Over the past few months, we’ve been experimenting with DNS-over-HTTPS (DoH), a protocol which uses encryption to protect DNS requests and responses, with the goal of deploying DoH by default for our users. Our plan is to select a set … Continue reading
For years, web users have endured major privacy violations. Their browsing continues to be routinely and silently tracked across the web. Tracking techniques have advanced to the point where users cannot meaningfully control how their personal data is used. At … Continue reading
As announced in August, Firefox is changing its approach to addressing tracking on the web. As part of that plan, we signaled our intent to prevent cross-site tracking for all Firefox users and made our initial prototype available for testing. … Continue reading
Mozilla has recently announced a change in our approach to protecting users against tracking. This announcement came as a result of extensive research, both internally and externally, that shows that users are not in control of how their data is … Continue reading
The new Firefox Monitor service will use anonymized range query API endpoints from Have I Been Pwned (HIBP). This new Firefox feature allows users to check for compromised online accounts while preserving their privacy. Anonymizing Account Identifiers Operations like ‘search’ … Continue reading
To help prevent third party data leakage while browsing privately, Firefox Private Browsing Mode will remove path information from referrers sent to third parties starting in Firefox 59. Referrers can leak sensitive data When you click a link in your … Continue reading
Since Let’s Encrypt launched, secure contexts have become much more mature. We have witnessed the successful restriction of existing, as well as new features to secure contexts. The W3C TAG is about to drastically raise the bar to ship features … Continue reading
As part of our commitment to protect the privacy of our users, Mozilla will disable the insecure RC4 cipher in Firefox in late January 2016, beginning with Firefox 44. Mozilla will be taking this action in coordination with the Chrome … Continue reading
The purpose of the HTTP Referer (sic) header is to help sites figure out where their traffic comes from. However, as the Web got more complex, the amount of information in the Referer header ballooned, leading to bigger privacy problems. … Continue reading
I’ve posted some of my recent thinking on privacy and identity. For some time we’ve generally seen privacy treated as its own problem domain, oddly divorced from the realms of security and identity. Perhaps its time for a different approach?
