LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Mozilla, Google and privacy

Mozilla, Google and privacy

Posted Aug 13, 2009 22:57 UTC (Thu) by Tobu (subscriber, #24111)
In reply to: where does it says that? by dlang
Parent article: Ubuntu removes "multisearch"

If Mozilla cared about privacy, they would implement a same-origin policy strong enough to block tracking by advertisers. Google is the biggest advertiser on the web, with 70% of the market since acquiring DoubleClick; and Mozilla gets almost all of its revenue from Google.

In particular:

  • Refuse third-party cookies. Third party cookies are the most convenient way to track a user across sites (as long as the site serves ads or uses external analytics)
  • Prevent history retrieval from css or the cache (demo)
  • Disable the referer header, or restrict its use to embedded content
On the other hand, here is what Mozilla has done that actively helps Google harm privacy:
  • Enabled keyword suggestion in the search box. This sends real-time keystrokes to Google, and paved the way for Chrome to do the same with URL keystrokes, which are a very relevant part of a user's history, and are personal information.
  • Enabled an anti-phishing service (harmless apart from setting a google cookie on updates). Then enabled an opt-in enhanced version, that sends every visited URL to Google.

Also, the "do this choice very single time a cookie is supplied" option is a cop-out. This has the worst possible UI: individual pop ups that block loading, when unobtrusive notifications that can be handled in batches would be far less inconveniencing. It makes privacy into a power-user feature.

(Log in to post comments)

Mozilla, Google and privacy

Posted Aug 13, 2009 23:28 UTC (Thu) by dlang (✭ supporter ✭, #313) [Link]

umm, as far as I know firefox only allows cookies to be set for the domain the object was fetched from.

now if you have a page fetched from one server that contains a link to an image (or other object) on another server, that other server can set a cookie that it will get the next time it is accessed.

this is what companies like doubleclick use to track you as you go to different sites, but there are also many legitimate reasons for this to happen, if you blocked all links that pointed at a server other than the one you pulled the initial page from you would break the web.

if you are referring to something else when you say 'third party cookies' please help me understand.

as far as history retrieval from css goes, the only way to block that is to disable the ability of css to do different things for links that you have visited vs ones that you have not. while doing this is a useful option to have, It's pretty valuable to be able to tell which links on a page you ahve clicked on recently, so I can see why they wouldn't want to disable that globally.

referrer data also has legitimate uses (although I don't have as solid a reason for it off the cuff, and probably not one that you would consider acceptable), and if you want to eliminate it I don't see why you would allow it for embedded content

while I agree that the two actions that you mention harm privacy, they are also features that many people want to have. so you are saying that these features should not exist, which leaves people vulnerable to phishing attacks. I don't see that as a winning approach

as for the multiple pop-ups, you do have the option to tell firefox "don't ask me again for this server". this doesn't mean that there are no problems. the fact that firefox will happily open up hundreds of duplicate pop-ups is a problem (this is problem for authentication pop-ups as well as cookie pop-ups), but I see this as a separate problem (one I would like to see them fix.

Mozilla, Google and privacy

Posted Aug 14, 2009 11:43 UTC (Fri) by Tobu (subscriber, #24111) [Link]

Cookies are set for the domain content was fetched from, but included content makes the distinction irrelevant. This is indeed what I meant by third-party cookies: cookies set by third-party content.

I don't suggest breaking the web by refusing third-party content. Just that a cookie set on domain D via inclusion on domain A should not be the same as a cookie set on domain D via inclusion on domain B. As far as cookies are concerned, this should be enough to restore privacy.

Mozilla, Google and privacy

Posted Aug 15, 2009 3:12 UTC (Sat) by dlang (✭ supporter ✭, #313) [Link]

if you refuse to allow cookies for third-party content, you run the very real risk of breaking that third-party content if it needs cookies for it's functionality.

your suggestion to add a referrer-type tag to the cookie store is interesting and I think it would be a very good thing for someone to try implementing.

however it will break some legitimate uses as well as the people you are trying to break. you won't see this breakage on most small sites, but on large sites that spread functionality across multiple URLs you make it will break portions of the site that are common.

Mozilla, Google and privacy

Posted Aug 15, 2009 20:17 UTC (Sat) by Tobu (subscriber, #24111) [Link]

The sites I could see being broken by this are domains that maintain user sessions across tlds, like google.tld and lastfm.tld . They could use redirects to transfer the session between the .com domain and the country domain. Most sites that run analytics or ads via just a script tag wouldn't bother.

Mozilla, Google and privacy

Posted Aug 15, 2009 3:17 UTC (Sat) by foom (subscriber, #14868) [Link]

> that other server can set a cookie that it will get the next time it is accessed

In Safari it can't. From the preferences...

Accept Cookies:
[ ] Always
[ ] Never
[X] Only from sites I visit
    Block cookies from third parties and advertisers.

Mozilla, Google and privacy

Posted Aug 15, 2009 3:21 UTC (Sat) by dlang (✭ supporter ✭, #313) [Link]

interesting to know that this is an option.

I assume that this isn't the default (that it defaults to yes)

any idea how many sites get broken by this option?

Mozilla, Google and privacy

Posted Aug 15, 2009 3:36 UTC (Sat) by foom (subscriber, #14868) [Link]

It is the default. I don't know if any sites get broken by it, but I certainly haven't noticed any. Not that I would have even thought to try changing that option if I did run across a broken site, so who knows.

Quite a few are broken by me disabling Flash's data storage, though.

Mozilla, Google and privacy

Posted Aug 15, 2009 19:30 UTC (Sat) by njs (guest, #40338) [Link]

Firefox also has this option (though AFAICT not on by default): uncheck Edit > Preferences > Privacy > Accept third party cookies.

Mozilla, Google and privacy

Posted Aug 15, 2009 20:01 UTC (Sat) by Tobu (subscriber, #24111) [Link]

Yeah, but it is ineffective.

I have this option in Chromium and Firefox. All it does is check that the cookie setter (RFC 2965, the dom, maybe equivalents in html5 dom storageĀ…) requests a domain compatible with the current domain.

Content included from another domain works around it, and here both Firefox and Chromium have a myriad of cookies from adservers (these aren't leftovers, they get removed at the end of a session through another firefox setting).

The problem is that the effective way to prevent this (namespace cookies with the referer domain in addition to the cookie domain) hasn't been implemented, and these settings are just a distraction. I haven't tried Safari, but at least for the browsers I use, exposing them as "block third party/tracker/adserver cookies" is misleading. Maybe there is a reason fixing this is not that simple, but I suspect the reason is a big conflict of interest.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds