Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Firefox Privacy The Internet IT Your Rights Online

Firefox 59 Will Stop Websites Snooping on Where You've Just Been (zdnet.com) 108

Firefox 59 will reduce how much information websites pass on about visitors in an attempt to improve privacy for users of its private browsing mode. From a report: When you click a link in your browser to navigate to a new site, the site you go on to visit receives the address of the site you came from, via the so-called "referrer value." While this helps websites understand where visitors are coming from, it can also leak data about the individual browsing, because it tells the site the exact page you were looking at when you clicked the link, said Mozilla. Browsers also send a referrer value when requesting other details like ads, or other social media snippets integrated in a modern website, which means these embedded content features also know exactly what page you're visiting.

Firefox 59 Will Stop Websites Snooping on Where You've Just Been

Comments Filter:
  • by Anonymous Coward

    This privacy issue has been known for as long as browsers have been around. Nevertheless, this is good news.

    • by Anonymous Coward

      Unlike many people, I've actually read Firefox's privacy policy [mozilla.org].

      It turns out that Firefox's privacy policy is quite disturbing, especially when considering how often we're told that Firefox supposedly "cares" about our privacy.

      The Firefox privacy policy dated September 28, 2017 makes it clear that Firefox user data can be collected by Firefox and can be sent to various third parties, including Google, some "Adjust" company, some "Leanplum" company, and SalesForce.

      For example, there are very worrying section

      • Without telemetry, how do you expect a browser developer to assess use coverage of the browser's code? Without coverage, browser developers have no way to know which bugs to prioritize fixing and no way to know which web standards are used in websites. Without information about feature use, browser developers might assume CSS and JavaScript features used in your site are "not widely adopted on the web" and begin the process of removing them from the web standards.

      • by tepples ( 727027 )

        Which provider other than Google would you recommend that Firefox instead use when the user chooses to query the safety reputation of a particular website or downloaded file? Or how do you find why do you find offering the choice to query the safety reputation of a particular website or downloaded file inherently harmful?

        Which provider other than Google would you recommend that Firefox instead use when the user chooses to reveal the user's location to a site? Or why do you find offering the choice to reveal

      • by higuita ( 129722 )

        The fact that mozilla tried to really list all the data that it takes and where to send it is good and your post looks like scary, but all of those items have a reasons:

        > Google’s SafeBrowsing service
        duh! if you want to know if the site/file is in a blacklist, you do need to sent it to some place to be checked. It can be disabled, but of course most people want this enabled

        >Location data to Google's geolocation service
        duh again, if you see a pop-up from firefox asking that the site wants to see

  • by JoeyRox ( 2711699 ) on Friday February 02, 2018 @10:29AM (#56054957)
    The headline implies this change will prevent sites from knowing what site you linked from. That's incorrect. From the article:

    To prevent this type of data leakage, from Firefox 59, the private browsing option will remove path information from referrer values sent to third parties, effectively stripping out additional data and only leaving the web domain.
    • by Kjella ( 173770 ) on Friday February 02, 2018 @10:59AM (#56055223) Homepage

      Meh, in private browsing mode they really should kill the referrer from any top level page. If it's an <img>, <iframe> or <video> tag it's cool... but if I go from foo.com to bar.com via an <a href> it shouldn't secretly tell bar.com I came from foo.com. Transparency in what information you're exposing is essential to security and most people aren't aware it's happening.

    • To prevent this type of data leakage, from Firefox 59, the private browsing option will remove path information from referrer values sent to third parties, effectively stripping out additional data and only leaving the web domain.

      Hopefully this is just the first step toward a proper solution. Step 2 is to apply the same policy for intra-site links, to prevent sites from filtering on the exact page address. Step 3 is to always send the requested resource's domain, regardless of the source.

  • by sqorbit ( 3387991 ) on Friday February 02, 2018 @10:42AM (#56055051)
    This will ruin my fun of constantly going to pornhub then moving right to the Christian Coalition site to fill their logs up with porn referrals
    • Re:Ruining my fun.. (Score:5, Informative)

      by StormReaver ( 59959 ) on Friday February 02, 2018 @10:47AM (#56055101)

      Unless Pornhub links to the Christian Coalition, the referrer field will be blank. The "referer" field only gets set when you click on a link. Just typing in the new address on the address bar doesn't do it.

      • by afidel ( 530433 )

        So you just drop a link to christian coalition in a pronhub comment and click it from there, problem solved =)

      • by Kjella ( 173770 )

        Yeah... not really a problem on any site that allows user comments with links though. In fact this traffic would be more confusing, like okay I'm seeing a lot of traffic from reddit but what sub-board has linked me now or what celeb linked me on Facebook or what video is going viral on YouTube. Then again you'll probably see a substantial amount of any traffic in non-private mode, so not really a big deal I guess.

  • When you click a link in your browser to navigate to a new site, the site you go on to visit receives the address of the site you came from, via the so-called "referrer value."

    This is how the web has always worked and it's a public specification. There's nothing so called or nefarious here.

    • by Anonymous Coward
      They never said it was nefarious, only that it could be used for "nefarious" purposes, ie tracking. And just because it's in the spec and how it's always been done, doesn't mean its necessarily good.
  • by Anonymous Coward

    Google itself removes the referer (an url with a query) when I use open source statistics software like Piwik, for "privacy reasons", except they do show what people searched for on their own analytics services, so in reality it was just to give the middle finger to competition, using the near monopoly of the search engine. So I'd like Firefox to return the favor and not hand the complete referer to any 3rd parties loaded on websites. Just do this in the header to Google:

    Referer: -_-*,,|,

  • Old Opera (the Presto engine, versions 7-12) had an option to disable this years ago. (Of course years ago, since it is no longer available.)
    • I see comments like this all of the time. Does Opera have a feature that automatically recognizes new stories about things it's been capable of doing for years and then smugly post about it?
  • TFS, TFA don't say.

  • How about a new tab before navigating, I would imagine that would not send the referer. Is this correct?
  • What they really need to disable is third party cookies. Period.
    This stops a lot of the tracking. No more advertisements on another site for something you have just searched for on google.
    It breaks a few web sites that rely on them, unfortunately. Mostly discussions forums. It does break my credit union's billpay and a host provisioning site at my work, too. IMO, sites that rely on third party cookies are poorly designed.

  • I'm 99% certain I've killed off all this telemetry crap in previous versions of FF, but I recently noticed it's writing crap in the datareporting directory... I _don't think_ it's transmitting it anywhere, but it's still annoying that it has to keep writing all this stuff out. And apparently not cleaning up after itself either.

    So any news on that?!!
  • ... However, a few web sites require it to work correctly. :(

You do not have mail.

Working...