Mozilla Firefox update protects users against redirect tracking

Redirect Tracking
(Image credit: Mozilla)

After rolling out Enhanced Tracking Protection (ETP) by default last year, Mozilla has announced that the latest version of Firefox will ship with ETP 2.0 which is capable of blocking a new advanced tracking technique called redirect tracking.

When users browse the web they constantly navigate between sites. For instance someone might search for “best running shoes” on a search engine, click a result to read a review and then click on a link to buy a pair of shoes from an online store. In the past, each of these websites had the ability to embed resources from the same tracker and the tracker could use its cookies to link all of these page visits to the same user.

In order to better protect users' privacy online, ETP 1.0 blocked trackers from using cookies when they are embedded in a third party context though it still allowed them to use cookies as a first party because blocking first party cookies can often break websites. Redirect tracking takes advantage of this exception to get around third-party cookie blocking.

Redirect trackers work by forcing users to make a momentary stopover at their website that is imperceptible to the end user. This means that instead of going directly from a review website to a retailer, users end up navigating to the redirect tracker before the retailer. As a result, the tracker is loaded as a first party and is allowed to store cookies. 

Enhanced Tracking Protection 2.0

With the latest Firefox release, once every 24 hours ETP 2.0 will completely clear out any cookies and site data stored by known trackers to prevent redirect trackers from being able to build a long-term profile of a user's activity online.

When a user first visits a redirect tracker, it can store a unique identifier in its cookies. Any redirects to that tracker that take place during the 24 hour window will be able to associate tracking data with that same identifying cookie. However, once ETP 2.0 runs, all identifying cookies will be deleted from Firefox and users will then appear as if it was their first time visiting a site to the tracker.

ETP 2.0 will only apply to known trackers and cookies from non-tracking sites won't be affected. This is because sometimes trackers do more than just track and they may also offer services users engage with regularly such as a search engine or social network. If Firefox were to clear these cookies, users would end up logged out of the email services and social networks they use every day which is why Mozilla provides a 45 day exception for any trackers users interact with directly.

According to Mozilla, ETP 2.0 will be rolling out to all Firefox users over the course of the next few weeks.

  • Also check out our complete list of the best VPN services
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.