View
4.005
Download
0
Category
Tags:
Preview:
Citation preview
Tracking Protection for Firefox
Monica Chew (mmc@mozilla.com)Georgios Kontaxis (kontaxis@mozilla.com)
What is tracking?
A Happy Triangle?
Pay-per-click
ConversionsConten
t
Unhappy Side-effects
http://www.nytimes.com/2006/08/09/technology/09aol.html
Unhappy Side-effects
http://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/
Tracking: Not just about industry
http://www.washingtonpost.com/blogs/the-switch/wp/2013/12/10/nsa-uses-google-cookies-to-pinpoint-targets-for-hacking/
Tracking: Not just about industry
http://www.washingtonpost.com/blogs/the-switch/wp/2013/12/10/nsa-uses-google-cookies-to-pinpoint-targets-for-hacking/
Blocking cookies: a losing battle
● indexDB● localStorage● Flash● cache● fingerprinting
Tracking Protection for Firefox
Don’t talk to sites you don’t trust.● Block third-party network connections to
tracking domains on blocklist● Flip a switch and turn it on
Market reach, performance and usability are key
Other implementations
Outline
● Tracking Protection as Safe Browsing Service
● Tracking Protection UI● Performance
Safe Browsing Service
● Already used for phishing/malware detection● Minimize client changes● Freshness: updates every < 45 minutes● Speed: Incremental updates, fast lookups● Storage: 4-32 bytes per entry
Safe Browsing Service
mozpub-track-digest256sub chunks 1-3, add 4-6
goog-phish-shavar
sub chunks 2-4, add 5-7
Safe Browsing Lookups
Canonicalized URL
SHA-256
32-bit prefix
blocklist
32-bit prefix SHA-256
Safe Browsing Lookups
Simplified regular expressions● Hostnames: exact host, strip components
down to eTLD + 1● Paths: exact path, root, then add up to 4
path components
Lookup Example: a.b.c/1/2.html
a.b.c/1/2.htmla.b.c/a.b.c/1/b.c/1/2.htmlb.c/b.c/1/
Safe Browsing Enforcement
Tracking Protection UI
New Document Security Doorhanger
Maintain Tracking Protection StateChannel cancellations notify element loaders
NS_ERROR_TRACKING_URI
nsIStreamListener::OnStreamComplete()
nsDocShellnsImageLoadingContentnsScriptLoadernsObjectLoadingContentstyle/Loader
HttpChannel::Cancel
Maintain Tracking Protection StateBlocked DOM Node Annotation
Maintain Tracking Protection StateChannel cancellation notifies document
NS_ERROR_TRACKING_URI
Document Security StatensDocShellnsSecureBrowserUIImpl
Document Security EventsnsISecurityEventSink, nsIWebProgressListener
nsIStreamListener::OnStreamComplete()
HttpChannel::Cancel
Demo
Performance evaluation: Setup
● Blocklist (NOT final)○ Disconnect
● Nightly driven by Mozmill, No cache● Alexa Top 1000 sites● Measure Page Load Time
○ With and without preference privacy.trackingprotection.enabled
Performance evaluation: Nightly
● 50% of sites had > 20% speedup
● 20% of sites had > 47% speedup
● 2% of sites had > 90% speedup
Performance evaluation: Nightly
Page Load TimeWithout Tracking Protection (seconds) X
With Tracking Protection (seconds) ✔
Speedup
Accuweather 9.5 1.9 80%
CNN 3.3 1.7 48%
The Guardian 8.3 2.7 67%
LA Times 3.2 0.8 75%
NY Times 3.7 2.5 32%
Performance evaluation: Nightly
Vim color scheme test
http://vimcolorschemetest.googlecode.com/svn/html/index-c.html
Memory Overhead Boot (MB) Page Load (MB)
Stock 120 ✔ 330 ✔
With Tracking Protection 120 ✔ 330 ✔
With AdblockPlus 250 X 2000 X
Implementation status
● Tracking bug: bugzil.la/1029886● Backend landed in Firefox 33 and 34● Frontend in review● Mozilla Safe Browsing server: in prototype,
owned by Cloud Services team
What about add-ons?● Addons can block additional or different content
○ nsIContentPolicy: orthogonal to nsChannelClassifier○ (faster) Substitute their own Safe Browsing lists
● Addons can benefit from our annotations○ HTMLDocument.blockedTrackingNodes
Thanks!● Philipp Sackl, UX● Ryan Tilder, Chris Kolowisky, Cloud Services● Reviewers
○ Blair McBride○ David Baron○ Gian-Carlo Pascutto○ Kyle Huey○ Olli Pettay○ Patrick McManus○ Seth Fowler
Backup slides
Turning on Tracking Protection
Tracking Protection Disabled
Why blocklist instead of heuristics?
● High chance of breaking user experience● Network graph for including jquery.js
identical to including tracking-script.js● PrivacyBadger (heuristics-based) breakage:
act.eff.org, angular.js, d3.js, Disqus, Youtube comments, all Google services (api.google.com) including login, services.addons.mozilla.org, Stripe payment
Cookies: a losing battle
Open questions
● Blocklist policy● Blocklist maintenance● Social widgets
Recommended