Slashdot Mirror

Case closed, even you admit it.

You seem to be having trouble with the differences between selling data about you, and using data about you. Or maybe with reading.

"Easily".

Yep. Just use a browser add-on, such as this one. Most technical people know about them.

It's called a VPN retard

Settle down, petal. Running your PC's traffic through a VPN isn't hard, but it's still more work, expense, and expertise (and slower) than a browser add-on. And it's somewhat less easy if you want to run your entire network's traffic through one, including appliances like a Roku box etc.

And a VPN on your phone won't prevent carrier-installed rootkits from reporting anything they like. Remember Carrier IQ, which was found to be used by AT&T and many others (yes, even Apple), and was caught capturing keystrokes and passwords, copying and sending home texts etc? AT&T bought that not long ago, so it's clearly still in use - and that's only one we know about. Plus of course your carrier logs every call you make and every cell tower your phone touches, so good luck avoiding any of that.

And yes, all that personal data is used by AT&T to sell targeted ads on their AdWorks network, Sprint's Pinsight platform hosts other ad networks too, Verizon's is even bigger now they're buying Yahoo (plus they share your data with AOL), and Apple is no exception.

Don't delude yourself into thinking that Firefox is any better.

Just look at how much user info Firefox can collect and send to Mozilla and others.

Their page clearly lists various types of identifiers and browsing history that might be sent, including such things as: "IP address", "location", "phone number", "email address", "URLs", "information about visited sites", "terms you type in the Awesome Bar or Search Bar", "website domain", "Google advertising ID", "active URL at time of crash" and "personal information".

In case you don't believe me, let's look at some examples from their page:

"Once per day, Firefox sends the following info to Mozilla when it checks for browser updates: your Firefox version information, language preference, operating system, and version."

"Firefox contacts Mozilla once per day to check for add-on information to check for malicious add-ons. This includes, for example: browser version, OS and version, locale, total number of requests, time of last request, time of day, IP address, and the list of add-ons you have installed."

"Firefox sends Mozilla a monthly request to look up your location at a country level using your IP address."

"Some Mozilla sponsored snippets are interactive and allow you to optionally share your phone number or email address. For example, you can enter your phone number to receive an SMS to install Firefox on Android. Your information is received and handled by our email and mobile marketing vendor."

"This data includes, for example: device hardware, operating system, Firefox version, add-ons (count and type), timing of browser events, rendering, session restores, length of session, how old a profile is, count of crashes, and count of pages."

"Firefox may send metadata, including URLs associated with the downloaded file, to the SafeBrowsing service. "

"Firefox that sends Mozilla usage, performance, and responsiveness statistics about user interface features, memory, and hardware configuration. Your IP address is also collected as a part of a standard web log."

"When Telemetry is enabled, certain short-term experiments may collect information about visited sites."

"Firefox sends to Mozilla data relating to the tiles such as number of clicks, impressions, your IP address, locale information, and tile specific data (e.g., position and size of grid)."

"Firefox sends Mozilla a request once to look up your location at a country level using your IP address."

"Firefox may send the terms you type in the Awesome Bar or Search Bar to your Default Search Engine to retrieve suggestions"

"Firefox may send “Referral Data” such as the website domain"

"Firefox sends Referral Data to our mobile analytics vendor, and also includes a Google advertising ID, IP address, timestamp, country, locale, operating system, and app version."

"Firefox records and sends Referral Data to Mozilla as part of Firefox Health Report. "

"Firefox may use several pieces of data to determine your location, including your operating systems geolocation features, Wi-Fi networks, cell phone towers, or IP address."

"This report contains technical information for us to improve Firefox including why Firefox crashed, the active URL at time of crash, and the state of computer memory during the crash. The crash report we receive may include personal information."

"Firefox sends information to Mozilla, including the list of add-ons you have installed, Firefox version information, and your IP address."

Some people will try to justify this by saying nonsense like "At least they disclose it!" or "At least some of it can be disabled!", but none of that really matters. What does matter is that this information is being collected and sent to Mozilla in the first place when it shouldn't be.

There's no justifi

If you want an ad blocker, then you should install the proper extension:

You're right:

• One
• Two
• Better Option 1
• Better Option 2

Developer Tools > Advanced settings > Disable JavaScript ???

Or use NoScript

Don't get me wrong, Firefox does use way, way, way too much memory a lot of the time. But that problem pales in comparison to how much user info Firefox collects and sends to Mozilla and others.

Their page clearly lists various types of identifiers and browsing history that might be sent, including such things as: "IP address", "location", "phone number", "email address", "URLs", "information about visited sites", "terms you type in the Awesome Bar or Search Bar", "website domain", "Google advertising ID", "active URL at time of crash" and "personal information".

In case you don't believe me, let's look at some examples from their page:

"Once per day, Firefox sends the following info to Mozilla when it checks for browser updates: your Firefox version information, language preference, operating system, and version."

"Firefox contacts Mozilla once per day to check for add-on information to check for malicious add-ons. This includes, for example: browser version, OS and version, locale, total number of requests, time of last request, time of day, IP address, and the list of add-ons you have installed."

"Firefox sends Mozilla a monthly request to look up your location at a country level using your IP address."

"Some Mozilla sponsored snippets are interactive and allow you to optionally share your phone number or email address. For example, you can enter your phone number to receive an SMS to install Firefox on Android. Your information is received and handled by our email and mobile marketing vendor."

"This data includes, for example: device hardware, operating system, Firefox version, add-ons (count and type), timing of browser events, rendering, session restores, length of session, how old a profile is, count of crashes, and count of pages."

"Firefox may send metadata, including URLs associated with the downloaded file, to the SafeBrowsing service. "

"Firefox that sends Mozilla usage, performance, and responsiveness statistics about user interface features, memory, and hardware configuration. Your IP address is also collected as a part of a standard web log."

"When Telemetry is enabled, certain short-term experiments may collect information about visited sites."

"Firefox sends to Mozilla data relating to the tiles such as number of clicks, impressions, your IP address, locale information, and tile specific data (e.g., position and size of grid)."

"Firefox sends Mozilla a request once to look up your location at a country level using your IP address."

"Firefox may send the terms you type in the Awesome Bar or Search Bar to your Default Search Engine to retrieve suggestions"

"Firefox may send “Referral Data” such as the website domain"

"Firefox sends Referral Data to our mobile analytics vendor, and also includes a Google advertising ID, IP address, timestamp, country, locale, operating system, and app version."

"Firefox records and sends Referral Data to Mozilla as part of Firefox Health Report. "

"Firefox may use several pieces of data to determine your location, including your operating systems geolocation features, Wi-Fi networks, cell phone towers, or IP address."

"This report contains technical information for us to improve Firefox including why Firefox crashed, the active URL at time of crash, and the state of computer memory during the crash. The crash report we receive may include personal information."

"Firefox sends information to Mozilla, including the list of add-ons you have installed, Firefox version information, and your IP address."

Some people will try to justify this by saying nonsense like "At least they disclose it!" or "At least some of it can be disabled!", but none of that really matters. What does matter is that this information is being collected and sent to Mozilla in the first place when

At least sound in such videos is no longer a concern on Linux.

It's weird to see people get all bent out of shape about Windows collecting data, but then totally ignore the open source projects that really aren't any better.

Just look at how much data Firefox collects and sends to Mozilla or others.

But I notice that the Mozilla link listed gives instructions on how to turn most or all of Firefox's monitoring off.

It's weird to see people get all bent out of shape about Windows collecting data, but then totally ignore the open source projects that really aren't any better.

Just look at how much data Firefox collects and sends to Mozilla or others.

Or consider the data that Homebrew collects and sends off.

Some open source supporters will make claims like "But they're being transparent!" or "But you can opt out!" or some other nonsense like that.

But guess what? None of that matters!

The real real problem, which you missed, is that it's possible for this software to collect and transmit such data to begin with.

Disclosure and "transparency" don't matter. Being able to opt-out doesn't matter.

Getting rid of any and all software support for such data collection is what matters!

Until open source projects like Firefox and Homebrew totally remove all support for any and all data collection, we cannot consider them to be any better than Windows, or conversely, we can't consider Windows to be any worse than projects like Firefox and Homebrew.

I consider Mozilla Firefox being on a decline as a good thing. The Mozilla Firefox development is covered by political statements weighting in the wrong direction. Statements as "Because Internet Explorer does it in the same way" are made over Chrome/Webkit still working as expected. Just read this bugs in hindsight. And this is only what I remembered. Mozilla became a commercial non-profit, with an office in the center of Paris that really can't be imagined. Someone/thing is keeping that alive.

https://bugzilla.mozilla.org/s...
https://bugzilla.mozilla.org/s...
https://bugzilla.mozilla.org/s...

I consider Mozilla Firefox being on a decline as a good thing. The Mozilla Firefox development is covered by political statements weighting in the wrong direction. Statements as "Because Internet Explorer does it in the same way" are made over Chrome/Webkit still working as expected. Just read this bugs in hindsight. And this is only what I remembered. Mozilla became a commercial non-profit, with an office in the center of Paris that really can't be imagined. Someone/thing is keeping that alive.

https://bugzilla.mozilla.org/s...
https://bugzilla.mozilla.org/s...
https://bugzilla.mozilla.org/s...

I consider Mozilla Firefox being on a decline as a good thing. The Mozilla Firefox development is covered by political statements weighting in the wrong direction. Statements as "Because Internet Explorer does it in the same way" are made over Chrome/Webkit still working as expected. Just read this bugs in hindsight. And this is only what I remembered. Mozilla became a commercial non-profit, with an office in the center of Paris that really can't be imagined. Someone/thing is keeping that alive.

https://bugzilla.mozilla.org/s...
https://bugzilla.mozilla.org/s...
https://bugzilla.mozilla.org/s...

VPN's may only protect you from your own ISP, but what about the biggest spyware organisations, such as Google/Facebook?
They all rely on browser fingerprinting more than anything else these days, and subtly transmitting information back in an encoded form, including mouse movement patterns to learn about the individual.

Cookies/HTML5 storage are so last decade, as I've seen a growing number of companies (Cyberfend / iovation / iesnare / "cformanalytics", browser.id (navigator.io), etc) provide services specialising in tracking and individually identifying users - even surprisingly across devices, somehow.

As far as I can tell, only Mozilla is attempting to reduce/fight this with their browser, especially as they recently removed the Battery status API, added disconnect.me to blacklist known trackers in v43, Font fingerprinting, etc.

Sure, you can use addons like adblockplus, noscript, decentraleyes, etc to some degree, but many times they break websites as more and more sites are utilising javascript exclusively for a website to function, including third-party scripts, such as GoogleTagManager, etc.
Just recently discovered that the popular London travel website TfL also contains a third-party tracker, without which their journey planner doesn't work, thus the website doesn't work with Firefox's disconnect.me privacy list.

VPN's may only protect you from your own ISP, but what about the biggest spyware organisations, such as Google/Facebook?
They all rely on browser fingerprinting more than anything else these days, and subtly transmitting information back in an encoded form, including mouse movement patterns to learn about the individual.

Cookies/HTML5 storage are so last decade, as I've seen a growing number of companies (Cyberfend / iovation / iesnare / "cformanalytics", browser.id (navigator.io), etc) provide services specialising in tracking and individually identifying users - even surprisingly across devices, somehow.

As far as I can tell, only Mozilla is attempting to reduce/fight this with their browser, especially as they recently removed the Battery status API, added disconnect.me to blacklist known trackers in v43, Font fingerprinting, etc.

Sure, you can use addons like adblockplus, noscript, decentraleyes, etc to some degree, but many times they break websites as more and more sites are utilising javascript exclusively for a website to function, including third-party scripts, such as GoogleTagManager, etc.
Just recently discovered that the popular London travel website TfL also contains a third-party tracker, without which their journey planner doesn't work, thus the website doesn't work with Firefox's disconnect.me privacy list.

VPN's may only protect you from your own ISP, but what about the biggest spyware organisations, such as Google/Facebook?
They all rely on browser fingerprinting more than anything else these days, and subtly transmitting information back in an encoded form, including mouse movement patterns to learn about the individual.

Cookies/HTML5 storage are so last decade, as I've seen a growing number of companies (Cyberfend / iovation / iesnare / "cformanalytics", browser.id (navigator.io), etc) provide services specialising in tracking and individually identifying users - even surprisingly across devices, somehow.

As far as I can tell, only Mozilla is attempting to reduce/fight this with their browser, especially as they recently removed the Battery status API, added disconnect.me to blacklist known trackers in v43, Font fingerprinting, etc.

Sure, you can use addons like adblockplus, noscript, decentraleyes, etc to some degree, but many times they break websites as more and more sites are utilising javascript exclusively for a website to function, including third-party scripts, such as GoogleTagManager, etc.
Just recently discovered that the popular London travel website TfL also contains a third-party tracker, without which their journey planner doesn't work, thus the website doesn't work with Firefox's disconnect.me privacy list.

some web browsers don't even check whether a certificate has been revoked.

This is a sloppy and invalid slur, hiding behind vagueness (it's a bogus criticism of Chrome). Revocation is useless when you fully work the threat model, and similar designs to address the uselessness are probably not workable. Remember, unless a scheme can handle revoking ~every certificate at once, it's inadequate recovery for Heartbleed. It's also a privacy problem because it lets CAs build a log of all web traffic.

The best incremental refinement is short-lived certificates auto-issued by intermediate CAs. CRLSet can revoke intermediate CAs. For normal certs, don't reissue and let them expire. That's basically what lets encrypt is, except "short-lived" is not short enough, like a day or two, yet. Also, as they point out, "weakest link": it's not a real answer unless every CA does it because an undeserving attacker could get someone to sign a long-lived cert for your domain even if you use short-lived ones. But this is the bog-obvious PKI refinement that's currently fashionable. The two-tier system keeps the CRL small, and the certs subject to "confirmation" (by not appearing in the latest short-lived CRL) can be backed by HSM that can't sign things quickly but is very unlikely to sign things wrongly.

The refinement being pushed instead of the obvious one is "OSCP stapling" and perhaps "must-staple", because this preserves the CA cartel. Without some long-lived rare magical token to give you, it's difficult to convince you that you owe them lots of money, so we still give you the token as a pacifier but then implement the above sane scheme in rube goldberg fashion, moving what should be the cert into the stapled confirmation.

However I think the correct response is not the obvious refinement. It's a major rethinking of the architecture, like Sovereign Keys. In this scheme, you must give up privacy to some central server because you must do lookups on a structure too big to store locally, but you can choose to whom you give it up because the structure is a blockchain that anyone can sync. Actually it might be small enough to store on a single computer so no big deal, but even if it weren't it's still less bad than OSCP privacy because of the option of picking a mirror you "trust".

Current technical reason: Firefox 52 no longer supports sound on any sane Linux system.

The original submission was much more informative:
jbernardo writes: While trying to justify breaking audio on firefox for several linux users by making it depend on pulseaudio (and not even mentioning it in the release notes), Anthony Jones, who claims, among other proud achievements, to be "responsible for bringing Widevine DRM to Linux, Windows and Mac OSX", informs users that disabling telemetry will have consequences — "Telemetry informs our decisions. Turning it off is not without disadvantage."
The latest one is, as documented on the mentioned bug, that firefox no long has audio unless you have pulseaudio installed. Many bug reporters suggest that firefox telemetry is disabled by default on many distributions, and also that power users, who are the ones more likely to remove pulseaudio, are also the ones more likely to disable telemetry.
As for the pulseaudio dependence, apparently there was a "public" discussion on google groups, and it can be seen that the decision was indeed based on telemetry.
So, if for any reason you still use firefox, and want to have some hope it won't be broken for you in the future, enable all the spyware/telemetry.
https://slashdot.org/submissio...
I hope nothing got clobbered in my copy/paste. I tried previewing several times, but there can always be something I missed.

The original submission was much more informative:
jbernardo writes: While trying to justify breaking audio on firefox for several linux users by making it depend on pulseaudio (and not even mentioning it in the release notes), Anthony Jones, who claims, among other proud achievements, to be "responsible for bringing Widevine DRM to Linux, Windows and Mac OSX", informs users that disabling telemetry will have consequences — "Telemetry informs our decisions. Turning it off is not without disadvantage."
The latest one is, as documented on the mentioned bug, that firefox no long has audio unless you have pulseaudio installed. Many bug reporters suggest that firefox telemetry is disabled by default on many distributions, and also that power users, who are the ones more likely to remove pulseaudio, are also the ones more likely to disable telemetry.
As for the pulseaudio dependence, apparently there was a "public" discussion on google groups, and it can be seen that the decision was indeed based on telemetry.
So, if for any reason you still use firefox, and want to have some hope it won't be broken for you in the future, enable all the spyware/telemetry.
https://slashdot.org/submissio...
I hope nothing got clobbered in my copy/paste. I tried previewing several times, but there can always be something I missed.

Mozilla developers planned this last year, and when watchful users objected in the related issue, Mozilla staff closed it to comments. They then pushed the system-breaking change to the world, with no mention of it in the release notes. When users whose systems were broken said so in a bug report, Mozilla closed it to comments, too.

I understand the need to minimize clutter in bug reports, but by taking away the only existing channel for users to engage with decision-makers, Mozilla is effectively sticking their fingers in their ears and telling their community to suck it up. How ironic that this was done by Mozilla's engineering community manager. How telling that his public comment invited people to email him to discuss it directly (making himself look good on record), yet he has completely ignored email messages sent to him in the days since then.

I always thought that one of the open source community's greatest strengths was our dedication to helping one another. When I write free software, and encourage people to use and depend on it in their daily lives, I take care to avoid causing unnecessary problems for them in future updates, even if their needs are different from my own. If I do cause such a problem and a bunch of them take the time to identify and report it, I see that as a sign that I made a mistake, I take responsibility for my actions, and I return their favor by spending a bit of time reworking my design.

I do this work partly for personal satisfaction in creating quality software, and partly because I don't like jerking people around, but mostly because I know that my time donated to the community is repaid indirectly, through all the contributions those people make to other open source projects. One of them might be writing the documentation for my favorite version control system, another might be using unusual hardware that exposes an OS bug that I'll need fixed next year, and others might have donated money or suggested a good design idea to projects that make my life easier in some other way. I give a little in the short term, and in return, I receive a lot in the long term.

This ecosystem of diverse and indirect contributions works amazingly well. I don't believe we would have Firefox, Chrome, MacOS (remember its Mach & BSD roots?), Android, Linux, or hundreds of thousands of other wonderful things if not for people in different situations helping one another like this.

So, when developers of a project like Firefox shut out a cross-section of the community that made their jobs possible and from whom they will almost certainly continue to benefit over time, it seems greedy to me. When they deliberately break the systems of the people whom they encouraged to depend on their software, especially when it's something so integral to daily life as the web browser, it seems irresponsible to me. And when onlookers choose disrupt the ensuing discussions by slinging useless comments like "freeloader" or "works for me" at other community members despite receiving value every day from this same community, they seem like hypocritical trolls.

I think we can do better than this. The open source community thrives on diversity and collaboration. Firefox can be replaced, but if we become another monoculture of self-absorbed know-it-alls, we all will have lost an asset of immeasurable value.

tl;dr: Dear Mozilla, you're doing it wrong.

Mozilla developers planned this last year, and when watchful users objected in the related issue, Mozilla staff closed it to comments. They then pushed the system-breaking change to the world, with no mention of it in the release notes. When users whose systems were broken said so in a bug report, Mozilla closed it to comments, too.

I understand the need to minimize clutter in bug reports, but by taking away the only existing channel for users to engage with decision-makers, Mozilla is effectively sticking their fingers in their ears and telling their community to suck it up. How ironic that this was done by Mozilla's engineering community manager. How telling that his public comment invited people to email him to discuss it directly (making himself look good on record), yet he has completely ignored email messages sent to him in the days since then.

I always thought that one of the open source community's greatest strengths was our dedication to helping one another. When I write free software, and encourage people to use and depend on it in their daily lives, I take care to avoid causing unnecessary problems for them in future updates, even if their needs are different from my own. If I do cause such a problem and a bunch of them take the time to identify and report it, I see that as a sign that I made a mistake, I take responsibility for my actions, and I return their favor by spending a bit of time reworking my design.

I do this work partly for personal satisfaction in creating quality software, and partly because I don't like jerking people around, but mostly because I know that my time donated to the community is repaid indirectly, through all the contributions those people make to other open source projects. One of them might be writing the documentation for my favorite version control system, another might be using unusual hardware that exposes an OS bug that I'll need fixed next year, and others might have donated money or suggested a good design idea to projects that make my life easier in some other way. I give a little in the short term, and in return, I receive a lot in the long term.

This ecosystem of diverse and indirect contributions works amazingly well. I don't believe we would have Firefox, Chrome, MacOS (remember its Mach & BSD roots?), Android, Linux, or hundreds of thousands of other wonderful things if not for people in different situations helping one another like this.

So, when developers of a project like Firefox shut out a cross-section of the community that made their jobs possible and from whom they will almost certainly continue to benefit over time, it seems greedy to me. When they deliberately break the systems of the people whom they encouraged to depend on their software, especially when it's something so integral to daily life as the web browser, it seems irresponsible to me. And when onlookers choose disrupt the ensuing discussions by slinging useless comments like "freeloader" or "works for me" at other community members despite receiving value every day from this same community, they seem like hypocritical trolls.

I think we can do better than this. The open source community thrives on diversity and collaboration. Firefox can be replaced, but if we become another monoculture of self-absorbed know-it-alls, we all will have lost an asset of immeasurable value.

tl;dr: Dear Mozilla, you're doing it wrong.

I just saw this comment in the bug report:

https://bugzilla.mozilla.org/show_bug.cgi?id=1345661#c53:

I recompiled the Debian firefox-esr package locally with --enable-alsa --disable-pulseaudio and, 5 hours and 12GB later, I have working sound again. I hope I won't have to do that again.

LOL! He should have just switched to Chrome or Vivaldi. It takes about a minute to download and install one of those, versus 5 hours to get Firefox working again!

Then stop using Google. :) It's not like they're the only search engine.

And stop giving them your data, while you're at it.
https://addons.mozilla.org/en-...
https://github.com/disconnectm...

I use a different method of blocking ads: Firefox with Tracking Protection enabled globally. It blocks only those ad networks and exchanges known to track viewers from one site to another to display interest-based ads, but that's pretty much all of them. Running a tracking blocker rather than an ad blocker also provides plausible deniability against those who claim that ad blockers take food out of writers' children's mouths, as a publisher could in theory instead sell ad space directly to advertisers without such a network.

Other people use tools to configure an operating system's built-in DNS blacklist. But that doesn't work quite so well on mobile operating systems, where only the device manufacturer ordinarily has privileges to modify the device-wide DNS blacklist.

Unless I'm targeting the developing world or writing games I'm not sure I see the use case.

If you follow @Mozilla on Twitter, you'll get an idea of how Mozilla is "targeting the developing world". See, for example, the Digital Inclusion section of its Internet Health Report.

The list in my previous comment was also meant to somehow support your point: lots of alternatives which almost nobody uses. And what happens with the country second-level domains is even worse (a descriptive but incomplete list). I am currently running some crawling bots to rank domains and have found quite a few problems on this front; in fact, they still cannot understand all the possible scenarios (after having collected over 1M domains).

Firefox released their implementation earlier this week: https://www.mozilla.org/en-US/...

turn off some of the crap with this..
https://www.oo-software.com/en...

maybe even disable updates completely and use this...
http://download.wsusoffline.ne...
to download updates and an update installer separately.

and of course... disable all the "live tiles" or delete/unisntall their respective apps, and use this for a start menu...
http://classicshell.net/

if you need a pop/imap mail client, consider mozilla thunderbird or even seamonkey instead of the piece-of-shit mail "app" in win10. note that the popular mail client in "live essentials" is end-of-life and no longer updated/fixed.
https://mozilla.org/thunderbir...
http://seamonkey-project.org/

As of March 2PM Eastern time, the official Mozilla Firefox ESR site

https://www.mozilla.org/en-US/...

is still offering ESR 45.8.0 and NOT esr 52.0.0

Please notice that TFA links to their own download site and NOT Mozilla's

----------

As per the NPAPI support:

NPAPI support is there in the code, since the NPAPI Flash plug-in still works. Is only that Mozilla's developers decided to disable it for all other plugins.
Plugins that do not use NPAPI are failing because Firefox is slowly rolling out multiplrocess (project electrolysis) and this interferes with Plugins.
As for Ad-ons (which are different beasts than plugins), the problem is both project Electrolysis AND the fact that Mozilla is migrating from their plug-in APIs of yore, to an API similar (but no completely equal to) chrome's, for security and performance reasons.

The path of least resistance, at least for now, is to install ESR 52, disable multiprocess and hang on to it until around june next year. Also, bear in mind that, on older hardware, Multiprocess (think core processos before the i series, specialy 2 cores non multithreaded machines) is actually SLOWER than the singlethreaded firefox way. This is specially important for Plugins used to handle pro grade equipment (servers, networking gear, etc)

The harder, but more efective long term path is to upgrade/substitute problematic Plug-Ins and AdOns and embrace the more secure multiprocessing future head on. Or change browser...

Me, I have been on the ESR channel since it was enabled, so you now my answer... ;-) :-P

While we are at it, I've found it:

The Addon Bar (Restored) still works. Hopefully slashdotters will forgive me for 100+ messages in the comments section.

As another AC pointed out, the previous ESR is still supported until mid-June (and you don't have to stop using it as soon as its support ends).

I hope you consider submitting those bugs to Bugzilla, because you seem to be quite good at identifying and articulating the problems you experience.

The previous ESR release is no longer supported. Fuck you Mozilla.

False

You know they can measure a lot of this stuff, right? Firefox's core demographics are mostly enthusiasts and people that use firefox as a tool to work without caring how it works underneath, they only know it does what they need. Mozilla has even stated this. https://blog.mozilla.org/ux/20...

Firefox change in attitude as their market share grew has affected their market share, and you can see the trends and map them to feature changes:
https://en.wikipedia.org/wiki/...
https://en.wikipedia.org/wiki/...

Note how about 2010, give or take a bit depending on demographics, they peaked (different trackers attract different users, so slight variance). What changed about then? What was their attitudes in mailing lists and their bug trackers about then? What kind of press were they getting? From whom? These are all the insights we have on them, and their users we only get a subset of opinions on. We can still draw some interesting conclusions about it that are testable against the rest of the dataset.

You can think whatever you want about me and my ego, cool, I support you in whatever you're going for there. But I'd prefer you pointed out how the data is wrong instead of trying to make it about my character somehow, because the data is all that matters to figuring out what's happening here. If my assessment needs adjusting, I'm happy to hear it. If all you've got is a theory about my projecting or something, we should probably move on. I know my bias. Doesn't change the data.

Firefox has all but given up trying to improve.

You really don't know what you're talking about.

I can say that while Firefox people definitely haven't "given up," they keep killing every feature people love, and bringing in features that their core demographic doesn't care about. 64-bit doesn't matter, it has to be installed differently and my mother isn't going to figure out how or which version she's launching. Multi-process? For what? Javascript apps are still going to run in a single thread, and background tabs are still going to be slowed to a crawl. If they don't, nobody will notice anyway.

The add-on story is far worse. They keep threatening to get rid of extensions and only support X or Y type (is XUL still being pushed? I haven't checked lately). There's so many uncertainties there.

What I'm saying is, I love Firefox as a piece of tech, but they keep abandoning their community in the pursuit of some ideal that none of their users care about. My favorite example of this? There is a bug in Firefox where if you disable a button in Javascript for whatever reason, and then refresh the page, that button will remain disabled because it's "preserving the form state" even if the HTML clearly defines it should start enabled (like form validation or something, it doesn't matter, really). This is /only/ in Firefox, and the devs won't accept a fix patch or fix it themselves, because "it would be a bad user experience." The user can't disable or enable a button without using Javascript anyway, and that's not a user at that point. Logically, without any opinion on what should be done, none of this behavior should exist, but it was added by design from the core devs.

That is not the only example, but it is a distilled version of their attitude towards users and devs. Their story is the only reality. It is as this point that any project ultimately loses all but the die-hard fans. Lots of historical precedence on that one.

https://bugzilla.mozilla.org/s... It's 6 years old, the Bootstrap team started weighing in 3 years ago. This is why people might believe they have "given up." An incorrect wording in my opinion, but the sentiment is accurate and measurable in their written communications.

Web workers can be run concurrently if the individual's browser allows for it. The biggest limitation to web workers is that memory cannot be shared between workers. Data is always copied and sent via message between workers and the main thread, so there is some overhead. https://developer.mozilla.org/...

making a simple, secure, extensible browser

In fact, it doesn't even say anything about a browser. Their mission is to promote openness, innovation & opportunity on the Web. Whether they are making any progress with that is up for debate, but it's silly to complain about the browser every time you see the word "Mozilla". Mozilla the organization is bigger than Firefox.

[Mozilla needs to be forked again] For XUL and Npapi compatibillity puerposes.[sic]

Mozilla is already forked for exactly this reason. But please read the WebExtensions FAQ before telling us again what you don't know about how and why Mozilla foundation intends to replace those previous-century APIs with something modern that benefits from an additional decade of experience with, among other things, security, privacy and performance issues. And maybe think about a thank you for opening the process up to public debate nice and early.

One point I would suggest paying particular attention to: Will I be able to do everything I can in a legacy technology? The answer is no. The details of that no are awfully important. This is for sure a place where educated feedback would be useful and most probably well received.

As a long-time user though, I can hope that this is finally the act that causes share to plummet enough to make them realize that extensions are the ONLY good thing left about Firefox.

They already realize that. From the FAQ, they want to announce the intention to deprecate XUL, XPCOM[1] et al early, in order to enhance community involvement in honing the new WebExtensions model. Hopefully, WebExtensions will provide all the same functionality as the deprecated APIs, plus important advantages.

The perception issue seems to be that a plan to improve extensibility has been misinterpreted as a plan to abandon extensibility. I for one am convinced by the FAQ, but that is just a quickly formed opinion. Only someone actually involved in extension development, with experience in both the old and new models can tell you the real story.

[1[ Remember COM? Yikes.

That's not true at all. Firefox extends the Chrome extensions API in various places as needed. For example, see the "New APIs" here: https://blog.mozilla.org/addon...
Another example: Firefox has implemented a "sidebar" Webextensions API, Chrome has not. https://bugs.chromium.org/p/ch... https://bugzilla.mozilla.org/s...

That's not true at all. Firefox extends the Chrome extensions API in various places as needed. For example, see the "New APIs" here: https://blog.mozilla.org/addon...
Another example: Firefox has implemented a "sidebar" Webextensions API, Chrome has not. https://bugs.chromium.org/p/ch... https://bugzilla.mozilla.org/s...

Ultimately, this will affect almost no one. Planning for this change has been happening for a long time now. Your favorite add-ons will continue to work.

https://developer.mozilla.org/...

Compared with XUL/XPCOM extensions, WebExtensions provide much more limited options for the add-on's UI, and a much more limited set of privileged JavaScript APIs.

WebExtensions can only access web content by injecting separate scripts into web pages and communicating with them using a messaging API (note, though, that this is also true of XUL/XPCOM extensions that expect to work with multiprocess Firefox).

Those are the facts. That is right from the horse's mouth. Not all extensions are going to be ported. Period. Maybe a few of the most popular, but it's basically going to be like porting your extension to Chrome. FF basically will be Chrome as far as extensions are concerned.

The new WebExtensions API is capable of many things but there is going to be a lot of lost capabilities. There are some pages comparing the capabilities and you'll find WebExtensions is lacking in many areas.

WebExtensions versus XUL/XPCOM extensions - see "Services.jsm API" table.
WebExtensions versus Add-on SDK - see "Low-level APIs" table

I don't know if Firefox will recover from this kind of seismic shift in APIs. Let's just hope they were rarely utilized parts of the API or that they are currently developing new replacements for the parts that people loved.

The new WebExtensions API is capable of many things but there is going to be a lot of lost capabilities. There are some pages comparing the capabilities and you'll find WebExtensions is lacking in many areas.

WebExtensions versus XUL/XPCOM extensions - see "Services.jsm API" table.
WebExtensions versus Add-on SDK - see "Low-level APIs" table

I don't know if Firefox will recover from this kind of seismic shift in APIs. Let's just hope they were rarely utilized parts of the API or that they are currently developing new replacements for the parts that people loved.

https://blog.mozilla.org/addon...

Sure, try https://www.mozilla.org/en-GB/...

If that image of Torvalds didn't render in your version of Firefox then you may have local issues.

No. I use RSS feeds into live bookmarks straight to my browser's bookmark toolbar. I have done this for years, it's a wonderful technology you can use with virtually all news sites, and you can then easily pick and choose the articles you want from updated drop down folders on your toolbar.

• BBC World News: http://news.bbc.co.uk/rss/news...
• CBC World News: http://rss.cbc.ca/lineup/world...
• CBC Canadian News: http://rss.cbc.ca/lineup/canad...
• Globe & Mail World News: http://feeds.feedburner.com/Th...
• CNN World News: http://rss.cnn.com/rss/cnn_wor...
• CNN US News: http://rss.cnn.com/rss/cnn_us....

For Mozilla or (better yet) PaleMoon browsers you just click on the link above, then on the resultant page click Subscribe Now into Live Bookmarks. I suspect Chrome is similar. This will buy you automatically updated headlines from multiple respected news outlets with different viewpoints in dropdown menus. Why anyone would use Facebook for news is beyond me. If you ask me, anyone who does go to Facebook for news deserves what they get. Facebook is a sewer of trolls initiating social malware for the kick it gives them to see their garbage repeated. Go to news sources for news. Go to facebook to try and make yourself feel better about how well liked you are.

You can configure this setting in Firefox. It doesn't look like Chrome has a similar configuration.

http://kb.mozillazine.org/Abou...
network.http.max-persistent-connections-per-server - default = 6

Try setting this to 1.

Source:
https://support.mozilla.org/t5...

On newer browsers, you can sleep in a loop, or more generally, "return" from an asynchronous API.
All you have to do is to wrap your code in a generator.

function sleep(f, ms){ setTimeout(j=>f.next(), ms) }
function wget(f, url){
        fetch(url).then(r => r.ok ? r.text().then(t => f.next(t)) : f.next())
}
var frame = function*(){
        for(var url in url_list){
                code...
                var text = yield wget(frame, url);
                more code...
                yield sleep(frame, 500);
                more code...
        }
}(); frame.next()

It's a pity they managed to make it so awkward -- I don't understand why they have to take simple concepts from scheme or smalltalk and wrap them in obtuse abstractions (generators, iterators, factories, whatever).

Thanks for saying that. Apparently you mean Firefox is moving to extensions and away from add-ons. I don't know the difference. I only know that there have been add-ons, exensions, and plugins, 3 names for what seems the same to users.

It's amazing how bad Mozilla Foundation is at communicating.

The Classic Theme Restorer author is saying we will be forced to use the new Firefox theme.

Pale Moon no longer supports Ghostery.

I forgot to mention: Tab Mix Plus

No only the Mozilla Foundation, but many technology organizations are poorly managed. Any theories about why that is so?