tracking protection for firefox

Tracking Protection for Firefox

Monica Chew ([email protected])Georgios Kontaxis ([email protected])

mailto:[email protected]

mailto:[email protected]

What is tracking?

A Happy Triangle?

Pay-per-click

ConversionsConten

t

http://understandingads.files.wordpress.com/2010/05/adtracking_pro.jpg

Unhappy Side-effects

http://www.nytimes.com/2006/08/09/technology/09aol.html



Unhappy Side-effects

http://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/




Tracking: Not just about industry

http://www.washingtonpost.com/blogs/the-switch/wp/2013/12/10/nsa-uses-google-cookies-to-pinpoint-targets-for-hacking/





Blocking cookies: a losing battle

● indexDB● localStorage● Flash● cache● fingerprinting

http://tryingtogetthin.files.wordpress.com/2009/03/celebrity-pictures-cookie-monster-stop-anytime1.jpg

Tracking Protection for Firefox

Don’t talk to sites you don’t trust.● Block third-party network connections to

tracking domains on blocklist● Flip a switch and turn it on

Market reach, performance and usability are key

Other implementations

Outline

● Tracking Protection as Safe Browsing Service

● Tracking Protection UI● Performance

Safe Browsing Service

● Already used for phishing/malware detection● Minimize client changes● Freshness: updates every < 45 minutes● Speed: Incremental updates, fast lookups● Storage: 4-32 bytes per entry

Safe Browsing Service

mozpub-track-digest256sub chunks 1-3, add 4-6

goog-phish-shavar

sub chunks 2-4, add 5-7

Safe Browsing Lookups

Canonicalized URL

SHA-256

32-bit prefix

blocklist

32-bit prefix SHA-256

Safe Browsing Lookups

Simplified regular expressions● Hostnames: exact host, strip components

down to eTLD + 1● Paths: exact path, root, then add up to 4

path components

Lookup Example: a.b.c/1/2.html

a.b.c/1/2.htmla.b.c/a.b.c/1/b.c/1/2.htmlb.c/b.c/1/

Safe Browsing Enforcement

Tracking Protection UI

New Document Security Doorhanger

Maintain Tracking Protection StateChannel cancellations notify element loaders

NS_ERROR_TRACKING_URI

nsIStreamListener::OnStreamComplete()

nsDocShellnsImageLoadingContentnsScriptLoadernsObjectLoadingContentstyle/Loader

HttpChannel::Cancel

Maintain Tracking Protection StateBlocked DOM Node Annotation

Maintain Tracking Protection StateChannel cancellation notifies document

NS_ERROR_TRACKING_URI

Document Security StatensDocShellnsSecureBrowserUIImpl

Document Security EventsnsISecurityEventSink, nsIWebProgressListener

nsIStreamListener::OnStreamComplete()

HttpChannel::Cancel

Performance evaluation: Setup

● Blocklist (NOT final)○ Disconnect

● Nightly driven by Mozmill, No cache● Alexa Top 1000 sites● Measure Page Load Time

○ With and without preference privacy.trackingprotection.enabled

Performance evaluation: Nightly

● 50% of sites had > 20% speedup




Page Load TimeWithout Tracking Protection (seconds) X

With Tracking Protection (seconds) ✔

Speedup

Accuweather 9.5 1.9 80%

CNN 3.3 1.7 48%

The Guardian 8.3 2.7 67%

LA Times 3.2 0.8 75%

NY Times 3.7 2.5 32%


Vim color scheme test

http://vimcolorschemetest.googlecode.com/svn/html/index-c.html

Memory Overhead Boot (MB) Page Load (MB)

Stock 120 ✔ 330 ✔

With Tracking Protection 120 ✔ 330 ✔

With AdblockPlus 250 X 2000 X



Implementation status

● Tracking bug: bugzil.la/1029886● Backend landed in Firefox 33 and 34● Frontend in review● Mozilla Safe Browsing server: in prototype,

owned by Cloud Services team

https://bugzilla.mozilla.org/show_bug.cgi?id=1029886

What about add-ons?● Addons can block additional or different content

○ nsIContentPolicy: orthogonal to nsChannelClassifier○ (faster) Substitute their own Safe Browsing lists

● Addons can benefit from our annotations○ HTMLDocument.blockedTrackingNodes

Thanks!● Philipp Sackl, UX● Ryan Tilder, Chris Kolowisky, Cloud Services● Reviewers

○ Blair McBride○ David Baron○ Gian-Carlo Pascutto○ Kyle Huey○ Olli Pettay○ Patrick McManus○ Seth Fowler

Backup slides

Turning on Tracking Protection

Tracking Protection Disabled

Why blocklist instead of heuristics?

● High chance of breaking user experience● Network graph for including jquery.js

identical to including tracking-script.js● PrivacyBadger (heuristics-based) breakage:

act.eff.org, angular.js, d3.js, Disqus, Youtube comments, all Google services (api.google.com) including login, services.addons.mozilla.org, Stripe payment

Cookies: a losing battle

Open questions

● Blocklist policy● Blocklist maintenance● Social widgets

tracking protection for firefox

Technology

speedupperformance evaluation

enabledperformance evaluation

exact path

review mozilla safe

exact host

cache alexa

setup blocklist

incremental updates