Hacker News new | past | comments | ask | show | jobs | submit login
Firefox Now Available with Enhanced Tracking Protection by Default (blog.mozilla.org)
1069 points by teddyfrozevelt on June 4, 2019 | hide | past | favorite | 274 comments



It is funny how my browser preferences has changed over last 5 years.

2014 me as a developer had Chrome as number 1 browser for both development and all rest. Firefox once a month just to check cross browser compatibility. And Safari was just installed without me using it.

2019 me uses Safari for everything except development. Excellent power consumption and UX. Firefox for development. And lastly Chrome for all web apps that only work on Chrome. ( Google Meet etc. ) I feel much much better that I am not dependent on chrome.


It’s nice to see a bit of Safari love around here. Some sites occasionally break, but I really like the macOS/iOS integrations. SMS code autofill on desktop Safari (via Mac <-> iPhone communication) is pretty awesome.


It’s nice to see a bit of Safari love around here.

The one thing I cannot stand is that fucking URL/search bar (I detest these things in general, but Safari has the worst implementation). Most implementations (e.g. Firefox and Chrome) will encode the space and go on their way, meanwhile Safari translates a space into a search unconditionally — because clearly I want my wikipedia viewing history to end up in my search history FFS. I'm also not a fan of view source opening in a dev tools frame versus a new tab/window like Chrome and Firefox.

Speaking of the dev tools, I was just poking around and saw this in the console:

[Info] Successfuly preconnected to https://securepubads.g.doubleclick.net/

[Info] Successfuly preconnected to https://aax.amazon-adsystem.com/

Interesting as I'm running uBlock Origin (which is, admittedly, more neutered on Safari). I know I've disabled that prefetching before, but I no longer see any options to turn it off. Speaking of UBO, Safari loves to claim UBO will increase energy consumption and slow down my browsing (HA). I wonder if the "disable plugins to save energy" option means that Safari will kill uBlock whenever it feels like. :/


> Most implementations (e.g. Firefox and Chrome) will translate a space into a search unconditionally.

What would you rather have it do? URL encode it?


What would you rather have it do? URL encode it?

Yes. I missed a few words on the original edit.


Doesn't that defeat the purpose of MFA?


No... the computer is a second factor just as much as a phone. Something you know (password) + something you have (computer) = MFA


If they already have your phone, you're already pwned.


>If they already have your phone, you're already pwned.

No, that's not what GP means. If the attacker manages to get malware on the Mac, for example by exploiting a browser 0day, then the attacker can simply circumvent the 2FA by making the Mac fetch the 2FA code. The user won't notice it.


If the attacker manages to get malware on the mac, they can also wait for you to do a login, and steal your 2fa code as you enter it.


Or just steal your session tokens. Not all apps are secure enough to prevent session roaming.


Or just remote drive your session. Token exfiltration isn't required if you can do XSS or say script injection via browser extensions (and exfiltration is more likely to hit anomaly/fraud detection)


Same could be said of the phone, right? A zero day on the phone would circumvent the 2FA.

Really, the SMS part is the actual weak link in the chain. Easier to hijack SMS than own a computer or phone.


> Easier to hijack SMS than own a computer or phone.

That depends on the country, in Germany it's way more difficult.


Why would you say that? All it takes is one telco employee taking a bribe or screwing up some configuration or...


Why?


I noticed this the other day and was very pleased.

Also, if you have touchID then you can use it on safari to autofill login credentials. I just wish safari had an active plugin ecosystem like firefox (or chrome) does.


Apple did their best to kill that ecosystem stone cold. I guess the current situation is unlikely to change anytime soon.


When my bank sends a login token via SMS, Safari can also copy the token out from iMessage and autofill the value - which is quite convenient, but also a little too much for my preference.


I have mostly switched over to Firefox from Chrome for all work related stuff except for anything Google Drive related (esp. Google "new" Sites - that has resulted in lost data and a failed demo).

So yes Google, Chrome will always likely be running on my system, but in almost exactly the same place IE did 10-15 years ago. Is that something to be proud of?


Yup. And even for Gmail and YouTube, Google is trapped in a tab container in Firefox for being naughty.


My preferences haven't changed since 2007 when Chrome didn't even exist. Firefox for everything; Safari once in a while to check browser compatibility; ditto for IE & Chrome; and The Back Button for apps that only work in one browser. It's been a while since I stopped caring about performance and power consumption because I have more performance and battery life than I know what to do with anyway.

I don't regret having stayed with Firefox through the years when Chrome was all the rage. IE6 was the most popular browser in the world when I first tried Firefox, so I know how it feels. Other browsers come and go, but Firefox keeps burning bright.


Personal use aside, I've been meaning to try out firefox for development after seeing some of their release announcements here. Any tips for people like me who are accustomed to chrome devtools? Are there some things you can do in firefox that you can't in chrome, and vice versa?

I do look forward to the chrome devtools release videos, always learn something new.


Firefox in general has much better CSS debugging, and somewhat less good JS debugging. If you’re going to try it out then I’d suggest looking into its grid / flexbox visualisation.


It depends on what you do on a daily basis. There are definitely things you can't do in Firefox - chrome://inspect, for example, which is how a JS dev can debug their Jest tests (though for these workflows you can just pop Chrome or Chromium open for a moment).

Otherwise, Firefox has the better API for add-ons and a more 'open' approach in general, so there are a lot more things you can't do on Chrome that you can in Firefox than vice versa. I have yet to see a decent tree tabs extension for Chrome, for example. (They exist, but none compare to the one available for Firefox).


If you dev using the chrome devtools protocol client (like using intellij, see https://developer.chrome.com/devtools/docs/integrating), you won't be able to do the same on Firefox ATM.

Edit: I'm mistaken - apparently you can : https://docs.firefox-dev.tools/backend/protocol.html ... So no reason to use chrome as a primary browser or development browser.


I work with both and generally they overlap quite a lot for the basic stuff - for general ones, you probably just have to get used to the colours.

I use firefox for dev and browsing but my job requires me to check out chrome more because it's used the most. One thing I find myself using firefox for is the feature of visualising a flexbox which chrome doesn't have.


I use Firefox for meet calls every day


I only use Chrome on Google. Safari for everything else. Best power usage and better protects privacy. No reason to not let Chrome see me use Google...


deleted


Extraordinary claims require extraordinary proof.


deleted


I've stayed with Safari for all web browsing mainly due to it's fantastic power consumption. Still use Chrome for development, but I find Safari's UX so compelling I'll still have it open for reference.

Safari needs a duplicate tab button though.


My favorite Safari UX feature is 'show tab overview'. Its far better than the Firefox overflow menu.


I duplicate tabs with CMD-L CMD-ENTER combo, which I find passable. I suppose an item in the context menu would make sense though.


That and a way to turn off transition animations...


Google Meet works fine for me in Firefox fwiw. I'm in meetings several hours a day on Firefox nightly on a Mac.


Brave is great for those "it only works in Chrome" sites


Or Vivaldi.


I love Vivaldi due to vertical tab bar But I use Palemoon (Firefox fork with XUL) with Tab Kit for vertical tabs too

I think Vivaldi (based on Chromium) is great for one time browsing (open -> close) But I got a bunch of sites I visit daily so I got them opened in Palemoon and open them when I need With another extension you can also unload tabs (manaual or auto, config it as you like) in Palemoon like Vivaldi (called hibernate in V)


I also completely switched to Safari a few years ago mainly for power consumption (how can you all run chrome on battery??), but there isn’t really anything I miss in it these days.

It also integrates very well with my other Apple devices, and works with AppleScripts and keyboard maestro to quickly do complex macros and talk to other apps.


Google meet works in firefox (at least dev edition).


It didn't about 9 months ago. Great if the situation has improved. Thanks a lot for the heads up, hopefully this works and lets me uninstall Chrome!


It works, just not well in my experience. Meet is about the only thing I still use Chromium for.


It didn't today for us.


Make sure to enable permissions for autoplay sound, use the microphone and use the camera.

See https://imgur.com/a/1UQiqtQ


I think there is an issue where Google Hangout meetings created a long time ago don't support Firefox, but new meetings do.


> It is funny how my browser preferences has changed over last 5 years.

Sure, we're still testing, if stuff works on IE10...


You shouldn't be! Microsoft has deprecated it and that should be reason enough to get your users off it.

IE11 isn't much better, though...


Tell that to the banking and medical sector, in the UK NHS would still be using IE6 and WinXP if not they were hacked a year ago with that ransomware from NSA.


This looks perfect way to solve the current dilemma of choosing a "daily driver", but isn't it convenient to have stored all of passwords or details in profile in one browser or is there a way to keep everything in sync. I definitely would like to give a try to Safari.


Use something like 1Password and you can have your passwords in every browser or app, on desktop and mobile.


Better choice would be Bitwarden. https://bitwarden.com


why?


Bitwarden is FOSS


Better is a subjective thing, especially when it comes to FOSS. Better when you want to see the source? Sure, if that is your primary need, but for most people that isn't the case.


I use for Safari for everything including Development.


Are there Chrome-only webapps you use that don't just work with a User-Agent switcher?


Most Google apps only just about "work" on Firefox. They're clearly optimised for Chromium and it shows.

I use Firefox for all my browsing needs except for Google apps, for which I keep an install of Vivaldi around. I only really fire up Chrome if some stupid internal workplace app refuses to work on anything else. It truly is the new IE.


> It truly is the new IE

Funny, and true at least in the company I'm working for (officially supported browsers are primarily IE11 and optionally Chrome).

A colleague told me a few months ago that Firefox was not supported because it did not support some Windows "policies" (Windows or Active Directory? Not sure, no clue about that stuff) but that Firefox was going to support them soon... .


Firefox 60 was the first release with official Group Policy support [1]. Starting from version 64 you could also configure Firefox for macOS using configuration profiles [2].

Both the ADMX templates for Windows and preference .plist for macOS are available from GitHub [3]. The full list of configurable preferences can be found on SearchFox.org [4].

As of Firefox 67 there are quite a lot of settings that can be managed now. Certainly enough for Firefox to be deployed in enterprise environments.

There was also a really interesting talk at MacADUK 2019 by Mike Kapley on the work Mozilla has done so far to support enterprise deployment [5].

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1433136

[2] https://github.com/mozilla/policy-templates/blob/master/mac/...

[3] https://github.com/mozilla/policy-templates

[4] https://searchfox.org/mozilla-central/source/browser/compone...

[5] https://youtu.be/jB_5h4ihih4


Likely they did indeed mean Group Policy in the Active Directory sense, although that's been supported in Firefox for over a year now


Thx!


For example, I cannot copy and paste text in Google Docs in Firefox.


Using the keyboard shortcuts (Ctrl-C/Ctrl-V) works for me on Linux.


Not quite the same thing and I know it’s not fully rolled out yet, but I enable u2f support in Firefox and haven’t had any issues with my Yubikey... except when I try to add a new Yubikey To my gmail account in Firefox it makes me switch to Chrome because “u2f isn’t supported”.

At least let me try and if it fails I’ll file an issue with FF so they can fix it and improve instead of locking me out with half-truths.


In the latest release (67), Google U2F registration should work out of the box.


Most of them probably will work on other browsers with user-agent switching. But i do not want to hack it and risk having a problem in middle of my work. They can easily inject something that is only available in chrome and there goes my video conference :)


I would love to switch to safari. What do you use for ad-blocking?



It seems like it's won't be working on Safari for much longer. Info from 2 days ago "I can confirm that on macOS Catalina Developer Beta 1, uBlock Origin is completely removed as it is not using the MAS distribution method." Src: https://github.com/el1t/uBlock-Safari/issues/151


This hasn't been updated in over a year (last commit Apr 2018). Personally, I use Wipr from the App Store because it's very cheap. AdGuard is also an option.


I didn’t realize unlock origin works on safari. This is very helpful. Thanks!


It’s deprecated.


Pi-Hole is a nice DNS-level adblocker, works with anything.

Otherwise I discovered nextdns.io recently, which seems to work well too.


I find AdGuard pretty good, but I’ve only started using it recently.


I use Wipr both on IOS and MacOS and it’s been great.


1Blocker and I also use LittleSnitch as a blocker.


You could also try ublock origin.


Given the privacy features Apple is introducing they could also put some more resources into making Safari appeal more to developers.


I sorely want to switch to Safari but I can't port all of my Chrome extensions over.


Which ones are you missing?


RES and Imagus are the main ones.



The only thing I like about Chrome is the native personas.


It would be nice if right-clicking on links gave an option of opening it in another browser. That would make it easy to stick to a multi-browser setup.


I use Choosy for that. See https://www.choosyosx.com/

One of my favorite apps on macOS.


A lot of people got tricked into using Chrome.


What do you recommend for adblocking on Safari?



That's depreciated and won't work in the next Safari version, along with all other normal Safari Extensions.



>For new users who install and download Firefox for the first time, Enhanced Tracking Protection will automatically be set on by default as part of the ‘Standard’ setting in the browser and will block known “third-party tracking cookies” according to the Disconnect list.

Despite other issues, which there are some, I'm really happy to see FF not only enable more ways for users to protect themselves - but to be rolling it out as a default.

A lot of non-technical users I've encountered usually want the extra (usually non-default) protections, but don't know where to begin (or what is even available) so they continue with the default installation. FF setting some of the more mature privacy protection features as a default moving forward is a great sign of commitment to the cause of bringing privacy to everyone. Even those who don't know how to poke around the settings or about:config.

>Today, we’re releasing the latest update for Facebook Container which prevents Facebook from tracking you on other sites that have embedded Facebook capabilities such as the Share and Like buttons on their site.

This is a much needed change that I'm also really happy to see. Not really containing anything if the embeds still function.


My parents are completely tech illiterate. But they are also afraid of this tracking and becoming much more aware of this power. So they ask me to set up their browsers to do so. I don't go full in, but basic stuff. There are still little hiccups but even they are happier to have small hiccups than be tracked. They see it as a fair trade-off. I think this attitude is common non-technical users.

Tldr: I fully support security by default.


These Firefox tools are really great. One big issue right now that I have with the strict fingerprint resisting is that it zeroes the timezone to UTC+0. It messes up with websites like slack and others. I had to use an extra addon to set a custom timezone.


I've dumped Chrome altogether since FF 67 was released.

My only gripe is they still aren't blocking ALL ads, but regardless it's a way better user experience now than it ever was.

Firefox 67 feels like a whole new beast compared to their older versions.

If you haven't tried FF for a while I recommend doing so and I suggest trying it across multiple devices. The tab management, syncing, pinning and sending etc. across multiple devices is awesome.


Firefox doesn’t block ads by default, but you can install uBlock Origin, the best ad blocker available.

I also recommend Privacy Badger. It’s a neat extension that automatically detects trackers by auto-learning. This means that Privacy Badger will catch trackers that aren’t caught by static lists, like what Firefox and uBlock Origin are doing.

Btw, both these extensions I mentioned are now deprecated in Chrome due to Manifest V3 and something tells me they’ll always be at home in Firefox ;-)


personally, i hate extensions -- they have a bad track record overall. if i install an extension, i have to keep watching it to be sure it hasn't been sold to a third-party datamining company. same problem with phone apps, but at least phones offer permissions controls for apps.

i trust ublock origin because gorhill is very public, passionate, and transparent. i trust privacy badger because it's backed by the EFF's reputation. those are two very high bars to set and they are literally the only two extensions i trust enough to install on my machine.


Mozilla's repository of extensions has a better track record than Chrome Web Store, as Mozilla does reviews, plus it's now a smaller target.

They survived for years without a permissions system in place. I'm glad that's now in place though.

I always felt uncomfortable letting random extensions active in Private Mode.


I'll second the multi device functionality. I use Firefox on desktop and iOS and all of my history, autocomplete, and tabs follow me and everywhere. It's incredibly convenient.


For Mac users, this is... not great. Firefox on Mac continues to be an oddball in comparison to how it runs on Windows/Linux.

I'll keep using Safari, which also gives me that wonderful cross-device syncing.


It is great for Mac users. Firefox 67+ is faster than Chrome and works flawlessly on MBP 2014. Some "Mac users" also use dev tools, and Firefox is better than Safari in this aspect.


This is not my experience, and certainly not the majority experience given how often the topic of Firefox on Mac comes up in every single thread on this site.

When you parrot this around, you stop Mozilla from feeling the pressure necessary to build a compelling product on Mac.


They can't and likely won't ever block ALL ads because they are funded through a search contract with Google. The whole point of that contract is to drive ad revenue.


As netizens, is there a way to replace Mozilla's dependence on another private company for revenue? Govt grants? Or is merely donations the only way?


idk, but I’ll happily pitch in a monthly donation for what is by far my most used software.


Same.

I depend on and use Firefox enough that I'd happily pay monthly for it.


mozilla foundation (the non-profit) accepts donations, but not (afaik) the part of mozilla that develops firefox.


I'm pretty sure they just sell the contract to the highest bidder, they don't need Google. In fact, for some time Google decided not to renew the contract, so they went with Yahoo instead.


I'm not sure why the "Multi Account Containers" are not built into the browser but I found this add-on to be a motivating factor in switching to FF.

https://addons.mozilla.org/en-US/firefox/addon/multi-account...


When I first tried to switch to from Chrome to Firefox, I got frustrated by the different approaches to user profiles, but multi-containers fixed it for me.

Chrome makes it easy to switch profiles/accounts with the account button in the top right, but Firefox profile management is clunky. You have to choose on startup and can’t launch a window with a different profile from the browser itself.

Next time I tried, I found Multi-containers! It’s EXACTLY what I was trying to do with Chrome Profiles (isolate cookies per persona) and it improves on Chrome in a couple ways:

- lighter than Chrome profiles, very fast to create new containers

- Not tied to a google account

- multiple containers in the same window

- Domain-specific rules make sure you don’t cross-contaminate containers accidentally

- Profile stuff like History and bookmarks is shared across containers and securely synced with client side encryption by default.

You can also get a REAL win for privacy by adding the Temporary Containers extension [0]. This lets you create arbitrarily many containers. It defaults to being an option (right click -> open in temp container) but can be set much more aggressively. I have it create a new temporary container every time I move to a new domain. Amazing.

That DOES require some manual configuration to avoid breaking complex products like Office365. I created a huge regex that identifies Office365 domains and triggers a whitelist with less aggressive isolation. Still, not too much more work than running uBlock Origin with 3rd party resources disabled by default.

[0] https://addons.mozilla.org/en-US/firefox/addon/temporary-con...


> - Profile stuff like History and bookmarks is shared across containers and securely synced with client side encryption by default.

That's actually why I prefer the full profile option in Firefox (i.e. running 'firefox -p' and selecting a profile). I don't want shared history across profiles.


It appears this would block pretty much all the major analytics tracking cookies (e.g. Google analytics, mixpanel, etc.) based on the linked Disconnect list, https://disconnect.me/trackerprotection .

While I realize that's kind of the point, in my mind there is somewhat of a difference between "the site I'm on is tracking me to figure out how I use their site" vs. "any site I visit is essentially aggregated data because all the sites use the same major trackers and ad networks". I wonder if the big analytics companies will need to change their business model, or at least their tech, to account for these kinds of changes.


It looks like these changes only affect third party cookies, while most analytics software relies on first party cookies.

These changes make it harder for analytics companies to track users across domains, but still allows site owners to analyze their own traffic.


I had to check on my site but yes. Google Analytics cookies (they start with “_g”) are set on the website’s domain.


That is so well stated.

I think from a pure interested user perspective the bottom line is I don't care what happens to anything as long as I'm not tracked/measured etc. Find another way or just get lucky with the correct mixture of creativity and hiring. My web browsing does not exist for companies to exist.


> this would block pretty much all the major analytics

The list [1], which includes many APIs, also breaks hundreds of websites [2] that access those APIs

[1] https://github.com/disconnectme/disconnect-tracking-protecti...

[2] https://bugzilla.mozilla.org/show_bug.cgi?id=1101005


They could ask me how I use their site, instead of giving the data about every step I do to 3rd parties.


Unfortunately, many common adblockers also block first-party tracking where your data is only being sent to the company whose site you're interacting with. For example, I know that uBlock Origin blocks Airbnb's tracking code on the Airbnb website — even though it just sends data back to Airbnb-owned domains.


People that respond to such questions surely are a very biased sample of the overall user base.


So let's make more people respond to such questions. The answer is not to say "it's biased" but to fix the core issue.


No. I hate those questions and don't want to answer them. Just let me use your site and figure out what works from there.

You can still have analytics with this Firefox change, you just have to use your own domain for the cookies.


You mean like those survey pop ups that come up halfway through an article? I hate those. Those have caused more suffering for me than 3rd party tracking.


I doubt there are many users out there who care if someones analytics stuff breaks.


It sounds like this is similar to what Apple added to Safari two years ago (https://techcrunch.com/2017/06/05/apple-adds-a-tracker-block...), though I don't know the details.

I will be excited for the day when Privacy Badger is an unnecessary extension.


Safari uses a machine-learning classifier algorithm to determine which third-party sites are trackers: https://webkit.org/blog/7675/intelligent-tracking-prevention...

Disconnect may or may not use M-L classifiers in their selection process, I don’t know.


Similar to Privacy Badger?

https://www.eff.org/privacybadger


It seems like that would be today? I'm pretty sure they both work off the same Disconnect maintained list.


Privacy Badger uses heuristics to determine when a domain might be tracking you.

https://www.eff.org/privacybadger/faq#How-does-Privacy-Badge...


Ah, good to know. I'm not sure if they changed that since launch, or I was just conflating them with one of the other extensions.

This sounds more like Safari's newer behaviour, which sounds good in theory but in Safari's case where it can't be turned off, it breaks things in practice. This seems like a good solution for people that are aware of what's happening enough to pay attention and disable it when something is not working as expected, but makes a bad default for the typical user.


I can proudly say that I’ve ditched Chrome for Firefox for about a month now. The first few days were a little rough (migrating passwords and what not), but now I love it. Keep up the good work FF!


I'm an existing Firefox user. Is there a short list of settings to check to make sure this "Enhanced Tracking Protection" is enabled?

In short, I'm looking for a list of instructions: go to Options > Privacy and Security > Content Blocking > make sure cookies is set to at least "All third party cookies...".


It's explained in the article.

> For existing users, we’ll be rolling out Enhanced Tracking Protection by default in the coming months without you having to change a thing. If you can’t wait, you can turn this feature on by clicking on the menu icon marked by three horizontal lines at the top right of your browser, then under Content Blocking. Go to your privacy preferences and click on the Custom gear on the right side. Mark the Cookies checkbox and make sure that “Third-party trackers” is selected. To learn more about our privacy and security settings and get more detail on what each section – Standard, Strict, and Custom – includes, visit here [1].

[1] https://support.mozilla.org/en-US/kb/content-blocking


I think you’re just about right - it’s Options > Privacy > Content > Custom > “Block third-party trackers”.

(It is not “Block all third-party cookies”, make sure to select the correct one.)


And yet you've sadly got some companies like Alibaba[1] telling users to enable all third-party cookies. This is terrible advice.

1: https://www.alibabacloud.com/help/doc-detail/62160.htm


A good way to get all these settings is to generate a profile with this tool: https://ffprofile.com/


I like these updates just as much as everyone else, but I can't help but think they seem a little bit like biting the hand that feeds you. What will they do when Google decides against renewing their Firefox search contract? Mozilla is highly dependent on the hundreds of million of dollars this contract provides. The politics of this situation are interesting for sure.


given the current antitrust momentum I don't think they'd ever cut Mozilla off in a way that makes them look coercive. If anything the current arrangement is a hedge against bad PR. "if we hate competition and privacy so much, why do you think we're in business with our anti-ad competitor?" etc..


Google makes lots of money from search ads from Firefox users.

Even with these changes, there are still lots of ways for Google to track you and monetize ads.


Mozilla's #1 priority is not to piss off Google, so I'm sure there was a conversation before this happened. Besides, when it comes to money, Google profits many times over whatever payout they give Mozilla.


It was a few years ago that the default search engine for Firefox was Yahoo. I would think that Google would be happy to see Firefox fighting back at them. You don't have a monopoly if Firefox is going strong.


I'm certain that Firefox not shipping a default adblocker is a compromise they made to get that revenue from Google.


Unpopular opinion on HN - Majority regular net users don't care about tracking and the FF focus on privacy will not give them the browser landscape they are losing daily.

They should be focused on giving a better smooth UI, make it faster, remove unwanted extensions like pocket, make all the sites work.

Let's see how valid this comment is in couple of years.


Firefox is fast enough for most people, it has a UI as good as Chrome (that maybe is shit for some people, however most people don't care), most people don't care if Pocket is included or not (it is not like Firefox keeps nagging you to use it either). The only point I concur with you is that all sites should work, however the majority of times I see a site broken in Firefox is because of the developer not testing in other browsers and not a Firefox fault (it would be the same if the developer just develop on Firefox and didn't test on Chrome).

Firefox is not as popular as Chrome thanks to the intense Google advertising some time ago. Even nowadays Google still advertises "this sites runs best on Chrome", kinda like Coca Cola still advertises its products even if they are already the leaders in the segment.


Why should the developers worry about a browser that is only covering 10% as I remember that is the cover ? Specially if you have a small team who has time and people to make multiple versions to run on different browsers?

You can just put a banner saying this website works well on chrome.

FF should be more active in making all the sites work on their browser.


> FF should be more active in making all the sites work on their browser.

How? By matching any bugs or spec incompatibilities Chrome has that makes the site only work in Chrome? Or by begging the site authors to fix the HTML or CSS or JS? Because I don't see any other options.

The first defeats the purpose of having an independent browser (or web standards). The second won't work -- or at least, its success is determined entirely by market share, not directly by what Mozilla does.

I'm really not sure what you're asking for.


I guess it depends if you are a web developer or a Chrome developer...

What Chrome only features are you possibly using that would mean a separate Firefox version?


Or perhaps don't design your site with browser-specific features from the start? The web is interoperable by default.


> You can just put a banner saying this website works well on chrome.

Indeed Chrome is the new IE


Blocking tracking scripts (which is not being turned on by default (yet), but can be turned on by users) is an enormous performance boost because they really hurt page loads.

That aside, as commenters everywhere will tell you, Mozilla has made huge performance improvements in Firefox over the last few years and continues to do so. It's not like Mozilla has decided to stop doing everything except privacy.


They're using privacy to differentiate themselves from Chrome, which will be a sharp contrast once Google cripples adblocking. It seems to be the same move that Apple is pulling with their anonymous login functionality.


Firefox will not going to win with a focus on privacy. Period.

It's like a privacy friendly social network can't beat Facebook.

Unless Google does something extremely stupid people are going to stick to it.

People use Gmail, YouTube, Docs,Google search, Android and all of them are in sync with chrome. It goes hand in hand with your life.

Same is for Apple, they make iPhone they have mail they have macos. Everything sync with safari. Makes life easy.

What does Firefox offer? Only a browser. And privacy is not going make people switch to them.


> People use Gmail, YouTube, Docs,Google search, Android and all of them are in sync with chrome.

In what way are those sites in sync with Chrome? There's sync of tabs and such across devices, but Firefox has that too.


Really ? There are dozens of ad-blockers both free and paid. If people were't bothered about privacy and bandwidth, these apps wouldn't exist at all.


> Unless Google does something extremely stupid people are going to stick to it.

Like removing APIs used for Ad blocking effectively crippling Ad blockers?

> Everything sync with safari. Makes life easy.

Firefox can send tabs between your devices, not sure if it can sync them in their entirety. Not sure i'd want it to though.


> They should be focused on giving a better smooth UI, make it faster, remove unwanted extensions like pocket, make all the sites work.

Those are all things which do not differentiate Firefox from Chrome. They're focusing on that as well, but Chrome will never be able to copy their privacy-enhancing features, because that's Google's business model.


Regular people at the bar in my non-SF town can be overheard puzzling through the privacy issues that they’re hearing about these days. I’ve been asked how to avoid being tracked by creep stalkers now that it’s something people know to be conscious of - and helped them remove a tracking iOS profile after showing them how they wouldn’t have Settings > General > Profiles unless something creepy was up!

So I think we’ve reached a phase where performance is good enough on any hardware for people to start worrying about the big picture problems like privacy and tracking as well. Not to the exclusion of performance - but it’s clearly become more important to random non-tech folks.


> Majority regular net users don't care about tracking

The majority of regular users don't know the extent to which they are being tracked, because they don't have a good grasp of the technology or a good idea of what's possible.


Agreed (except for those specific examples). User experience is the gateway drug. As long as the standard keyboard shortcuts and preferences panel don't work right in Firefox, it doesn't matter how fast or standards-compliant the HTML rendering engine is.

Privacy is vegetables -- I know I should eat more, but I'm not going to go out of my way for it.


How about "Privacy is vegetarianism" instead? Just 20 years ago I'd have trouble going out for a meal in London because there was maybe one (one!) dedicated veggie restaurant in the whole city and lots of places didn't even offer an option on their menu.

Now, everywhere offers a vegetarian option, it's normal. What it took was dedication by fanatics* and to increase mindshare amongst the young. I'd venture that the same conditions would reap the same rewards with privacy.

* that's a wee joke… or is it? :-)


A lot of people eat vegetables tho.


I hear you, but that's why the greedy optimisation of convenience above all gradually leads to the local mininum of a Brave New World.


Multi-account containers is probably why I won't leave Firefox. I have different containers for Facebook and all its websites(instagram, whatsapp), google, amazon, Microsoft.


isn't that the same as the Person profiles in Chrome?


No, Profiles are an entirely separate feature that Firefox also has. Setting up separate profiles for every major site could achieve something similar, but that would obviously be unimaginably inconvenient. Containers are like sandboxed virtual browser instances that nullify most methods of cross-site tracking, while also enabling you to conveniently stay logged in to all of your sites. Switching between the containers is seamless, and does not require any conscious user action apart from initially setting them up. Plus, the real kicker is using Temporary Containers as the default setting for new tabs, which can make it as if every Google search or inconsequential browsing session is done in a Private Window instance. This means there's no way in terms of cookies and trackers for Google to obtain cumulative data about your searches and browsing habits, but you can safely keep local records of your history if you want. There's no way to achieve any of this in Chrome with anything approaching the same level of simplicity or convenience.


How so? This is exactly what personal profiles do. Keeping a separate cookie jar, local storage, history, extensions. Basically only the browser version and OS related stuff is left to track you. Ok, except if Google tracks browser usage directly. I've been using separate profile for each of the evil websites I have to use, no cookie leaking.


I've edited the comment to clarify, but you're right that they're functionally similar. I was talking mainly in terms of user experience, though. Setting up multiple separate profiles with much the same options and extensions, and then having to actively fire them up for every time you want to use a major site that also employs trackers seems massively inconvenient and redundant to me. With containers, mapping specific sites to specific containers that first time is all you have to do. Containers also share local storage, history, and extensions with the rest of the browser, which is a blessing, as there's no need to install the same set of extensions five different times for as many different profiles, for no added security or privacy benefit whatsoever, and you can access local data in consolidated form, without having to deal with them being fragmented across multiple profiles.


Firefox splits the functionality of Chrome profiles into two different things:

Profiles contain all your settings, history, bookmarks, themes, sync settings, etc. They’re stored in a folder on disk. It’s kinda a hassle to switch between them.

Containers isolate cookies (and other stuff?) within a single tab or group of tabs. It lets you run a specific website or set of websites in isolation from your other browsing activity. This has security benefits, but is also great for logging into the same service with multiple accounts simultaneously.

I was initially annoyed by Firefox profiles because they’re clunkier than Chrome accounts, but was very happy when I figured out that Firefox Containers gave me the isolation benefits I was actually looking for, with some real improvements over Chrome.


I do wish there was a sync option, since I have to setup the containers and rules for opening websites in those containers every time from scratch.


You can configure the addon to open specific websites in different containers, and it all works seamlessly.

Except of course, syncing container rule settings across Firefox sync devices.


Knocking it out of the park, Mozilla, keep it up.

Getting more people on Firefox would do the tech world so much good, diversifying who controls what in the web.


Starting to look forward to July when the next ESR will be out. Really tempted to just go ahead and upgrade to FF67 now but have grown fond of the stability of the ESR releases.


I've been on the Beta channel for the last few years. I can't remember the last time it crashed. It's just not a thing with Firefox these days. But then, they do push out new betas every few days so I end up restarting the browser quite often. Either way, stability is fine even with the Betas. I'm pretty sure there are quite many beta users so by the time a release comes out of beta, it has already survived many weeks of testing in the field by gazillions of real users abusing it on all kinds of platform and hardware combinations.

So, stable should be perfectly fine for day to day use if you feel less adventurous. It's basically the release intended for world+dog. The only people actually using ESR probably are enterprises that for whatever reason actually care about which version of Firefox they are using and third party software integrators that just don't want to deal with major changes every minor release. Tor browser is a good example.

I'll click the update button after clicking reply. It seems I missed a few updates. Zero issues that I noticed with this one: 68.0b4.


Thanks. I switched to Chromium way back when FF first started their fast release cycle and kept breaking all my plugins. I finally switched back about a year or so ago and stuck with the ESR releases to be sure to avoid that. But now that they seem to have a stable plugin API I was considering switching to the standard stable releases as it doesn't seem like it should be an issue anymore.

Though that also means finding a good source for them as I currently just use the packages from Debian Stable (well, upcoming stable as I upgraded to Buster early).


ESR for personal use? wow. I'd only expect that on boring corporate machines. I use Nightly everywhere :)


The article starts with: "It’s been several weeks since I was promoted to Senior Vice President of Firefox, responsible for overall Firefox product and web platform development."

How is this relevant? Did Dave Camp's SVP appointment trigger these changes? Honest question, because this is the first sentence of the article and I'm having a hard time understanding why.

Tracking protection is great though. I hope Firefox gains market share again, I love the direction it's taking.


A local struggling theatre company has a new president and the theatre is thriving under him. He told us in private that everything about his public appearance is curated in order to give the theatre a face, and that its an important part of saving struggling theatres - to attach a face to it.

Maybe it’s the same thing?


The dev for these features started a long time ago, notably by Monica Chew as Roc reminds us (https://twitter.com/rocallahan/status/1136041917404160000). More recently Ehsan Akhgari has been instrumental in pushing to the shipping line. Kudos to all!


Maybe his hiring was part of the same process? Products reflect the organizations that produce them.


He's probably feeling pretty chuffed about it and just wants to share :)


Ironically, it triggers on blog.mozilla.org :/


It's worth noting that this isn't actually inconsistent. If your browser does security properly, blog.mozilla.org saying "here, have some malware" doesn't matter because it will be ignored. If it doesn't, one more website serving (functionality-irrelevant) malware makes it that much marginally more painful to keep using a defective browser.


Wait, are you saying that blog.mozilla.org serves malware?


Well, I'm not, but temac is saying that Firefox's Enhanced Tracking Protection is saying that blog.mozilla.org serves malware. I'd call that plausible and presumed true for the sake of discussion but unconfirmed.


Does anybody have experience setting up and running a custom FF Account/Sync server?

https://mozilla-services.readthedocs.io/en/latest/howtos/run...


I set it up 2015 https://jeena.net/firefox-sync-15 and it's running on my server ever since mostly without problems. I think it hang one time so I needed to restart it but otherwise great software, even though the documentation on how to install it was kind of non existent back then. But now that also improved a lot in addition that it's now easy to use on Android too.


I tried Weave back in the day and it was not trivial. The newer Firefox Sync has a FOSS server though it's not as TNO if I recall correctly, likely to allow selective sync and sharing.


Now if only the could fix firefox to not be the slowest and biggest battery draining browser on mac.


I believe this is related to using scaled resolution in macOS.

https://bugzilla.mozilla.org/show_bug.cgi?id=1404042

I was able to achieve way better performance by changing this to `true` in `about:config`:

  gfx.compositor.glcontext.opaque
Another note, performance seems way better when changing the following to `true`:

  gfx.webrender.all
  gfx.webrender.enabled
If anyone with deeper understanding of these options has any reasons why this is a bad idea I'm all ears. Otherwise it's made my experience way better.


The WebRender team seems to be rolling out very gradually and is, if I remember a recent blog post correctly, restricting based on specific GPUs and specific platforms that are proven to work without e.g. crashing or breaking out various things (like window toolbars).

If you set these options, and then later on, you find that your Firefox is super buggy and won't render anything properly and has weird crashes, it could be because you set these options — and it might take hours or days to realize that.

(And then reverse them, somehow, assuming that gfx.webrender.all hasn't broken about:config!)


Mozilla is very conservative with rollouts, very afraid of user complaints. Of course that is understandable, but I wish they did more cold-turkey YOLO decisions anyway :P At least they should've enabled WebRender for everyone on Nightly and Beta a long time ago.

My daily driver is Firefox Nightly with WebRender + Mesa-git + FreeBSD -CURRENT on a Radeon RX Vega. Haven't seen any GPU related crashes in months, it's very stable actually.

> reverse them, somehow, assuming that gfx.webrender.all hasn't broken about:config

well, safe mode is a thing, but you can also use MOZ_WEBRENDER=1 instead of the about:config prefs.


I did definitely notice much better WebRender performance on Nvidia than on Intel, so I turned off WebRender on the Intel laptop.


I went looking at the WebRender blog and they are apparently still making performance improvements every time they post an update, so make sure to clear your override and let the defaults take effect in a few weeks - either it’ll be better or (I assume) the telemetry data will highlight your OS+GPU+driver pairing as needs-improvement (which it can’t with it force-disabled).


Good idea, yes!


I've heard of this bug on and off for years now. Clearly it's not important to the Firefox team that Firefox is a viable browser on mac. Every other browser / application seems to be able to work around/with the issues described except them.


I took over a month away from other work I have to do to develop the planeshift crate [1] to solve this exact problem. On the WebRender side, tiling work is advancing quickly as well. OS compositing in WR hasn't landed yet, mostly because work has to be done on the legacy Gecko side to wrangle the Cocoa widgets properly, but it's not true that nobody cares.

[1]: https://github.com/pcwalton/planeshift


Thank you for your dedication on this. Now on the subject of energy use, how about the patch for the following critical macOS bug landing in a Firefox 67 point release?

https://bugzilla.mozilla.org/show_bug.cgi?id=1551990


Like the bug comments there say (comment 19 in particular), once it's verified that the fix works it will be uplifted to the release branch.


ooh, the code for using Wayland subsurfs for "DirectComposition" is already there! Nice! :)


All this does is cause advertisers to look at more advances mechanisms to track users and make it 'mainstream' -- like browser fingerprinting. These are also not explictly governed by existing legislation, so they can also worry about things like cookie laws and there's little to no defense.


Firefox has a setting you can enable to resist fingerprinting. It must do something because every anti abuse measure on the internet flags you as a bot once you turn it on.


Speaking from experience, Safari seems to be very good at defeating current fingerprinting techniques


So the usual arms race between people and advertisers?


Within the GDPR realm fingerprinting has exactly the same legal implications as (third-party) cookies have.


Going back to Firefox nightly since the google ad issue. I'm sad to say, Firefox UI still lags 2x more than Chromium (even abused with 40+ tabs) on my old machine to the point of being a noticeable annoyance.

Hopefully Mozilla will have funding and manpower to improve this.

Thanks for the work nonetheless.


I like all the work Firefox is putting in. Even though I'm not personally against Chrome, I've been using FF lately and it's very good.


The Lockwise addon is interesting - but that they are not using their own addon site is strange.


why use lockwise instead of say, bitwarden?


Is this setting extending ublock origin or already covered by it?


Mozilla uses the Disconnect lists. uBlock has larger lists that include the majority of ads not just trackers, but they do cover trackers as well of course.


Been using FF for 3 weeks now, love it so far.


Does this block tracking pixels as well? Tag managers?


People were racing to add those social media buttons linked to Facebook back in the days and now they're scrambling to remove them. It's just funny how this works.


I always use Firefox and will always use and support Firefox and Mozilla.


Is there a version of Firefox that protects you from Mozilla installing mr. Robot ads?


The only thing preventing me from completely switching over to Firefox is the developer aren't as good as Chrome's which is faster and less clunky for debugging.


I have not found this to be the case at all. The dev tools are amazing. I have not yet had the chance to use them with a webworker or websockets so I don't know about it compares with some aspects of chrome's dev tools.


Can't compete with Brave.


This feature breaks hundreds of websites listed in a 5 year old issue [1]

The last descriptive update was 4 years ago,

> As the list is increasingly managed according to policy, breakage is a feature, not a bug.

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1101005

Among the broken websites is one I just completed, revddit, "removeddit for user pages":

https://revddit.com/user/rhaksw


Are you the one that created this bot on reddit?

https://www.reddit.com/user/revddit/

Creating a bot to spam your own website is obviously against the site rules. I see most of your posts on Hacker News are similarly promotional.


Promotion through censorship is what I meant to tackle when building the site, so I'm sorry if you feel the bot or citing it on HN is too promotional. Isn't this the place for sharing such work? If not here, where?

The bot itself only responds once per user or thread, and I've already blacklisted some subreddits per suggestions [1]. Feel free to pm me at u/rhaksw if you would like to discuss it further.

[1] https://www.reddit.com/wiki/bottiquette


Your bot violates multiple rules of bottiquette:

>[Please don't] write bots that reply to comments or send private messages without solicitation.

>[Please don't] have your bot reply to every instance of a common word or phrase

It also violates the site's self-promotion guidelines.

It's a spambot, plain and simple. I have reported it as such.


The site reflects users' own data, and I built it without pay. There are no ads. I am sorry you are upset about it.


There's a huge political problem with protections that are on by default, and that's that opponents (advertisers) can easily argue that they are not the explicit will of the user and hence feel justified in doing whatever they can to bypass them. So this action increases the justification for browser fingerprinting and other dark tracking patterns.

The same sort of thing undermined do-not-track headers. The instant they passed from being user-enabled to on-by-default, advertisers were presented with a strong excuse to ignore them.


Bullshit. If I install privacy respecting software over non privacy respecting software then you have to assume I want to keep my privacy and don't want you tracking me.


I'm not tracking anyone. But the majority of Firefox users aren't choosing it for privacy reasons, so these privacy-preserving features are not a good signal that the user actually wants that privacy.

It was worse for do-not-track, as all the major browsers enabled it by default, making it not at all a signal of user preference.


> I'm not tracking anyone

Context is fun eh.

> But the majority of Firefox users aren't choosing it for privacy reasons

I'd like some stats on that please. Given the market share Firefox has why are people installing Firefox?

> so these privacy-preserving features are not a good signal that the user actually wants that privacy.

I consider installing privacy protecting software a pretty good signal but maybe I'm being generous.

> It was worse for do-not-track, as all the major browsers enabled it by default, making it not at all a signal of user preference.

Seems like a pretty strong signal that people don't want to be tracked to me, if a browser impliments something as a default then it would suggest to me that they know more than 50% of their userbase would think not being tracked online is a pretty fucking good idea.


> I'd like some stats on that please. Given the market share Firefox has why are people installing Firefox?

I don't have any stats, but I think many of the people choosing Firefox are doing so because Google is getting scary and Microsoft's offering is always warned against for security reasons, and that sums up the main browsers. In this choice between three things, you're barely getting one bit of user preference information.

> they know more than 50% of their userbase would think not being tracked online is a pretty fucking good idea.

Which in the mind of advertisers means the other less than 50% don't mind being tracked and so they should be allowed to track. But maybe they'd just go with any excuse.

I'm personally hoping that the EU at least slightly fixes things for Europeans when it starts enforcing the GDPR with big fines. Once every site has the required 'No, you may not track me' simple button, the nags will be less irritating because they'll actually be working.


I have two main computers. One has for continuity reasons the old version of Firefox, the other the new one.

The old version is so much more usable that I find myself using that computer much more frequently. It is rock solid with 100's of tabs open, all my extensions work and without silly restrictions on what they can and can not do and it uses a lot less memory. It's measurably faster too. I'm all for progress and improvements in software but after a long stretch of being a very ardent FF supporter I really do wonder if they have a future. If a competitor had a dream about what they could do to ruin Firefox they could not have done a better job.

Enhanced tracking protection is great but it doesn't matter if you push away your users.


    It is rock solid with 100's of tabs open
Thanks for mentioning this right off of the bat. Often you see folks complaining about how "version XYZ of software ABC" is "too slow" or "buggy" and then 27 comments later they make it clear that they have a very nonstandard use case.

I want to be very, very clear: there is nothing "wrong" with having 100s of tabs open, and it certainly would be good if all browsers worked just as well with 500 tabs as a single tab. I'm on your side!

But, in general, people making sweeping statements about software in public have what I feel is a responsibility to be clear when they're using it in ways that are off the beaten path.

Like if I complained about "Windows being buggy", and it turned out I was using a copy of Windows 95 as a substitute for a proper realtime operating system for my spaceship's navigation computer, that's something I really ought to mention upfront.

(Not that having large numbers of tabs is that outlandish, or outlandish at all)


Setting aside possible hardware differences between the two, try doing a profile refresh, because that's messed up.

I've also got a Firefox 52 installation lying around and the new version is noticably faster.


Interesting. Thanks for the tip, I'll give that a shot. Hardware differences are negligible, in fact the machine where FF is noticeably slower is the faster machine. Especially start-up is super slow, takes a couple of minutes at times.


Try to create a new profile to compare nondestructively: "firefox --ProfileManager"

I can confirm both that newer firefox is notably more responsive than old, and that I (or an extension, though I don't have many) managed to get a ff profile into a state where it had inexplicably bad performance, esp. unpredictable long freezes.


You can also create and manage Firefox profiles using the about:profiles page.


> Especially start-up is super slow, takes a couple of minutes at times.

Something really unusual is happening then. I'd second trying with a new profile. You can get general troubleshooting advice at https://support.mozilla.org/en-US/kb/firefox-takes-long-time...

(disclaimer: i work for mozilla, but not on the browser)


That is seriously weird. I don't have the fastest machine possible yet FF starts in a second or two.

Bigger problem are the apps that consume too much CPU and memory. Unfortunately there is no nice way to avoid their killing the whole system (Linux here). But other browsers are no better. The browser makers should realize they are delivering a multiuser OS and protect the resources accordingly.


I've used cgroups in the past to handle that problem when I was using stuff that would otherwise bring down my machine. But I don't know that I'd call it a nice way; at least back then, it was a PITA to set up.


If I had to guess? Try disabling webrender on the new computer. Firefox is rolling this out by default but if your GPU sucks or has fucked up drivers for whatever reason it can cause severe performance issues.

goto about:config and search for gfx.webrender.enabled and make sure it's set to false.

EDIT: More info on the rollout https://www.ghacks.net/2019/05/20/firefox-webrender-rollout-...


Or update your GPU drivers to latest and see if that improves the situation, in many cases it does improve things. At least it did for me and a few people I know, it's not like there's a database out there where GPU bugs are tracked.


I believe the Firefox crash stats database includes both “is webrender enabled” and “what is your GPU” with crash reports, which likely relates to their choices for only enabling it for specific GPUs right now.


Webrender is only rolled out to something like 2% of users, that is unlikely to be the problem.


Please don't use old versions, for security reasons.


Sure... See this is the whole problem with upgrades: upgrades are supposed to improve things but more often than not they break things. In this case the fact that stuff would break was quite predictable. The options to continue to support the non-javascript based branch of FF with plug in support with security updates but for some reason the decision was made to totally ignore backwards compatibility and to forcibly migrate the userbase to a new version without taking into account the problems that would cause. In some cases those problems are substantial, and the security risk then is outweighed by the damage.

This is one reason why the software industry as a whole sucks, we just do not give a damn about the users.


I understand the rationale behind the move. I'm also affected. But Mozilla made the choice, and I hope it works out well for them.

I had to run waterFox to keep my old plugins working.


Something is probably wrong with your newer version.

While I agree with you that the whole addon migration was a disaster and the wounds are healing just very slowly, I don't have the impression that recent Firefox versions had any performance issues (at least on my machines).


How "old" is the old Firefox ? Firefox originally ran within a single process - which was most certainly faster for the most use-cases but had a tendency to crash and also suffered from lots of security vulnerabilities.


Just for my understanding, any special reason to have 100's of tabs open?

Meaning: I basically have a mindset which as a programmer would say: "shall I spend effort trying to optimize my app for users that have 200 tabs open? Naaaa, I don't see a usecase for that to happen."


Yes, sure. I do technical due diligence for a living and when researching a particular company every time I come across another interesting link that hasn't changed color yet I open another tab. Then I just keep reading until there are no more tabs open, and no more interesting notes to take. It's part of my workflow (and one of the reasons why the scrapbook add-on is essential to me, another reason I do my work on the older machine).


> the scrapbook add-on is essential to me

I found the ScrapbookQ plugin, which also is able (with some work, admittedly) to import data from the old Scrapbook plugin:

https://addons.mozilla.org/en-US/firefox/addon/scrapbookq/


I'm hovering around 250 tabs these days and it's doing fine, but most of those aren't loaded. Sounds like yours would be. You might want to try a tab unloading extension.


Oohh, ok, I think that I got it (you keep opening new/unknown links in additional tabs and once you have them all you go through them) - thx.


Optimize for the user who has 100s of tabs open or the user who has 10 tabs but one is Slack.


This is funny - here in Switzerland & Germany I have never, ever heard anybody mentioning "Slack". I read about it the first time when I was reading docs & posts about the chat riot.im/matrix some months ago (maybe in connection with the Matrix "bridges") and from time to time here on HN but I never payed much attention to it.


An alternative and pretty useful point of view is: optimizing for 100s of tabs essentially creates new use cases that weren't possible before.


It happens when you use tabs as bookmarks. The solution is to use bookmarks.


Using tabs as bookmarks is just so much easier that I find I don't use bookmarks anymore.

Perhaps there should be a way to passivate tabs so that they don't take up memory when they are not used for a while.


Wanted to point out that there are a few different firefox addons that allow you to suspend tabs which does unload them. I believe there is at least one with a timer to automatically suspend tabs as well. (sorry can't point out examples now)


Sorry but I can't make the switch from chrome to ff because I don't buy ff's agenda any more than I do Google's. Neither is in the browser game to make money from great browser product.

I want someone to be as dedicated to the product as id was to doom. I want to be able to use their browser for free for a year or three. If I still like you then I'll mary you. Then I'll pay a yearly fee for as long as I live.

Edit: until you start to act a fool. If you do then you're out. Can someone please create this product?


I truly, truly do not understand what is going on here at HN.

2 weeks ago mozilla deactivated by super-incompetent accident all of their security add ons and required a completely opaque 'studies' tool to push an update.

With the security features deactivated tons of people who need to get work done or didn't understand what was going on used the web with all of the tracking features turned on, no doubt allowing tons of previously anonymous stored data on users to be de-anonymized. They don't have to be able to track everyone all of the time, you just have to really get a unique identifier on the browser tracks left in the databases. Many FF installs in linux distributions ceased to function at all.

These simple observations went hardly remarked on HN.

BoingBoing.net which has previously covered security issues well, somehow did not notice/report this event, which stands out in recent memory as one of the worst privacy catastrophes. An inquiry to Mr. Doctorow himself in regards to this, as well as why there is still a tracking F on the page in 2019, has gone unanswered.

Now, a month later, without any further discussion of this event, Firefox wants us to trust it to single-handedly defeat tracking with a single new catch-all feature.

On HN, top rated comments, rather than expressing skepticism and asking for details, are about a completely different browser, Safari.

Perhaps the best comment after the firefix addon-aggedon noted, FF does not have to have a studies feature, it does not have to push automatic updates, it does not have to have a single signing certificate for all of the add-ons which creates a single point of failure. This line of inquiry is devastating to the true nature of mozilla and the loyalties of the individuals behind this code.

I am posting this as a response to the lowest rated, yet in my opinion best comment in this topic, hoping that other people who notice the complete distractions and consensus cracking going on all over the place above the fold, will know where to look for someone saying something intelligent about the situation.

And so this: the problem is not the computers and the software, it is the nature of these institutions and the people in them. Semi-corporate half-charitable, expansive things like whatever Mozilla is lend themselves easily to the same sort of infiltration and takeover as normal, evil, corporations. Do you not think the fbi, cia, air force and mossad have been spending years getting their agents into the 'key positions' at mozilla? Does mozilla(or canonical) seem to you like an organization who could resist this sort of effort?

It is now obvious that Firefox is run by the enemies of open culture, and having only the choice between FF and Chrome, developed by an even less trustworthy institution, the internet as dreamed of by people who care about freedom and liberty of the individual is in serious trouble.

So the comment to which I am replying is the best, what shape of institution will create software to make the internet open and fair, and facilitate free speech without infiltration and subversion by spies and paid propagandists?

Why can all of the kings horses and all the kings men not create a functional browser that doesn't publicize reading habits and de-anonymize with extremely obfuscated input analysis, if not outright keylogging and password theft and intentional malware backdoors?

The browser has replaced the television for most people, if you haven't noticed, so this is important and how discusion platforms like hackernews deal with the discussion of this, reveals all we need to know about the institution and individuals behind hackernews.

Something is rotten here and it could not be more obvious to anyone still capable of independent thought.


Please tell me I'm misunderstanding something! By enabling by default the blocking of those third party scripts: https://disconnect.me/trackerprotection/blocked

This Wil have three consequences: Many websites will partially break? Which ones? webmaster will lack many data necessary to understand what users do on their platform, where they missclick, what they don't use etc, thus diminishing the ability of webmasters to make great products. *the most dramatic one: People will see ads but the owner of a website will no longer earn ad money, because those are the third party scripts that allowed to prove to the ad platform that a user had effectively seen X ads.


Webmasters should have thought of that before littering their website with hundreds of off-site scripts and packaging all data and behavior and sending it off to dozens of tracking companies.

"great products". Yeah, websites used to be much, much better before loading every bit of text with a remote javascript.

Here's a behavioral data point: Go back to making good websites and stop leaking private data everywhere. That's a great product.


>loading every bit of text with a remote javascript.

This update is only about a select list of "bad" domains, though. I don't think most users would want to block literally all third party scripts (Source: I use uMatrix set to do that, and every other site I visit requires a complicated ritual of unblocking layers of scripts, frames, and XHR. Don't even get me started on static sites that display blank without scripts from a dozen CDNs. At least it's a good opportunity to rethink if I really want to go there)


What good is blocking google tracking subdomains while neatly packaging the exact same data and sending it off to google cdn and tagmanager?


My website is broken by this feature [1]. It does not leak private data, as Mozilla devs said here [2]

> According to the original screenshot in the thread, your web page is sending an HTTP request to https://www.reddit.com/api/v1/access_token. If the user has previously visited reddit.com, this request will include the user's reddit cookies normally. Also, the HTTP request I mentioned before has a Referer header that points to the address of your web page by default in most browsers. So Reddit will be able to tell which user has visited which page on your site. In other word, Reddit will be able to see the user's browsing history, as if they had access to the user's computer.

> Note that nobody is blaming you or your site here.

[1] https://revddit.com/user/rhaksw

[2] https://groups.google.com/d/msg/mozilla.dev.privacy/XO84Ezrw...


I don't get it. The Mozilla dev explained, as you quoted, that the API access sends the reddit cookie to reddit while not being on reddit. That's leaking private data. "In other word, Reddit will be able to see the user's browsing history, as if they had access to the user's computer." You know who owns reddit, right?


> the API access sends the reddit cookie to reddit while not being on reddit.

A few things,

(1) Why does it matter in this case? Under what scenario can you imagine reddit abusing the knowledge that certain users are reading metadata about reddit accounts off-site?

(2) It seems to me Firefox could selectively choose not to send cookies and the referrer header in this case, rather than rendering entire sites broken. In that manner, sites accessing social media APIs can function, no data leaks, and everyone is happy.

(3) Hundreds of sites are broken like this. An issue tracking them has been open for 5 years [1]. The list used to identify "tracking" websites is huge and not maintained by Firefox [2].

(4) Due to this list, it is virtually impossible to build a web service that queries any social media site and runs on Firefox under default settings, significantly handicapping apps that can be built. Devs' recommendation was for me to move the code to a server, which would be expensive to maintain and would limit usefulness to users by obscuring code and introducing per-IP rate limits from the external API, in this case reddit's.

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1101005

[2] https://github.com/disconnectme/disconnect-tracking-protecti...


I would argue that 99% of sites sending cookies and personal information to social media do so for tracking purposes.

You may be the exception. But its a privacy tradeoff that benefits the majority.

And let me say: if webmasters had shown any respect for privacy in the first place, maybe this would not have occured.


> I would argue that 99% of sites sending cookies and personal information to social media do so for tracking purposes.

You could click on the reports on this page [1] to find out which sites are broken. Maybe I'll do it when I have a chance.

Any site that uses an API published by one in the disconnect.me list is rendered unusable. That list is 3,000 domains long, so even if there were only an average of 1 legit non-tracking site accessing each domain, that's still 3,000 broken websites.

> You may be the exception. But its a privacy tradeoff that benefits the majority.

I don't know that a tradeoff is necessary. It seems to me it would be possible to not send cookies for the 3,000 domains in the disconnect.me list when tracking protection is enabled.

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1101005


> Many websites will partially break? Which ones?

You can get an idea of which sites are blocked by reviewing the list of blocked domains [1] (this includes many APIs, such as reddit.com) and a 5 year old issue where people post websites broken by tracking protection [2].

[1] https://github.com/disconnectme/disconnect-tracking-protecti...

[2] https://bugzilla.mozilla.org/show_bug.cgi?id=1101005


Sorry, but as a web user I never signed up for stalking by site owners, nor did I sign up to be stalked across sites by their advertisers. I certainly didn't sign up to let you co-opt my computer to do this.

You're going to have to live with it. Get some beta testers onboard maybe.


Actually you did, because the world does not exist to serve you, it's a mutual transaction between two parties. Websites need to make money and understand how users are using their service so they can survive and improve.

99% of the data anyone is collecting which you call "stalking" is either available in server logs or could be easily modified so that it was. I guess you might just have to stop using the internet.


Actually I didn't, because it's my device and it will operate how I see fit. This includes not being coopted to spy on me. My only 'contract' with the other party is that I requested some information, and they supplied it. I can render it how I see fit, or not at all.

Websites can find a way to operate without this information stream or go bust, it's no skin off my nose one way or another.

> 99% of the data anyone is collecting which you call "stalking" is either available in server logs

It's very unlikely that server logs will be able to contain mis-clicks and behavioural analytics to the same extent that analytics services use.

> I guess you might just have to stop using the internet

Or, you know, do exactly what the post I replied to was complaining about and use a browser that takes steps to protect my privacy, various blocking plugins etc etc


If you're not paying (via ads or otherwise), and you're actively trying to block analytics which make services better, then you're a leech that should not have access to the content/service.

Fortunately blocking the Firefox agent for non-paying users is easy, as is detecting the blocking of these scripts in the case that you try to change the user agent.


That's fine, block me. I'm not interested in your service anyway if you think you have the right to track everything I do.

I'm perfectly happy with that arrangement. I think we ought to make it even more explicit so that folks like yourself get the message. It's my computer not your remote terminal.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: