Slashdot Mirror
Firefox 59 Will Stop Websites Snooping on Where You've Just Been (zdnet.com)
Firefox 59 will reduce how much information websites pass on about visitors in an attempt to improve privacy for users of its private browsing mode. From a report: When you click a link in your browser to navigate to a new site, the site you go on to visit receives the address of the site you came from, via the so-called "referrer value." While this helps websites understand where visitors are coming from, it can also leak data about the individual browsing, because it tells the site the exact page you were looking at when you clicked the link, said Mozilla. Browsers also send a referrer value when requesting other details like ads, or other social media snippets integrated in a modern website, which means these embedded content features also know exactly what page you're visiting.
This privacy issue has been known for as long as browsers have been around. Nevertheless, this is good news.
The headline implies this change will prevent sites from knowing what site you linked from. That's incorrect. From the article:
To prevent this type of data leakage, from Firefox 59, the private browsing option will remove path information from referrer values sent to third parties, effectively stripping out additional data and only leaving the web domain.
One hand is protecting us from evil websites, so the other hand can (exclusivly) use this for ads in pocket...
If you RTFA (I know, I know; I must be new around here), you'll see this is only for Private Mode, and leaves the domain portion intact. You can still see if they loaded from your domain.
I use a privoxy http proxy for all the browsing on my home network. I have privoxy configured to block the referrer when it is cross-site. However, from one page to another within the same site, privoxy is configured to allow the referrer to pass unaltered, for the exact reason you say.
Good news! It'll still report the domain, but will stop reporting exactly which page they've come from.
Er, no, hosts will not prevent this.
Hosts is used to completely block or redirect a url.
What is being discussed here is that as you travel from one url to another the new url is able to see your previous url. Hosts would block either one site or the other so you wouldn't be travelling from one to another anyways.
Why wouldn't this be the default?
Same site allow referrer. Anything else completely block it.
This will ruin my fun of constantly going to pornhub then moving right to the Christian Coalition site to fill their logs up with porn referrals
Sent from my TARDIS
"site" is normally synonymous with "domain" not "page"
if youre checkin http_referrer for valid requests, youre doing it wrong anyway. referrer can be faked easily therefore absolutely not reliable.
Er, no, hosts will not prevent this.
Hosts is used to completely block or redirect a url.
What is being discussed here is that as you travel from one url to another the new url is able to see your previous url. Hosts would block either one site or the other so you wouldn't be travelling from one to another anyways.
Your obvious fucking sarcasm detector seems to be in need of warranty repair.
With the various updates over the past few months, now instead of one process in task manager eating ~1.5 GB of RAM, now I generally have ~5 processes eating up ~3 GB.
When you click a link in your browser to navigate to a new site, the site you go on to visit receives the address of the site you came from, via the so-called "referrer value."
This is how the web has always worked and it's a public specification. There's nothing so called or nefarious here.
You'll break sites that only show you the full content when coming from Google but throw up an interterrestrial when direct linking if you do that, setting referrer to be only domain if doing cross-site is probably the best option.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Meh, in private browsing mode they really should kill the referrer from any top level page. If it's an <img>, <iframe> or <video> tag it's cool... but if I go from foo.com to bar.com via an <a href> it shouldn't secretly tell bar.com I came from foo.com. Transparency in what information you're exposing is essential to security and most people aren't aware it's happening.
Live today, because you never know what tomorrow brings
...You'll break sites that only show you the full content when coming from Google but throw up an interterrestrial when direct linking if you do that...
Which is why I use the Toggle-Proxy add-in (one of the extensions that stopped working in Firefox and one of the reasons why I moved to Waterfox). If I see the very infrequent site that offers the interstitial as you say, I just turn off the proxy and go direct. But it is my choice when I want to do that.
we'll deny the Image Load if the referrer is missing
No, you won't. I surf with the referer header completely disabled (between sites, on sites, on pages, always). Very rarely do I need to make an exception. Web sites block hot linking by looking for referer headers from other sites, but if the referer header is empty, almost always the request goes through unhindered. Also, the header is called referer, not referrer. It's a typo, but it's in the standard.
You probably meant interstitial, as inter-terrestrial could be somewhat delayed.
>This referrer send is BEYOND the art stealer's control.
Holy shit, hot linking downloads the image and then deletes it from your server?!
Fix your security issues before you complain to us about the users.
Also:
https://addons.mozilla.org/en-US/firefox/addon/smart-referer/?src=search
If you deny hotlinking, and a user of another website supporting Open Graph protocol links to a document on your site, then the link will look unusually plain because the site won't be able to display the thumbnail declared in og:image . What mechanism have you put in place to allow hotlinking only in the context of thumbnails intended to attract visits to documents on your site, such as og:image, and deny it otherwise? Or do you just opt out of offering thumbnails for other authors to use when citing your documents?
sorry, I already broke your referrer using an extension... that's a silly way to check if a client came from your own domain anyways...
To counter "unused RAM is wasted RAM", make your complaints explicitly about the user-observable symptom: "Firefox causes my computer to thrash swap when I do X, Y, and Z." If you have made a report that explicitly mentioned page file usage, what was the reply?
Then what image should a document on one site use to represent the document on another site to which it is linking?
Easy to do. Don't break referral if it's from the same domain.
If that is the case I'd say they should block the header in all cases except if the domain matches the domain the request is for.
Account -> Discussions -> Disable Sigs
Google itself removes the referer (an url with a query) when I use open source statistics software like Piwik, for "privacy reasons", except they do show what people searched for on their own analytics services, so in reality it was just to give the middle finger to competition, using the near monopoly of the search engine. So I'd like Firefox to return the favor and not hand the complete referer to any 3rd parties loaded on websites. Just do this in the header to Google:
Referer: -_-*,,|,
They're not going to revert the decision to remove highly problematic technology because some people are hung up about it. They didn't do it for Java, they won't do it for Flash, and they won't do it for XUL.
If you're upset that some addons no longer work, and there are no alternatives on the regularly release builds, then just use a build that does support more powerful addons, like the unbranded or nightly or developer edition. It's really not the hardest thing in the world, and most legacy-style addons will continue to work for quite some time if people truly care about them to keep them working until someone else does the work to make a better new-style addon).
And if for some reason you're still hung up on XUL/XBL etc specifically, then help someone like the Waterfox or Pale Moon devs to do so. This ain't a free lunch, and Mozilla has more useful things to do that keep supporting legacy technology indefinitely.
To prevent this type of data leakage, from Firefox 59, the private browsing option will remove path information from referrer values sent to third parties, effectively stripping out additional data and only leaving the web domain.
Hopefully this is just the first step toward a proper solution. Step 2 is to apply the same policy for intra-site links, to prevent sites from filtering on the exact page address. Step 3 is to always send the requested resource's domain, regardless of the source.
"The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
There is no reason the browser can't allow for 100% normal referrer if it's coming from the same server. I mean what difference would that make, the server already knows where you've been.
Unlike many people, I've actually read Firefox's privacy policy.
It turns out that Firefox's privacy policy is quite disturbing, especially when considering how often we're told that Firefox supposedly "cares" about our privacy.
The Firefox privacy policy dated September 28, 2017 makes it clear that Firefox user data can be collected by Firefox and can be sent to various third parties, including Google, some "Adjust" company, some "Leanplum" company, and SalesForce.
For example, there are very worrying sections like (emphasis has been added):
and:
and:
and:
and:
Some people will foolishly claim that privacy violations like these are "acceptable" because they can supposedly be "disabled".
No, they're not acceptable at all!
Intrusive data collection/transmission like this shouldn't have to be disabled; the code implementing this data collection and transmission shouldn't even exist in the first place! There should be nothing to disable because Firefox should not be able to collect this data, and it should not be able to transmit it anywhere.
Reading Firefox's privacy policy has made me very distrustful of Firefox and Mozilla, and especially of the people who wrongly claim that Firefox somehow "respects its users' privacy".
Old Opera (the Presto engine, versions 7-12) had an option to disable this years ago. (Of course years ago, since it is no longer available.)
Glad to see someone else using Matomo (formerly Piwik) instead of third-party analytics.
Seeing as you've shown interest in helping viewers find documents on your site, have you tried signing up for the major web search engines' webmaster tools, such as Google Search Console? I was under the impression that these tools offered search queries even without having to install a search engine's analytics script on your site. (Source: "What is Search Console?"; "Help Center - Bing Webmaster Tools")
Another tip: Does your site use HTTPS? If so, the Referer is more likely to have useful information than if your site uses cleartext HTTP. The major search engines have shifted to HTTPS since the Firesheep and PRISM revelations, and browsers tend to strip out Referer for cross-scheme links. Once you set up HTTPS with Let's Encrypt on your site, let search engines know to prefer the HTTPS version by with three steps:
Let me know when key binding support for new-style addons is fixed.
Don't do chain surfing. Always depart from home. Always leave to home. Use hosts file, Problem solved.
Without telemetry, how do you expect a browser developer to assess use coverage of the browser's code? Without coverage, browser developers have no way to know which bugs to prioritize fixing and no way to know which web standards are used in websites. Without information about feature use, browser developers might assume CSS and JavaScript features used in your site are "not widely adopted on the web" and begin the process of removing them from the web standards.
TFS, TFA don't say.
It little behooves the best of us to comment on the rest of us.
Browser vendors can comb the top 10000 websites of the world easily enough and see what features are being used the most. No need for client-side telemetry to gather such data.
Which provider other than Google would you recommend that Firefox instead use when the user chooses to query the safety reputation of a particular website or downloaded file? Or how do you find why do you find offering the choice to query the safety reputation of a particular website or downloaded file inherently harmful?
Which provider other than Google would you recommend that Firefox instead use when the user chooses to reveal the user's location to a site? Or why do you find offering the choice to reveal the user's location to a site inherently harmful?
Browser vendors can comb the top 10000 websites of the world easily enough and see what features are being used the most.
That won't work for features used more often in the long tail below the top 10000 or behind the login page of the top 10000. This might be the case, for example, for the Encrypted Media Extensions used to enforce audio and video rental terms.
It's really quite simple. I don't know why you couldn't figure it out on your own.
It comes down to Firefox's developers engaging in two remarkably basic actions:
1) They need to listen to what their users are voluntarily saying.
2) If they don't understand what their users are saying, then they can ask the users some questions to clarify the situation.
It's really that simple.
When something is wrong, users will say so. As the developer of a software product, all that you have to do is listen to what they're saying and then act upon it!
When many, many, many Firefox users keep on reporting again and again and again that Firefox suffers from severe performance and memory usage problems, do you know what the Firefox developers should do? Focus on the performance and memory usage problems that the users are talking about!
When many, many, many Firefox users keep on saying that they don't want their XUL extensions to break, do you know what the Firefox developers should do? Focus on not breaking browser functionality that Firefox users deem to be essential!
It should be pretty apparent what the users want. Now in the rare case that there's some confusion, for whatever reason, the next step is to ask the users for clarification.
See, it's really not so hard at all!
There's no data collection necessary. There's no data transmission to Google or other companies necessary.
Privacy is maintained, because it's the users voluntarily giving out only as much information as they want to give out.
I don't know why people like you and the Firefox developers need to over-complicate what's actually one of the simplest and easiest parts of the software development process: listening to the users!
Listen to what the Firefox users are saying. Ask them for clarification if there is any confusion. Then do what the users have asked to be done.
It's just that simple!
You get nothing but a HTTP GET when I click on a link.
Site is normally synonomous with host, not domain or page.
How about a new tab before navigating, I would imagine that would not send the referer. Is this correct?
[($)]
If you are relying on REFERRER to stop hot linking you are an idiot. That is so easy to spoof it isn't worth mentioning.
Take your spam tracking website and stick it up your ass.
Google, Yahoo, now Google again? The overwhelming majority of users will never change their default search. Mozilla is leaving them as sitting ducks on this HUGE area of data security.
Unfortunately, almost ALL of Mozilla's revenue depends on these default search contracts. But instead of Google, why not Startpage (which uses Google)? In that arrangement, Google still makes money, Mozilla still makes money, and users are given a HUGE boost in security.
> publicly using our public-designated resources
Open-facing. Unchallenged access.
Closed to unchallenged access, demands escalation.
Pick one.
Every google-crawlable database is the former and most courts have realized that. The others make /. headlines and we mock them.
Not only that, if Slashdot had linked the original Firefox blog post instead of the insipid rehash from ZDNet with an auto-playing video, the GP would have seen that they are actually setting the Referrer-Policy to "strict-origin-when-cross-origin" which doesn't affect same-domain referrals unless they downgrade from HTTPS to HTTP.
Quite frankly, this should be the default already. I have it set that way on all my sites, and today I learned that you can set it client-side on Firefox.
Make the following change in about:config
network.http.sendRefererHeader;0
The fact that mozilla tried to really list all the data that it takes and where to send it is good and your post looks like scary, but all of those items have a reasons:
> Google’s SafeBrowsing service
duh! if you want to know if the site/file is in a blacklist, you do need to sent it to some place to be checked. It can be disabled, but of course most people want this enabled
>Location data to Google's geolocation service
duh again, if you see a pop-up from firefox asking that the site wants to see your location, if you press "allow", your IP is sent to some place to map the IP to a location... you can press "not allow" and you will not share anything
>On iOS and Android: Firefox by default sends mobile campaign data to Adjust, our analytics vendor
"Adjust" tracks firefox installs and usage platforms, so firefox can see what works and not works (tables vs cheap phones vs expensive phones, or country, or mobile OS preference)... it is not for tracking what people do online.
Yes, that "Google advertising ID" is scary, but thats the way tracking in mobile works, specially if related with other marking campaigns... and this is for mozilla data analyzes, not to be shared to google. Think this as a newrelic, but instead of performance and errors, place mozilla campaign Id, so they know what campaign pays the most and where/in what devices
>On iOS and Android: Firefox by default sends data about what features you use in Firefox to Leanplum, our mobile marketing vendor, ... again, not for tracking you, but to track features usage or lack of usage
"Leanplum" looks its like Adjust/Newrelic, but for the internal firefox features. probably tells how many people uses webgl, pocket, add-ons, movies, audio, so they can understand better how differently people uses the mobile vs the desktop
>Your email address is sent to our email vendor, SalesForce Marketing Cloud,
"SalesForce Marketing Cloud" is their email provider for the marketing and email announcements... so it basically sends email... and yes, any email server will see your email! most companies do not even list this in their "privacy policy"... because its is the way email works! If you disable email notifications, they probably do not even share your email with then.
All this telemetry is there to help mozilla develop the browser, not to track you. Without it, how they would know if people use many tabs or few tabs? if after releasing a new feature, the memory usage increased everywhere and that they should try to track some leak? if people still use flash and how important is is (ads or the full site in flash). All those "privacy problems" you listed are really needed
When one reads the privacy policy, ones needs to try to understand how and why it is used, not simply cry "wolf" and start spreading FUD
Higuita
most people probably do not use any of the 10000 top sites, as that is just a small fraction of all the sites in the internet. Also, how to determine the 10000 top sites? check what IE reports? then it would probably not map what firefox users see, but what IE users see. That info does not show up by magic.
example: how many people use webm ? is it ok to support that, or is just trash being bundled in the browser? do they use the alternatives to it? or do not use anything? Is feature XYZ slowing down sites? or consuming more ram? have we more crashes since last release?
if you remove all this, you start developing blindly and then get users to complain that the browser is old, slow, eats too much ram or always crashing
many of the telemetry they got is in this site: https://telemetry.mozilla.org/ ... you can see it too!
Higuita
if somebody wants to show a link to my site with a thumbnail, then they're going to have to generate that on their server and serve the image to their users.
That's rehosting, which some authors find even worse than hotlinking because they don't receive the insight about their audience that comes from a list of sites in which the preview image is embedded.
This is a terrible idea. It is going to break millions of sites.
What they really need to disable is third party cookies. Period.
This stops a lot of the tracking. No more advertisements on another site for something you have just searched for on google.
It breaks a few web sites that rely on them, unfortunately. Mostly discussions forums. It does break my credit union's billpay and a host provisioning site at my work, too. IMO, sites that rely on third party cookies are poorly designed.
-- Julien Pierre http://www.madbrain.com/blog
I'm 99% certain I've killed off all this telemetry crap in previous versions of FF, but I recently noticed it's writing crap in the datareporting directory... I _don't think_ it's transmitting it anywhere, but it's still annoying that it has to keep writing all this stuff out. And apparently not cleaning up after itself either.
So any news on that?!!
... However, a few web sites require it to work correctly. :(
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
You do realise that free ram is wasted ram.
Provided it's actually free RAM, as opposed to RAM that belongs to another process that would end up swapped out to disk if Firefox were to allocate and use it.
Just calling this out if any of Google's hellspawn are reading
Refer used to be a great way to optimize a web site for keywords since you could tell what people were looking for.
It let us really improve the web sites and get more legitimate eyeballs.
One day Google decided to stop this - unless you gave them cash through their ridiculously convoluted adware interface.
We could never get our web sites to connect with would-be customers after that. We ended up giving up on web search and using social media instead.
Google are still criminally profitable and always will be I suspect but they chased companies like us into the arms of Facebook and Twitter.
How's Google+ working out for you, Google? Fuck you.
How about letting the users be responsible for the sites they visit? Why should the browser be doing your due diligence for you?
"Freedom in the USA is not the ability to do what you want. It is the ability to stop others from doing what THEY want"
Why should the browser be doing your due diligence for you [with respect to websites that distribute malware]?
Because non-technical users, who outnumber technical users, have seen that as a desirable feature in a web browser.
Thanks. You got some good knowledge.
But you missed one of the most important phrases in their privacy policy:
" {...} which has its own privacy policy.
" {...} which has its own privacy policy.
" {...} which has its own privacy policy.
(Give or take a policy )
Now, to complete interpretation of this policy, these others must be interpreted too.
You cannot steal what was intentionally put up to be copied. You cannot view an image on the Internet without possessing a copy of it. QED
true, but most of the info is mostly useless by itself, firefox only sends some selected info, when it wants and without other extra info (cookies and likes)... this is very far from tracking all requests, all with tracking cookies.
The 2 most problematic info is the email and the url in safebrowsing. The email, there is nothing to do, that is the way email work, every server that the mail uses can see your email and use it to do spam, even if illegal in many places.
The url in safebrowsing, may be used to track that your ip access that url, but it not clear at all if it is always the same person, as it can be a gateway or dhcp from the isp can screw things for tracking... but that one you can disable if you feel it is still too much
You may thing that the "google ads id" is important, but too little and mostly useless info is send and google already knows that id is using firefox... unless you block all google servers and ads!
Higuita
The 3% of people that still use this product should be thrilled.