Firefox 17 protects your privacy while enhancing the Facebook experience

Filed Under: Facebook, Featured, Firefox, Privacy

Facebook Like ThumbIn a post titled "Being social with privacy in mind" the Mozilla team announced a new social media API in the beta release of Firefox 17.

An API (application programming interface) allows two programs to communicate with one another. The first company to take advantage of Firefox's new social media API is Facebook.

Why would you want Facebook to plug in to your web browser? By using this API, Facebook makes itself available everywhere you surf, including sites that don't currently use "Like" buttons or other Facebook technology.

On the surface this seems bad for privacy, but it's not. As a user you no longer leak your every move to Facebook, because the "Like" button is now embedded in your browser and no longer phones home every time you visit a site that is using Facebook Connect.

Facebook's use of the API adds other functionality as well. Social media sites are designed to facilitate and encourage communities and sharing. Yet flipping between one tab and another trying to have realtime communication with your friends while watching videos and other content can be jarring.

Enter Facebook Messenger. It adds some buttons to your Firefox toolbar that allow you to "Like" things and view your friend requests, chat messages and notifications.

Facebook Messenger beta

As you can see, this makes Facebook accessible while you are using other content within Firefox. Even Facebook chat follows you from tab to tab, without the need to have Facebook open in any of the tabs at all.

If you want to try it you can install the Firefox beta, enable Facebook Messenger for Firefox under the Tools menu, then visit the Facebook website in Firefox.

Facebook Messenger enable prompt

The Mozilla privacy team is proudly proclaiming the privacy enhancing features of having the "Like" button embedded in its browser toolbar. My first impression is to agree, but the proof is in the pudding, so I put it to the test.

First I did a packet capture while visiting The Huffington Post, which has a Facebook "Like" button prominently displayed at the top of its home page.

Facebook Connect packet capture

Without the Facebook Messenger feature enabled, my browser immediately exchanges cookies and downloads over 200K of content from Facebook even though I am only trying to read the news elsewhere.

I enabled the new feature and performed the same test. My machine did do a DNS lookup for Facebook, but that was the end of it. No cookies and no information were shared with Facebook until I chose to click the "Like" button in my toolbar.

Facebook Messenger capture

Social media and privacy are perpetually at odds and this is an interesting development. Mozilla is offering something I have wanted for a long time: an effective method to avoid being tracked by every site that chooses to embed a "Like" button.

It isn't a perfect solution, though. This is only available for Facebook users and only provides these privacy enhancements for one tracking network.

Facebook users should consider taking advantage of this once Firefox 17 is officially released as it seems to only offer benefits. Better privacy, frictionless sharing and easier collaboration with your online friends.

The rest of us will have to sit out this round and hope Mozilla can add more partners and forge new initiatives that will protect everyone's privacy.

, , , ,

You might like

8 Responses to Firefox 17 protects your privacy while enhancing the Facebook experience

  1. Alexander · 731 days ago

    For better privacy against all tracking networks of YOUR choice why not just use NoScript's ABE feature! It helps fight against tracking and moreover all sorts of cross origin attacks: XSS, CSRF, CLICKJACKING etc

  2. MikeP_UK · 730 days ago

    As I am not a Facebook user I trust that this feature will not work on my systems and that it will not exchange any information, data or cookies with any Facebook server or system. If it dies, then it is very insecure and dangerous. If it doesn't then can it be completely removed to prevent wasting space and system resources>

    • Nigel · 730 days ago

      The screen shot above clearly shows a screen prompt that indicates installation is optional. If you don't want it then don't install it in the first place.

  3. Christoffer · 730 days ago

    I just hate this ! How awful is that Like button !

  4. mealz · 730 days ago

    MikeP_UK and Christoffer, you clearly didn't comprehend the article.

    Read the article again in its entirety, slowly.

  5. Mary Kay Hodges-Cates · 730 days ago

    I can not even find facebook messenger in the add ons.
    Am I missing some steps here or did this so easy to do security tip turn into a problem?

    • Jim · 725 days ago

      It is not in add ons. It is under options. My problem is, the like button has disappeared from the address bar.

  6. Tyler · 703 days ago

    I remember when Firefox was lean and fast and they put all this junk functionality into PLUGINS. That were OPTIONAL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.