Senglehardt tracking protection test for Firefox

Kongo

Level 35
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,479

About Me​

Hello! I work on privacy at DuckDuckGo. I've previously worked at Mozilla and in the Office of Technology Research and Investigation (OTech) at the Federal Trade Commission. Broadly, I'm interested in making the web a safer place.
I received a PhD in Computer Science at the Center for Information Technology Policy (CITP) at Princeton University. My research has focused on web tracking measurement and defense. Check out my publications.

Test page: https://senglehardt.com/test/trackingprotection/test_pages/

! Keep in mind that the test-site is optimized for Firefox exclusively. This test is meant to show if the built in tracking protection of Firefox is working correctly. !
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
My results were identical with uBO and Trace on AND off. So, it seems these test pages can be evaluated exclusively of third party extensions. :unsure:

Here, there's some room for improvement, but Firefox with Strict policy blocked most test items--I'm thinking the below failure and others can be managed by my two third party extensions. Wish it could be determined how well uBO specifically can fill in the holes Firefox leaves.

This actually doesn't tell me anything I didn't already vaguely know. Browsers are leaky--some more than others, for sure.

FF TEST.png
 
F

ForgottenSeer 92963

All your base are belong to us. . .

Steven Englehardt said:
Browser fingerprinting for online tracking. Browser fingerprinting is a stateless tracking technique that uses device configuration information exposed by the browser through JavaScript APIs (e.g., Canvas) and HTTP headers (e.g., User-Agent). In contrast to traditional stateful tracking, browser fingerprinting is stateless—the tracker does not need to store any client-side information (e.g., unique identifiers in cookies or local storage)

Agree with @plat1098 browsers are leaky and privacy is a lost battle with the current set of API's and information the browser provides (to websites you visit). Also when you sign into a website (e.g. for online purchase), you agree to terms of usage which in 95% of the cases also includes server side tracking.
 
Last edited by a moderator:

rain2reign

Level 8
Verified
Well-known
Jun 21, 2020
363
My results were identical with uBO and Trace on AND off. So, it seems these test pages can be evaluated exclusively of third party extensions. :unsure:

Here, there's some room for improvement, but Firefox with Strict policy blocked most test items--I'm thinking the below failure and others can be managed by my two third party extensions. Wish it could be determined how well uBO specifically can fill in the holes Firefox leaves.

This actually doesn't tell me anything I didn't already vaguely know. Browsers are leaky--some more than others, for sure.

Level 2 strict in not in Firefox anymore, since version 70 iirc. It got deprecated and we got the total cookie protection now. If anyone else is seeing Level 2 (strict) not blocked, that is normal on Firefox now. ;)
 
  • Like
Reactions: Nevi and Kongo

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Level 2 strict in not in Firefox anymore, since version 70 iirc. It got deprecated and we got the total cookie protection now. If anyone else is seeing Level 2 (strict) not blocked, that is normal on Firefox now. ;)

Hi, this is Firefox v. 93.0 (latest) and this is the setting under Privacy and Security that I'm referring to--"strict." I don't believe this is deprecated. Under Cookies and Site Data I manage that separately.

ff strict tp.png
 
  • Like
Reactions: Nevi and oldschool

rain2reign

Level 8
Verified
Well-known
Jun 21, 2020
363
Hi, this is Firefox v. 93.0 (latest) and this is the setting under Privacy and Security that I'm referring to--"strict." I don't believe this is deprecated. Under Cookies and Site Data I manage that separately.

You may be misunderstanding me. There used to be a (ETP) setting referred to as level 2, which went above and beyond the current strict policy.

Edit: Basically, level 1 blocking list and level 2 tracking (blocking) list. But those two have long since been put together as the current strict along with Total Cookie Protection added on top of that a few years later. The level 2 at the time caused a lot of breakage for the majority of the regular users.
 
Last edited:

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
Hi, this is Firefox v. 93.0 (latest) and this is the setting under Privacy and Security that I'm referring to--"strict." I don't believe this is deprecated. Under Cookies and Site Data I manage that separately.

You may be misunderstanding me. There used to be a (ETP) setting referred to as level 2, which went above and beyond the current strict policy.
Indeed. I'd also add that (if I understand correctly) the test is checking that FF built-in blocking is working/functional and that is all, it's not testing overall blocking ability. Since that block level Strict 2 is missing, the test fails.
BTW, my understanding is based on the fact that neither the page nor his site include the date when the test was first issued. I take it that it's not up-to-date other than the note from 11/19. That's the latest date we are certain of.

Also, @plat1098, enabling other extensions won't give a better result because their blocking ability is outside the scope of the test.
 

The_King

Level 12
Verified
Top Poster
Well-known
Aug 2, 2020
542
FF built-in blocking is working/functional and that is all, it's not testing overall blocking ability.
Interestingly, when I tested Tor Browser which is based of FF It failed all the tests.
So Tor seems to be using a completely different Tracking protection and fingerprinting system. Other forks
of FF may pass some of the tests if they using FF Privacy and security settings but I have not tested any,
 
  • Like
Reactions: oldschool and Nevi

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top