Monday, March 16, 2009 - The Progress & Freedom Foundation Blog

Privacy Solutions Series: Part 4 - Firefox Privacy Features

By Adam Marcus

Firefox logoAs noted in the first installment of our "Privacy Solution Series," we are outlining various user-empowerment or user "self-help" tools that allow Internet users to better protect their privacy online-and especially to defeat tracking for online behavioral advertising purposes. These tools and methods form an important part of a layered approach that we believe offers an effective alternative to government-mandated regulation of online privacy.

In the last installment, we covered the privacy features embedded in Microsoft's Internet Explorer (IE) 8. This installment explores the privacy features in the Mozilla Foundation's Firefox 3, both the current 3.0.7 version and the second beta for the next release, 3.5 (NOTE - The name for the next version of Firefox was just changed from 3.1 to 3.5 to reflect the large number of changes, but the beta is still named 3.1 Beta 2). We'll make it clear which features are new to 3.1/3.5 and those which are shared with 3.0.7. Future installments will cover Google's Chrome 1.0, Apple's Safari 4, and some of the more useful privacy plug-ins for browsers . The availability and popularity of privacy plug-ins for Firefox such as AdBlock (which we discussed here), NoScript and Tor significantly augments the privacy management capabilities of Firefox beyond the capability currently baked into the browser.  In evaluating the Web browsers, we examine:

(1) cookie management;
(2) private browsing; and
(3) other privacy features

History of Firefox

Firefox descends from the very first graphical web browser, NCSA Mosaic. Mosaic was developed at the National Center for Supercomputing Applications in 1992. The co-author of Mosaic, Marc Andreessen, co-founded Netscape Communications and was the lead developer of Netscape Navigator, which was first released in 1994 and based in part on NCSA Mosaic code. In 1998, Netscape publicly released the source code for the latest version of its browser and created the Mozilla Organization to coordinate its development. AOL acquired Netscape Communications later that year, and when AOL scaled back its involvement with the Mozilla Organization in 2003, the Mozilla Foundation was launched to ensure the browser could survive without Netscape or AOL. The Mozilla Foundation released Firefox 1.0 on November 9, 2004. According to Net Applications, Firefox is currently the second-most popular Web browser after Internet Explorer, with 21.72% of the market in Q1 2009.

Cookie Management

To access Firefox's basic cookie management and privacy settings, open the "Tools" menu, click "Options," and then click on the "Privacy" tab to display the following options:

Options dialog box

Instead of using a slider, as Internet Explorer does, Firefox gives more direct control over cookies. Users can choose to refuse all cookies, refuse all third-party cookies (see the previous post in this series for an explanation of the difference between first-party cookies and third-party cookies), and/or control when cookies expire. The "keep until" box gives three options:

(1) "they expire" - Cookies determine their own expiration date.

(2) "I close Firefox" - Cookies are deleted when you close the browser.

(3) "ask me every time" - Every time a cookie is sent to the user's computer, the user is asked if they want to "Allow" the cookie (accept it and let the cookie determine its own expiration date), "Allow for Session" (equivalent to the "I close Firefox" setting), or "Deny." Firefox can also optionally save the user's preference for all future cookies received from that website. The "Show Details" button allows true power users to view the contents of each cookie before making a decision, as seen here:

Confirm setting cookie dialog box

By clicking the "Show Cookies" button in the Privacy tab of the Options dialog box, users can view all of the cookies already saved on their computer and delete individual cookies or all cookies at once.

Cookies dialog box

Finally, by clicking the "Exceptions" button in the Privacy tab of the Options dialog box, users can specify which websites are always or never allowed to set cookies.

Exceptions dialog box

In addition to having the option of deleting all cookies whenever the browser is closed, users can clear other types of private data when the browser is closed. The following dialog box is displayed when a user clicks on the "Settings" button in the Privacy tab of the Options dialog box.

Clear Private Data dialog box

Private Browsing

Private Browsing iconSimilar to Internet Explorer 8's "InPrivate Browsing" feature (see the previous post in this series for more information) and Chrome's Incognito, Firefox 3.5 will include a new "Private Browsing Mode" that protects so-called "over the shoulder" privacy. To enable Private Browsing Mode, select "Private Browsing" from the Tools menu. To disable Private Browsing Mode and reload all tabs that appeared when you enabled Private Browsing Mode, just uncheck the same "Private Browsing" menu item in the Tools menu. There is a hidden way to make Firefox 3.1 Beta 2 always start in Private Browsing Mode and a plan to possibly provide an easier way to do this in the final 3.5 release, but the only obvious use for this would be on public computers (e.g., at a library or coffee shop) where it can't be guaranteed that each user will close the browser before leaving.

Other Privacy Features


In terms of privacy, what makes Firefox unique compared to the other popular browsers is the extensive number of add-ons (also called "plug-ins" or "extensions") designed to protect users' privacy. Google's Chrome browser does not currently support third-party add-ons but plans to do so in an upcoming release. Microsoft's Internet Explorer does support extensions, and Microsoft has a website devoted to cataloging those extensions, but offers nothing like the variety and complexity of the add-ons available for Firefox. The two most popular Firefox add-ons (in terms of total downloads; currently second and fourth most popular in terms of weekly downloads) are specifically related to privacy. Adblock Plus (ABP) uses dynamically-updated "subscriptions" to maintain a list of unwanted third-party content and automatically  block that content from being displayed or run by Firefox. ABP can block Flash code, images, external scripts, stylesheets, frames, tracking cookies, webbugs, html elements, text ads, backgrounds, and any class, id, and any other HTML or CSS tag. By default, ABP allows all such elements unless they are blocked by a filter.  NoScript, by contrast, blocks all Java, JavaScript, Flash, and other plugins unless you explicitly allow them on a particular website  either (i) temporarily for your current session (until you close the browser); (ii) or permanently for all future sessions. Thus, with these two add-ons, Firefox offers security-conscious users a much more secure (and thus private) browsing environment than currently available in other browsers. We already covered Adblock Plus in a previous installment of our Privacy Solutions Series. We plan to cover NoScript and other popular Firefox add-ons such as TorButton and FoxyProxy in future installments.

Additional Reading / Links:

posted by Adam Marcus @ 12:31 PM | Privacy , Privacy Solutions