Last month we saw a couple of privacy scandals unfold, as Google was caught circumventing privacy settings on the iPhone and in Internet Explorer in order to gather browsing data despite explicit user settings. Right about the same time, Mozilla released an add-on for Firefox, Collusion, to visualize
the third parties that are tracking your movements across the Web. I wanted to do a little experiment to see what’s the difference between various browser privacy settings. That also gave me an opportunity to try out the newer version of Firefox more extensively – but I’ll write about that later. Some context about the graphs from Collusion:
Sites with a halo are sites that you have visited. Sites in grey are sites you have not visited. An arrow from one to the other means that the former site has set one or more third-party cookies to inform the latter site about your visit.
First of all I browsed during the weekend with the default privacy settings in Firefox – meaning accepting all third-party cookies, keeping them indefinitely and with ‘Do not track’ disabled. The result as presented by Collusion shows a total of 41 sites setting cookies; 20 of them were visited directly, while the other half were tracking cookies. You may also notice the graph is tight, with a lot of connections between sites forming a single cluster.
After saving the first graph, I deleted my cookies and browsing history and changed a single setting: to not accept third-party cookies. Then I continued browsing as usual for another couple of days and yesterday I saved the graph from Collusion again. This time around it recorded a total of 29 cookies, comprised of 24 from direct visits and 5 third-party; two of those coming from bit.ly, which I suspect is because I clicked on links shortened with bit.ly inside Twitter’s own shortener. Immediately you can see the improvement, from 50% third-party cookies to just 17%. The graph looks much looser, with fewer connections, the sites do not fully connect in a single cluster, instead we see a couple of small islands that don’t communicate with the rest at all.
It’s by no means a scientific study, since I didn’t visit exactly the same sites under controlled circumstances, but it’s enough to get the overall picture. The bottom line? If you want less sites tracking you, especially ad networks, you don’t have to wait for browsers to implement new policies, like ‘Do not track’; just turn off third-party cookies. It’s easy to do and available in all browsers, desktop or mobile, although it has some caveats. Some bookmarklets will stop working, if they rely on cookies to check if you are logged in. I have this problem with LastPass: the extension is not supported on the Aurora channel and the bookmarklet requires cookies; but you can work around this by adding an exception for lastpass.com. Unfortunately, like the stories about Google mentioned above show, no solution is foolproof: given enough incentive, someone will find a way around this privacy protection.
Do have the Firefox Collusion add-on? Reset and then go to tmz.com -- insane 40+ cookies dropped without a single click!— janefinette (@janefinette) March 2, 2012