Home / Technology / Firefox 87 is out today, adding Smart Block for enhanced private browsing

Firefox 87 is out today, adding Smart Block for enhanced private browsing



You're not trying to leak any data to third party sites, are you?  No?  OK then.  Go on, friend.
Enlarge / You’re not trying to leak any data to third party sites, are you? No? OK then. Go on, friend.

Mozilla launched Firefox 87.0 this morning, the latest version of the open source browser. Followed by the heels of December Firefox 85 and February Firefox 86, the new features of the new version ̵

1; Smart Block and improved referral trimming – are privacy related.

Smart Block

Smart Block (right) provides fake tracking scripts instead of third-party trackers, which improves page rendering.  (Animated, click to play.)
Enlarge / Smart Block (right) provides fake tracking scripts instead of third-party trackers, which improves page rendering. (Animated, click to play.)

Firefox has been blocking third-party tracking scripts by default for quite some time now. For the most part, this works quite seamlessly – but in some cases, missing tracking scripts can interfere with the rendering of a page, either delaying it (as shown in the animated image on the left) or destroying it permanently.

Smart Block takes an extra step to improve rendering on pages that build in third-party trackers – instead of just pulling the script and leaving a “hole” where it used to be, Smart Block replaces it with what Mozilla describes as “stand-alone” These stand-in scripts work just like the original trackers to recover the intended page playback sequence and results without actually leaking data to third parties.

Mozilla sources much of its data on what is – or is not – a “regular tracking script” that needs a Smart Block engagement from the Disconnect Tracking list.

Improved reference trimming

Referral trimming removes anything other than the embedded domain from native network requests.
Enlarge / Referral truncation removes anything other than the embedded domain from original network requests.

When you post an image from another site on your own site, information about the site’s viewers leaks to the operators on the other site. To illustrate this, let’s imagine that the operators of greatsearch.tld, a fictional search engine, includes an image of a sheep from sheep-pictures.tld on each results page.

The HTML code for the embedded image is simple:

When users of greatsearch.tld uses the site, their browsers see that code and download automatically https://sheep-pictures.tld/sheep1.jpg while rendering the page.

Why does greatsearch.tld include a free lamb with each search result?  Do not ask us.
Enlarge / Why does greatsearch.tld include a free lamb with each search result? Do not ask us.

Traditionally, the entire URL of the referring page is included in that web request … which means information leakage to the operators of sheep-pictures.tld, who wanted to see something like this in their logs:

240.163.255.110 - - [15/Mar/2021:10:28:57 -0400] "GET /sheep1.jpg
                    HTTP/1.1" 200 11676 "http://greatsearch.tld/res
                    ults?really-embarrassing-medical-condition"

Now that we understand the reference field itself, it’s pretty clear what “reference trimming” means – and why Mozilla is becoming more aggressive with it. If the user above used Firefox 87 when doing the same search, the operators will off sheep-pictures.tld will instead see the following log entry:

240.163.255.110 - - [15/Mar/2021:10:28:57 -0400] "GET /sheep1.jpg
                    HTTP/1.1" 200 11676 "http://greatsearch.tld/"

More solutions and features

Firefox 87.0 also offers enhancements to the Highlight All feature in Find in Page, full support for macOS ‘built-in screen reader VoiceOver, and several minor UI enhancements, security updates, and general customizations. For the full list, go to Mozilla’s own release notes for Firefox 87.0.


Source link