Former Mozilla software engineer Monica Chew and Computer Science researcher Georgios Kontaxis recently released a paper that examines Firefox’s optional Tracking Protection feature. The duo found that with Tracking Protection enabled, the Alexa top 200 news sites saw a 67.5 percent reduction in the number of HTTP cookies set. Furthermore, performance benefits included a 44 percent median reduction in page load time and 39 percent reduction in data usage.
Tracking Protection allows Firefox users to avoid many forms of online tracking. Originally based on the blocklist from antitracking startup Disconnect, the feature offers better privacy while also speeding up page loads by blocking requests to tracking domains.
In August, Chew held an Air Mozilla talk and showed that the feature decreases page load time by 20 percent on 50 percent of sites, 47 percent on 20 percent of sites, and 90 percent on 2 percent of sites that rely heavily on third-party content. The impact on top news sites is greater as they tend to feature a lot of embedded extras.
Tracking Protection is exciting for privacy advocates because most features that protect users do not also translate into performance benefits. Most users are interested in a faster experience, and while privacy is important, it is rarely something many are enthusiastic about.
To turn on Tracking Protection in Firefox, follow these three steps:
- Fire up Firefox and open about:config
- Search for privacy.trackingprotection.enabled
- Double-click or right-click the preference to toggle the Value to “true”
The feature isn’t on by default because Mozilla is still gathering feedback about how the feature works. Still, if you care about performance, you should notice an improvement for many sites:
As an example, www.weather.com loads in 3.5 seconds with Tracking Protection versus 6.3 seconds without and results in data usage of 2.8 MB (98 HTTP requests) versus 4.3 MB (219 HTTP requests), respectively. Even though Tracking Protection prevents initial requests for only 4 HTML script elements, without Tracking Protection, an additional 45 domains are contacted. Of the additional resources downloaded without Tracking Protection enabled, 57% are JavaScript (as identified by the content-type HTTP header) and, 27% are images. The largest elements appear to be JavaScript libraries with advertisement-related names, each on the order of 10 or 100 KB.
The paper says each site was visited 10 times with and without Tracking Protection. The median values of identified trackers, load time, and bytes downloaded were computed to represent each one. Content caching and prefetching were naturally disabled to ensure each visit was testing a fresh load.
Chew, previously at Google, left Mozilla at the beginning of April. Still, she has strong views about what the company can and should do: “I believe that Mozilla can make progress in privacy, but leadership needs to recognize that current advertising practices that enable ‘free’ content are in direct conflict with security, privacy, stability, and performance concerns — and that Firefox is first and foremost a user-agent, not an industry-agent.”
She further argues that advertising “does not make content free” but “merely externalizes the costs in a way that incentivizes malicious or incompetent players.” She cites unsafe plugins and malware examples that result in sites requiring more resources to load, which in turn translates to costs in bandwidth, power, and stability. “It will take a major force to disrupt this ecosystem and motivate alternative revenue models,” she added. “I hope that Mozilla can be that force.”
Earlier this week, Chew and Kontaxis received the best paper award at the Web 2.0 Security and Privacyworkshop.
Ref: VentureBeat