As an Amazon Associate I earn from qualifying purchases

Firefox 87 is out today, adds Smart Block for improved private browsing


You aren't trying to leak any data to third-party sites, are you? No? OK then. Carry on, friend.
Enlarge / You aren’t trying to leak any data to third-party sites, are you? No? OK then. Carry on, friend.

Mozilla released Firefox 87.0 this morning, the latest version of its open source web browser. Following on the heels of December’s Firefox 85 and February’s Firefox 86, the new version’s most important features—Smart Block and improved referrer trimming—are privacy related.

Smart Block

Smart Block (right) provides fake tracking scripts in place of third-party trackers, improving page rendering. (Animated, click to play.)
Enlarge / Smart Block (right) provides fake tracking scripts in place of third-party trackers, improving page rendering. (Animated, click to play.)

Firefox has been blocking third-party tracking scripts by default for quite a while now. For the most part, this works pretty seamlessly—but in some cases, missing tracking scripts can interfere with a page’s rendering, either delaying it (as seen in the animated image above, on the left) or permanently breaking it.

Smart Block takes an additional step to improve the rendering on pages that embed third-party trackers—instead of just pulling the script and leaving a “hole” where it used to be, Smart Block replaces it with what Mozilla describes as “stand-in” scripts. These stand-in scripts function just enough like the original trackers to restore the intended page-rendering sequence and results without actually leaking data to third parties.

Mozilla sources much of its data on what is—or is not—a “common tracking script” which needs a Smart Block stand-in from the Disconnect tracking protection list.

Improved referrer trimming

Referrer trimming strips everything but the embedding domain from cross-origin web requests.
Enlarge / Referrer trimming strips everything but the embedding domain from cross-origin web requests.

When you embed an image from some other website in your own website, information about your site’s viewers leaks to the other website’s operators. To illustrate this, let’s imagine that the operators of greatsearch.tld, a fictitious search engine, include an image of a sheep from sheep-pictures.tld on every results page.

The HTML code for the embedded image is simple:

<img src=https://sheep-pictures.tld/sheep1.jpg>

When users of greatsearch.tld use that site, their browsers see that tag and automatically download https://sheep-pictures.tld/sheep1.jpg while rendering the page.

Why does greatsearch.tld include a free lamb with every search result? Don't ask us.
Enlarge / Why does greatsearch.tld include a free lamb with every search result? Don’t ask us.

Traditionally, the entire URL of the referring page is included in that web request… which means information leakage to the operators of sheep-pictures.tld, who would see something like this in their logs:

240.163.255.110 - - [15/Mar/2021:10:28:57 -0400] "GET /sheep1.jpg
                    HTTP/1.1" 200 11676 "http://greatsearch.tld/res
                    ults?really-embarrassing-medical-condition"

Now that we understand the referrer field itself, it’s pretty clear what “referrer trimming” means—and why Mozilla is getting more aggressive about it. If the user above were using Firefox 87 when making the same search, the operators of sheep-pictures.tld would instead see the following log entry:

240.163.255.110 - - [15/Mar/2021:10:28:57 -0400] "GET /sheep1.jpg
                    HTTP/1.1" 200 11676 "http://greatsearch.tld/"

Additional fixes and features

Firefox 87.0 also offers improvements in the Highlight All feature of Find in Page, full support for macOS’ built-in screen reader VoiceOver, and several minor UI enhancements, security fixes, and general tweaks. For the full list, head on over to Mozilla’s own Firefox 87.0 release notes.



Source link

We will be happy to hear your thoughts

Leave a reply

Madmad
Logo
Enable registration in settings - general