Current Version plugins

A solution to ETAg tracking in Firefox

The ETAg — entity tag — is a web cache validation method that web servers use for identifying resources. The core idea behind the feature is to use it to compare resources to determine whether they are identical or not.

As is the case with many Web features nowadays, they can be used for good and bad. ETAgs are used in the HTTP header which means that they can be used even if the browser rejects JavaScript, cookies or local storage.

Tip: We talked about ETAg tracking back in 2014, and mentioned it back in 2010 in the Evercookie article as well.

Back in 2011, researchers at UC Berkely discovered that websites were using ETAgs for tracking purposes. ETAgs are cached by the browser, and returned by the browser to the web server when a resource is requested again. The use of ETAgs allowed sites to track users across sessions, regardless of whether they changed their IP addresses, allowed cookies and JavaScript, allowed the storing of content on the local system, or had plugins enabled.

Clearing the web browser cache should remove ETAgs.  Pants, who created the Ghacks user.js file, discovered some time ago that this was no longer the case in Firefox. She noticed that Firefox was not deleting ETAg data anymore when she cleared the cache of the browser, something that Firefox did before that time.

She uses memory only caching on her system, and found out that disabling both caches (memory and disk) would defeat ETAgs but that it had other consequences at the same time.

remove etags

Earthling, another bright mind behind the Ghacks user.js file, found a better solution. Since ETAgs are set in headers, manipulating headers responsible will do the trick.

  1. You do need to download and install the Header Editor extension that is available on Mozilla AMO for that though.
  2. Once you have it installed, click on the extension’s icon to open the editor.
  3. Click on Add to add a new rule, and fill out the following fields:
  4. Name: ETAg Removal
  5. Rule Type: Modify the response header (this changes the fields).
  6. Execute type: normal
  7. Header name: etag
  8. Click on the Save button to save the new rule.

You can test this on the cookieless cookies site to test this (with and without the header manipulation).

Note that this bug is specific to Firefox. It may also be an issue in Firefox-based browsers.

Closing Words

It is unclear when Firefox stopped removing ETAgs when clearing the browser cache, only that this is the status quo right now. A bug listing on [email protected] that was created 14 years ago highlights the tracking issue associated with ETAgs.

Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader.

The post A solution to ETAg tracking in Firefox appeared first on gHacks Technology News.


Leave a Comment

Your email address will not be published. Required fields are marked *

Menu Title