Security/Anti tracking policy: Difference between revisions

← Older edit

Security/Anti tracking policy (view source)

Revision as of 09:13, 5 October 2022

113 bytes added , 5 October 2022

Update navigation tracking policy text

Mthomson

Confirmed users

23

edits

@@ Line 21: / Line 21: @@
 ===== 2. Navigational cross-site tracking =====
-'''URL parameter-based cross-site tracking.''' When cookie-based tracking is not available, some third parties decorate URLs with user identifiers. When the browser requests those resources, either through a top-level navigation or a subresource request, those user identifiers are available to other websites or third parties.
+'''Cross-site tracking using URL decoration.''' When tracking by other means is not available, some entities choose to add information to URLs to pass information between sites. When the browser navigates between sites, the linking site adds information to the URL that is not about the destination page.  URL decoration might be used to carry information about the user: their identity, their interactions on the linking site, or other information.
-Any party actively setting, retrieving, or sharing an identifier or other personal data in a URL for the purpose of building a user profile is in violation of this policy. Firefox will blocklist parameters included in the URL for this purpose and remove them from cross-site top-level navigations.
-User profile building is currently characterized by Firefox through the following client-observable traits:
+Any party actively setting, retrieving, or sharing an identifier or other personal data in a URL for the purpose of building a user profile is in violation of this policy.
-* High-entropy parameters that may identify a user (assign a unique identifier to a user) or encode user data. '''Exceptions being:'''
+The most common form of URL decoration uses [https://en.wikipedia.org/wiki/Query_string query parameters]. Firefox will seek to identify query parameters that sites use for tracking purposes and remove these parameters from cross-site, top-level navigations.
-** Parameters exclusively identifying specific elements or actions on the navigating page (per-click or per-element identifiers). These parameters must assign a different value to each click or element they are identifying.
-** Identifiers necessary to complete a user-initiated task such as logging in or submitting a form.
-* High-entropy parameters that are broadly included in all (or nearly all) outgoing navigations from a site, even if the parameters are not uniquely identifying a user.
-Because any type of URL decoration can violate some users’ personal sense of privacy, we allow for optionally configuring Firefox to apply stricter rules for parameter removal and may remove more parameters on certain user actions such as sharing a URL.
-Firefox may also apply stricter rules for parameter removal by default in the future, which will be reflected in this policy.
+An exception is made for URL decoration that is used for the following purposes:
+* Attribution, specifically where URL decoration is not user-specific and Mozilla is confident that it cannot be used to enable tracking.
+* Cross-site login or authorization, where URL decoration might identify a user, but is explicitly part of actions deliberately requested by the user (i.e., where the decoration is required to fulfill the user’s request, rather than just carrying unnecessary information).
+* Form submission, or other actions where the URL decoration contains information that is the direct result of user choice.
+These exceptions might be temporary. As alternative approaches for use cases are developed that do not rely on URL decoration, Firefox might implement additional restrictions on the use of URL decoration. Firefox might also offer options that allow users to further limit URL decoration.
+This policy might be amended in future to include stricter rules.
 ===== 3. Tracking via unintended identification techniques =====