Pale Moon forum

A topic that has come up a few times lately regarding the user tracking going on on the Internet is the use, or I should say, abuse of what are otherwise standard features of browsers. While there are some things that can be done in the browser core to mitigate this kind of tracking, the more aggressive tracking almost invariably makes use of what is an intended (and spec-prescribed!) feature. A few examples are canvas, media meta data and DOM storage.

The thing is, actual features and usable APIs can and will always be abused - and often the "undesirable behavior" is an inherent result of having those APIs; meaning that to mitigate it you'd have to kill off features or break with specs. We don't want to do that, as it would factually cripple the browser's ability to render the web properly, just to deal with a few bad trackers.
What we can do in the browser itself to mitigate tracking is things that would otherwise not negatively impact the usability, security and web compatibility of Pale Moon. We have already done this in some areas like offering built-in canvas data poisoning in a way that is humanly imperceptible. But many of the tracking techniques rely on inherent functionality that cannot be manipulated in a subtle way like that.

A few suggestions that have been offered:

• Adopting patches from the Tor browser project to keep data in memory only and never commit it to disk.
  While a decent approach for the Tor browser that by design doesn't want anything stored permanently, this is a no-go area for Pale Moon because our (and other general-use browser) users actually want permanence of data.
• Blocking detection of features to make the browser less unique.
  In a limited profiling universe this would be very effective, but that's not the universe we live in. Trackers profile us on the (public!) web not just by what features are presented by the browser, and even if you block some, you cannot block all identification methods employed -- combined with your unique location (which is a much easier statistic that is used) you will still be unique even if you limit your usable features. So doing this just limits your experiences unnecessarily.
• Purposefully lying about what features are supported.
  This, very simply put, will break the web. Websites that do feature detection will get bad data, and your Internet experience will be broken.
  This also includes e.g. using useragent-randomizers that will do nothing but break your browsing when visiting ua-sniffing sites.

Where possible, Pale Moon will employ techniques that actually make it more unique, since that is actually a more efficient way of dealing with trackers than trying to "blank yourself".

I would also like to say that add-ons focusing on privacy and security are usually more stable with better control and flexibility over these versatile tracking techniques. But nevertheless, any kind tracking, be it statistics or diagnostics can be used for good or/and bad intentions.

Add-ons is indeed the best solution here; add-ons can more rapidly respond to changes in the tracking methodologies employed, too.

And yes, not all tracking is bad, either. Many tracking practices genuinely improve relevance of what you can find on the net.