{"id":2368,"date":"2018-09-05T07:03:44","date_gmt":"2018-09-05T14:03:44","guid":{"rendered":"https:\/\/blog.mozilla.org\/security\/?p=2368"},"modified":"2018-09-05T07:19:53","modified_gmt":"2018-09-05T14:19:53","slug":"why-we-need-better-tracking-protection","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/security\/2018\/09\/05\/why-we-need-better-tracking-protection\/","title":{"rendered":"Why we need better tracking protection"},"content":{"rendered":"<p>Mozilla has recently <a href=\"https:\/\/blog.mozilla.org\/futurereleases\/2018\/08\/30\/changing-our-approach-to-anti-tracking\/\">announced<\/a> a change in our approach to protecting users against tracking. This announcement came as a result of extensive research, both internally and externally, that shows that users are not in control of how their data is used online. In this post, I describe why we\u2019ve chosen to pursue an approach that blocks tracking by default.<\/p>\n<p><b>People are uncomfortable with the data collection that happens on the web. <\/b>The actions we take on the web are deeply personal, and yet we have few options to understand and control the data collection that happens on the web. In fact, research has <a href=\"https:\/\/repository.upenn.edu\/cgi\/viewcontent.cgi?referer=&amp;httpsredir=1&amp;article=1138&amp;context=asc_papers\">repeatedly<\/a> <a href=\"https:\/\/www.usenix.org\/system\/files\/conference\/soups2017\/soups2017-samat-awareness.pdf\">shown<\/a> that the majority of people dislike the collection of personal data for targeted advertising. They report that they find the data collection <a href=\"http:\/\/aleecia.com\/authors-drafts\/wpes-behav-AV.pdf\">invasive<\/a>, <a href=\"https:\/\/www.blaseur.com\/papers\/soups2012-oba_ur.pdf\">creepy<\/a>, and <a href=\"https:\/\/www.blaseur.com\/papers\/soups2012-oba_ur.pdf\">scary<\/a>.<\/p>\n<p>The data collected by trackers can create real harm, including enabling <a href=\"http:\/\/time.com\/5197255\/facebook-cambridge-analytica-donald-trump-ads-data\/\">divisive political advertising<\/a> or <a href=\"https:\/\/www.npr.org\/sections\/health-shots\/2018\/07\/17\/629441555\/health-insurers-are-vacuuming-up-details-about-you-and-it-could-raise-your-rates\">shaping health insurance companies\u2019 decisions<\/a>. These are harms we can&#8217;t reasonably expect people to anticipate and take steps to avoid. As such, the web lacks an <a href=\"https:\/\/33bits.wordpress.com\/2011\/03\/18\/privacy-and-the-market-for-lemons-or-how-websites-are-like-used-cars\/\">incentive mechanism<\/a> for companies to compete on privacy.<\/p>\n<p><b>Opt-in privacy protections have fallen short.<\/b> Firefox has always offered a baseline set of protections and allowed people to opt into additional privacy features. In parallel, Mozilla worked with industry groups to develop meaningful privacy standards, such as <a href=\"https:\/\/www.w3.org\/2011\/tracking-protection\/\">Do Not Track<\/a>.<\/p>\n<p>These efforts have not been successful. Do Not Track has seen limited adoption by sites, and many of those that initially respected that signal have <a href=\"https:\/\/marketingland.com\/hulu-joined-list-major-platforms-ignore-not-track-requests-185610\">stopped honoring it<\/a>. Industry opt-outs don&#8217;t always limit data collection and instead only forbid specific uses of the data; past research has shown that people <a href=\"http:\/\/aleecia.com\/authors-drafts\/wpes-behav-AV.pdf\">don&#8217;t understand this<\/a>. In addition, research has shown that people <a href=\"https:\/\/www1.uie.com\/brainsparks\/2011\/09\/14\/do-users-change-their-settings\/\">rarely take steps to change their default settings<\/a> &#8212; our own data <a href=\"https:\/\/data.firefox.com\/dashboard\/usage-behavior\">agrees<\/a>.<\/p>\n<p><b>Advanced tracking techniques reduce the effectiveness of traditional privacy controls.<\/b> Many people <a href=\"http:\/\/www.pewinternet.org\/2013\/09\/05\/anonymity-privacy-and-security-online\/\">take steps to protect themselves<\/a> online, for example, by clearing their browser cookies. In response, some trackers have developed advanced tracking techniques that are able to identify you without the use of cookies. These include <a href=\"https:\/\/webtransparency.cs.princeton.edu\/webcensus\/\">browser fingerprinting<\/a> and the abuse of browser <a href=\"https:\/\/freedom-to-tinker.com\/2017\/12\/27\/no-boundaries-for-user-identities-web-trackers-exploit-browser-login-managers\/\">identity<\/a> and <a href=\"https:\/\/www.eff.org\/deeplinks\/2017\/12\/arms-race-against-trackers-safari-leads-criteo-30\">security<\/a> features for individual identification.<\/p>\n<p>The impact of these techniques isn\u2019t limited to the the website that uses them; the linking of tracking identifiers through <a href=\"https:\/\/freedom-to-tinker.com\/2014\/08\/07\/the-hidden-perils-of-cookie-syncing\/\">\u201ccookie syncing\u201d<\/a> means that a single tracker which uses an invasive technique can share the information they uncover with other trackers as well.<\/p>\n<p>The features we\u2019ve <a href=\"https:\/\/blog.mozilla.org\/futurereleases\/2018\/08\/30\/changing-our-approach-to-anti-tracking\/\">announced<\/a> will significantly improve the status quo, but there\u2019s more work to be done. Keep an eye out for future blog posts from us as we continue to improve Firefox\u2019s protections.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Mozilla has recently announced a change in our approach to protecting users against tracking. This announcement came as a result of extensive research, both internally and externally, that shows that &hellip; <a class=\"go\" href=\"https:\/\/blog.mozilla.org\/security\/2018\/09\/05\/why-we-need-better-tracking-protection\/\">Read more<\/a><\/p>\n","protected":false},"author":1597,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[847,69],"tags":[],"coauthors":[320791],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Why we need better tracking protection - Mozilla Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/security\/2018\/09\/05\/why-we-need-better-tracking-protection\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Steven Englehardt\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2018\/09\/05\/why-we-need-better-tracking-protection\/\",\"url\":\"https:\/\/blog.mozilla.org\/security\/2018\/09\/05\/why-we-need-better-tracking-protection\/\",\"name\":\"Why we need better tracking protection - Mozilla Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\"},\"datePublished\":\"2018-09-05T14:03:44+00:00\",\"dateModified\":\"2018-09-05T14:19:53+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/4e57438e5a1cb316da982a0053c6ed53\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2018\/09\/05\/why-we-need-better-tracking-protection\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/security\/2018\/09\/05\/why-we-need-better-tracking-protection\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2018\/09\/05\/why-we-need-better-tracking-protection\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Why we need better tracking protection\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/security\/\",\"name\":\"Mozilla Security Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/4e57438e5a1cb316da982a0053c6ed53\",\"name\":\"Steven Englehardt\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/921e0113c6856efe3f1960058729d00f\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4013c3a1151063bb911608e4c8dc6f23?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4013c3a1151063bb911608e4c8dc6f23?s=96&d=identicon&r=g\",\"caption\":\"Steven Englehardt\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Why we need better tracking protection - Mozilla Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/security\/2018\/09\/05\/why-we-need-better-tracking-protection\/","twitter_misc":{"Written by":"Steven Englehardt","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/security\/2018\/09\/05\/why-we-need-better-tracking-protection\/","url":"https:\/\/blog.mozilla.org\/security\/2018\/09\/05\/why-we-need-better-tracking-protection\/","name":"Why we need better tracking protection - Mozilla Security Blog","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/security\/#website"},"datePublished":"2018-09-05T14:03:44+00:00","dateModified":"2018-09-05T14:19:53+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/4e57438e5a1cb316da982a0053c6ed53"},"breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/security\/2018\/09\/05\/why-we-need-better-tracking-protection\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/security\/2018\/09\/05\/why-we-need-better-tracking-protection\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/security\/2018\/09\/05\/why-we-need-better-tracking-protection\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/security\/"},{"@type":"ListItem","position":2,"name":"Why we need better tracking protection"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/security\/#website","url":"https:\/\/blog.mozilla.org\/security\/","name":"Mozilla Security Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/4e57438e5a1cb316da982a0053c6ed53","name":"Steven Englehardt","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/921e0113c6856efe3f1960058729d00f","url":"https:\/\/secure.gravatar.com\/avatar\/4013c3a1151063bb911608e4c8dc6f23?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4013c3a1151063bb911608e4c8dc6f23?s=96&d=identicon&r=g","caption":"Steven Englehardt"}}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/2368"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/users\/1597"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/comments?post=2368"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/2368\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/media?parent=2368"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/categories?post=2368"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/tags?post=2368"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/coauthors?post=2368"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}