In 2017, the developers at Mozilla have quietly added several features to Firefox that originated from the Tor Project’s Tor Browser. The new features come from the Tor Uplift project, which helps Mozilla integrate patches to Firefox that are used in the Tor Browser. The Tor Uplift project patches to Firefox help increase privacy and security, and the project has been helping improve Firefox since last year.
Around 95% of the code in the Tor Browser itself comes from Mozilla, as it is based on Mozilla’s Firefox Extended Support Release (ESR). Mozilla, which earlier this month released Firefox version 57, known as Firefox Quantum, has most recently included a feature from the Tor Browser known as First Party Isolation.
The new feature is known as Cross-Origin Identifier Unlinkability within the Tor Browser. The First Party Isolation feature was first added to the stable release version of Firefox in version 55, which was released back in August. Mozilla did not even include a mention of the inclusion of the new First Party Isolation feature in its release notes for version 55. It was originally added to Firefox Nightly, a developmental version of the web browser, in September of last year. With First Party Isolation enabled, access to the cache, cookies, DOM storage, and other identifying data are restricted to the domain from which they came from, thus preventing tracking across other websites.
To enable First Party Isolation in Firefox, navigate to about:config, search for privacy.firstparty.isolate, and then change the value to True by double clicking on False, which is the value it is set to by default. Firefox users may experience some issues trying to log in to certain websites with the First Party Isolation feature enabled. To fix any issues you may run into from having the First Party Isolation feature enabled, navigate to about:config, search for privacy.firstparty.isolate.restrict_opener_access and then change the value to False by double clicking on True, which is the default value. Alternatively, users can enable the First Party Isolation feature by installing an add-on for Firefox called First Party Isolation. This add-on will add a fish bowl icon to the address bar.
The new feature is just the latest anti-tracking feature to be added to Firefox. In 2015, Mozilla added a Tracking Protection feature, which utilizes a blocklist from Disconnect.me to block third party trackers and analytics. Firefox ships with two blocklists from Disconnect.met, a basic tracking blocklist and a more strict tracking blocklist. Users can choose to enable Tracking Protection for Private Browsing windows only, or to enable it for regular browsing sessions as well. In 2011, Mozilla added a Do Not Track request feature, which sends a Do Not Track HTTP header to websites and third party servers, however, the feature is not very good as sites can choose to ignore the request.
In October of this year it was discovered that Mozilla intends to implement yet another feature from Tor Browser in Firefox. This upcoming privacy feature however will not be included until version 58 of the browser is released in January. The new feature imported from Tor Browser blocks HTML5 canvas fingerprinting. With this type of fingerprinting a site uses the canvas HTML tag to get a user’s browser to create a unique hash which is used to track a user.