Changes

'''URL parameter-based crossCross-site trackingusing URL decoration.''' When cookie-based tracking by other means is not available, some third parties decorate entities choose to add information to URLs with user identifiersto pass information between sites. When the browser requests those resourcesnavigates between sites, either through a top-level navigation or a subresource request, those user identifiers are available the linking site adds information to other websites or third partiesthe URL that is not about the destination page. Any party actively setting, retrieving, or sharing an identifier or other personal data in a URL for decoration might be used to carry information about the purpose of building a user profile is in violation of this policy. Firefox will blocklist parameters included in : their identity, their interactions on the URL for this purpose and remove them from cross-linking site top-level navigations, or other information.

User Any party actively setting, retrieving, or sharing an identifier or other personal data in a URL for the purpose of building a user profile building is currently characterized by Firefox through the following client-observable traits:in violation of this policy.

* High-entropy parameters that may identify a user (assign a unique identifier to a user) or encode user dataThe most common form of URL decoration uses [https://en. '''Exceptions being:'''** Parameters exclusively identifying specific elements or actions on the navigating page (per-click or per-element identifiers)wikipedia. These org/wiki/Query_string query parameters must assign a different value to each click or element they are identifying].** Identifiers necessary Firefox will seek to complete a user-initiated task such as logging in or submitting a form.* High-entropy identify query parameters that are broadly included in all (or nearly all) outgoing navigations from a site, even if the parameters are not uniquely identifying a user.Because any type of URL decoration can violate some users’ personal sense of privacy, we allow sites use for optionally configuring Firefox to apply stricter rules for parameter removal tracking purposes and may remove more these parameters on certain user actions such as sharing a URLfrom cross-site, top-level navigations.

Firefox may also apply stricter rules An exception is made for URL decoration that is used for parameter removal the following purposes: * Attribution, specifically where URL decoration is not user-specific and Mozilla is confident that it cannot be used to enable tracking. * Cross-site login or authorization, where URL decoration might identify a user, but is explicitly part of actions deliberately requested by default in the futureuser (i.e., where the decoration is required to fulfill the user’s request, rather than just carrying unnecessary information). * Form submission, or other actions where the URL decoration contains information that is the direct result of user choice. These exceptions might be temporary. As alternative approaches for use cases are developed that do not rely on URL decoration, which will Firefox might implement additional restrictions on the use of URL decoration. Firefox might also offer options that allow users to further limit URL decoration. This policy might be reflected amended in this policyfuture to include stricter rules.