security and Privacy (W2SP), 2013, IEEE Computer Society; slides.
- Microsoft, Tracking Protection Lists.
- L. Cranor, A First Look at Internet Explorer 9 Privacy Features; In Some Blog; 2011-03.
- G. Kontaxis, M. Polychronakis, A. D. Keromytis, E. P. Markatos, Privacy-preserving social plugins; In Proceedings of the 21st USENIX Conference on Security Symposium, 2012, 16 pages, USENIX Association; landing.
- Roy T. Fielding, David Singer, Tracking preference expression (DNT)
- V. Toubiana, A. Narayanan, D. Boneh, H. Nissenbaum, S. Barocas, Adnostic: Privacy preserving targeted advertising, In Proceedings of the 17th Annual Network and Distributed System Security Symposium (NDSS), 2010, The Internet Society.
- Google, Contributor by Google.
Wandering, moot, through the naïvete of the chain of reasoning here, flow with it.
Authors = <quote cite=”ref” page=”4″>
Finally, browser makers bear tremendous responsibility in mediating conflicts between privacy interests of users and the advertising and publishing industries. Tracking Protection for Firefox is off by default and hidden in advanced settings. We call upon Mozilla, Microsoft, and other browser makers to make tracking protection universally available and easy to use. Only then will the balance of power shift towards interests of the people instead of industry.
Greybeard = <moot>
Browser makers can’t have it both ways here. They can’t be “common carriers” who make net-neutral and nework-neutral consumer premises equipment (CPE) as pure-play suppliers the media trade and also be the arbiters of the rights, rules and procedures of that industry without also entering that industry as a primary; i.e. as a publisher which owns a venue and manages an audience, which, as busking, is a fine and honorable vocation with a long and storied tradition dating back to the earliest ages. Indeed Firefox Sponsored Tiles.
Hiding such intervention capability in the “advanced settings” doesn’t ameliorate the conceptual error here. The terms of the trade have always and ever been between the publisher and the advertiser. The consumer (which is you, dear reader), as a catalyst of the relationship, is party to this activity only insofar is the terms of the publisher-advertiser business arrangement specify that the publisher is able to deliver any quantifiable action, generally, quantifiable attention, of the consumer (which, to remind, is you, dear reader) to the advertiser under the terms of their bilateral deal (common commercial terms being: CPM, CPC, CPA, etc.). The consumer’s consent being entailed by virtue of having received media from the publisher in the first instance.
As for your part of this, you are a consumer, and only that. As the appelation implies, you don’t own the creative product that you’re enjoying, you never did, you never will. Your rights are limited to personal experience under the stated terms. Otherwise, by convention, broader allowances would had to have been granted to you in an expression, an explicit writ. Your activities with regard to blocking publishers trading with advertisers in order to petition them to change their business practices as you experience them is a project that is, at best, fraught with contradictions and complications. To want to change the legal framework of creative product ownership & delivery is a tall order and would necessarily have implications in other areas of the media business. The law is pretty clear on the countervailing point. Namely, that the publisher owns the media, as they created it. They are purveying it under terms set forth. The media is licensed to you, and performed for you, even when on equipment that you own, for the sole purpose of your private enjoyment as an individual. During your experience of the work, you do not receive any other rights, such as the right of derivation, summarization, retransmission, republication, public performance, etc. These conditions adhere to you by your presence in the experience as a consumer unit. You are necessarily subject ot the Terms & Conditions set forth at the time the media was administered to you. Indeed the whole foundation of the Creative Commons and Open Source licensing is centered upon this point.
Activist = <moot2>
Yet “we” build, “we” own & “we” operate the CPE. These HTML5-JS-CSS3 browser media-players are “ours.” We are the web! Unlike print, OTA TV or radio media where the players are locked down. We build CPE; we block as we like. This cannot be stopped.
Publisher = We parry and invoke EME, CDM, DRM & block you with DMCA. Like we do with video. QED.