Over a decade of anti-tracking work at Mozilla
I joined the Firefox privacy and security team in 2016. For years, the privacy engineers here at Mozilla have known that online trackers use every identifier they can get to track and re-identify people all over the internet. Over the last six years, I’ve been able to contribute to Private Browsing, Tracking Protection, Containers, Monitor, Relay and other privacy features and products. In all that time, in the back of my mind, I always felt like we weren’t protecting all the major identifiers… yet. In October, we launched Firefox Relay phone masking, a major milestone in years of anti-tracking work by Mozillians past and present. Now, we can protect four major identifiers: cookies, IP addresses, email addresses and phone numbers.
The idea behind a cookie is simple: A site sends the browser a cookie and the browser stores it. The browser then sends the cookie back to the site in every subsequent connection. This lets the site keep data like, “Who is this user?” or “What is in this user’s shopping cart?” in the cookie.
But, a site can be “embedded” into many other sites. For example, images from a social media site can be embedded into a news site. When a user reads an article on the news site, their browser connects to the social media site to get the image. This connection includes the social media cookie, which tells the social media site exactly who is looking at exactly which article on the news site.
For years, Firefox browsers have built better and better protection from these “cross-site tracking cookies.” Features from Private Browsing (2008), to cookie controls (2013), to Enhanced Tracking Protection (2018), and finally to Total Cookie Protection (2021) that confines cookies to the site where they were created, which prevents tracking companies from using these cookies to track your browsing from site to site.
Every device on the internet has an Internet Protocol (IP) address. Your IP address is another identifier, kind of like a mailing address, to get information to your device. Any time that you use the internet (shopping online, sending emails, streaming TV), your device connects to a destination IP address, and in return, information is sent back to you at your own IP address.
But, because your IP address is largely tied to a given device, it can act as a pretty strong and stable long-term identifier. In addition, geolocation database providers can even map your IP address to your location.
Credit: EFF, CC BY 3.0 US
So, Firefox and Mozilla have built a number of things to protect your IP address. We added Tracking Protection to Private Browsing (2015) and then gave users the option to turn it on in regular browsing too (2018) to block connections that reveal your IP address to trackers. Still, we know some sites break when you block those connections, so we also launched Firefox Private Network (2019), a Firefox extension that secures and encrypts those connections while also hiding your IP address. We then launched the Mozilla VPN (2020) that encrypts and hides the IP address of all of your device’s connections.
Together, Firefox and Mozilla VPN give you strong protections for two very popular tracking identifiers.
As more of life moves online, it’s becoming hard to live without an email address. Nearly every service wants your email address so they can contact you about your account. And with dozens or even hundreds of online accounts, it’s easiest to use the same email address for all of them. So your email address becomes the primary link and gateway to all your online accounts, and therefore most of your life! On top of that, your email address is almost a permanent identifier – you’ve likely changed your home address more than your email address.
When we built Firefox Monitor (2018), we saw exactly how dangerous a single email address can be. Hackers turn data breaches into “combo lists” of email addresses and passwords to perform credential stuffing attacks to take over not just one, but all of a person’s accounts.
In addition, data aggregators collect and use email addresses to link other data (like cookies and IP addresses) together and re-identify every individual person in their data.
So we shipped Firefox Relay (2020) to preserve the privacy of your email address, much like a post office box for your physical address. When you use a Relay email mask on your accounts, it breaks the link that hackers and trackers use to attack your accounts and combine your data.
Using Firefox, Mozilla VPN, and Relay together gives you strong protections for these three common tracking identifiers.
Like email addresses, phone numbers are used for many online accounts. Many sites and services prefer phone numbers because they are even more durable and permanent contact points for users and customers than email addresses. But just like email addresses, they are increasingly abused by hackers and trackers in exactly the same ways – they’re a critical link in combo lists and data aggregation.
So, we added phone number masking to Firefox Relay (2022) to give our Relay customers a mask phone number that forwards calls and texts to their true phone number. As we roll out this feature, we will explore how we can expand this offering to improve its privacy protection, make outbound calls and texts and offer it to other regions.
Relay phone numbers are the latest offering in Mozilla’s long history of protecting peoples’ identifiers and online activity. We know we can’t beat all the hackers and trackers with these features, but we definitely can’t beat hackers and trackers without them. This big step is a firm foothold for more to come. I’m thrilled and encouraged for what we will do next.