Firefox’s SmartBlock
Thomas Wisniewski (via Hacker News):
In building these extra-strong privacy protections in Private Browsing windows and Strict Mode, we have been confronted with a fundamental problem: introducing a policy that outright blocks trackers on the web inevitably risks blocking components that are essential for some websites to function properly. This can result in images not appearing, features not working, poor performance, or even the entire page not loading at all.
[…]
To reduce this breakage, Firefox 87 is now introducing a new privacy feature we are calling SmartBlock. SmartBlock intelligently fixes up web pages that are broken by our tracking protections, without compromising user privacy.
SmartBlock does this by providing local stand-ins for blocked third-party tracking scripts. These stand-in scripts behave just enough like the original ones to make sure that the website works properly. They allow broken sites relying on the original scripts to load with their functionality intact.
This sounds like quite a different approach from Safari’s Intelligent Tracking Prevention. SmartBlock apparently uses a static list of trackers, whereas Safari tries to learn (on device) what to block. So Firefox may be more reliable with known bad actors, whereas Safari may catch more of the long tail but be less consistent from one device to another. SmartBlock tries to prevent breaking sites by substituting stand-in scripts, whereas Safari loads the trackers but segregates the data. So it’s possible that Firefox will break some sites if the stand-in scripts don’t behave properly, but it should provide better performance and use less bandwidth. On the other hand, some sites don’t work in Safari unless you turn off ITP.
Previously:
- Firefox’s New Referrer Policy
- Information Leaks via Safari’s Intelligent Tracking Prevention
- The Success of Intelligent Tracking Prevention
- Safari’s Intelligent Tracking Prevention
I use Roadblock on Mac and iOS; it's basically a front-end to content-blocking in Safari (missing "ping", but I've asked about it and they're looking into it). I already default browse with no third-party requests, no cookies, and all first-party elements except "document" (i.e. the web page) disallowed. Very fast; very broken. Use iOS Safari's settings to make google.com desktop view the default; you won't get AMP which can't be used without third-party JS. Oh, and it helps if you're blind; customise your own stiles, and default to reader mode. Honestly, it works a whole lot better than you might imagine. Use RSS to catch up; other apps to do the rest where available for speed.
And TBH, I already take the position that unless I need an account, that's enough; anything that doesn't work and I want to read badly enough I'll contemplate reloading, but more usually I'll just wander off. Life's too short and privacy and speed are important. This policy will undoubtedly upset control freaks but that's cool. To them I say Motherfucking Website.
For all the rest, Brave, which I quit after use. It destroys all its state. Safari is superior to Brave in most important respects but sometimes you do need the Chromium advantage and/or you just can't be arsed whitelisting a site until you've got a feel for the place.
Firefox has this one feature I want, containers. With containers, a stateless web may be possible on a per-tab basis. I want a world where there is no state: closing a tab destroys it. Only when you whitelist a first or third party site, and in the third-party case maybe even only when you ask for a reload to include that state, should it be used. Imagine such a world: no long-term tracking, a hysterical adtech industry, and a credible long-term plan for privacy on the web. Sadly we're not there, and no thanks to Mozilla doing silly things like taking out the JS toggle switch from the UI. See this Brave Communities thread (yes, requires JS because Discourse). Making it work for ordinary users would be a big challenge, though, and I suspect that's where the browser vendors all come up short.