Download - Tracking Protection for Firefox
![Page 1: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/1.jpg)
Tracking Protection for Firefox
Monica Chew ([email protected])Georgios Kontaxis ([email protected])
![Page 2: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/2.jpg)
What is tracking?
![Page 3: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/3.jpg)
A Happy Triangle?
Pay-per-click
ConversionsConten
t
![Page 4: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/4.jpg)
Unhappy Side-effects
http://www.nytimes.com/2006/08/09/technology/09aol.html
![Page 5: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/5.jpg)
Unhappy Side-effects
http://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/
![Page 6: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/6.jpg)
Tracking: Not just about industry
http://www.washingtonpost.com/blogs/the-switch/wp/2013/12/10/nsa-uses-google-cookies-to-pinpoint-targets-for-hacking/
![Page 7: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/7.jpg)
Tracking: Not just about industry
http://www.washingtonpost.com/blogs/the-switch/wp/2013/12/10/nsa-uses-google-cookies-to-pinpoint-targets-for-hacking/
![Page 8: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/8.jpg)
Blocking cookies: a losing battle
● indexDB● localStorage● Flash● cache● fingerprinting
![Page 9: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/9.jpg)
Tracking Protection for Firefox
Don’t talk to sites you don’t trust.● Block third-party network connections to
tracking domains on blocklist● Flip a switch and turn it on
Market reach, performance and usability are key
![Page 10: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/10.jpg)
Other implementations
![Page 11: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/11.jpg)
Outline
● Tracking Protection as Safe Browsing Service
● Tracking Protection UI● Performance
![Page 12: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/12.jpg)
Safe Browsing Service
● Already used for phishing/malware detection● Minimize client changes● Freshness: updates every < 45 minutes● Speed: Incremental updates, fast lookups● Storage: 4-32 bytes per entry
![Page 13: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/13.jpg)
Safe Browsing Service
mozpub-track-digest256sub chunks 1-3, add 4-6
goog-phish-shavar
sub chunks 2-4, add 5-7
![Page 14: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/14.jpg)
Safe Browsing Lookups
Canonicalized URL
SHA-256
32-bit prefix
blocklist
32-bit prefix SHA-256
![Page 15: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/15.jpg)
Safe Browsing Lookups
Simplified regular expressions● Hostnames: exact host, strip components
down to eTLD + 1● Paths: exact path, root, then add up to 4
path components
![Page 16: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/16.jpg)
Lookup Example: a.b.c/1/2.html
a.b.c/1/2.htmla.b.c/a.b.c/1/b.c/1/2.htmlb.c/b.c/1/
![Page 17: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/17.jpg)
Safe Browsing Enforcement
![Page 18: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/18.jpg)
Tracking Protection UI
New Document Security Doorhanger
![Page 19: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/19.jpg)
Maintain Tracking Protection StateChannel cancellations notify element loaders
NS_ERROR_TRACKING_URI
nsIStreamListener::OnStreamComplete()
nsDocShellnsImageLoadingContentnsScriptLoadernsObjectLoadingContentstyle/Loader
HttpChannel::Cancel
![Page 20: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/20.jpg)
Maintain Tracking Protection StateBlocked DOM Node Annotation
![Page 21: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/21.jpg)
Maintain Tracking Protection StateChannel cancellation notifies document
NS_ERROR_TRACKING_URI
Document Security StatensDocShellnsSecureBrowserUIImpl
Document Security EventsnsISecurityEventSink, nsIWebProgressListener
nsIStreamListener::OnStreamComplete()
HttpChannel::Cancel
![Page 22: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/22.jpg)
Demo
![Page 23: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/23.jpg)
Performance evaluation: Setup
● Blocklist (NOT final)○ Disconnect
● Nightly driven by Mozmill, No cache● Alexa Top 1000 sites● Measure Page Load Time
○ With and without preference privacy.trackingprotection.enabled
![Page 24: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/24.jpg)
Performance evaluation: Nightly
● 50% of sites had > 20% speedup
● 20% of sites had > 47% speedup
● 2% of sites had > 90% speedup
![Page 25: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/25.jpg)
Performance evaluation: Nightly
Page Load TimeWithout Tracking Protection (seconds) X
With Tracking Protection (seconds) ✔
Speedup
Accuweather 9.5 1.9 80%
CNN 3.3 1.7 48%
The Guardian 8.3 2.7 67%
LA Times 3.2 0.8 75%
NY Times 3.7 2.5 32%
![Page 26: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/26.jpg)
Performance evaluation: Nightly
Vim color scheme test
http://vimcolorschemetest.googlecode.com/svn/html/index-c.html
Memory Overhead Boot (MB) Page Load (MB)
Stock 120 ✔ 330 ✔
With Tracking Protection 120 ✔ 330 ✔
With AdblockPlus 250 X 2000 X
![Page 27: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/27.jpg)
Implementation status
● Tracking bug: bugzil.la/1029886● Backend landed in Firefox 33 and 34● Frontend in review● Mozilla Safe Browsing server: in prototype,
owned by Cloud Services team
![Page 28: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/28.jpg)
What about add-ons?● Addons can block additional or different content
○ nsIContentPolicy: orthogonal to nsChannelClassifier○ (faster) Substitute their own Safe Browsing lists
● Addons can benefit from our annotations○ HTMLDocument.blockedTrackingNodes
![Page 29: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/29.jpg)
Thanks!● Philipp Sackl, UX● Ryan Tilder, Chris Kolowisky, Cloud Services● Reviewers
○ Blair McBride○ David Baron○ Gian-Carlo Pascutto○ Kyle Huey○ Olli Pettay○ Patrick McManus○ Seth Fowler
![Page 30: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/30.jpg)
Backup slides
![Page 31: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/31.jpg)
Turning on Tracking Protection
![Page 32: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/32.jpg)
Tracking Protection Disabled
![Page 33: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/33.jpg)
Why blocklist instead of heuristics?
● High chance of breaking user experience● Network graph for including jquery.js
identical to including tracking-script.js● PrivacyBadger (heuristics-based) breakage:
act.eff.org, angular.js, d3.js, Disqus, Youtube comments, all Google services (api.google.com) including login, services.addons.mozilla.org, Stripe payment
![Page 34: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/34.jpg)
Cookies: a losing battle
![Page 35: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/35.jpg)
Open questions
● Blocklist policy● Blocklist maintenance● Social widgets
![Page 36: Tracking Protection for Firefox](https://reader030.vdocuments.us/reader030/viewer/2022020208/55ab11191a28ab39698b4652/html5/thumbnails/36.jpg)