Firefox 57's Speed Secret? Delaying Requests from Tracking Domains (zdnet.com) 76
An anonymous reader quotes ZDNet: A Mozilla engineer has revealed one of the hidden techniques that Firefox 57 -- known as Quantum -- is using to improve page load times... It delays scripts from tracking domains, such as www.google-analytics.com. The technique was developed by Mozilla engineer Honza Bambas, who calls it "tailing". It works by delaying scripts from tracking domains when a page is actively loading and rendering...
Tailing only briefly prevents the tracking scripts loading, rather than disabling them entirely. Page load performance is improved by saving on network bandwidth and computing resources while loading a page, in a way that prioritizes site requests over tracking requests. "Requests are kept on hold only while there are site sub-resources still loading and only up to about 6 seconds. The delay is engaged only for scripts added dynamically or as async. Tracking images are always delayed. This is legal according all HTML specifications and it's assumed that well built sites will not be affected regarding functionality," explains Bambas.
Tailing only briefly prevents the tracking scripts loading, rather than disabling them entirely. Page load performance is improved by saving on network bandwidth and computing resources while loading a page, in a way that prioritizes site requests over tracking requests. "Requests are kept on hold only while there are site sub-resources still loading and only up to about 6 seconds. The delay is engaged only for scripts added dynamically or as async. Tracking images are always delayed. This is legal according all HTML specifications and it's assumed that well built sites will not be affected regarding functionality," explains Bambas.
With adblocking this is not even an issue. (Score:5, Insightful)
Everyone that already runs adblocking won't notice this anyway.
Re: With adblocking this is not even an issue. (Score:2)
What are you doing here then?
Re: (Score:1)
Re: (Score:2)
So what's the difference between an advertising site and a tracking site? And what's to stop an advertiser/tracker from throwing some more obfuscation into their system?
Re:With adblocking this is not even an issue. (Score:4, Informative)
An advertising site serves ads. A tracking site tracks you.
To clarify:
Advert: a picture, movie, or some text, intended to impart a message not associated with the core article, that is there because someone paid for it to be shown.
Tracking: the act of determining a user's path through a website or collection of websites. Typically used by marketing departments to determine the success of a page in terms of keeping users engaged within a so-called 'funnel', a series of webpages that delivers a user to a store front, sometimes by UI designers and developers to debug usability issues.
Does this help?
Re: (Score:2)
Does this help?
Not really. Because from my computer's point of view, both sites do much of the same thing. They set and read cookies, upload images to my cache (so visits to other sites using the same image can deduce whether I've visited before), set values in HTML5 local storage and all sorts of similar things. So if someone can come up with a characteristic specific to tracking, I can block only those pages and allow the ads that support my favorite web sites. Instead of having to block everything.
Re: (Score:2)
Block third-party resources (Score:2)
So if someone can come up with a characteristic specific to tracking, I can block only those pages and allow the ads that support my favorite web sites.
A site with ads but no tracking will have its own store front where advertisers can buy ad space. This process doesn't need to place third-party cookies or images on viewers' devices. Therefore, to block tracking, block the loading of resources from unaffiliated domains. Use the Public Suffix List [publicsuffix.org] to find which hostnames are part of the same domain, and add cookieless domains used for static resources [ravelrumba.com] to a whitelist if they're obviously operated by the same publisher. Yes, this breaks CDNs used to deliver w
Ads without tracking (Score:2)
So what's the difference between an advertising site and a tracking site?
A publisher* that doesn't track your browsing across multiple websites will sell its ad space directly to advertisers and host its own ads rather than handing the ad space off to a third party ad network or ad exchange. Daring Fireball [daringfireball.net] and Read the Docs [readthedocs.io] are examples.
* A "publisher" is a site that shows ads, and an "advertiser" is a company that pays a publisher for ad space.
Re: (Score:2)
I'm not sure about that. Default adblocking filters do not block trackers.
Who relies on default filters? Surely, people take a look every now and then to identify more items to block?
There's also EFF's privacy badger. Too bad it only works in a couple of browsers, and that it turns on the "do not track" (which doesn't stop tracking; it just gives an additional piece of data for more accurate fingerprinting).
Re: (Score:1)
don't run the default... duh.
abp only enables easylist by default.
https://adblockplus.org/subscr... [adblockplus.org]
you should run easylist+easyprivacy, any easylist specific to your country, fanboy annoyances, then whatever extras near the bottom of that list you want (nocoin, malware domains, spam404, etc).
Re: (Score:2)
Noscript will.
Re: (Score:2)
Re: (Score:3)
How about just forbidding XSS entirely (Score:1)
JS throwing requests all over the place got us into this mess in the first place.
Re: (Score:2)
That's why I use both noscript and also uMatrix!
Unless I, the user, have a reason for wanting javascript I won't turn it on . And even if I do, I don't want your cross-site scripting! uMatrix prevents that. And if something really needs a third party script, I can turn on just the specific third parties that are related. For example, I might allow a few google domains if I'm intentionally loading a map, but if I'm not using the map I'm not going to turn those on. And even if I am, I certainly don't want th
Re: (Score:2)
That's why I use both noscript and also uMatrix!
Why would you use both?
You can configure uMatrix to block everything by default just like noscript does. It is only a simple rule to edit.
Save even more time and block them altogether (Score:5, Insightful)
Re: (Score:1)
But ... (Score:2)
Re:But ... (Score:5, Informative)
Too bad some websites have noticed the NoScripters and made their website unusable once your disable JS execution.
I say to them, Thank you! I'm glad we agree that it is best if I use another site. Everybody wins!
Lets not fight about this adblock stuff. Not everybody agrees, and that is wonderful, it is a sign of Freedom. There is no need to be passive-aggressive and make the site appear to work at first, and then fail later when you get to the heart of the content. Detect what is detectable, and be honest and straightforwards; if you don't want me as a user, great! I can agree to that, no problem!
Ghostery and Privacy Badger (Score:3)
I notice that no one has mentioned these, why not?
Re: (Score:2)
It is, however, reasonable to permit extension devs to update their extensions to fix breakage. However, for many extensions, Mozilla are not permitting them to do that.
Endless backwards compatibility is indeed not possible for these extensions, but that was never expected anyway and it's not a reason to prevent devs from putting the work in if they want to.
Re: (Score:2)
It is, however, reasonable to permit extension devs to update their extensions to fix breakage. However, for many extensions, Mozilla are not permitting them to do that.
How so?
Re: (Score:3)
I saw "Google Analytics" listed as one of the sites that Firefox delays. I run Privacy Badger in Chromium, so I checked quickly what it blocks on this site and apparently, Slashdot uses Google Analytics but Privacy Badger does not block it.
I suppose that there could be lots of other sites that are let through but which Firefox prioritises down when loading.
This means that running Privacy Badger is not a replacement for the prioritisation scheme that Firefox is doing.
Who is going to write the mod? (Score:3)
It's not like any of us asked to be tracked, or get any benefit out of it. Our online existence has become a huge source of income while government and big business know far too much about our private lives. Maybe we should be taking the initiative to "opt out" of tracking in a way that will make a real difference.
Re: (Score:2)
Re: (Score:2)
Yeah, you're right. You should claim a refund.
I did. I returned the product and got a full refund. I now use another vendors product, and they get the money from the limited tracking I permit.
There's an even simpler method (Score:2)
Block all such scripts using add-ons such as uMatrix.
It's truly amazing how fast pages load even on older systems when this technique is employed.
Not in the browser (Score:2)
" It delays scripts from tracking domains, such as www.google-analytics.com."
You should block all these domains at the router level, so it makes all the browser faster also the ones on your mobile gadgets.
Re: (Score:2)
I played around with this a couple of years ago and it didn't work for me. The browser would freeze while it awaited response from the blocked domain. What did I do wrong?
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Waiting for the escalation (Score:2)
The clock is ticking.... (pun intended)
Re: (Score:2)
Re: (Score:2)
Really kill those third party user trackers (Score:5, Interesting)
FireFox inherited a small security update from the Tor project called "First Party Isolation". It's in newer versions of FF, but isn't turned on by default as it can break some authentication systems.
What it does, is only allow cookies to be sent and received by the site in the page's URL. So, for instance, while visiting YouTube.com, images and the like from google.com can load, but have no cookies attached, and do not receive those cookies.
To enable it, go to about:config and find "privacy.firstparty.isolate". Set it to true and restart the browser, and enjoy surfing the web knowing that you're not being tracked from site to site.
Re: (Score:2)
Exactly what Apple has done with Safari, on both iOS and OSX. Except that Apple enabled the option by default.
Re: (Score:3)
As I understand it, that's not exactly what it does. Third-party sites are still allowed to use cookies, but they get access to a different set of cookies depending on which first-party site they were loaded from.
You can reject all cookies from third-party sites by setting network.cookie.cookieBehavior=1.
Heresy (Score:1)
Prioritising the user over the advertiser? ^_^
Black Helicopters dispatched to your location. Await airlift.