Mozilla study analyzed privacy improving features

"Can we improve privacy without breaking the Web", that was the question that Mozilla tried to find answers for in a recent study. The organization ran an opt-in study to learn how privacy protections "affect users on websites".

Mozilla wanted to know whether the enabling of Tracking Protection breaks websites, if some privacy protections caused lower breakage than others, and if broken websites made users leave Firefox.

Mozilla Privacy Study

More than 19000 Firefox users joined the study and Mozilla assigned each user to a specific branch. Eight branches changed certain privacy-related settings in the Firefox browser and the ninth was the control group.

The following privacy settings were assigned to branches:

1. Session only Third-Party Cookies -- Third-party cookies are deleted when Firefox closes.
2. No Third-Party Cookies -- Firefox blocks sites from setting third-party cookies.
3. Third-Party Cookies limited to visited -- Only sites that the user visited in the past are allowed to set third-party cookies.
4. Tracking Protection enabled.
5. Origin Only Referer to Third-Parties -- Trims referer values to origins when sent to third-parties.
6. Resist Fingerprinting -- Enables fingerprinting protection.
7. First Party Isolation -- Enables First-Party Isolation.
8. First Party Isolation Opener Access -- Enables First-Party Isolation and allows pages to access openers.

The study added a new button to Firefox's toolbar that users could interact with to report issues.

One rather interesting outcome of the study was that users of the Tracking Protection branch reported fewer issues than the control group. The control group reported an average of 0.24 problems per user while Tracking protection group users 0.23 problems. All other branches had a higher ratio of reported issues per user. Third-Party Cookies limited to visited came in last with 0.28 average issues per user of the group followed by users of the first-party Isolation group with 0.27 average issues.

Mozilla concluded that Tracking Protection's benefit, that is the blocking of some third-party connections and thus scripts on sites, outweighs the breakage that the enabling of the feature may cause.

Tracking Protection may actually fix websites by blocking tracking elements that break/slow them down!

The most promising preferences that improve privacy based on the composite breakage score of the study are Tracking Protection, Origin Only Referer to Third-Parties and session-only Third-Party Cookies.

Origin Only Referer to Third-Parties:

• Reduces detail sent to trackers
• Very few login failures
• Very little mail breakage
• Does not block ads
• Referers are used to guarantee ad policies

Tracking Protection

• Blocks known trackers completely
• Speed boost
• Very little mail breakage
• Triggers adblocker-blocker walls
• Blocks ads

Session-only Third-Party Cookies

• Limits duration of tracking
• Very little mail breakage
• Some login and "unexpected signout" failures
• Does not block ads

Mozilla launched Tracking Protection for regular browsing sessions for all users in Firefox 57. The organization plans to trim Referer values to origins in private browsing in Firefox 59.

Closing Words

Third-party scripts are a main source for issues that users experience on the Internet. The study showed that users report fewer problems when a chunk of these are blocked by the browser. A comparison to full content blocking in Firefox would have been useful as well. (via gHacks)

Now You: Do you use privacy protections in your browser of choice? What do you do if you encounter issues?