A number of people at Mozilla are working on a wonderful privacy initiative called Polaris. This will include activities such as Mozilla hosting its own high-capacity Tor middle relays.
But the part of Polaris I’m most interested in is Tracking Protection, which is a Firefox feature that will make it trivial for users to avoid many forms of online tracking. This not only gives users better privacy; experiments have shown it also speeds up the loading of the median page by 20%! That’s an incredible combination.
An experiment
I decided to evaluate the effectiveness of Tracking Protection. To do this, I used Lightbeam, a Firefox extension designed specifically to record third-party tracking. On November 2nd, I used a trunk build of the mozilla-inbound repository and did the following steps.
- Start Firefox with a new profile.
- Install Lightbeam from addons.mozilla.org.
- Visit the following sites, but don’t interact with them at all:
- google.com
- techcrunch.com
- dictionary.com (which redirected to dictionary.reference.com)
- nytimes.com
- cnn.com
- Open Lightbeam in a tab, and go to the “List” view.
I then repeated these steps, but before visiting the sites I added the following step.
- Open about:config and toggle privacy.trackingprotection.enabled to
“true”.
Results with Tracking Protection turned off
The sites I visited directly are marked as “Visited”. All the third-party sites are marked as “Third Party”.
Connected with 86 sites Type Website Sites Connected ---- ------- --------------- Visited google.com 3 Third Party gstatic.com 5 Visited techcrunch.com 25 Third Party aolcdn.com 1 Third Party wp.com 1 Third Party gravatar.com 1 Third Party wordpress.com 1 Third Party twitter.com 4 Third Party google-analytics.com 3 Third Party scorecardresearch.com 6 Third Party aol.com 1 Third Party questionmarket.com 1 Third Party grvcdn.com 1 Third Party korrelate.net 1 Third Party livefyre.com 1 Third Party gravity.com 1 Third Party facebook.net 1 Third Party adsonar.com 1 Third Party facebook.com 4 Third Party atwola.com 4 Third Party adtech.de 1 Third Party goviral-content.com 7 Third Party amgdgt.com 1 Third Party srvntrk.com 2 Third Party voicefive.com 1 Third Party bluekai.com 1 Third Party truste.com 2 Third Party advertising.com 2 Third Party youtube.com 1 Third Party ytimg.com 1 Third Party 5min.com 1 Third Party tacoda.net 1 Third Party adadvisor.net 2 Third Party dictionary.com 1 Visited reference.com 32 Third Party sfdict.com 1 Third Party amazon-adsystem.com 1 Third Party thesaurus.com 1 Third Party quantserve.com 1 Third Party googletagservices.com 1 Third Party googleadservices.com 1 Third Party googlesyndication.com 3 Third Party imrworldwide.com 3 Third Party doubleclick.net 5 Third Party legolas-media.com 1 Third Party googleusercontent.com 1 Third Party exponential.com 1 Third Party twimg.com 1 Third Party tribalfusion.com 2 Third Party technoratimedia.com 2 Third Party chango.com 1 Third Party adsrvr.org 1 Third Party exelator.com 1 Third Party adnxs.com 1 Third Party securepaths.com 1 Third Party casalemedia.com 2 Third Party pubmatic.com 1 Third Party contextweb.com 1 Third Party yahoo.com 1 Third Party openx.net 1 Third Party rubiconproject.com 2 Third Party adtechus.com 1 Third Party load.s3.amazonaws.com 1 Third Party fonts.googleapis.com 2 Visited nytimes.com 21 Third Party nyt.com 2 Third Party typekit.net 1 Third Party newrelic.com 1 Third Party moatads.com 2 Third Party krxd.net 2 Third Party dynamicyield.com 2 Third Party bizographics.com 1 Third Party rfihub.com 1 Third Party ru4.com 1 Third Party chartbeat.com 1 Third Party ixiaa.com 1 Third Party revsci.net 1 Third Party chartbeat.net 2 Third Party agkn.com 1 Visited cnn.com 14 Third Party turner.com 1 Third Party optimizely.com 1 Third Party ugdturner.com 1 Third Party akamaihd.net 1 Third Party visualrevenue.com 1 Third Party batpmturner.com 1
Results with Tracking Protection turned on
Connected with 33 sites Visited google.com 3 Third Party google.com.au 0 Third Party gstatic.com 1 Visited techcrunch.com 12 Third Party aolcdn.com 1 Third Party wp.com 1 Third Party wordpress.com 1 Third Party gravatar.com 1 Third Party twitter.com 4 Third Party grvcdn.com 1 Third Party korrelate.net 1 Third Party livefyre.com 1 Third Party gravity.com 1 Third Party facebook.net 1 Third Party aol.com 1 Third Party facebook.com 3 Third Party dictionary.com 1 Visited reference.com 5 Third Party sfdict.com 1 Third Party thesaurus.com 1 Third Party googleusercontent.com 1 Third Party twimg.com 1 Visited nytimes.com 3 Third Party nyt.com 2 Third Party typekit.net 1 Third Party dynamicyield.com 2 Visited cnn.com 7 Third Party turner.com 1 Third Party optimizely.com 1 Third Party ugdturner.com 1 Third Party akamaihd.net 1 Third Party visualrevenue.com 1 Third Party truste.com 1
Discussion
86 site connections were reduced to 33. No wonder it’s a performance improvement as well as a privacy improvement. The only effect I could see on content was that some ads on some of the sites weren’t shown; all the primary site content was still present.
google.com was the only site that didn’t trigger Tracking Protection (i.e. the shield icon didn’t appear in the address bar).
The results are quite variable. When I repeated the experiment the number of third-party sites without Tracking Protection was sometimes as low as 55, and with Tracking Protection it was sometimes as low as 21. I’m not entirely sure what causes the variation.
If you want to try this experiment yourself, note that Lightbeam was broken by a recent change. If you are using mozilla-inbound, revision db8ff9116376 is the one immediate preceding the breakage. Hopefully this will be fixed soon. I also found Lightbeam’s graph view to be unreliable. And note that the privacy.trackingprotection.enabled preference was recently renamed browser.polaris.enabled. [Update: that is not quite right; Monica Chew has clarified the preferences situation in the comments below.]
Finally, Tracking Protection is under active development, and I’m not sure which version of Firefox it will ship in. In the meantime, if you want to try it out, get a copy of Nightly and follow these instructions.