Tracking is any technique that can be used to accumulate history (purchases, browsing, messaging) and associate it with a particular person. There are many reasons for organizations to engage in tracking, including behavioral advertising, customized content, conversions, and government surveillance. Many of these reasons are legitimate -- in fact advertising revenue subsidizes almost all free web content. However, a combination of industry and government forces have aligned in a way to incentivize silent, invisible wholesale data collection of personal information. Because typical users don't recognize when or how data collection happens, it essentially takes place without user consent.
In this roadmap we focus on three major sources of tracking:
- Tracking for the purposes of advertising
- Tracking via social widgets, such as the Facebook "Like" button, the Twitter retweet button, or the Google +1 button
- Tracking via physical devices such as mobile phones.
Goal: Firefox users know when they are being tracked
Lightbeam is a Firefox addon that enables users to visualize network connections. Lightbeam already does a good job at showing users their network connections. We want to make Lightbeam even more powerful by translating this information into a human-understandable format: who is tracking you, and what can you do about it? The Lightbeam roadmap discusses improvements to visualization, including per-tab visualization and automatically identifying tracking domains.
Goal: Firefox users can avoid being tracked
Tracking protection in Lightbeam
In Lightbeam, once we have the ability to automatically identify tracking domains, we can offer people the option to disallow network connections to those domains. This work is discussed in the Lightbeam roadmap.
Tracking protection in Firefox
Lightbeam currently has 500K active daily installations. We eventually want to make Lightbeam features available to all Firefox users. Experiments in Lightbeam will serve as a valuable testing ground for determining the best user experience for tracking protection. Although Firefox already supports DoNotTrack, the DNT is not enforceable on the client side. With our learnings from Lightbeam, we can port the most useful tracking protection features to Firefox to make DNT "with teeth" available to more people.
Social widgets such as the Facebook “Like” button and the Google “+1” button can be used for tracking, are embedded on 20% of sites worldwide and generate billions of impressions daily. These widgets transmit identifiers such as cookies on load, regardless of whether the user interacts with the widget. In some cases the NSA has used this feature to identify surveillance targets .
For users who have a first-party relationship with these service providers, blocking network loads entirely is not an option. However, we can improve privacy properties of these widgets by doing one of the following:
- Serve the widgets from locally cached copies so that no network traffic is sent unless the user interacts with the widgets.
- Block cookies on network requests that serve these widgets until the user interacts with the widget.
Physical tracking protection
Physical tracking is becoming increasingly important in brick-and-mortar stores []. Because networked devices broadcast their MAC address during wireless network discovery, simply entering the range of a wireless access point enables the wireless provider to track the device, whether or not the device connects successfully to the network. Wifi tracking is something that can only be tacked at the OS level.
Goal: Mozilla transforms the discussion around tracking with science
Currently, technical and policy decisions around tracking mechanisms such as cookies are not based experiments conducted on publicly available data sets. Lightbeam strives to enable work in this area to be reproducible and open by encouraging its users to contribute their Lightbeam graphs back to Mozilla, so aggregate, de-identified data can be shared with the scientific community.