Open Bug 1851380 Opened 2 years ago Updated 2 years ago

does confection.io need to be on the "tracker" list?

Categories

(Core :: Privacy: Anti-Tracking, enhancement)

Product:
Core
Component:
Privacy: Anti-Tracking
Version:
Firefox 117
Type:
enhancement

Tracking

()

People

(Reporter: bruloo, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0

Steps to reproduce:

sorry i did not see another way to report this.
In the forum they send me to the general help website and there i get lost where to ring the bell.
I went to website https://confection.io/scripts/click-engage-xbox-com/. I do piityfull not understand what they promote/sell or how their script works, but I have not a good feeling after reading their explanation.

Actual results:

The website says they are proud, they can bypass privacy settinge of all browsers including FireFox. They sell a their product to major websites.
Is this product bypassing Firefox privacy fences, so not only on that developer website but also on their customers websites?

Expected results:

Perhaps Firefox can test the browser for this script threat?

Component: Untriaged → Security

The website says they are proud, they can bypass privacy settinge of all browsers

Please link to that explicit statement.

Flags: needinfo?(bruloo)

I agree it is a lot of text.

"Whats the impact of blocking:
.. businesses haven’t been able to track or advertise to a steadily increasing number of web users since 2016. We saw a big jump in 2017, and by 2025, just about every web user will be untrackable and unreachable.. "

"Fast and Reliable: Without using cookies, third-party scripts, or a JS fallback, Confection’s user matching rate is identical to marquee web analytics services. And we use predictive technology and machine learning to identify individual users across browsers, devices, and sessions."

Flags: needinfo?(bruloo)

I will set this enhancement as new so the engineering team could decide if they take in consideration changing this.

Status: UNCONFIRMED → NEW
Ever confirmed: true

From a very quick skim (could be wrong!) this might be legit and not bypassing anything. Many sites that want insights into how their sites are performing have used 3rd party analytic scripts to outsource a lot of that work. There's nothing inherently wrong with wanting to know how your own site performs, but by using 3rd party services to do it that means those 3rd parties (for example, Google Analytics) learn what individuals are doing across a whole range of sites. If this is a library so those sites can perform their own analytics locally that's not something we're opposed to. Sites can already do that, but many turn to outsourcing because they don't have the knowledge or skills to set it up for themselves.

In the couple of points where they are describing something that sounds like what we consider "tracking" (sending the form-fill information to their own servers?), eventually they will get big enough to be put on the tracking list and those connections will be blocked the way Google Analytics is blocked today.

Component: Security → Privacy: Anti-Tracking
Product: Firefox → Core
Summary: ypassing Firefox privacy with this product? → does confection.io need to be on the "tracker" list?

Hi Daniel,

Thanks for your clear answer.
Indeed it is a lot of explaining text to promote their product, which is in the end in fact also a tracking list.
Good to see that at last "it" (this track list?) will be blocked too as it becomes too big to be believable to respect privacy.

wkr
Mart

You need to log in before you can comment on or make changes to this bug.