Firefox's protection against fingerprinting

Firefox Firefox Last updated: 3 days, 15 hours ago 75% of users voted this helpful
No one has helped translate this article yet. If you already know how localizing for SUMO works, start translating now. If you want to learn how to translate articles for SUMO, please start here.

Like other browsers, Firefox’s functionality is influenced by your operating system, hardware, graphics cards, additional software and even the fonts you install. In some instances, details of your computer are accessible to websites to (for example) help render content in higher resolution or provide instructions for your specific operating system.

However, when all the different aspects a browser exposes are combined, the unique combination can act like a “fingerprint” and makes you identifiable across the web. This “fingerprint” is potentially used to profile you for targeted content without the use of cookies. Firefox’s Enhanced Tracking Protection blocks a list of “Known Fingerprinters” and limits the information your browser exposes at all times to combat “Suspected Fingerprinters”.

Default Settings

Known Fingerprinters Protection is enabled in normal browsing and when Enhanced Tracking Protection is set to Strict.

Both Known Fingerprinters Protection and Suspected Fingerprinters Protection are enabled in Private Browsing and when Enhanced Tracking Protection is set to strict.

Both features can be controlled more granularly when the Custom level of Enhanced Tracking Protection is selected.

How do I disable this protection for a website?

If a site seems broken, try turning off Enhanced Tracking Protection. It disables the protection on that site only. Enhanced Tracking Protection will continue to block trackers on other sites.

  1. Select the shield icon IG shield to the left of the address bar.
  2. Toggle the switch Fx115 blue toggle at the top of the panel.
    Fx91ETPtoggle-on

This will turn off Enhanced Tracking Protection for this site. The page will reload automatically and disable protection on this site only.

Follow the same process to turn Enhanced Tracking Protection back on.

How do I enable or disable this protection for all sites?

  1. Launch Firefox on your computer.
  2. In the Menu bar at the top of the screen, click Firefox and then select Preferences or Settings, depending on your macOS version.Click the menu button Fx89menuButton and select Settings.
  3. In the left-hand sidebar, click Privacy & Security.
  4. Customize Enhanced Tracking Protection: Scroll down to the Enhanced Tracking Protection section.
  5. Enable Fingerprinting Protection: To control Fingerprinting Protection, select the Custom option from the Enhanced Tracking Protection settings.
  6. Adjust Fingerprinting Protection Settings: Once you've selected Custom, you will see options to block Known fingerprinters and Suspected fingerprinters. Check the boxes next to these options to enable them. Additionally, you can choose whether to block Suspected Fingerprinters in all windows or just in private windows using the dropdown menu located on the right-hand side of this option.
    Fingerprinting protection

How can I tell if this protection broke something?

First, try disabling the protections by exempting the page from Enhanced Tracking Protection as described above, and see if that resolves your issue.

Presently, the types of breakage we see most commonly are:

  • If you have set a custom font for Firefox to use in Settings and that font is not in the default install list, it will not be used when this protection is active.
  • Scripts that detect support for emojis may incorrectly fail to detect support when Firefox does actually support them. This would typically result in these emojis being rendered using Unicode text instead of images.
  • Certain types of image or video effects may not behave as expected, including greenscreen effects and progressive drawing videos (where the image accumulates the results of multiple animations or effects over time).
  • For languages with extended character sets, certain glyphs may not render and instead display a square “character not found” icon.

On rare occasions, these fingerprinting protections can completely break a site in an unexpected way and treat it as an error condition when it does not receive it.

Report a broken site

If a broken site starts working properly again after turning off the Enhanced Tracking Protection, you can click the shield icon and select Send report. This will show the Report a Broken Site panel.

Fx123-Report broken site panel

The Send Report button will send site related data to Mozilla, so future Firefox versions can load the website correctly with Enhanced Tracking Protection enabled for everyone. Filling the optional Describe the problem field helps us fix the problem faster. See How do I report a broken site in Firefox desktop? for more details.

How does each protection work?

Known Fingerprinters

The “Known Fingerprinters” protection feature works by blocking scripts listed in Disconnect’s fingerprinting list. This prevents companies specializing in fingerprinting from examining your device and obtaining details about their hardware, software or IP address. While this serves as an initial defense, it does not safeguard you against companies that are not included in the list. Additionally, we sometimes have to create exceptions for this list to ensure that websites continue to work as intended.

Suspected Fingerprinters

To combat fingerprinting attempts that Firefox cannot block (because we are unaware of the script, or because it is integrated with the site in a way such that it cannot be blocked), Firefox will limit the information it exposes to the web at all times, for every webpage. (Potentially limited to Private Browsing only, per the settings above.)

The specific attributes that Firefox alters are:

  • Random data is introduced to background images when the image is read back by the website. If a website merely renders data to the background, it will render without alteration. Although typically this does not happen, if the website reads the image data in the background (and potentially displays it to you again), it will have subtle noise that may affect how the image is displayed.
  • Locally installed fonts (specifically, fonts that are not in the list of standard fonts shipped by your operating system) will not be used to render text on a page.

Related articles

Was this article helpful?

Please wait...

These fine people helped write this article:

Illustration of hands

Volunteer

Grow and share your expertise with others. Answer questions and improve our knowledge base.

Learn More