Gavin Clarke reports:
Updated Mozilla has rolled out Firefox 14, which automatically encrypts web searches through Google, but the new release leaves an important back door open to advertisers.
The move also quietly undermines Mozilla’s crusade in the past years on maintaining the privacy of netizens by using Do-Not-Track as a plea to websites not to track users’ searches.
Firefox 14 now sets HTTPS Google as its search default, which Mozilla boasts shields its users from network snoopers and Wi-Fi hackers sniffing up search data.
The idea is you’ll have both anonymity of search and security of transaction while surfing over your chai double-shot latte over at Starbucks.
Announcing support for HTTPS back in May, Mozilla said that using HTTPS helps “providers like Google remove information from the referrer string“. The referrer is an HTTP header field transmitted between the browser and the web page that tells the website which earlier pages the user has visited.
However, what Mozilla didn’t flag up today or back in May is the fact that if you happen to click on an ad on a page you hit then the encryption is removed and advertisers can see who you are and where you’ve been.
The justification given by Google for this leak in its secure search is the inevitable ability to let advertisers server up more accurately targeted ads.
Read more on The Register. The problem doesn’t seem to be with Mozilla, but it would be helpful for Mozilla to specifically and clearly address this issue on its site so that users do not get a false sense of security.