Security news that informs and inspires

Firefox Now Blocks Cryptominers and Fingerprinters

Mozilla has made several subtle but significant changes to Firefox in the newest release that give people more control over the way the browser handles data in private browsing mode and what content they can block automatically.

The company released Firefox 67 on Tuesday, and among the many changes and improvements are a few tweaks to the privacy and security settings in the browser that are meant to make it easier for users to handle some content. The most significant change is in the way Firefox deals with extensions across windows in private browsing mode. Previously, the browser would automatically enable a given extension across all windows, regardless of whether any of them were running in private mode. But now, that behavior is reversed.

“There are significant changes in Firefox’s behavior and user interface so that users can better see and control which extensions run in private windows. Starting with release 67, any extension that is installed will be, by default, disallowed from running in private windows. The post-install door hanger, shown after an extension has been installed, now includes a checkbox asking the user if the extension should be allowed to run in private windows,” Mike Conca, a product manager for Firefox WebExtensions, said.

“To avoid potentially breaking existing user workflows, extensions that are already installed when a user upgrades from a previous version of Firefox to version 67 will automatically be granted permission to run in private windows. Only newly installed extensions will be excluded from private windows by default and subject to the installation flow described above.”

Private mode allows people to browse without having Firefox retain any history or tracking information about any of the sites visited in that window. Because those windows are meant to be private, having extensions automatically run in them was sort of contradictory to the purpose of private mode. In addition to the change in extension behavior, Firefox 67 also now allows users to save passwords in private mode, a convenience that wasn’t available previously.

Firefox 67 also includes a new feature that allows people to set a preference in the Content Blocking setting to block known cryptominers and fingerprinters. Cryptominers are small programs that run in browsers and use the machine’s resources to mine a cryptocurrency. Some news websites now use cryptominers as a form of micropayment for visitors, a reaction to the advent of ad blockers, and there also are malicious cryptominers that attackers install without users’ consent, usually through drive-by downloads.

And browser fingerprinters are a subset of trackers that allow sites to gather a certain amount of information about a visitor’s browser and device, even without the use of a cooke or other persistent presence on the machine. There’s a broad range of fingerprinters, some more invasive than others.

“One of the three key areas we said we’d tackle was mitigating harmful practices like fingerprinting which builds a digital fingerprint that tracks you across the web, and cryptomining which uses the power of your computer’s CPU to generate cryptocurrency for someone else’s benefit. Based on recent testing of this feature in our pre-release channels last month, today’s Firefox release gives you the option to “flip a switch” in the browser and protect yourself from these nefarious practices,” Mozilla’s Marissa Wood said.