- Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Can Firefox tracking protection improve private browsing?

Firefox aims to improve private browsing with a new tracking protection feature. Expert Michael Cobb explains how the feature works.

An upcoming version of Firefox will have tracking protection in private browsing. How does the Firefox Tracking Protection feature work? Are there other methods enterprises can or should use to block tracking ads and links or are browser-based features the best approach?

Webpages are often made up of content from many different sources: JavaScript and fonts hosted by Google, comments, likes and tweets from social networking sites, and advertisements from ad companies that are uncannily related to your recent browsing history. The companies that serve these ads can determine which ads maybe of interest to you because they track your browsing habits, or have bought profiles of your online activity from advertising exchanges, data brokers and tracking companies. However, a lot of tracking and data collection occurs without the knowledge, permission or consent of the user. The term tracking generally refers to the collection, retention, use or sharing of data regarding a particular user's activity across multiple websites or applications that aren't owned by the data collector. This means it doesn't cover instances where a site collects and retains information about its own visitors -- a first-party relationship with the user.

To protect users' privacy, most browsers offer some form of private browsing mode that stops data such as cookies, temporary files and pages visited being saved on the user's device, but this functionality doesn't prevent third-parties, distinct from the site being visited, from collecting information about the pages someone visits. Beginning with Firefox version 43, a new feature in Firefox Private Browsing called Tracking Protection will allow users to block content like ads, invisible tracking pixels, calls to analytics engines and share buttons that may record their behavior across sites to protect them from nonconsensual online tracking.

Firefox Tracking Protection automatically blocks any Web content from a list of domains known to track users provided by Disconnect, a certified public benefit corporation. It is active for all sites when a new private browsing session begins, but as some webpages don't function correctly when certain content is blocked, users are able to disable it for a particular site for the current browsing session. A shield icon appears in the address bar whenever Tracking Protection is blocking tracking domains -- the Security tab in the Web console shows a list of any blocked resources.

Web browser security falling short

Robert 'RSnake' Hansen of WhiteHat Security discusses Web browser vulnerabilities

Firefox Tracking Protection will be far more effective at stopping users from being tracked than the Do Not Track (DNT) header supported by most browsers, as websites and advertisers can choose to either honor or ignore it. A DNT header value of 1 indicates that the user does not want to be tracked but there's no legal or technological requirement to acknowledge the request. The Digital Advertising Alliance, for example, doesn't require its members to honor automatically set DNT values.

There are other options, besides Firefox Tracking Protection, that enterprises can deploy to protect their employees' privacy and address the problem of nonconsensual tracking. There are browser add-ons that block spying ads and other third-party trackers like Privacy Badger from the Electronic Frontier Foundation, Adblock Plus and Ghostery. Disconnect also offers its own products for blocking malicious tracking. While features and functionality may differ slightly between products, enterprises should choose the product best suited to their environment and that allows an easy rollout to all users and their devices.

Next Steps

Read more on the Web browser security features for Microsoft Edge

Find out if the Aviator Web browser is secure enough for enterprises

Learn about Google's new Chrome extension security policy

This was last published in March 2016

Dig Deeper on Web browser security