Protip #2, for what cant be traced using conventional methods, they will use fingerprinting and those add-ons take care about most common methods of fingerprinting - canvas, webgl, fonts and audio:
I would really love to have more addins like this, doing one thing and doing it good. They will kill fingerprinting and as a proof, I was downvoted the next moment i posted the links in another post but I want you to know there is a way out.
While these addons may help against help prevent some fingerprinting attempts, they do not adequately reduce the fingerprint to be non-unique. They certainly won’t hurt, though (many websites just take a hash of the canvas).
It’s very difficult to have a non-unique fingerprint. Your browser would have to be the exactly the same as a bunch of other people. At the moment (AFAIK), this is only possible with Tor (all Tor users have the same browser fingerprint.)
You don’t have to worry about this too much, though. Firefox and uBlock Origin blacklist many fingerprinting scripts.
I use it as a benchmark for how well my blockers etc. are working. Yes you are unique initially but you can then tweak everything until you start becoming less unique.
For things that should always be unique (like a canvas fingerprint), just make sure to randomise it each time.
Basically, you want to appear as mundane as possible (user agent, screen resolution, fonts, platform etc.) and be able to change on demand as much of the remaining entropy (as is feasible) that would normally be expected to be unique.
I wish this was helpful, but amiunique.org calls out the values for canvas, fonts, etc. as unique when running the blockers. Maybe this is because it's randomizing every time, but it makes the amiunique test pretty flawed...
amiunique.org is just a database of fingerprints (size of which is governed by however much traffic they get).
If you're showing up as unique it's either because:
1. your blockers are randomising each time
2. your blockers aren't blocking everything and what's left is still enough to uniquely fingerprint you against the database of fingerprints they have.
If it's 1 above, that's fine. If it's 2, you may need more (or better) blockers.
Also, it obviously helps from the get go if you're on a bog standard platform like Windows and using FF.
Protip #3: when all else fails, they will use your IP address to target you.
E.g. I usually use Firefox with NoScript. I frequently exit Firefox; when I do I clear everything using "Clear history when Firefox closes".
When I want to visit a site that requires JavaScript I switch to Safari. I'm just as aggressive in Safari in clearing my history.
Consequently, about the only ads I do see (in Safari) are clothing ads for teenage girls. I have two teenage girls, they have their own computers, so it must be the shared IP address.
So far it hasn't been worth the hassle for me to switch to a new IP address from Comcast more than about once a year. By default my firewall asks for the same IP address and even if it didn't, Comcast will use my firewall's MAC address to give me the same IP address.
Protip #4: I use Forget Me Now to whitelist sites I want to save cookies for after closing tabs. You'd be surprised how few websites you actually need to save cookies for. I thought it would be way more hassle than it ended up being.
Yeah. I use Temporary Containers to do the same (with permanent containers as my whitelist). I also have 3rd party cookies blocked entirely. Recently I also set uMatrix to block 1st party cookies. Yes, I need to re-enable them relatively often, but I've been surprised at how often I simply don't need them.
Firefox by default doesn't block canvas fingerprinting, that's a setting you need to enable in `about:config` under the `privacy.resistFingerprinting` section.
Google captcha works by uniquely identifying you. The easier Google can track you the easier your captcha. That's why it's nearly impossible to solve captcha with resistfingerprint on (ie tor mode)
By tracking you, they can remember that you are not a robot. As much as I dislike tracking, I don’t think having the captcha be always hard would be all that great either.
Ideally I’d like to see fewer captchas. But there’s no good alternative to it really. I mean, requiring phone verification instead is an alternative. But I don’t necessarily want to hand out my phone number to each and every site on the net that I interact with either.
The parent used wrong phrasing but it's real. The captchas don't become harder to solve but longer. If Google detects you're blocking trackers (or possibly cookies) it will throw at you an huge number of captchas until you give up. Imagine having to click like 12 panels of street lights, cars, bicycles, trucks, buses, etc. sometimes multiple times. This is getting out of control, really. I miss so much the Web 1.0 from 1999.
What I do on captchas is to hit the skip button until it would prompt you to verify. You can try if this could help. Captchas should be tone down to something bareable. I even got to a point that I'll drop the site because of this.
the worst part is when cloudflare puts you on their shitlist and you have to fill out these dumb captchas for 6 minutes before you can even access just about half of the sites on the internet
I use Firefox with all the privacy stuff turned on. I have to do multiple, difficult recaptchas all day. I've even missed out on Yosemite campsite reservations because of the delay from all the captchas presented to me when trying to book :(
That's the sad thing. We are getting to a point where software that would be used by malicious actors, is required by normal legitimate users because of how broken the web is.
Instead of resisting fingerprinting and suffering captcha everywhere, can't FF feed false data into the fingerprinting "sensors" so that it will change every time ?
I've wondered the same, the answer seems to be maybe, but the challenge is doing so in a way that doesn't blow up normal webpage functionality.
For example, a fingerprinting script might try to measure the viewport height and width, calling on window.height can give it that info, but if Firefox were to fake that info when a friendly script calls for it, the page might try to reflow to the new size, etc. All kinds of desired behavior can use these same values, the challenge is determining whose a bad actor.
I used privacy.resistFingerprinting until I realized that was the reason websites were displaying times incorrectly, as they receive the default timezone value of UTC - [0] - and I couldn't find a way around it.
That's a feature, not a bug. Your time zone is one of the ways you can be fingerprinted.
That said, it wouldn't hurt to split it out into a different about:config preference. I'd probably disable it since I don't use a vpn so my time zone can be deduced from my IP anyway.
I know it’s a feature, but even sites which allow you to set a timezone (eg Slack) still displayed times incorrectly. It was a tradeoff I was not prepared to make.
If you’re considering resistFingerprinting, you might be better off using Tor Browser, which maximizes fingerprinting protections regardless of breakage to websites. I believe that the Tor folks share patches sometimes that get integrated into the Firefox rF pref, but you would only want to enable rF if you’re looking for the best possible protection regardless of other desires (such as addons or fonts or being able to access all websites), and for that, there’s Tor Browser.
(Or, if you’re just interested in helping advance the anti-tracking ecosystem! In which case you can test resistFingerprinting and file Webcompat issues when you encounter them — but be sure to mention that resistFingerprinting is enabled or your issues will probably be closed “unable to reproduce”.)
You're right, a lot of the resistFingerprinting features are being uplifted (with some modifications) directly from Tor. There are a couple ways of looking at this, and more than one of them are valid.
The first is, like you said, that resistFingerprinting can be kind of a gateway to Tor in general, since Tor will do everything resistFingerprinting does, and better.
The second is that uplifting Tor features to "normal" browsers and allowing "normal" users to enable them makes it harder for website operators to say, "well, I don't need to worry about this because it's just Tor users and they're all criminals." Right now, enabling these features in Firefox will result in some website breakage, but as more people say, "well, this is a mainstream browser thing", maybe more website operators will start to accommodate the protections.
I think there's value in continuing to blur the line between Tor and other browsers, if only to push the idea that the kind of privacy protections Tor offers should be available to everyone across multiple browsers. Not to mention that it's nice to be able to take advantage of a few Tor features while still getting stuff like fast video streaming.
But agreed, there's definitely a continuum here, and it might be valuable for some people to explore farther down it.
I've used DDG for about a year straight now, it's adequate but I find myself needing a !g at least once a day. Searching DDG for error messages & recent events from the news tab are really lagging behind what Google provides unfortunately.
I use !sp if I want to see Google results. I only use it two or three times a year for critical searches that I want more than one result set for but it may suit your needs. Google News is pretty good but I prefer Inoreader anyway, !ddgn is usually good enough for me, for specific news searches.
Increased captchas, sometimes sites will also break for non-obvious reasons (usually because you need to flip the setting that enables canvas data reading to the left of the URL bar), your time zone will be set to UTC on every website that you visit.
There are a few ways of looking at the captchas; the optimistic lens is to look at it as a response to people who say that it's impossible to meaningfully reduce fingerprinting. If that was true, Google wouldn't be so mad at me for flipping this setting on.
But it does make some browsing more annoying, especially if you're not technically savy enough to realize what's going on when something unexpected happens. I think it's the right decision for them to have it off by default (at least for right now).
A couple of the less debilitating yet still somewhat annoying downsides I've found:
If you have the "restore previous session" option enabled and have grown accustomed to Firefox remembering all the windows you had open before, you may find it annoying that it no longer remembers the size of your windows; it just puts them to the default size. Although now that I think of it, this might possibly be specific to the X11/Linux version, as other window systems might handle window size in such a way that it's not affected by this.
Also, if you like having websites automatically detect if your system uses a dark color scheme and adjust their CSS accordingly, that no longer works. Again, speaking from an X11/Linux perspective here.
This was infinitely more annoying to me than the endless captchas since due to age and my eyesight getting worse I have different zoom settings for pages I visit.
Besides captchas, I mostly have issues with trying to watch content from tv channel websites. Especially when trying to link a channel with a cable service.
extension is able to block most of the fingerprinting attempts. If you guys know about better "plug-in" solution, please let me know.
I don't want to sacrifice basic comfort of browsing though, like disabling .js, wiping everything on browser restart or diddling with uMatrix on every website.
I made a nicely written comment, then accidentally deleted it, so here's the super pithy version with examples omitted, since I don't want to retype on my phone.
I use uMatrix with strict defaults for privacy. I agree diddling is annoying. I find diddling with sites more annoying.
it does make you appreciate it a lot more when someone has their shit together, if the site works with noscript and doesn't pull in scripts from 20 different hosts
Yes, and it pushes me to seek out and use those sites more. For example, sticking to old.reddit.com rather than mucking around trying to get the redesign to work.
I was super impressed with https://shop.balance.com/ recently (actually the site is run by worldpantry.com) — I made it though the entire checkout flow with no js and no third party resources. An e-commerce site!! They're normally the absolute worst.
"They will kill fingerprinting and as a proof, "
No they don't. But they help a little.
Here are some of mine in my privacy browser:
BP Privacy Block all Font and Glyph Detection
Canvas Blocker
Clear URLS
Cockiebro
Decentraleyes
I don't care about cockies
NoScrupt
Privacy Settings
Privacy Oriented Origin Policy
Startpage
ublock origin
WebTRC Control
HTTPS Everywhere
And as a bonus, not really related:
Bypass Paywalls Clean
Also use a host file manager. I use host flash
Most important thing: use many many browser.
I have chrome for Facebook, Banking sites and Booking travel tickets
(Trust me, you don't wat to do this with you privacy broswer).
I have chromium for gmail
I use firefox with all the plug-ins for webbrowsing
opera with build in VPN for some other stuff (carefull, owned by Chinese)
Vivaldi
There is also blue moon. There are many browser out there. Another option would be to use virtual machines with seperate VPNs.
Even less data if you use uBlock Origin and possibly uMatrix (which is very high maintenance, but also reveals the utter insanity of the web).
Without an adblocker the internet is such a slow heap of trash that I'd never go back to not using one. This is also one of the main reasons I use my iPhone so little, since it doesn't really have any way to adblock.
The only downside is that product managers who rely on third-party analytics to decide what platforms are relevant will never see Firefox+uBlock users as relevant. I've had to argue this at multiple companies; fortunately at some places multiple developers used uBlock so it wasn't as hard as making the case alone.
> fortunately at some places multiple developers used uBlock so it wasn't as hard as making the case alone.
Is adblocking not common? Every tech literate person I know uses an ad blocker. I'd say about 30-40% of millennials I know use them, most using ADB or uBlock Origin.
Every time I see someone using a browser with ads I forget what a nightmare the internet is.
Anecdotal, but I've pushed close friends who are reasonably technical to install an ad blocker. Without my urging, they wouldn't have had one at all. When I come across someone who doesn't adblock, it surprises me, but it really shouldn't, as it seems most people don't have an ad blocker.
I still don't use an ad blocker. I know all the arguments for ad blocking and I agree with many of them. I know what difference it makes in terms of performance and annoyance.
But I just can't bring myself to indiscriminately block all ads, knowing how important they are as a funding source for the websites I use.
There's only one thing that destroys privacy even more thoroughly than ad targeting: payment.
> There's only one thing that destroys privacy even more thoroughly than ad targeting: payment.
Can you expand? Because I disagree. I would rather a company have my name, payment info, and email address than all those things plus other personally identifying information. I feel like a payment model decentralizes the issue and that I would not be tracked around the web. I don't need the WaPo to know the other sites I've been on, what my political affiliations are, my age, gender, etc. This is because I don't see the issue as companies know who I am, but rather that I don't like that companies have intimate details of who I am, or maybe more simply put "who I am vs what I am." To me the latter (tracking) is invasive, the former (payment) is consensual. As one might say "just shut up and take my money."
But I am open and interested to differing opinions.
Subscription based services can do everything that ad funded services can do, but on top of that they can irrefutably link my real name to all of it, which makes their data even more valuable.
I don't know many subscription based content publishers that promise not to monetise what they know about me in all sorts of other ways. I do have a newspaper subscription. That doesn't stop them from showing me ads or using ad networks and trackers. Payment networks and banks monetise my payment data as well.
Even if a particular publisher is willing make such promises, I wouldn't have much confidence in their ability to keep my data safe.
So the upshot is that I simply don't want my real name irrefutably and permanently linked to everything I read, write or watch.
What ad neworks know about me is extremly patchy. Every time I see what they think about me I wonder who on earth would ever consider paying them for that rubbish. But that's not what it's about. All they need to be able to do is make predictions that are slightly better than random guesses.
So I do agree with this. But if it is an OR based situation I am less concerned with the subscription based model. When it is "don't pay for service and pay with my data and attention" vs "pay for a service and pay with my data" I tend to boycott those because they are doing the worst of both worlds (IMO).
> There's only one thing that destroys privacy even more thoroughly than ad targeting: payment.
I disagree with this. Maybe you can elaborate?
If I am paying for a service then there is no incentive to mine my personal data for revenue. It's a mutually beneficial transaction. And there are plenty of ways to hide your personal information (even your name) when paying for something (e.g. using a service like privacy.com).
My understanding is that the mentality is "they paid us, we have their data, we're keeping it for future leads, we could get a new line of revenue by turning that into a product."
I don't know much about privacy.com because it's not available outside the US. Knowing a bit about the legal side of payments I doubt they can promise anonymity though. They're just not passing my identity on to merchants as I understand it.
I doubt that there will ever be a widespread, convenient way to make anonymous electronic payments. The authorities would never allow that to happen (for understandable reasons I have to say).
Incentives are not working at all. Lots of services I pay for go to great lengths to squeeze even more out of that customer relationship. And how could I possibly trust a large number of small companies I know very little about?
I assume the meaning is that if you pay a site, they know exactly who you are; not just a cookie ID, but an actual credit card transaction with a real name attached.
If you pay for a service there's every incentive to mine your data - you proved you have the money by paying for a service, thus your data is much more valuable comparing to Joe Schmuck who doesn't pay.
I also don't use an ad blocker. I don't mind ads (for the most part), and I like that they support the content that I use.
I try to minimize ad problems by using containers and profiles. I have a Facebook-only container and Google-only container and never login to either in any other container. So far this approach seems to work for me.
Look into Brave, then. The ads are less annoying, do not invade your privacy and you can contribute anonymously to any site that is a registered publisher or content creator. They will certainly make more money from you if you do that instead of going through all of the middlemen involved in ad-tech.
Also important: start asking websites that need to take payment to provide a cryptocurrency alternative. Something based on Ethereum blockchain preferably, given that is possible to easily get stable-tokens (meaning, no volatity risk) and that is on its way to get rid of Proof-of-Work.
The ad-based economy needs to die and we already have the tools to kill it. All we need now is to stop with the excuses and take action.
Maybe I don't understand Brave well enough, but wouldn't I just help create another all powerful gatekeeper?
I don't believe cryptocurrencies will work. As soon as they become widespread they will be banned or regulated just like other forms of electronic payment, including know your customer rules.
For the moment, I don't see that we really have the tools to replace ads, much as I would like that.
> wouldn't I just help create another all powerful gatekeeper?
No. The biggest claim of Brave is that all of the information for ad matching is in the browser. So they can not control it. The only thing that Brave can control at the moment is the on-boarding ramps - i.e, if you want to take your BAT out of their wallet and to your own, you need to go through KYC via Uphold.com. But you can pay and contribute BAT to other people even if you haven't done KYC.
Even in this case, the KYC that needs to be done is only with Uphold. After you take out your tokens you are free to spend them however you want and no one will ask you anything.
> I don't believe cryptocurrencies will work
They already do.
> regulated just like other forms of electronic payment, including know your customer rules.
Even in this libertarian nightmare that you are imagining, crypto would more likely help you to keep your data away from businesses and third-parties. If every transaction needs to be authorized and monitored by the government or central authority, then there is no need for the business to collect any information from you - all they would need is to ensure that you are sending your payment from a government-validated address.
Governments don't do that today due to the sheer costs of trying to run such an operation. But tracking things on the blockchain is reasonably easy, so there would be no need for banks and third-parties to do the dirty work for them.
On the publishers? I honestly don't see how they would. As far as I know, they are blind on all transactions and none of their channels that publishers can use to register to receive BAT have any kind of declared ToS.
In any case, it seems like you are just looking for a way to rationalize your current behavior. I only mentioned Brave because it is the first strong offering for an alternative to the ad-based economy. If for whatever reason Brave stops being a valid alternative, there is nothing holding you to it. Why not try it for yourself?
> In any case, it seems like you are just looking for a way to rationalize your current behavior.
Not in the least. I find ads annoying and I don‘t have any skin in the game when it comes to advertising. But it‘s not a matter of simply trying Brave. I want to understand how it works for users and also for publishers. And I want to understand how it is not a proprietary system with a gatekeeper role as a structural feature.
Their advertisement network is only one and the browser gives them some leverage, but there is nothing stopping someone else to create a similar alternative. Brave already has been forked (Dissenter Browser) that remove the BAT side of things. Outside of the potential mooning of the token which would make them rich, I don't really see anything they have that gives them such a dangerous moat.
Hell, a competitor could even decide to have an advertisement network that also operates with the BAT supply that has been taken out of the exchanges. If for some reason the company starts doing anything user-hostile, they will lose the business to someone else.
The only important thing is that anything is better than the status quo. If you are weary of Brave, you can go for something like flattr, or you can start looking into crypto as a way to pay directly for those you want to support (and still keep your privacy). Whatever you decide, just please realize that "I don't like ads, but I don't see any good alternative" is not a valid statement anymore.
>Their advertisement network is only one and that uses the browser, but there is nothing stopping any one else to create a similar alternative.
Does Brave support a way for other ad networks to integrate into their BAT system? If not, any competitor would first have to popularise their own web browser.
There is no "their BAT system". It's all on the blockchain.
BAT is just a token like any other on the Ethereum chain. The "easiest" way to acquire at the moment is by using the Browser and setting up the wallet, but if you don't want to that you can just go any exchange and trade it. Or you can have a website and accept it as payment.
I am sorry if I made you on focus on the specifics of Brave when the point of my original post was to say that there are alternatives nowadays for ads. Alternatives that may not be perfect, but that do work and are better than the status quo.
In any case, I think that the best way for you to understand how things work and make sense of what I am saying is if you try it yourself. You can start by using Brave on your phone to replace Chrome or Safari and get a feel of things, see how the rewards system work, etc.
> There is no "their BAT system". It's all on the blockchain.
What I mean is Brave‘s specific Browser integration that creates a compensation scheme for publishers. I would only support such a system if it doesn‘t put Brave a privileged gatekeeper position.
I’m not sure which other alternatives you‘re talking about specifically, but I have explained many times elsewhere in this debate why I see subscription based services as an additional loss of privacy and why I don‘t believe that there can ever be a widely used general purpose system of anonymous electronic payments.
But I do believe that a Brave style system could work if it can be structured in away that does not allow one company to impose content restrictions.
There is nothing stopping other browsers to adopt it. There is nothing stopping other companies to create a similar alternative. There is nothing stopping a publisher to get an advertisement deal and place an ad on their website; as long as it does not use third-party cookies or tracks you in any way, it won't be blocked.
> subscription based services (...) loss of privacy (...) there can ever be a widely used general purpose system of anonymous electronic payments.
Look, I am not trying to sell you anything ok? I don't work at Brave and I am not interested in doing shilling for any specific cryptotoken. It's okay if you want to say "I don't want to pay for content that I am now getting for free. It's also okay to say "I don't mind having my data exploited in exchange of a few dollars that can go to content producers and publishers".
The only things that you are saying that are total BS is that (1) ad-tech is less of threat to privacy than a digital economy based on crypto and (2) that no alternative currently exist.
Your argument against usage of cryptocurrency for payments is just concern trolling. You are presenting a very, very unlikely hypothetical (companies might be required to collect user data to accept payments) in order to justify the status quo. Likewise, you are making these near-impossible demands from a company that has a fraction of the market share on a trillion dollar industry while having no qualms with all of the ethical violations from the dominant oligarchy. Again, concern trolling.
Why don't you stop accusing me of things I never said and never remotely intended to imply?
I'm not accusing you of anything either. I wasn't thinking for a moment that you were trying to sell me something or that you were shilling.
It's a simple disagreement. I'm unconvinced by the case you're making for specific alternatives. That doesn't mean I'm happy with the status quo.
You have said absolutely nothing to show that Brave would not be in a position to impose content restrictions if their system turned out to be successful.
My concerns about cryptocurrencies are anything but hypothetical. The authorities are extremely jumpy about cryptocurrencies. Regulation is already well under way. There have been crackdowns on crypto exchanges all over the world. Banks are suspending accounts left and right. I was personally invited by the local tax authorities to take part in a consultation on the subject.
And have you not noticed what happened when Facebook threatened to introduce a payment system that only so much as mentioned the word cryptocurrency? It was absolutely crushed before it even got off the ground. Granted, a lot of the concerns were related to Facebook's oligopolist status. But there were also huge concerns about the possibility of widespread money laundering, tax evasion and funding of terrorism.
What we need is a system that inherently limits the size of any financial transactions that a single party can initiate. That is very difficult to do while guaranteeing anonymity.
Let's not accuse each other of bad faith when what we're talking about is simply a difficult problem that many have tried to solve with very limited success.
The only problem is that your default position is to keep accepting the status quo. Looking into any alternative is a free option. It doesn't cost you anything and you can always go back to the default position if it doesn't satisfy you. So, if you are not happy with the status quo, just try the alternative (any alternative!) and see for yourself where its limitations and problems are.
> The authorities are extremely jumpy about cryptocurrencies. Regulation is already well under way.
Regulation already exists. It is due to the regulation, for instance, that Brave requires you to do KYC if you want to get the money out of their wallet and into your own. It is due to regulation that exchanges that do not comply with the law are getting crackdowns.
This is not an argument. This is FUD.
> Let's not accuse each other of bad faith when what we're talking about is simply a difficult problem that many have tried to solve with very limited success.
If the status quo was not harmful for society as it is, I wouldn't be nagging you about it. But this whole thread started with you claiming that accepting ad-tech's destruction of privacy is less of a problem than any alternative proposed so far. This is not a "simple disagreement"; it's plain wrong.
I'm not saying that the status quo is better than all imaginable alternatives. I'm saying it's better than the alternatives that are effective and widely available right now.
In my view, the status quo of ad funding is very annoying and somewhat harmful, but it is far less harmful than the app store model, which is pure oppression.
That's why I tend to be sceptical of any new scheme that once again puts someone in a gatekeeper role.
With regard to any widespread rollout of cryptocurrencies for anonymous payments you're going to have to accept that I'm pessimistic. You can call it FUD all day long. That's just aggressive rhetoric that adds nothing to the debate.
"Annoying and somewhat harmful" does not even begin to describe the problem of the ad-based economy.
It's not that hard to make the argument that the moment that it became normal for websites to rely solely on ads for its revenue was the moment that we subverted a lot of our cultural institutions.
It's not that hard to make the argument that the rise of populism and extremist politics is rooted in this "eyeballs is all that matter" mentality for publishers.
It's not that hard to make the argument that ad-tech is making so many people addicted to our tech gadgets that its damage to the general public health is going to make Tobacco companies look innocent by comparison.
If that is not enough for you, take the amount of fraud and the amount of money that goes from advertisers to the pockets of the big ad companies and I hope you realize how ineffective it is.
> That's why I tend to be skeptical of any new scheme that once again puts someone in a gatekeeper role.
We are going in circles now. Again, there is nothing about Brave and its ad network that can not be replicated by any one that decides to compete with them. It's not like an "app store". The ads are optional, you joining the rewards program is optional. If for some reason someone else decides to create a competing ad network, it could run either as a fork or an extension. I fail to see what is so potentially evil that they can do that is worse than the evil that is currently done by the status quo.
Not GP, but I don't block youtube and I block most other stuff (because uBlock Origin blocks be default). Google is probably the most likely to track more info about me, but it's also obvious that the ads played factor into the money the content creators get, and I felt bad after a while of blocking their revenue stream.
It's also got me really close to paying for YouTube red, which is the other option,and o e I wouldn't consider without the annoyance of ads.
It's a wide variety of sites. Local news, tech news, science mags, other special interest sites, porn, discussion forums, Q&A sites, some social media. It's impossible to list them all.
Essentially, it's the great variety of what's available on the open Web that I don't want to lose. I don't want everything to become one big app store with all its suffocating narrow-mindedness and oppressive control freakery.
Would be way too hard to solve something like that with subscriptions.
Maybe one day, concepts like Brave Rewards or Google Contributor[0] will actually work... No idea what it'd take for those to reach critical mass, maybe government intervention.
That's basically my position as well. I don't like ads, etc., but I don't run an ad-blocker. I did briefly have on installed, before browsers got better at preventing auto-playing audio though. That annoyed me enough to tip me over the edge. Now, it still happens here and there, but it doesn't seem to be as prevalent.
I wish we could block targeted ads, and just those. I know that almost all ads are targeted today, since they're oh-so-much more effective (according to ad network operators). At least, we should make a distinction wrt targeted ads vs content-based ads in discussions on HN.
This is a big part how I feel. I do not mind ads in the way DDG does them or how my podcasts/YouTube (as part of the video, not YT ads) do them. Even though these are target, based on search criteria or an interest given the specific podcast/video, but I feel uncomfortable being tracked around the web and being served ads that way. I believe there are also a lot of ethical questions about how they are used. [0]
Actually this debate came up so often they added a special telemetry coverage extension that ignored telemetry disabled status (to great uproar) on 1% of users and reported back the number of people with telemetry disabled. As expected "more than a handful" actually turned out to be "a vocal handful" out of the 200,000,000 MAU pool.
Also those that disable telemetry after starting Firefox still sent telemetry. Mozilla only promises to delete it after 30 days not that they don't generate a number that says what % new installs in the last month disabled telemetry (though they don't publicly report this to my knowledge).
So that leaves those with whitelist only firewalling or similar measures that I (hope?) we can all agree isn't going to swing these numbers at any interesting digit position.
I'm tech savvy (software developer for 15+ years) but I used to be a web journalist in my early days and I can appreciate the need of ads. So I wouldn't block ads until a year age or so. But I'm still very conscious of pages I visit, whether I want to give them eyeballs or not (POS at NYT are in the "not") and I exempt many pages from ad blocking.
Not everywhere, I'd say it's common within specific crowds.
At my company people are either don't know about them, or actually fundamentally disagree with their purpose. (No, it's not an AdTech company, before anyone asks)
But is it a software company? I can understand the disagreement, but with the state of things it is just atrocious. I'd be fine if things weren't so invasive and were clearly ads. Pop ups, pop unders, dark patterns to cause clicks, flashy images on text pages, malware injection, 10x page load times, etc are all reasons why I personally can't stand it. It just feels like they are trying to trick me into seeing their product instead of trying to generate real interest. Until then, I personally can't support it.
I don't think most people minds ads, such as on TV, but everyone hates the ad that is 10x the volume of the show and that's how the internet feels to me currently.
Is that true? I despise ads and the entire advertising industry. I would wear special glasses that would block billboards from my vision if they existed. I pay extra for the ad-free version of Hulu. When I'm at someone's house and they have cable and the TV is on, I find ad breaks incredibly jarring.
Am I just an extreme outlier? It would make me sad for humanity if that was the case. Not minding blatant emotional manipulation in your face all day seems... not great.
I think it's more that they've been conditioned to accept ads.
if you spend a significant time travelling through rather diverse countries, one of the first thing that hits you is different laws and norms around what can be advertised and where. moving through dictatorships and seeing elections is eye opening in its "weirdness". as a non American, visiting America and seeing laws, flags, billboards and medicine advertising is weird.
anyway, my point is, if you haven't been brought up with it, you see it for what it is, and normal becomes what you experience every day. one you spend a few years ad free, it's incredibly hard to go back, it's really jarring, and you see advertising the same way you see plastered images of the dictator in absolutely random locations when you visit other countries (and there's a good reason for that, because they're fundamentally the same thing).
To be clear, it is about the type and frequency of ads. I don't live in a place with a bunch of billboards, but whenever I drive through the Bay or LA it is jarring. Same when I watch YouTube on my phone. So it a big part is how they are used and implemented. For example, I don't mind the ads when listening to podcasts (I couldn't care less that rocket mortgage wants to tell me about themselves) or DDG's sponsored links. These do not feel invasive and since I am using a free service I can accept the payment of my time/(half-assed)attention as a means of funding the service. It is this type of advertisement that I do not think the general populous minds (as a form of payment). But I am not comfortable with ads outside this scope (tracking, individualized, etc).
And I do like to pay for services to bypass ads even though I use ad blockers that mitigate them anyways.
Yes, it is a software company. And I personally agree with you, I'm just stating that not everyone does (to my eternal frustration, perhaps, but I can't impose that on others)
Percentage wise adblock users or Firefox users total to about 10% of users so it really depends on the target user demographic to say whether or not you need to specially account that those users aren't being reflected. Coding tools probably. Game for a social website probably not.
Also depends on the financial model, if it's primarily ad based then the group of users you don't have good ad data for isn't something you should care about either.
I've run both Google Analytics and my own back-end analytics on the same site and found GA missing over 1/3 of my total non-bot traffic. Most of that traffic was Firefox.
Would be curious which site that was and if it falls into the target demographic stuff mentioned.
Also to note the above % for FF share isn't just from 3rd party analytics anyways, places like Wikimedia report similar numbers. Different services different amounts but again, target demographic usually and not by much unless it's extremely tech niche or something.
While that number may be true you have to keep in mind that more than 50% of global FF users are based in DACH and by extension the rest of German speaking Europe (i.e. Liechtenstein, Luxembourg, Switzerland).
Ignoring that the DACH region only has ~100 million people and that if every last man woman and child were monthly FF users it still wouldn't be half of 210 million users... according to Mozilla's own stats at https://data.firefox.com/dashboard/user-activity
regional MAU is:
10M Brazil
13M China
12M France
20M Germany
12M India
9M Indonesia
6M Italy
7M Poland
7M Russia
30M United States
It's honestly a bit frustrating how even on HN everyone thinks they know who around the world uses something more than the actual public data on it. On one hand you have people insisting the data is missing huge swaths of people and on the other you have people insisting a region has over half the users when that would be less than half the users according to the very data the other person is trying to say is missing lots of people!
HN isn't the kind of place for your closing comment. Also you replied to yourself by accident.
25% is indeed greater density than 10% and bicycles have two wheels but neither has anything to do with making "50% of global FF users are based in DACH " anywhere near an accurate statement.
>but neither has anything to do with making "50% of global FF users are based in DACH " anywhere near an accurate statement.
DACH is not just Germany neither is it just Germany, Austria and Switzerland it's the German speaking world (and that isn't just DE, CH, AT, LU and LI either) Those reach nearly 30-40% of worldwide users go look it up yourself.
>25% is indeed greater density than 10% and bicycles have two wheels
Someone seems mad his useless comment got debunked. You tried to "well actually" while not understanding the irony of your own post.
>HN isn't the kind of place for your closing comment. Also you replied to yourself by accident.
That should be a reply of mine to you seeing you are literally just posting for the sake of posting after realizing your argument is beyond useless. Your post could literally have been "I LIKE SPAGHETTI" and it would have contained the same amount of valuable information as it does now.
Safari's content blocker API isn't really comparable to something like Ublock Origin.
It'll definitely help with the web if your goal is just to speed things up and make things look better, but if you're worried about privacy, iOS's browser is going to be less thorough than other platforms. It doesn't even support page-source rewrites, let alone protecting against more advanced anti-adblock techniques like CNAME cloaking.
Funnily enough, this has come up a few times in the context of Chrome's manifest V3 changes, where people have asked why it matters since Safari already works pretty similarly to what Google is proposing. Ironically, the answer is that the similarity is exactly why we know it's a bad idea for Chrome to go in the same direction. Safari has less effective adblocking compared to where the rest of the industry is at.
It's always going to be easier to bypass what is effectively a declarative DNS blocklist than it is to bypass a system that can run blocking logic per-request.
Games for my young kids have terrible ads and finding quality, ad free ads (even paid) is very hard to do. I really wish Apple Arcade would release some early-ed games.
Yes, I switched to it fairly wholesale (1) when the paying plan became available. It is eye opening what all my devices look up in the course of their operation.
1: apps on my Windows, Android, iOS devices along with specifying it as the default nameserver in my routers.
Reading this, I was actually surprised to find that for some reason or other this has gotten a lot better for me during the 2+ years I've been using uMatrix.
At first it's rather annoying to enable CDNs and stuff for the sites you frequent, but mostly I've started noticing that the sites that break for basically no good reason are the ones that a sane person probably shouldn't visit anyway. So maybe it is just that I've started steering clear of those sites.
Also as a side note, uMatrix is awesome. Many times even on HN I'm surprised to find comments complaining about pop ups or something, and realize that uMatrix silently made my browsing actually tolerable.
Oh, people are globally allowing CDNs? This has been a major thorn in my side running uBlock Origin on "medium mode" (block all third-party scripts and frames) for years now, but I figured globally allowing CDNs—or almost any sites, for that matter—was defeating the purpose of uBO medium mode, which is to protect you from unknown tracking scripts, or even worse, objectively malicious unknown scripts. (I say "unknown" as opposed to "known by way of already being on one of the many filter lists".)
I should try globally allowing the CDNs as you suggest and see how it feels. At that point, though, I wonder how much I'll be blocking that won't already be blocked via the blocking lists.
Recipes are sets of rules needed to make a website work. If there is a recipe available for a page you are visiting you will be able to click on the puzzle icon in uMatrix and enable it.
You can install Adblock and Firefox Focus, both of which install a content blocking module you can enable in Safari (you have to switch them on manually).
I seem to remember reading something about a year ago about uBlock Origin being a security concern (like harvesting user data or something). Am I misremembering?
I think it’d be more honest to simply not visit those ad ridden sites.
My concern with ad blocker proliferation is that it invariably leads to paywalled content. Which I’m sure most HN users are ok with, thanks to their 6 figures jobs, but I think it’s a bad thing overall.
Latest Firefox still doesn't protect against browser fingerprinting. This from the EFF Panopticlick:
Your browser fingerprint appears to be unique among the 303,579 tested in the past 45 days.
Currently, we estimate that your browser has a fingerprint that conveys at least 18.21 bits of identifying information.
1. Blocking redirect tracking is about more than just fingerprinting users. I'm a huge fan of Panopticlick's work here, but it's not a be-all end-all measure of whether a browser is getting more or less private. There are a lot of different, complicated things we're talking about when we bring up browser privacy.
2. Disable Javascript with something like uMatrix by default, and that number will drop dramatically. By default with JS disabled, I think my Firefox leaks about 8 bits of information, which Panopticlick lists as sufficient protection.
Major caveat in that non-JS users are likely disproportionately represented at Panopticlick, and people shouldn't use Panopticlick as more than an indicator of what's possible. In the real world, disabling Javascript will leak more bits since fewer other users will be doing it.
However, it's still likely worth doing if you can tolerate the inconvenience. And of course, the more people that block JS by default, the better protection it provides.
Javascript is used by such a large percentage of sites that having it disabled is not a viable option for most people.
The point of these by-default protections is that they are supposed to work for most people. Suggesting that someone techie can do extra stuff that most people won't do is not really germane to the conversation.
Of course this depends on what sites you frequent, but you'd probably be surprised. I disable Javascript by default, I'd say 70-80% of the sites I visit load. An even larger percentage load with only 1st-party Javascript enabled.
I do think excessive required Javascript on the web is a problem, but I also think Hackernews overstates this problem sometimes, to the point where people think it's literally impossible to browse the web without Javascript.
I don't think that characterization is helpful, a lot of us browse the web every day without Javascript running by default. Most news sites are fine, high-end publications like the NYT actually tend to be pretty good at progressive enhancement. Lower-quality engineered sites like Kotaku won't load images, but the articles are still completely readable.
And to be clear, permanently enabling Javascript for a specific site in UMatrix only takes 2 mouse clicks.
> Suggesting that someone techie can do extra stuff that most people won't do is not really germane to the conversation.
I suspect at least 50% of Hackernews readers are smart enough to disable Javascript and selectively enable it when a site breaks. It's germane to the conversation in that those people might want an effective way to mitigate tracking.
I don't have to restrict myself to the lowest common denominator of features when I'm choosing a browser, and I don't think other users should need to either.
Of course raising the lowest common denominator is important, but if you really care about your own security and privacy, at some point you have to make technical decisions that go beyond that. I think it's relevant to the conversation to point out in a technical forum that those options exist for people who need them and can use them.
By “the conversation “I mean the conversation about firefox adding default protections against tracking. These are not intended for hacker news readers or techies. They are intended for the general public. And that is what I think the conversation is about.
Regarding "redirect tracking" why not just disable (HTTP) redirects? Is that possible in Firefox?
Out of curiousity, what is the "threat model" when using Panopticlick? Is it suited for users that just want to avoid tracking for commercial purposes? If the user does not enable Javascript, what good is that user to such trackers?
How much commercial tracking is conducted without any use of Javascript (and without cookies)?
I'm not sure I'd use the word "threat model". I don't think Panopticlick is making the world more dangerous. What I'm getting at is that just because Panopticlick says it can't fingerprint you, that doesn't necessarily you can't be fingerprinted anywhere, because the audience using Panopticlick is different than the audience visiting many other sites.
So something like disabling Javascript might mean that that you blend in on Panopticlick because a lot of users disable Javascript. But on a small news site or ring of nontechnical blogs, it might help narrow you down because very few people disable Javascript.
The other thing I want to get at is that privacy isn't just about fingerprinting, it's also about the effects of being tracked, and what specific information that you're leaking. So what you bring up -- that not having Javascript makes a user less useful to an ad network -- is true. Not having Javascript makes it harder to show you flashy ads or to guarantee that you're looking at them. It makes it harder (but not impossible) to set up persistent tracking that works over longer periods of time and across multiple devices. It also makes it harder to detect and circumvent adblockers.
Disabling Javascript doesn't address threat models like using your location to change the content that you get served, or sticking information into cookies, or doing some screwy things with image caches.
But that's... sorry, it's just a kind of complicated question. I'm not sure I can give a short, concise answer about how good you should feel about a low Panopticlick score, I think that's dependent on what sites you visit and what kinds of tracking you're trying to prevent, and what other measures you're taking. It's just a very broad topic.
> why not just disable (HTTP) redirects?
Unfortunately that would break a lot of sites, so it's not feasible as a default setting in the base browser. That being said, I believe that what you're looking for is `network.http.prompt-temp-redirect` inside `about:config` if you want to disable it for yourself.
I'm not sure I'd advise it, and I suspect that it's a kind of superfluous setting if you're already invested heavily into other privacy settings, but maybe there's some benefit. I haven't played with that setting to know for certain whether or not there would be non-obvious downsides or caveats.
Of course the user can choose software that sends no cookies or she can remove cookies from headers with a proxy if the user-agent itself (e.g., "modern" browser) cannot be controlled adequately.
There is some relief for the location issue. It is not too difficult to discover alternate geolocated IP addresses for websites that choose to employ such strategies. Further, proxies, even just Tor with a proper config file, can give the user a specific geolocation of the user's choosing.
Do users choose different user-agents for different web usage? On smartphones we routinely see users choosing a variety different applications for different purposes, e.g., an online shopping app versus a news reading app. For example, if the user is engaged in online shopping, then she almost certainly will need to enable Javascript and cookies. However, if the user is reading^1 news on small news websites or nontechnical blogs (to use your examples) then IME neither Javascript nor cookies are required. Using the same application (the same "modern" browser) for both purposes, and with Javascript and cookies enabled, is, IME, from a technical standpoint, unnecessary. The text of the articles can be retrieved and read with much simpler software; none of this software needs Javascript nor cookies to perform its respective task.
1. The situation changes if the user is "viewing" news (photojournalism) or "watching" news (autoplaying videos). IME, neither Javascript nor cookies are required, however short of the user writing custom Javascript to process page contents, employing some software, e.g., standard UNIX utilities, other than a modern browser, to extract the image or video URLs, is sometimes necessary.
> Using the same application (the same "modern" browser) for both purposes, [...is...] unnecessary. The text of the articles can be retrieved and read with much simpler software;
Well, to push this a step farther, the great thing about extensions like uMatrix are that you can turn off Javascript+Cookies on a site-specific basis. So I know people who would feel like it was too cumbersome to juggle two browsers at the same time, but who don't have the same aversions to saying, "oh sure, I could turn Javascript and cookies off by default, but turn them on for this one specific video/shopping site."
> There is some relief for the location issue.
Definitely. I didn't want to go too in depth here, but this one of the things I'm getting at when I say Panopticlick shouldn't be the only thing people look at. Panopticlick doesn't even consider geolocation around IP addresses at all, so there's an entire vector there where Panopticlick won't tell you whether or not you're vulnerable.
There's a world of considerations here that are just hard to fit into a single comment.
> employing some software, e.g., standard UNIX utilities, other than a modern browser, to extract the image or video URLs, is sometimes necessary.
cough youtube-dl cough
If you're a user who's comfortable with the terminal, this can be a game changer even ignoring the privacy aspect. I see people all the time on HN complain about bookmarking a video and having it disappear later. Not a problem if you download them.
If you want to go even farther and you're comfortable with Bash scripting, youtube-dl even has options around managing playlists, so you can kind of "subscribe" to ongoing playlists/channels and treat them like podcast RSS feeds.
I mean, if you go to it it will invariably tag you as being unique, which might be true, but if you look at how it breaks those down it really makes no sense at all. Browse it on an iOS device, for example: the one in x browsers have this is just way off, because every iOS device will have the exact same data for many those metrics so it doesn't make sense–for example, there is no way on in 20 browsers show the same list of fonts as a stock iOS device.
There's a tacit understanding there that their collection and use of data is wrong, or at least that it is against one's interest to have their data collected.
I assume the same applies for Edge so if I want my ads to be a tailored as possible but don’t want to use Google apps then use the most recent Edge browser since it’s Chromium under the hood?
I've gone back and forth between Firefox and Chrome.
It's just that Firefox is noticeably slower than Chrome (or at least was about a year ago). Even simply switching between open tabs around what feels like 0.5 seconds, whereas on Chrome, tab switching is instantaneous. I've run Firefox in multi-process mode (since that was an option), but even with it, in general it seems like Firefox gets noticeably slower than Chrome when you have a lot of open tabs. I've always preferred and wanted to use Firefox over Chrome, but the performance degradation was too much to bear.
Hi! We at Mozilla certainly don't see that!
I'm at 815 tabs in this window alone and switching is instantaneous.
Did you happen to file a bug report about this atypical behavior?
Thank you, but that's not a good workaround because your open tabs might be spread across 10 or 12 or 20 different windows ...
This isn't so much a feature request as it is a request for some simple debug info which can be accessed with a special://url (whatever those are called ...)
"FWIW this sounds super easy to do within an extension ..."
It probably is but I feel like debug/info URLs are simple and lightweight and belong in the core feature set - especially this one which you can find hundreds of examples over decades of people asking how to get this information.
Thank you for asking! It's pretty awesome to get a reply from someone at Mozilla itself!
I actually never filed a bug report. I didn't think of the slowness as a bug per se. I thought it was just that Firefox was slower.
One thing I should note is that I've been using an ancient Firefox profile. I copy the profile onto new installs, and I've got bookmarks going all the way back to 2008 or 2009 (my bookmarks are organized into 50 or 100 folders). I also have a bunch of extensions.
I typically have well over a hundred tabs. I used to use the extension Tree Style Tabs, and sometime get close to a thousand tabs (with like 5 to 10 windows, with between 100 to 200 tabs per window).
Also, Firefox was slow on every laptop I used, but not on my desktop. I have a desktop that's fast by 2015 standards. It's got a i7-5280K, 32 GB RAM quad-channel, etc. The few laptops I've had have had far slower CPUs (the fastest one being an 8th Gen Intel i7 "U" processor). While on my desktop, I might average 700 tabs, on my laptop I try to have under 200 tabs.
I've always been on the newest versions of Firefox. For my laptops, I was on Aurora / the Developer Edition. On my desktop (which has an Ubuntu-based Linux distro), I'm on Firefox nightly.
Not sure if all of that info helps. I haven't investigated too much into what's happening. The most probably culprit might be my ancient Firefox profile. Perhaps, if I go back into Firefox with a fresh profile, it'll be a lot faster.
[not OP] What are your specs? I'm on a MacBook Air and was still seeing this. Will check again shortly.
N.B. I'm currently a happy user of Brave as it has integrated AdBlock-style blocking, fingerprinting protection, and HTTPS Everywhere. I'm always evaluating my options as a user, though!
FWIW, Firefox is slower for me on certain pages. I keep Chrome installed for things like Google Docs. For example, in the word processor, it tries to save the document every few keystrokes and Firefox will hang for 5-10 seconds whereas on Chrome it's so fast it isn't noticeable.
Firefox developers welcome Bugzilla bug reports for slow site performance. Attaching a performance profile from the Firefox Profiler will make the bug more likely to get traction. Instructions for installing the the Firefox Profiler:
Google Docs performance is a long-standing issue, but it sounds like you're seeing an unusual problem. (I usually have 10-20 Google Docs tabs open all day in Firefox Nightly.) Perhaps try reproducing with any Firefox extensions disabled. Some, particularly ad blockers, can cause performance problems as they repeatedly scan the page's DOM.
Google Docs can be a little sluggish for me in Firefox, but it doesn't hang for 5-10 seconds every few keystrokes like you describe. It sounds like something unusual is happening.
Well we know that Google would put elements on YouTube to prevent Edge from using hardware acceleration.
So there might be a factor there.
But perhaps it could be an add-on.
I discovered that Lastpass injection feature to autofilled had a performance impact.
Switched to Bitwarden and it was noticibly faster.
At this point I use Chrome only for Google Meet. It works in FF ok, but I've had audio problems and general performance issues that just don't show up in Chrome.
Could you guys please add a feature where any link opened from within a container opens in the same container category? (Like if i'm in Personal, I stay in Personal unless I explictly opt-out)? It's such a pain to constantly right-click and open tabs. Thanks :)
Surprisingly, that is the default behavior for me: if I click a link in the reddit container for e.g., it opens a new reddit container tab with the link.
My computer is far from new (it only has 16GB of DDR3) and the switching of tabs in Firefox is instantaneous. With the disclaimer that I only have 17 tabs open.
I am replying only because I think your comment can be misleading to other readers of HN.
Are you on macOS? I held off on switching until a rendering optimization landed a bit less than a year ago, which brought Firefox up to par with Chrome.
I only have 8GB, and its also instant for me. Performance is generally very good across the board. Only trouble I have is with certain Google properties... I do wonder why...!
I'd be even happier if the tricks to get video to play were somehow canceled.
I have adblocker and video blockers, but somehow, news sites have a video that plays. If I scroll off the page, the video pops out into the lower right hand of the page and resumes playing, even if the big version of the video at the top of the page was stopped /paused (which it is by default), and it needs to be stopped again. On mobile (Android) this is a double nightmare, even in Firefox, because the little video has a tiny little X, and somehow my finger doesn't ever hit X the first time. I can plug in a USB-A connector in the right way faster than I can press that little X.
Is there an explanation for this, and am I the only one?
Short version of a long story! A few years ago Google implemented autoplay blocking in Chrome. It was designed to fix problems like this, but was riddled with issues.
I wrote about it at https://danshumway.com/blog/chrome-autoplay/. The spec evolved a little bit since then, so not everything in that post is up to date, but most of the core problems still remain (or did the last time I checked).
Firefox was forced to follow suit, and to their credit their spec was a lot more sensible, but it was really only papering over the problems in the Chrome spec. It wasn't at a fundamental level thinking about video/audio differently than Chrome was, it was just trying to do the same thing minus the egregiously bad decisions.
I feel like a lot of the problems with hijacked interactions on the web can be traced back to spec histories like this.
A good implementation of video/audio blocking:
- wouldn't reveal to the page that audio was blocked, it would either silently mute the audio or refuse to render the video without reporting an error.
- wouldn't have exceptions based around trying to interpret user intent or (in Chrome's case) exceptions based on how you navigated to the page.
- wouldn't try to distinguish between things like GIFs, animated backgrounds, and videos (they're all moving pictures that use data and distract motion-sensitive users, you don't need to treat them differently)
My (subjective) opinion is that video autoplaying never really got better because we never really tackled the problem correctly from the start, and since then we've just been continuing to apply band-aides on top of a fundamentally broken strategy.
> am I the only one?
Depending on how much you hate this and how much effort you're willing to put into getting rid of it, disabling 3rd-party Javascript will fix the problem on most news sites.
Nearly all of them that I run into load the Javascript to run the player from a separate script being served from a separate subdomain or CDN. It's usually possible (even for news sites that require Javascript) to block that script in specific, or load just enough Javascript to get the page rendering and nothing else.
> wouldn't try to distinguish between things like GIFs, animated backgrounds, and videos (they're all moving pictures that use data and distract motion-sensitive users, you don't need to treat them differently)
This would cause 95% of users to correctly say that your browser is "broken", regardless of the opinions of motion-sensitive users on tiny data connections. Having a nuclear option for just these people is fine, but you do need to distinguish between the two types of video for everyone else.
> Having a nuclear option for just these people is fine
I think that would be fine, I'm certainly not against sensible defaults. But I don't think any browser currently has a good implementation of that nuclear option The distinction between video types shouldn't be something that's baked into the core design of the feature itself.
As it stands, I have no idea how I'd even start to implement a good nuclear option on top of the current design of autoplay blocking. There are so many weird rules about what is and isn't allowed to work, and the end result is that the system is trivial to bypass.
One of the criticisms I had when the system launched was that it's really not hard to make an autoplaying video even with these restrictions[0] -- clicking, highlighting, or pressing any keyboard key counts as a user action. Or if you're navigating within a domain, then your video is special and allowed to autoplay. The distinction between "this is probably an animated background image" and "this is probably a video banner" is fundamentally baked into the feature itself in a way that users can't customize or disable, and where its difficult for even the browser-makers themselves to expand on the feature of change it as the ecosystem evolves.
Even the distinction between autoplay on page load and autoplay in general is a bad one to have so hard-coded into the design. Youtube is an SPA, so even though Firefox properly blocks autoplays while you're moving within a domain, that doesn't work on Youtube, because no actual navigation happens when you click a link in Youtube, so Firefox thinks you've already given the page permission to auto-start the video. That's a really inconsistent, bad user experience for nontechnical users who have no idea what an SPA is.
[0]: See https://danshumway.com/blog/chrome-autoplay/demo/ for a really simple implementation. If I'm building a news site and I want autoplaying ads, I'm pretty certain at some point while reading you're going to highlight some of the text on the page.
If you temporarily set about:config "image.animation_mode" to the value "none", and then restart Firefox, does it stop that video from autoplaying? If so, it's because they're using an animated GIF, which isn't a video.
(You can right-click the value you modified in about:config to Reset it back to the default, so that animated GIFs work again, after you're done testing that.)
This is so annoying, engaging in such obviously obnoxious UX patterns should be regulated and punished with fines when user-intent tries to be circumvented.
The "just dont visit that website lol"-trope really doesn't cut it anymore; operating a news paper organization nowadays is such a cutthroat business that you simply can't not do it if your competition does it, there really needs to be regulation to level the playing field to stop this kind of bullshit
It’s the free market working as intended - if most people cared, the first site to stop doing auto playing videos would get more traffic and other sites would follow. As of right now, the benefit of auto playing videos outweighs the cost of pissing off the few users who care.
A thread about Firefox descended into a conversation about the free market. But is that really warranted? What I mean is, Firefox is an open source product, right? So isn't it just a matter of a feature to hijack the "the video turns into a little box" javascript function so it doesn't do that, or blocking it and detecting in some other way? I'm no web developer, but it seems like a feature or add-on should conquer it.
This topic really deserves an essay, but I'll try to give a few of the seed crystals for my thoughts:
- There's no real mechanism in the free market for long-term goal setting, apart from massive capital or collective action. Collective action is pretty hard to organize without capital.
- People have vices and virtues. Long-term thinking tends to lead to better outcomes. Long-term thinking tends toward virtues. Short-term instinct tends toward vices. See e.g. the marshmallow experiment.
- A/B tests and the concept of "revealed preference" optimize for vice without regard to long-term good. If you ask a smoker if they want to quit, they'll often say yes. But their "revealed preference" shows that they want to keep smoking. So "revealed preference" optimizes for vice.
- There's a feedback cycle between the most effective micro-optimizers and the accumulation of capital. So those who have the most money, can afford the most micro-optimizations. And those micro-optimizations favor the holders of the capital at the expense of society at large. Thus we are gradually optimizing ourselves into the will and control of the wealthy, AKA feudalism.
We can see this playing out in operating systems, too. Windows, despite MS's antitrust sins, and much as the Slashdot crowd loved to hate it, used to be very focused on compatibility and widespread use. There used to be a saying, "80% of your users only use 20% of your features, but they all use a different 20%". Now everything's gone from focus groups to telemetry. In other words, from planning and virtue, to reactionism and "revealed preference". Anything not used by 100% of users, or anything that doesn't favor the holders of the keys, is at risk of being destroyed in the next automatic update.
> It’s the free market working as intended - if most people cared, the first site to stop doing auto playing videos would get more traffic and other sites would follow.
The problem with these "free market" explanations is that comparisons aren't being made equally and there's a lot of tech illiteracy when quantifying metrics.
To the unfair comparison, who is going to stop the videos? A small news publishing site? You're going to argue that everything else besides the autoloading video is the same? Including the knowledge of the existence and quality to the public? I thought it was pretty well known in the tech community that a superior product isn't guaranteed to win, even if it is able to be manufactured at the same rate. These arguments barely work on paper and have a long history of not working in reality. (BTW, this isn't an anti-capitalism comment as you are already thinking.)
As to the quantifying metrics, well sites see that "engagement" goes up. So why would they stop? Don't believe me? Well see this comment[0]. Metrics are only good metrics if you know what they mean and how to interpret them. Goodhart's Law is especially prevalent when people are illiterate.
Indeed am seeing more and more sites that somehow get their videos to autoplay even though I have that explicitly disabled in Firefox settings. I thought user agents had ultimate control over 'mere bytes' sent over the wire but somehow these sites manage to trick the browser and override user preferences.
Wouldn't the frame also be a valid HTML page, with a <video> tag? Perhaps I'm mistaken about how things are working these days, so I'd appreciate some learnin'.
You're not the only one, and the worst examples are news sites. Pretty darn annoying if you're in a boring videocall, want to read some news and then suddenly your speaker blaring ads reminds everyone you're not paying attention...
The much bigger problem for me is I can't really go to any news site without the full page being hijacked blocking the content until I turn off my adblocker.
I feel like adblockers are becoming less and less useful overall, even as they become more widespread and more advanced, because I have to turn them off to see anything on the internet.
Isn't the small video in the corner a feature actually implemented in Firefox itself (picture-in-picture) and nothing to do with the web page? If so then that seems doubly bad!
I've been a user since they first split from Netscape. Very happy to see continued efforts in this project. Congrats folks! I'm glad you exist.
Related: I don't know if this applies to other platforms, but the newest version of FireFox on FreeBSD (79.0,1) generates errors on every website you visit stating insufficient security. (including google & mozilla.org)
This is somehow related to not having a virus scanner installed or something.
I'm running the same version of Firefox on FreeBSD (firefox-79.0,1) and I don't see this (with http2=true). I'm running 13-current (r363668) and using the 12-stable quarterly packages (FreeBSD:12:amd64/quarterly)
> You need somebody to find edge-case bugs? I'm your stooge.
I feel like you've just described my life. I don't know if everyone feels like they fall just off the happy path for everything or if I really am this cursed. It's exhausting sometimes.
I hear that. The latest update to kde / plasma5 changed something enough that it took me 4 logins before I got a task manager. Dealing with these these super disruptive / breaking kde changes only a few times a year are why I run the stable packages rather than the -current packages. I think I'm just going to give up and switch to lxde
Not to be too much of an old-fart, but I gave up on kde after they moved away from 3.5. I've tried every major release since 4 came out and I keep not liking it.
I do really enjoy some of the apps, but I'm fully in the i3 camp for several years now.
More details here[0], but in short, they'll "block them" by deleting cookies and site data of redirect trackers every 24h, preventing long term profile building, while not breaking the redirects.
For Chrome and Safari users, Google doesn’t even need to do link redirection. Chrome supports the “ping” attribute on <a> links which basically tells the browser to make an asynchronous logging request in the background when the user clicks a link. On Firefox, Google has to keep using redirects. https://caniuse.com/#search=Ping
The official name for this spec is “hyperlinking auditing”...
Deleting redirect cookies is a wonderful step forward in improving privacy.
I'm now concerned that companies would attempt to circumvent this by profiling users via fingerprinting through canvas, screen resolution, user agent and other means.
I wonder how such profiling can be minimized / eliminated ?
As of January [1], it looks like Firefox enabled fingerprinting protection by default. Expert users may have overridden settings in various ways that could prevent those protections from being active. To verify, at Preferences > Privacy > Tracking Protection (about:preferences#privacy), make sure you've selected an option that includes Fingerprinting protection.
Note that I think this blocking is done not by detecting a site doing it, but instead by using block lists: Firefox has a list of sites where third-party resources, including JS that would do canvas fingerprinting, will be blocked.
As I understand it, this is different from the various "resistFingerprinting" ("RFP") settings in about:config, which will work on every site (and are notorious for breaking things). Ditto CanvasBlocker, which AFAIK runs on every site.
Yeah, I definitely wouldn’t enable resistFingerprinting for anyone I’m responsible for providing tech support to! If y’all want to experiment with it, go ahead, but be prepared to be angry at your browser and/or websites as things mysteriously break without explanation.
I find this annoying and noticed this change a year or so ago. Google used to just give you the (as far as I could tell) unadulterated link. In fact, at the time I wondered how/if Google were actually able to track how many people clicked the top link in the results, because it seemed to be the real URL and stayed real even when clicked. I figured they either had so much faith in PageRank that they didn't need to monitor clicks, or they were hiding their tracking in a less obvious way.
Anyway, does anyone know a way in Firefox to stop sites from changing a URL's target when it gets clicked? This seems like it should be an about:config option.
Good to see someone that observed the same. I remember checking the source anchors and seeing that indeed the links were untracked. I believe my conclusion was they used JavaScript to catch the anchor click and still send you to the tracker URL.
Perhaps it's been that long after all, or, perhaps Firefox only started changing the target URL in the status box at the bottom left of the screen to the injected one in the past year or so?
It seems like the feature here is 'blocking' the trackers by deleting cookies from sites you haven't interacted with. It's not preventing the redirect as far as I understand.
I keep encouraging people to use Firefox over the others. My efforts keep failing. Mozilla’s focus on privacy is important and should be to others. People have been burned in the past and are willing to give up privacy for something that just works. The irony.
FF’s UX around things not related to browsing is slightly worse on all platforms. It’s most obvious on iOS where some of the styles for your “library” just don’t work correctly on iPhone 10’s. I also think their model for managing non-browsing stuff is too complex comparatively.
To access many things like history and bookmarks, you need to use the dropdown menu on the right, which has like 30 different options in it, some of which seem similar but are actually different. Those options are sometimes also available from different locations, so it can be confusing how to access what you’re looking for.
Other browsers are a lot more polished in this area, like Brave, Chrome, and even the new MS Edge. None are perfect, but I find their UX and UK slightly easier to use and generally less clunky. If FF fixed that, I’d be completely sold on it. But as is, I keep going back to the drawing board.
I also avoid FF because of the UI. It's what I use on my PC, which doesn't get used much. If I have to VNC into a linux machine at work, I'll use it there as well. But that is even rarer.
The last time I noticed a UI change, it was for the worse. The made the url/navigation/search bar get bigger when it had focus. To me that is pretty dumb, and I wish you could turn it off. Knowing Firefox you probably can, but a few Google searches couldn't tell me how. If this was done on a product that already had a good UI, it wouldn't seem like a big deal. But given how much low hanging fruit there is in Firefox's UI, it makes you question their priorities.
This is all really weird, since what made Firefox take off in the first place was its better UI. A lot of websites had compatibility issues, and people wanted to use Firefox in spite of them. A lot of webdevs got to work fixing these issues because they wanted to be able to switch to Firefox themselves. It seems that Mozilla never really understood how much its UI advantage helped Firefox get popular. Instead they seem to attribute that period of success to things that I think most people consider nice to haves: extensions, privacy, about:config, etc.
Yeah, I also remember what sold it in the Phoenix/Firebird days, and what got me to insist on installing it for everyone I knew, being 1) popup/under blocking, 2) it was really light and nimble compared to the competition (IE, Netscape/Mozilla), both in terms of the program itself and the browsing experience, and 3) the interface was very clean, clear, and pleasant to use. Tabbed browsing was just a nice bonus and I don't remember extensions really mattering much until well after it'd started to get traction from early adopters like me installing it on everything we came in contact with. Really, it was basically Opera with a less-slightly-weird-feeling UI and no adbar in the free version.
Given those early reasons for favoring it, from my perspective it's mostly gotten worse since 2.0 came out.
Firefox is especially bad in download UX. The “something is downloading” animation isn’t noticeable enough, causing me to click on download links multiple times and wondering why it didn’t work.
I long assumed the slightly-wonky UX in Firefox was due to a mountain of legacy tech debt around XUL and so on that they were still struggling to remove. Firefox doesn't really feel all that native on macOS, for example, though it's not terrible. Chrome/Brave doesn't always feel native, for that matter, but it's not nearly as clunky.
But then I installed the Firefox iOS app, which must surely have an UI written from scratch, and it's just as weird. I'm starting to think that they just don't put enough effort into UX, or perhaps don't hire the right people.
For me, there are only subtle differences. I use Chrome for work (golden browser for our web apps) and FF personally.
Google maps has never worked well for me on FF. The "old"/basic interface for Gmail works fine, but the new one was noticeably slower.
It doesn't seem exclusive to Google, however. Many PWA sites (including bank websites!) have, from time to time, inexplicably failed to load certain elements on FF, while loading them without fail on GC.
I don't really fault FF for this, but it is what it is.
The good news is it seems to be getting better. Every month or so, I try these trouble sites in FF, and every month I have fewer "trouble sites".
Google has an incredible walled garden of apps and things that 'just' work together seamlessly. I remember switching from FF to Chrome years ago as Chrome was measurably faster. The staying power was using Google's entire suite of apps with Chrome. Things like copying and pasting without formatting or searching for strings all contribute to stickiness.
I use Google apps in Edge, and nothing else in Edge. I use Firefox for all other web browsing, and avoid doing anything Google related in Firefox. I won't install Chrome on my machine at all and don't need to - Edge is good enough, now that it's Chromium-based.
I use Edge similarly. I'm glad it's here and it's good because Firefox keeps losing share and I'm glad I have a second browser now from a major vendor that I could live with if developers stop testing with FF or if too many sites are broken using it for any reason.
Chrome opens up files and slows everything down windows 7.
Using chrome once it loads with everything else shutdown seems fast.
Firefox is overall faster because of those issues. But firefox will use too much memory and kill itself in time. But has gotten better at killing itself without killing everything else.
Interestingly, when we had lockdown in my country I tried using Google Meets in Chrome and it just shat itself. Switched to Firefox and Meets worked so much better in Firefox. Very strange...
They didn't manage to fix developer tools for like last 5-7 releases (despite multiple reports of it being broken). Network tab still messes up/merges unrelated requests together, and style editor shows completely garbage content every other reload, like this (probably related issue to the request confusion):
I still use it as a primary browser even for development, but with issues like this being unresolved for almost a year, it's really hard.
Ever since the rewrite in React, it's really bad. First a massive performance regression (which improved over time, thankfully), but it still has major issues like the above.
I suspect the problem is that firefox sometimes performs poorly. But most power users don't see this problem because they either have firefox when it performs well or because they have a powerful computer.
For reasons I cannot understand, firefox on my 8GB RAM windows surface eats up huge amounts of memory. But it uses very little RAM with the same profile on my much more powerful desktop.
Im unable to book flights with local airlines via firefox because the payment popup gets blocked with no warning. Sure, I can figure out whats going on and use a different browser, but it's terrible UX.
Not even the tiny little box in the right side of the address bar that says a popup was blocked? I've seen blocked pop-ups there before, but never heard of or seen Firefox block a pop-up with absolutely no feedback.
Chrome offers this quiet magical feature called ‘tab to search’, Firefox allows you to make custom search key shortcuts but you need to make each of them. It’s just not as easy to use and is a killer feature that’s very fast/useful and missed for anyone who uses it and tries to switch away to Firefox.
It’s the only thing that keeps pulling me back to Chrome, as well as many others I’ve seen discuss it in forums over the years.
There’s no Firefox extension to add it and as Firefox users don’t have it they don’t miss it.
Really, sort this, you’ll quietly unlock a bunch more switches.
I just have duckduckgo as my default search engine, that way I can use the bangs to search almost any site that's even remotely mainstream by starting my search with !w (wikipedia), !y (youtube) !hn (hacker news), !g (google), etc.
There is related functionality built-in to Firefox (since basically forever) you can assign keywords to any installed search provider and then search that specific search engine by prefixing your search with the keyword you assigned. So you could assign !g directly in Firefox options and Firefox will take you directly to Google for that search (no need for the intermediate duckduckgo).
You can add things like YouTube etc as well so long as they have "OpenSearch" metadata. (Presumably what Chrome is using for "tab to search"?) [1]
My understanding is that Firefox still uses the OpenSearch metadata shallowly as the easiest way to create the "keyword search bookmarks" rather than writing a bookmark by hand (though your second link was what I was looking for on how to do that and it seems quite easy/convenient to do yourself if you had to). I don't believe that shallow auto-bookmark discovery is/will be dropped, they dropped a more complicated add-on/extension-based approach that supported more OpenSearch features.
NetflixParty is the only extension that I actually use that isn't on Firefox. I wish someone made a clone. I wonder if there's something technical preventing that from happening.
Last year, I was on a Zoom call where I shared my screen, and several web developers asked if I "seriously still use Firefox" as if I was stuck in 2005.
Everyone who is quasi-technical should be using uMatrix. I'm a privacy nut, but I don't think you even have to be much of one to appreciate the value that something like uMatrix provides.
On the other hand, everyone keeps saying that it speeds up their browsing experience, but anecdotally, I'm not sure I experience the same thing.
I do have a couple of other addons that are likely clouding this judgment. Not to mention my specific machine, network connection, sites I typically browse, etc, etc.
But is it possible that processing the requests for things to strip, and then updating uMatrix's UI elements is causing more overhead than just letting the assets load (which may even be cached)?
Not to mention that if I do encounter a broken site and I decide to try to make it work, I end up refreshing it 5 or so times before getting it minimally functional. The time spent doing that surely outweighs the time of just letting it load.
But I'm not saying to abandon uMatrix. Just that I use it for privacy, not performance or convenience.
I recently gave up on firefox after trying for years to use it for my more sensitive browsing (email, bank, investments, etc.) where I could not run javascript blockers.
3 big problems (and many minor little things that i hit every day but haven't bothered to record)
- composing email in gmail is horrible. unexplained bursts of lag where it hangs for several seconds and may or may not lose anything I typed in that interval. This one is recent as of the past couple of months.
- outlook email just not updating or refreshing until I restart the browser.
- lagginess in most if not all input boxes (could be related to the first problem above).
- every few updates it will lose all my containers and I have to make them from scratch.
It may be something these sites are doing wrong, but I don't have the patience any more. Chrome works, Edgemium works, so I switched.
still use firefox for facebook container, but that's about it.
Firefox is my daily driver as well, and I experience a bunch of lag with it too. Overall it's stable and reliable, but it feels slow. I usually fail over to Chromium if Firefox is misbehaving.
I've been using Firefox since it was called Phoenix and I used Mozilla before that. I'm pretty annoyed with Firefox lately. There's the pocket junk, the significantly worse battery life, the DOH stuff really pisses me off. How can they pitch themselves as the privacy browser when they siphon off my DNS traffic by default? Why does anyone give them a free pass on that? About the only thing they have going for them is they're not Chrome and that's not saying much. Lately, I find myself spending much more time in other browsers to see if one of them can become my daily driver. I fear that Firefox is becoming irrelevant.
Font rendering looks non-native on most platforms.
Scrolling behavior seems non-native on most platforms.
The combined location/search bar seems slower, and gives less useful results, than the same feature in other browsers.
Inferior developer tools.
Mozilla's marketing portraying itself as the white knight of the open web is tiresome and contradicted by past behavior. Pocket is still installed by default, and remember the Mr. Robot scandal?
Tracking is easily defeated in other browsers. Besides, if you use Gmail and Google search, and watch videos on Youtube, you've already decided to give your data to Google and you might as well use Chrome too.
I find most people that complain about Firefox dev tools other than just not knowing where the cheese is stored often just need slight tweaks to their sourcemaps. That problem is self-reinforcing because so many developers only test in Chrome that some of the biggest tools in the ecosystem (webpack, for a big for instance) default to sourcemaps that only work in Chrome, when they could just easily produce sourcemaps that work in both.
Your font rendering remark stands out as a odd remark. I use Firefox as a daily driver across my own PC (Windows), my work laptop (Mac) and on my phone (Android). Font rendering looks fine across all three platforms. Perhaps it seems better to me because Firefox renders things the same way across all platforms (even if it differs from native)? I think I quite like how Firefox renders things the same way regardless of which device I am using. Makes it easier for me to context switch between my devices.
> Mozilla's marketing portraying itself as the white knight of the open web is tiresome and contradicted by past behavior. Pocket is still installed by default, and remember the Mr. Robot scandal?
Here, the perfect is the enemy of the good.
Firefox is the only Web browser that is not owned by a giant for-profit company with a vested interest in controlling your computing platform.
I would use it regularly if it weren't noticably slower than Chrome and in many cases unresponsive (I get the yellow bar at the top that says site isn't responding or something like that, when the same site opens fine on chrome). I have the developer edition installed and am logged in via alternate profiles on some sites there. Often times, it displays a blank for a few seconds on heavy sites(with just 2 tabs open) before loading the content.
The developer console is also slower than Chrome's.
If you are a developer, I encourage you to create a test case that reproduces the issue reliably and then profile Firefox in that test case. If you feel a bit apprehensive about doing so, it is worth mentioning that profiling Firefox is not terribly hard and you can share the profile with Firefox developers.
That is really strange. I run Firefox on two different machines (plus my phone). One is my PC which is several years old and the other is my work's Mac which is also showing its age. Yet Firefox runs pretty fast on both (while other apps struggle, especially on my work Mac). I rarely see that yellow bar during typical usage...
Maybe it's just a coincidence, but since we're doing more and more things over screenshare these days, I've noticed that all my peers are starting to use Firefox. I like to think it's because they've seen me use it when I'm sharing my screen.
This is fantastic. I never liked the cookies sticking around forever, and managing them manually was a massive pain if you wanted to keep some of them.
Not to mention Firefox is usually brought to its knees when trying to delete large segments of History/Cookies at once.
> This is fantastic. I never liked the cookies sticking around forever, and managing them manually was a massive pain if you wanted to keep some of them.
You might like the CookieAutoDelete plugin[1]. It's a recommended plugin
which allows you to set a list of domains and domain patterns which
retain their cookies while others are deleted. I've been using it
for a couple of months now, and I love it.
CookieAutoDelete has some fatal flaws. It doesn't delete indexeddb, for instance. Also, if you're a tab hoarder it simply doesn't work for the common sites you visit. Temporary containers[1] is a much better option, as it uses firefox's container tabs to provide much tighter isolation.
That is a fantastic plugin although unfortunately it's not (yet?) available in the new mobile Firefox - nor any equivalent. It's still there for the old version if you haven't been force-upgraded.
There is a newer extension called CookieBro that is much better than CookieAutoDelete. Not only does it have more options for dealing with cookies, CookieAutoDelete often would leave some cookies alive.
You've got it completely backwards. Invert your questions: What cookies shouldn't be deleted, and why shouldn't they be deleted? The continued existence of a cookie requires justification, not the deletion of a cookie. Only a small minority of cookies exist for the users' benefit.
Disable it then, just because you're apathetic to such matters doesn't mean the application should assume everybody is.
>inconvenience
It's seriously doubtful you or any other user will notice any negative ramifications from third party cookies being deleted, because there basically are none.
Can we talk about how google isn't affected by any sort of mainstream tracking protection? They're not going to be affected by this, because you visit google domains (directly or indirectly) multiple times daily. They're also not affected by blacklists, because they own recaptcha, and that's explicitly whitelisted in in popular blocking lists.
Off topic, but every time I see an article like this I load up Firefox and try it out to see how it has progressed. I inevitably stop using it, and this time I decided to introspect and see why. It turns out that it's mouse wheel scrolling doesn't feel as snappy as other browsers, and for some reason it bothers me a lot. I'm going to try changing the scroll wheel settings and see if I can stick with it.
I am super-sensitive to smooth scrolling performance and am kind of obsessive about it. I use FF 100% of the time (unless testing something cross-browser) with an extension called "Yet Another Smooth Scrolling WE" https://addons.mozilla.org/en-US/firefox/addon/yass-we/
If you spend a bit of time exploring the extension's options you should be able to find a combination that hits your personal 'sweet spot'. I've also found that really dialing in consistent smooth scrolling performance can require optimizing other factors including: OS settings, mouse software driver settings (I use Logitech Options), video card options (VSync especially) and even monitor options (often disabling motion 'enhancement' modes) because the end result is only as good as the whole stack.
It can help to ensure your hardware has sufficient performance to maintain your desired scrolling performance even when multi-tasking and the browser loading website with a bunch of JS and assets, especially on laptops and wireless connections. UMatrix helps block a lot of these loads.
If you have intermittent variable results, another thing to check is other FF extensions. I run quite a few extensions to customize my experience and have run across a couple (unrelated to scrolling, screen or visual appearance) that make scrolling performance on some sites inconsistent during background page load, perhaps some rare interaction of threads. Fortunately, none of them were any of the popular ones or ones I find essential.
I don't think it's possible to achieve truly 'perfect' scrolling behavior 100% of the time on all sites yet, at least I haven't been able to on any desktop browser or hardware combo I've tried. Currently, I'm quite happy with my FF configuration as all the sites I visit regularly perform very well and >95% of one-off sites do also.
For a while now I've gone and forth between Firefox and Chrome (Chrome always felt more consistent to me, but I liked Firefox's privacy and security features), but recently I went all in on Firefox it and feels a lot nicer than it did even 6 months ago.
I don't know what changed, but I haven't looked back.
that's funny because in chrome i hate the scrolling because it doesn't have the middle mouse click autoscroll feature and all the "solutions" to fix that are janky webextensions.
I've noticed some sites affect scrolling somehow, either because they intercept it somehow, or you scroll over a text box or some other widget and the scrolling targets the box instead of the page.
I think if you can keep the mouse off the page and on the scrollbar at the side (I'm on mac) it scrolls more predicably.
I'm trying to get myself to finally switch to Firefox thanks to this post. But I'm having problems with ctrl +/- changing of font sizes. In Chrome, that setting affects one domain only. Here I'm getting confused because I open a new tab and the font is tiny or huge, even sometimes on sites I've never visited before. Ctrl 0 fixes it but then I seem to reset sites that I do want enlarged (like HN). What's the logic here? I haven't figured out the steps to reproduce this, it seems random.
I've had the same experience! Well sort of, I think it's related to the experimental zoom I enabled. Trying to track down how to reproduce so I can open a bug, but it's sporadic for me. Other than that, I'm pretty happy with the browser
I've possibly figured it out. If you scroll quickly and while the inertia carries the scrolling onwards hit ctrl+w to close the tab, it'll resize the next tab that gains focus. Presumably that's because ctrl is held down and it's scrolling, even though the scrolling is only from inertia. Obviously scrolling shouldn't carry over to the new tab, so it does look like a bug. Moreover, it also resizes the website of the tab you just closed.
Guess I need to submit a bug report.
Edit: apparently Bugzilla requires passwords longer than 10 characters - wow! At least the that's the error I got (password too short) when I tried to sign up. Seems excessive.
If you haven't already, please consider opening up a Webcompat issue [1] about this. They'll definitely want to know since that's the sort of scenario that could end up breaking in multiple browsers — not just Firefox! — as tracking protection spreads across the ecosystem.
Note to website/blog authors: please don't include twitter embeds in articles as the only way to read/view/hear the content!!
- I use an ebook reader (Kobo) with Pocket to read saved articles and it can't load the embeds
- I listen to articles with the screen reading feature on iOS and when it goes over embedded tweets it's a nightmare
Many articles are nonsensical when you cut out the twitter embed that added key context or information to the article. Consider copy/pasting the text into the article & then linking to the tweet.
adding the sandbox, csp and referrerpolicy attributes to the iframe when it gets inserted to the DOM tree allows a lot of fine-grained control. Adding sandbox without allow-same-origin puts it into a null origin which makes the iframe isolated from all other origins which is similar to an ephemeral container. It might break CORS stuff though.
I'm really happy to be using Firefox again. I had abandoned it in favor of Chrome around 2014 because of how sluggish it had been getting. They really got it together with the quantum update though in my opinion. It still gets outperformed by Chrome (especially in the javascript department), but it's not a big enough difference to be a deal breaker for me, and I like feeling like I'm doing my small part to help combat Chrome's growing monopoly.
The only browser we can trust today. Glad to see they’re making privacy online a priority, on top of an already amazing browser I use regularly and exclusively both on Linux and iOS.
I think it means that 3rd party cookies will be deleted in 24 hours unless you visited the site of origin in the last 45 days.
So if you get a 3rd party cookie from www.marketingsite.com, but never visited that site, it will be deleted in 24 hours. But if you get a 3rd party cookie from facebook, and you're a semi-active facebook user, the cookie will be kept.
I don't think it's only third party cookies. But all cookies if you've only visited the site once once in 24 hours.
The article mentions you get redirected to a website before going to your destination, so the third-party cookie is no longer 'third' but 'first' since you (unbeknownst to you) visited the site.
Looks like we're both not entirely correct (and probably both skipped the security blog posts!).
In the security blog post, they explicitly say "An origin will be cleared if it [...] is classified as a tracker in our Tracking Protection list" and "[has] No origin with the same base domain (eTLD+1) has a user-interaction permission".
So it's not a catch-all for any and all redirect trackers, just those Mozilla knows about, and whitelists trackers that are first-party in spirit. I do wish they didn't frame it as "we're blocking redirect trackers" but instead as "we extended our tracking blacklist to include known redirect trackers, unless we have a good reason to think you allow them".
Unfortunately, even with Enhanced Tracking Protection 2.0 you can still be tracked by using ETags. There are extensions for Firefox that block ETag tracking, but I haven't reviewed a specific extension sufficiently to recommend one.
Remove Etags with the CleanURL addons. Just turn off everything else it does, if you only want to remove ETag.
Clean URL cleans many links. No utm_source, no amazon trackers, no google/yandex changing links just right before you click it. It has adblock built in, so turn it off if you already have an adblocker.
Visit the site. Then clear cookies and history (don't touch cache) . Then return and you will get the same ID, provided you are not using any extension that removes the E-Tags.
> What data is collected and sent to the Leanplum backend?
> Leanplum tracks events such as when a user loads bookmarks, opens a new tab, opens a Pocket trending story, clears data, saves a password and login, takes a screenshot, downloads media, interacts with a search URL or signs in to a Firefox Account.
Honestly the best thing you can do is use Firefox and set the browser settings to "Never remember history". This deletes everything in the cache, cookies, etc every time your browser closes. Drawbacks - you have to log back in to every site every time you relaunch the browser. But then these cookies and tracking methods do not follow you around.
Hopefully this will make affiliate-link based sites like Wirecutter change their ways. I dont mind them earning affiliate money but I can’t even click a link at Wirecutter anymore since their bounce redirect to Amazon or wherever is totally blocked by my DNS settings originally via AdGuard now via nextdns.io
Can you add an exception for the site? It seems like a slightly inconsistent position that you don't mind them earning affiliate money yet you're actively blocking them from doing so.
They would earn the affiliate money if they sent me directly to Amazon, that isn’t blocked by privacy dns. But they don’t send me to Amazon directly as many other affiliate sites do, they bounce me through some 3rd party affiliate wrappers before ultimately landing me on Amazon.
it seems the objection is to unearned affiliate revenue (for any purchases at amazon for some period just for visiting wirecutter), not earned affiliate revenue (by clicking on a product you intend to buy), which is consistent and fair.
It isn't great but imho it's better than Chrome which confuses me each time and feels super limited:
1. Open settings
2. Privacy and security
3. Scroll down to find the tiny "See all cookies and site data"
4. Use the search box for the site you want
5. Then you only have the option of removing everything from that site?? There's a little X icon to the right of each cookie but clicking it does nothing
Unless there's a better way I haven't seen (I use chrome infrequently)
Surprisingly extensive article from Brave[1] from Aug 2018 -- two years ago! About redirect tracking, it says this:
> Brave’s policy of disallowing any third party state by default makes it already more privacy-preserving than ITP 2.0 in regards to third party redirection-based tracking. Brave users however may benefit from an ITP-like protection from first-party trackers, although their number is small.
Apparently Safari had ITP, a similar type of redirect tracking mitigation, for some time.
I would really love to have more addins like this, doing one thing and doing it good. They will kill fingerprinting and as a proof, I was downvoted the next moment i posted the links.
Not sure that's the reason why you were downvoted.
Perhaps (I am trying to guess) it would have been more helpful to explain why these four add-ons, individually, are so necessary. Or perhaps a more expanded comment on why you picked these, and what effect they provide.
Another option is to always delete cookies and site data when you close Firefox and set exceptions for the few sites you care about. If you are like me and only start Firefox once or twice a day this prevents too much annoyance while limiting cookie based tracking.
Also, Mozilla should really think about what is wrong with the statement "Since we enabled ETP by default, we’ve blocked 3.4 trillion tracking cookies." I imagine most people who care about tracking would like to not be tracked by anyone, not just anyone other than Mozilla.
From reading the comments, it sounds like the only real choice is the Tor Browser if you want to be anonymous, or just accept all of it and use your device's native browser for best performance.
What I'd be interested to know is if all of this anti-tracking technology matters if you just isolate domains by using containers. My guess is that Google and company have so many tracking domains that containers have no impact on that, at least 3rd party. But it seems like part of a real solution.
I wish Apple realised that more competition in browsers on iOS is better for the user and they shouldn’t be greedy about it. How wonderful would it be to have proper Firefox in iOS.
I use Firefox on iOS. It has some tracking protection. Probably not the full-fat version of desktop Firefox, but I find it to be more tolerable than Safari on iOS.
Epic games seems to be using captchas for ue4 accounts that break for Firefox users who are using tracking protection. Not a complaint against Firefox, just very annoyed by game dev in general for privacy reasons.
- more or less forced to use windows for development / to access marketplace content
- have to modify engine source code to disable analytics
- have to use Chrome to access their sites and dashboards
I want to switch to Firefox, but of all things, its tab management is keeping me away. On my last try, I gave up after five minutes because I couldn't see all my open tabs at once (had to scroll). Does anyone know of an extension or setting I can use to force Chrome-like tab behavior, where all tabs are shown at once regardless of how small they become?
I don't think you can prevent tabs from scrolling off screen, but you can set the "browser.tabs.tabMinWidth" about:config pref to a tiny number so you can fit more tabs on screen.
You can also see the full list of tabs (with titles) in the tab overflow dropdown menu. It's the down arrow button to the right of the tab strip. The dropdown menu only appears after you open at least ~20 tabs. I set the browser.tabs.tabmanager.enabled about:config pref = true to always show it (because I like see the full tab titles).
Do you still have to navigate? Like, click or scroll or whatever, to get between tabs? I'm looking for a UI that shows me all my tabs, all at once, no clicks/scrolling/navigation required.
For people with a lot of tabs, I recommend trying a Vertical Tabs add-on. I am currently using Vertical Tabs Reloaded, but there are a couple different ones. Usually people have plenty of horizontal space and you have a scrollable sidebar with all your tabs in it.
Thanks, but I'm looking for something that doesn't require scrolling - where I can see all my open tabs at the same time, no scrolling, clicks, or other interaction required. I toggle between tabs a LOT, and having to scroll or otherwise navigate to find the right tab is a hard no for me.
The Firefox search also searches open tabs a lot. Which could be even quicker than using the mouse. There is a limit on Chromium browsers - tabs smaller than the favicon aren't really that useful.
I think Firefox's first order of business should be to focus on making it as good as Chrome first, then focus on other things. I can do all the blocking I want on Chrome with extensions. I cannot make Firefox fast, or work well with the touchpad with any extension.
I think we should buy either windows or apple based computers instead of chromebooks because the former allows us to install Firefox while the latter does not allow that. I tried Firefox recently and I really liked it.
I don't quite understand. The latest version of FF is 79.0, released on July 28. This article is dated Aug 4. So is Mozilla going to remotely activate ETP 2.0 for users of FF 79 without requiring an update?
I'm on the latest Firefox and it's allowing a Set-Cookie with the Secure flag over http (for localhost). This seems wrong to me, but maybe it's allowed for localhost specifically? Anyone else experience this?
The post says that it's being rolled out gradually on Release channel, so as long as you haven't blocked automatic updates in various ways, you'll get it soon (assuming that the rollout continues without any significant issues being uncovered that halt it).
Presumably if you want to run ahead of that, there's ways to get it early via Beta or Nightly channels, but I don't know what those are.
Still waiting for Servo or https://mozilla.github.io/geckoview/ to be usable as a library on desktop platforms. Unfortunately, that hasn't happened so far...
meanwhile I typed a draft of an email with links in it and 2 seconds after saving it got an email from Mozilla saying "stop sending yourself links via email!". I'm not OK with that.
It all seems pretty pointless when every tracker tracks you by IP address and the only real way to defeat this is to use Tor, which BTW is blocked on an ever-growing list of sites.
IP is a much coarser level of tracking, for most people.
GCNAT, roaming (WiFi <-> mobile), shared networks (NAT/IPv6 Privacy Addresses). All of these things mean you can't be sure you're tracking the _same_ person, unlike with cookies.
Hmm, is there anyway to configure tor to reduce the number of hops in order to improve performance? It seems like multihop Tor is overkill for this use case. Wouldn't solve the problem with sites blocking Tor I guess.
Why should I trust Firefox with this "enhanced tracking protection 2.0", when Mozilla gets their funding from Google just to be the default search engine?
Because the default should be to block tracking. We just shouldn't allow it. Imagine someone telling you a popup blocker (something even IE8 had standard) should be acquire separately.
I agree with parent though, Firefox should just ship with uBlock Origin installed. I think putting privacy features in the hands of a third-party prevents some poor choices being made due to several conflicts of interest browser vendors have.
Addons pose a significant increased security risk. (I would honestly advocate for the radical position of requiring you enable a "allow addons" checkbox, with a warning, before installing any browser extensions.)
I absolutely agree that browser vendors have huge conflicts of interest, and we need to address those by forcibly separating browsers from companies inherently in conflict with privacy.
Luckily, Mozilla is a non-profit organization. Their interests do not conflict with protecting their users.
But it makes you wonder, if other browser vendors' interests do conflict with ad blocking, why would they ship with uBlock Origin? They would want to control what most people do by controlling the defaults. The vast majority of users never change the default settings.
Mozilla is a non-profit that owns a for-profit corporation which makes Firefox. And their funding largely comes from Google paying them to keep Google as the default search.
There's not a mission-level conflict-of-interest, but there's a practical one. Until they can somehow be funded directly by users, Firefox will have this tension of "don't piss off Google or other referral partners, even if that means going against the users' interests". They won't serve the users well by losing all their funding and then dying.
This situation is why Firefox and Mozilla aren't just everything they could be in terms of completely aligned with users.
> Their interests do not conflict with protecting their users.
Which is why they have things like telemetry, backdoors like normandy, tracking via safebrowsing, unblockable tracking via google analytics in about:addons and any mozilla pages, a great track record with pocket and the mr robot addon, tracking-related bugs which have gone ignored for years, and richly paid executives, right?
It's worth noting that while Mozilla is a nonprofit organization, it certainly retains a huge conflict of interest: It's primary financial sponsor is still Google.
If Firefox was solely aligned with protecting their users, the default search would be DuckDuckGo, not Google, and it would fully block Google Analytics, Fonts, and AdSense right out of the box.
Even besides the money they get from Google, Mozilla aims to support the web, much of which is ad supported. Blocking tracking by default says "we think websites can survive with context-based advertising without obnoxious tracking". Blocking ads by default says "we think the ad supported business model is not worth supporting". That's a much bigger step.
In principle, yes -- we just shouldn't allow it. The problem is that it's technically difficult to block it entirely, and even more difficult to do so without breaking functionality that users want.
Firefox > Preferences > Home > New Windows and Tabs (very first option!) > Homepage and New Windows, New Tabs > Blank Page
I like that Firefox Home is the default option because you as the user are offered something. If you don't like it, you say no, go to the settings page, and are never offered it again. If you do like it or don't mind it, you keep it. Win-win.
If Firefox Home wasn't on by default, those that might have preferred it wouldn't know what they're missing. It seems difficult to think someone would actually prefer ads but if there's some engagement, then that speaks for itself.
The default option should be "show options", letting you choose with one click between Blank, Mozilla Ads, Your Recent/Favorite Pages, and a custom URL or set of URLs.
There are 6 levels to your process above. Imagine being tech-illiterate and asked to navigate that - or, maybe easier, imagine trying to dictate that process to someone you know who is tech-illiterate over the phone. Even if you know exactly what to do, it might go something like this:
> "You saw an ad you don't like on a new tab of The Internet? OK, what you need to do to fix that is set the New Tab preference to Blank. Click the Firefox menu - no, it doesn't have the familiar File/Edit/Help menu bar, it uses a hamburger menu - the stack of three horizontal lines - in the top right. Something about a library? No, that's supposed to be a bookshelf icon, it has vertical lines, you want the horizontal lines to its right. The menu went away? Make sure to single-click the menu, not double-click. Look in that menu for something named Settings ... not Customize, no, that's kind of like settings but different, oh yeah, it was called Preferences. In Preferences, look for the Home section ... shouldn't have to scroll, it's in the menu to the left ... yeah, that's a menu, it's just separated by whitespace instead of a line. On the Home preferences screen, there's a drop-down box for New Tabs, click that dropdown and set it to Blank. Great, you're all set. Talk to you later. Bye!" Ring - "Hey again - it didn't work? You closed and reopened Firefox and the ads were still there? Oh, right, that gives you a new window, not a new tab. Let's go back through the menus one more time, it was just above the New Tabs dropdown, yeah, we were just there. Click the three horizontal lines for the Firefox menu...."
It's disingenuous to say that those who prefer the ads might not know what they're missing, even more disingenuous to say "you're offered something". No, with ad tech, the user is the product being offered to the advertisers, and I expect that more people don't know how to turn it off or that turning it off is a thing you can do than that like being advertised to.
I fully understand why you think that should be the case, but please understand that most people are not like you. Putting barriers between first start of an app before the user can actually do something with the app is the way to annoy your users.
Sane defaults are nearly always the right choice. You personally may not believe their default is sane, but you're in the minority, clearly.
(It's telling that you call it "Mozilla Ads"; such hyperbole only serves to weaken your point.)
Hit options -> Click dropdown of "new tab" field and select "Blank page". 2 steps.
If the parent post is being disingenuous with their point, yours is as equally disingenuous by being an incredibly over-complicated deconstruction of hitting options and reading 2 fields down.
If they have to be walked through finding the options menu (half your paragraph is about opening the options menu, really?), they are going to have difficulties with every browser and every option -- including understanding what a "custom URL or set of URLs" is.
>"Oh a URL? That's the address thing you see at the top. Oh but it's not shown completely in some browsers. And, if you want multiple URLs you have to use the pipe operator symbol. Oh, the pipe operator? Look above your enter key. No, not the one on the number pad, the other one near the backspace." Etc..
My mistake, I was on a Mac and I intuitively look for app settings in the main menu bar, which is what I was describing. I should have looked up the process on other platforms to determine if it was just as intuitive
As another user pointed out, this is anti-tracking not anti-advertisement.
I can't help but wonder why you don't just go to the front page of your settings, and select "Blank page" on the "New tab" field though. Unless I am misunderstanding where you are talking about.
You can remove everything from the New Tab page to make it completely blank now, although I do agree I'd prefer if it was blank by default with no ads or anything.
"Protip: Use Firefox instead of Chrome. We get very little data from Firefox users"