This is a mirror of my original LinkedIn post.
Enhanced Tracking Protection is here, but what does that mean?
Background
Back in June of 2019, Mozilla enabled Enhanced Tracking Protection by default in any new install enabling that functionality as part of the ‘Standard’ configuration of the browser. Then this month (September) they did a roll out changing all active Firefox installs to enable this setting by default in alignment with their Anti-Tracking Policy.
But what exactly does it do?
Enhanced Tracking Protection Disabled
It may be easier to see what this does, by looking at how the web works with it disabled. So for this example, we’ll be using yahoo.com and looking at a few screenshots to get a perception of how it works.
Marketing Tech often relies on cookies (both first and 3rd party). and if we’re looking at a product like DoubleClick, we may see the following:
Note in the above image, that the DoubleClick domain is setting a cookie known as ‘IDE’ with a value of:
AHWqTUmmk2EXYBa4Io3499onXUlP2YA3WqSYozEBu6KMt7RT6kiAzMG5fs0eU4x7
Then, on loading the DoubleClick scripts, that value is transmitted to DoubleClick on the request.
You can see on the right side of the image, under the ‘Request Headers’ the IDE cookie appears as a value of the Cookie header, and is transmitted to the remote server (DoubleClick) as part of loading the script on the webpage.
Google states that this cookie does the following:
We use cookies to make advertising more engaging to users and more valuable to publishers and advertisers. Some common applications of cookies are to select advertising based on what’s relevant to a user; to improve reporting on campaign performance; and to avoid showing ads the user has already seen.
and
We also use one or more cookies for advertising we serve across the web. One of the main advertising cookies on non-Google sites is named ‘IDE‘ and is stored in browsers under the domain doubleclick.net. Another is stored in google.com and is called ANID. We use other cookies with names such as DSID, FLC, AID, TAID, and exchange_uid. Other Google properties, like YouTube, may also use these cookies to show you more relevant ads.
So if we assume that is true, and we know DoubleClick is an ad platform, then the cookie is likely important for ad placement and Attribution.
Now let’s see it the other way.
Enhanced Tracking Protection Enabled – The new Default
In the above waterfall, we again highlight the same request as with Enhanced Tracking Protection disabled, but this time, when look at the Request Headers along the right side, we see the Cookie header is not present, so the remote server is NOT getting the cookie.
This means, that if the cookie is important for Ad Placement, the service isn’t keeping track of what the user saw, and if it’s important for Attribution, there is no history being established from the Ad Click to the Conversion event.
Enhanced Tracking Protection also does something else however. Let’s take a look at the developer console.
We see here, that there are 68 tracking requests trying to get information from Firefox’s cookies and storage that Firefox is preventing. So just like in the DoubleClick scenario above, we can see that whatever that data is powering (be it Ad Attribution, Recommendations, etc.) is likely not able to establish history and that can cause the remote system to behave differently that it may otherwise as it will be treating the user as a someone they have never seen before.
But let’s say we want a look at what URLs are being blocked – you can expand the developer console.
Firefox will gladly tell you what it’s blocking, but won’t know what effect that has – you’ll have to discuss that with whatever vendors you have that you can see on Disconnect’s list, which powers the feature.
Users can also see the list – no developer panel required. Interacting with the Shield Icon, will in fact show you what is blocked, and why. You may however, have to look up which vendors those domains you see relate to.
So it’s important to check out Firefox’s new default settings on your website. It may have a impact on reporting or other systems, but you’ll never know until that evaluation.
Note: All Screen Capture was from the current Firefox for Developers Edition (September 2019).