Transparency, notice and choice are good for privacy, right?
Not if people are overloaded with too much information, according to Firefox, which released a Ghostery-like tool on Tuesday as part of Firefox 70 that shows users how many trackers are tracking them.
Overdoing it on transparency actually creates opacity that puts the onus on users to manage how their data is collected at a time when “the web is becoming more and more hostile to security and privacy,” said Selena Deckelmann, senior director of engineering for Mozilla.
“Although we’re starting to see a lot of technology companies talk about the importance of privacy,” she said, “they either bury the options people need to make informed choices or you might find hundreds or even thousands of options to choose from, which is very overwhelming.”
Mozilla’s approach has been to make privacy the default and offer additional transparency. If users want more information they can access it; if not, they’re protected without having to take any action, Deckelmann said.
In September, Firefox started automatically disabling third-party tracking cookies for all users through its Enhanced Tracking Protection (ETP) technology. Between early July and now, ETP has cumulatively blocked more than 450 billion trackers, an average of around 10 billion cookies a day overall and 175 per day per user.
A new Privacy Protections report, as Firefox is calling it, provides users with a weekly breakdown of the number of trackers that attempted to drop cookies but were blocked by ETP. The trackers are bucketed by category: social media trackers, third-party cookies, content trackers, cryptominers and fingerprinters.
If users want a little more info or to whitelist tracking for a particular site, they can click on a blue and purple shield icon in the URL address bar to view the domain names of all the third-party trackers being blocked within each category.
Mozilla will collect feedback from users on what other data points they might want in the reports.
"There is still more work to be done here, but we feel it’s a big step forward in our evolution simply showing the number of trackers being blocked as a result of the changes we’re making,” Deckelmann said. “The sheer volume of what is happening is surprising.”
As part of the new release, Firefox is also enhancing a feature called Monitor that lists any email accounts or passwords associated with a user that might have been exposed in a data breach so that those affected can change them. Monitor will integrate with Lockwise, Firefox’s password manager, so that logged-in users get a notification if any accounts stored in the browser have been compromised.
Firefox plans to continue layering in new privacy protections by default, as long as they don’t mess with the user experience.
Currently, the only type of third-party tracking that isn’t blocked by default in Firefox is fingerprinting, although Firefox is actively testing what will happen if it makes that move.
If there aren’t any unintended usability issues or other user experience-related breakage, Deckelmann said that Firefox will evaluate whether to officially kill fingerprinting by default.
Today, users can disable fingerprinting scripts in Firefox via custom privacy settings.