Printable Version of Topic

Click here to view this topic in its original format

HTMLHelp Forums _ Off Topic _ Firefox 102 privacy feature strips URLs of tracking parameters

Posted by: Christian J Jul 4 2022, 05:15 PM

https://www.bleepingcomputer.com/news/security/new-firefox-privacy-feature-strips-urls-of-tracking-parameters/

"With the release of Firefox 102, Mozilla has added the new 'Query Parameter Stripping' feature that automatically strips various query parameters used for tracking from URLs when you open them, whether that be by clicking on a link or simply pasting the URL into the address bar.

Once enabled, Mozilla Firefox will now strip the following tracking parameters from URLs when you click on links or paste an URL into the address bar:

Olytics: oly_enc_id=, oly_anon_id=
Drip: __s=
Vero: vero_id=
HubSpot: _hsenc=
Marketo: mkt_tok=
Facebook: fbclid=, mc_eid=
...
there are additional trackers that are not being filtered, which privacy-focused Brave Browser currently blocks."

Posted by: pandy Jul 5 2022, 05:50 AM

Does it tell us when it does that?

Posted by: Christian J Jul 5 2022, 05:58 AM

Seems not. There's a test page here: https://www.bleepingcomputer.com/PoC/qs.html (remember to enable Strict Tracking protection in Firefox).

If the list of filtered parameters grow over time, I imagine the risk will increase that some innocent web developers use the same ones by mistake...

Posted by: pandy Jul 5 2022, 06:25 AM

I'll try later. I haven't updated.

Yes. Like with web washing software that reject certain file names. We had quite a few question related to that some 10 years ago. I think it was a well known AV. It was pretty generic names too. Don't remember any now, but like ad.gif...

Maybe parameters will need to be prefixed with something unique. Like here html or help could be used. help_abc and so on. Tedious.

Posted by: Christian J Jul 5 2022, 12:24 PM

QUOTE(pandy @ Jul 5 2022, 01:25 PM) *

Maybe parameters will need to be prefixed with something unique. Like here html or help could be used. help_abc and so on. Tedious.

True.

But isn't it a fundamental flaw of URLs in general that querystring parameters can be changed by anyone besides the site owner? (Of course the parameter values must be allowed to change, that's often their purpose when submitting a form.) But I guess another more strict system would become a bit complicated.

Posted by: pandy Jul 5 2022, 04:40 PM

How do you mean? To what use is it to change the names in querystring? unsure.gif

Posted by: Christian J Sep 7 2022, 11:20 AM

Missed you reply, sorry!

QUOTE
To what use is it to change the names in querystring? unsure.gif

For the tracking companies? For tracking, I suppose. Not sure exactly how it's done.

Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)