Firefox's New Feature for Tighter Security

Freedom and privacy go hand in hand. In an ideal world, we wouldn't have to worry about who was looking over our shoulders. None of us would have anything to hide, and we would have ulterior motives. As citizens of the real world though, we have to take measures to protect ourselves.

Building privacy features into the software we use makes that protection easier to accomplish. And, that's why Mozilla has extended Firefox's private browsing feature with a new option to prevent third-party sites from tracking your on-line activity.

Although this functionality has been available for some time through plugins, it now is built in to the browser, resulting in better performance. In fact, Firefox is the first of the major browsers to include tracking protection as a core feature.

So, what does tracking protection do? Put simply, it limits the amount of information that your browser shares with Web sites and on-line services, such as ad servers and Web analytics tools, including Web beacons and other tracking mechanisms.

How is this different from the basic version of private browsing? The basic version simply provides a blank slate when you start the browsing session. Cookies and client-side data from your normal non-private browsing are not carried over to the new session.

But as you browse, new cookies and client-side data still can be recorded, just like the normal browsing mode. This makes it simple to track your browsing activities during your browsing session.

What's more, Web tracking services can track you without cookies and client-side data persistence. Web beacons use the HTTP GET mechanism to detect your IP address, and this can be used to track your progress around your Web. In this light, client-side mechanisms, such as cookies, are simply a convenience to the snoopers.

Firefox's new feature is designed to recognize and block common Web beacon content, such as 1-pixel images. But any type of content can be used as a Web beacon, including text files like stylesheets and scripts. So while tracking protection does improve your privacy, it's not a complete guarantee of anonymity.

Although this new feature is a great step in the right direction, it still fails to provide total protection for end users. It's important for people to realize that features such as private browsing are not a total guarantee of privacy. They do a pretty good job of covering your tracks at a superficial level, but still are plenty of signs for those who know where to dig.

For instance, Firefox's private browsing mode deletes all cache files and temp files when the browsing session ends, but that doesn't mean the data is gone from your computer. The data from the deleted files usually remains on the disk until it's overwritten.

Even if the temp and cache files are destroyed, data from your browsing session often can be uncovered in memory and from the swap partition. Forensic tools exist that make it easy to uncover search strings, social media accounts and content, and media files.

When Firefox launches third-party applications to display content (for instance, VLC to play a WMV file), the content could be cached and added to the history feature of that application.

And, although private browsing works to ensure your privacy on the client side, there's little it can do at the network level. Your browser still is sending HTTP requests through routers that can track your requests. This means your ISP or employers still can track the URLs your browser accesses and intercept the unencrypted content sent to and from Web servers.

It is possible to close these privacy gaps using additional tools and applications that complement Firefox.

TOR is a very secure way to hide your activities at a network level, making it extremely difficult to intercept Web traffic or track the sites you are visiting.

Firejail limits the data leak from Firefox and some of the applications it launches using a sandbox and Linux's built-in namespace technology. It replaces the standard temporary file directory with a more secure version, which is completely erased when the Firefox session ends.

It's even possible to encrypt the swap file, although this does cause a performance hit and can interfere with hibernation.

As you can see, Firefox's new feature is far from a cure-all, but I'm not bashing Mozilla's development team. It is an improvement, and a useful addition to your privacy suite.

Load Disqus comments