Slashdot Mirror
Firefox 57's Speed Secret? Delaying Requests from Tracking Domains (zdnet.com)
An anonymous reader quotes ZDNet:
A Mozilla engineer has revealed one of the hidden techniques that Firefox 57 -- known as Quantum -- is using to improve page load times... It delays scripts from tracking domains, such as www.google-analytics.com. The technique was developed by Mozilla engineer Honza Bambas, who calls it "tailing". It works by delaying scripts from tracking domains when a page is actively loading and rendering...
Tailing only briefly prevents the tracking scripts loading, rather than disabling them entirely. Page load performance is improved by saving on network bandwidth and computing resources while loading a page, in a way that prioritizes site requests over tracking requests. "Requests are kept on hold only while there are site sub-resources still loading and only up to about 6 seconds. The delay is engaged only for scripts added dynamically or as async. Tracking images are always delayed. This is legal according all HTML specifications and it's assumed that well built sites will not be affected regarding functionality," explains Bambas.
Tailing only briefly prevents the tracking scripts loading, rather than disabling them entirely. Page load performance is improved by saving on network bandwidth and computing resources while loading a page, in a way that prioritizes site requests over tracking requests. "Requests are kept on hold only while there are site sub-resources still loading and only up to about 6 seconds. The delay is engaged only for scripts added dynamically or as async. Tracking images are always delayed. This is legal according all HTML specifications and it's assumed that well built sites will not be affected regarding functionality," explains Bambas.
That's why I use both noscript and also uMatrix!
Unless I, the user, have a reason for wanting javascript I won't turn it on . And even if I do, I don't want your cross-site scripting! uMatrix prevents that. And if something really needs a third party script, I can turn on just the specific third parties that are related. For example, I might allow a few google domains if I'm intentionally loading a map, but if I'm not using the map I'm not going to turn those on. And even if I am, I certainly don't want the analytics.
It seems to be getting better, actually; 5 years ago almost every site had third party JS for important functions, now more and more sites are hosting their own scripts for core functionality.
FireFox inherited a small security update from the Tor project called "First Party Isolation". It's in newer versions of FF, but isn't turned on by default as it can break some authentication systems.
What it does, is only allow cookies to be sent and received by the site in the page's URL. So, for instance, while visiting YouTube.com, images and the like from google.com can load, but have no cookies attached, and do not receive those cookies.
To enable it, go to about:config and find "privacy.firstparty.isolate". Set it to true and restart the browser, and enjoy surfing the web knowing that you're not being tracked from site to site.