PossibleThreat Articles

Articles for the experts…

Security Sophos 

Firefox Privacy Protection makes website trackers visible

0 Comments , , , , , ,

Credit to Author: John E Dunn| Date: Fri, 25 Oct 2019 14:33:28 +0000

by

Mozilla has added another privacy tweak to Firefox version 70 – the ability to quickly see how often websites are tracking users.

The company calls it the Firefox Privacy Protection and users can access it by clicking on the address bar shield icon.

The drop-down itemises different kinds of trackers detected on each site, such as general-purpose third-party trackers (Google Analytics on a news site, say) or cross-site trackers which follow users from site to site.

In our testing, the feature worked well, although users might not notice many trackers being caught if they’ve already set Firefox’s Enhanced Tracking Protection (ETP) to a strict setting.

What it does visibly confirm is how many trackers Firefox now blocks of various types. Users can get an overview of all blocked trackers by clicking ‘show report’ at the bottom of the Enhanced Privacy Protection drop-down box.

Don’t look now

To back up its claim that privacy protection is worth having, the company released figures showing that Firefox had blocked 450 billion cross-site tracking requests since 2 July, shortly after ETP was first introduced.

Since then, that’s risen to 10 billion blocks per day:

Much of this work has been behind the scenes – practically invisible to you – making it so that whenever you use Firefox, the privacy protections are working for you in the background.

Lockwise

The desktop version of Firefox’s built-in password tool, Lockwise, gains the ability to generate a secure password when signing up for a new account. This can also be used to replace a current weak one with a new and more secure one.

Mozilla points out that access to Lockwise can be protected using Apple’s FaceID or Android’s TouchID face recognitions systems.

For anyone who’s wondering, the encryption used with Lockwise is, to quote Mozilla:

  • AES-256-GCM encryption, a tamper-resistant block cipher technology.
  • onepw protocol to sign into Firefox accounts and obtain encryption keys.
  • PBKDF2 and HKDF with SHA-256 to create the encryption key from your Firefox account’s username and password.

Another new Lockwise feature is its integration with Firefox Monitor breach alerts, which now appear alongside the affected account.

On a side note, in a recent test by the German Federal Office for Information Security, Firefox was reportedly the only one of five browsers to be given a pass grade.

None of the features mentioned in this article were part of that assessment but it’s a creditable endorsement by the body that sets security standards in Germany’s public sector.

The latest version also fixes 13 CVE-level security vulnerabilities, two of which were rated ‘critical’.

Mozilla’s full summary of version 70’s new features can be found here.

http://feeds.feedburner.com/NakedSecurity

Leave a Reply