Slashdot Mirror

This "new API, which Mozilla gave more then a year's notice of," launched without counterparts to several categories of functionality present in the old API. This was despite extension developers giving Mozilla "more then a year's notice of" the fact that these categories of functionality were missing in the new API.

Need a specific example? Let me know when the request for a way to rebind shortcuts becomes RESOLVED FIXED or even ASSIGNED. Right now, it's marked as "NEW" which means "will not be worked on by staff".

My mileage did vary.

Ctrl+Q in Firefox for Linux is mapped to "immediately close all open HTML documents." But it's adjacent to Ctrl+W (close one document) and Ctrl+Tab (switch to next open document in the same window). Some Slashdot users claim that Firefox on some platforms instead binds quit to Ctrl+Shift+Q, but this is still adjacent to Ctrl+Shift+Tab (switch to previous open document in the same window). "Restore Previous Session" restores which documents were open, but it doesn't always restore changes made by scripts to the DOM of those documents, nor data entered into unsubmitted forms in those documents, especially if the form was added to the document by a script. Slashdot D2 comment forms are one example of this, as are comment forms on Explosm.net (the home of the webcomic Cyanide & Happiness).

There used to be an extension called "Keybinder" to disable the Ctrl+Q shortcut for quit. But as described on the README of its GitHub repository, it didn't make the transition because WebExtensions don't support anything analogous to XUL keysets. This is bug 1325692, which was marked "wontfix" for Firefox 57.

This is more of a server attack and a web host attack.

You might want to read this Mozilla blog post.

https://blog.mozilla.org/secur...

52 ESR was already fixed last week Thursday with version 52.5.3.

Download Status Bar has been abandoned, Download Manager (S3) forked it.
https://addons.mozilla.org/en-...

Tor Browser removes all telemetry/crash reports and it's optimized for privacy.
Also add MITM blocker to know about your connection.

Nope. No equivalent for the following either
https://addons.mozilla.org/en-...
https://addons.mozilla.org/en-...
I like my menus. I like my status bar.

Nope. No equivalent for the following either
https://addons.mozilla.org/en-...
https://addons.mozilla.org/en-...
I like my menus. I like my status bar.

They ARE, however, the only browser left that at least tries to respect user privacy

You should really read Firefox's privacy policy. Please, do it, for your own safety.

Firefox's very own privacy policy readily admits that it can share personal data with Google and other companies in a variety of ways.

The September 28, 2017 version of it states (with emphasis added):

Webpage and technical data to Google’s SafeBrowsing service: To help protect you from malicious downloads, Firefox sends basic information about unrecognized downloads to Google's SafeBrowsing Service, including the filename and the URL it was downloaded from.

Location data to Google's geolocation service: Firefox always asks before determining and sharing your location with a requesting website (for example, if a map website needs your location to provide directions). To determine location, Firefox may use your operating system’s geolocation features, Wi-fi networks, cell phone towers, or IP address, and may send this data to Google's geolocation service, which has its own privacy policy.

On iOS and Android: Firefox by default sends mobile campaign data to Adjust, our analytics vendor, which has its own privacy policy. Mobile campaign data includes a Google advertising ID, IP address, timestamp, country, language/locale, operating system, and app version.

It can also send information to SalesForce:

Your email address is sent to our email vendor, SalesForce Marketing Cloud

And to some "Adjust" company:

Firefox by default sends mobile campaign data to Adjust, our analytics vendor

And to some "Leanplum" company:

Firefox by default sends data about what features you use in Firefox to Leanplum, our mobile marketing vendor

If you're using Firefox because you wrongly think it "tries to respect user privacy", then you're very mistaken. Firefox's very own privacy policy shows that it collects a lot of user data, and it can send this user data all over the place, including to Google.

In my opinion, Firefox does not respect its users privacy at all. It's even worse that there are people like you spreading misinformation about Firefox, suggesting it respects the privacy of its users when as far as I'm concerned it very clearly doesn't.

This bug was also fixed in Firefox 52, on the same day that they released the FF 57 bugfix. So if you want to keep crash reports off, receive latest security updates and still have all your old extensions work then Firefox 52 is still an option.

Show me an equivalent addon to this one that runs on Firefox 57+ and maybe I'd be willing to use the browser. I can't stand the default key bindings.

"you cut 30% off the performance of my CPU expect to hear about it.
--
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-..."

I can't be the only person who sees the irony of a person complaining about performance degradation and that they make Firefox plug-ins in the same post.

Anyone who knows anything about TLS also knows about digital signatures and checkhashes.

What browsers will accept a cipher suite containing only key exchange and HMAC (the "digital signatures and checkhashes") without bulk encryption?

There's even a year-old W3C spec called Subresource Integrity that addresses this problem.

Even if it works for images, style sheets, and scripts, it won't work for the HTML document itself because it's subresource integrity, not mainresource integrity. In addition, Mozilla's page about SRI doesn't mention the ability for an HTTPS document to use SRI to verify cleartext subresources in order to avoid restrictions imposed by browsers' Mixed Content and Secure Contexts policies. Nor does W3C's spec, though section 5.1 "Non-secure contexts remain non-secure" thereof (wisely) suggests not trusting SRI when the main document is cleartext.

Already it's being exploited and wasting everyone's computing power to scrape up cryptopennies

By default uBlock Origin includes a block list to protect against resource abusing scripts, such as coin mining scripts. And, if you think the default block list is not enough, you can add additional block lists to uBlock Origin like the NoCoin list. So protect yourself with uBlock Origin and browse happy.

Ah yes, because proxies don't exist in 2017...

it's with all scripts because any of them can be malicious

Then NoScript or uMatrix can help you. uBlock Origin's advanced mode is also very powerful if you want to stick with the one add-on (which is better for the sake of simplicity).

it's with all scripts because any of them can be malicious

Then NoScript or uMatrix can help you. uBlock Origin's advanced mode is also very powerful if you want to stick with the one add-on (which is better for the sake of simplicity).

Already it's being exploited and wasting everyone's computing power to scrape up cryptopennies

By default uBlock Origin includes a block list to protect against resource abusing scripts, such as coin mining scripts. And, if you think the default block list is not enough, you can add additional block lists to uBlock Origin like the NoCoin list. So protect yourself with uBlock Origin and browse happy.

I really don't get your attitude.

All you want to do is watch something on your TV, but now you have to resort to using one of these "sticks", and you have to install Firefox, and then you have to use YouTube, and only then can you actually get around to watching what you wanted to watch!

It seems fucking idiotic to me.

And I really don't understand why you'd be eager to use Firefox. It has proven itself to be the worst mainstream browser, and even then it's barely "mainstream" now that its market share has dropped to probably 5% at most. The Firefox 57 release was, in my opinion, a massive disaster, with it breaking pretty much all extensions for no good reason. Even now, well over a month after its release, we still only have half-assed reimplementations of many important extensions. That's before we even start to consider how Firefox's performance is so noticeably inferior to that of Chrome, Edge, and Safari, even with the alleged performance improvements that Firefox 57 was supposed to contain. Then there's the whole nightmare of it sending data to Google and other companies, as stated in Firefox's privacy policy.

Everything about this situation makes me wonder why you put up with it. It's not like the content on services like YouTube or Netflix is even that good.

Lightning for calendaring, included with Thunderbird

Provider for Google Calendar

gContactSync

Pair all that with a Gmail account and you've got IMAP, calendar, and contacts two-way sync. Easy peasy!

Lightning for calendaring, included with Thunderbird

Provider for Google Calendar

gContactSync

Pair all that with a Gmail account and you've got IMAP, calendar, and contacts two-way sync. Easy peasy!

Lightning for calendaring, included with Thunderbird

Provider for Google Calendar

gContactSync

Pair all that with a Gmail account and you've got IMAP, calendar, and contacts two-way sync. Easy peasy!

I can't find a language spec for "web technologies"

In the context of browser extensions, the relevant specs are ECMA-262, CSS, HTML Living Standard, and WebExtensions API.

Even if it could perhaps be disabled, it will likely be impossible to remove all traces of its code from one's system.

WebAssembly runs on the JavaScript VM in your browser just like JavaScript does now. You don't need to "remove all traces of its code" from your system, just clear your browse cache and any cached copies are gone. If you don't want to run WebAssembly (or JavaScript) then just use an extension like NoScript or uMatrix to block it.

Even if it could perhaps be disabled, it will likely be impossible to remove all traces of its code from one's system.

WebAssembly runs on the JavaScript VM in your browser just like JavaScript does now. You don't need to "remove all traces of its code" from your system, just clear your browse cache and any cached copies are gone. If you don't want to run WebAssembly (or JavaScript) then just use an extension like NoScript or uMatrix to block it.

They do. Set Firefox's built-in tracking protection to "always" and it won't load them at all.

make NoScript and other real tracking protection not work anymore all in the name of "speed."

Firefox has tracking protection built-in. Set it to "always" and it will be on in both normal and private browsing modes. NoScript works in Firefox 57+ and the author of NoScript says Firefox has "the best Browser Extensions API available on any current browser".

Your claims don't match up to the practical realities. Just use Firefox and be happy.

make NoScript and other real tracking protection not work anymore all in the name of "speed."

Firefox has tracking protection built-in. Set it to "always" and it will be on in both normal and private browsing modes. NoScript works in Firefox 57+ and the author of NoScript says Firefox has "the best Browser Extensions API available on any current browser".

Your claims don't match up to the practical realities. Just use Firefox and be happy.

I thought firefox was open source. Is this list hidden on a third party domain that gets pinged everytime my browser wants to do a request?

Source code is available here for you to check:

https://archive.mozilla.org/pu...

Probably because Firefox 57 broke almost every single plug-in

Ghostery and Privacy Badger both work with Firefox 57+ and so do 7,799 other add-ons. Your narrative doesn't hold up.

Probably because Firefox 57 broke almost every single plug-in

Ghostery and Privacy Badger both work with Firefox 57+ and so do 7,799 other add-ons. Your narrative doesn't hold up.

I edited it out because nobody answered my previous question about practical methods of distributing the root certificate of "roll your own CA" to guests' devices.

https://wiki.mozilla.org/CA:AddRootToFirefox

The percentage covers only the subset of users who have opted into Firefox telemetry. If you want to make your votes not count, that choice is yours. Just don't whine when Mozilla cuts your pet feature for lack of usage share justifying the maintenance cost.

I am generally curious why someone would need EVERY site to be secured by https.

What about small businesses who dont offer any downloads or have any contact forms and as such their websites function like a digital flier. Those sites do not really need to have HTTPS certs and actually requiring them (as seems to be the future plans) creates extra burdens on a small company who rarely has a need to touch their web page much less manage certs.

In reference to what seems to be future plans:
https://blog.mozilla.org/secur...

"Q. Does this mean my unencrypted site will stop working?

Not for a long time.Transitioning the web to HTTPS is going to take some time. The first thing weâ(TM)re going to do is require HTTPS for new features. So whatever your website does today, it will still work for months or years."

http clearnet = insecure
http cloudflare = insecure TLDR
http .onion = secure
http localhost = secure
http (IP on private network) = secure
else http = insecure

https clearnet = secure
https cloudflare = insecure TLDR
https .onion = double secure
https localhost = warn(selfsign), secure
https (private IP) = warn, secure
else https = secure

http clearnet = insecure
http cloudflare = insecure TLDR
http .onion = secure
http localhost = secure
http (IP on private network) = secure
else http = insecure

https clearnet = secure
https cloudflare = insecure TLDR
https .onion = double secure
https localhost = warn(selfsign), secure
https (private IP) = warn, secure
else https = secure

HTTPS requires a certificate, and a certificate that requires a fully qualified domain name. The CA/Browser Forum's Baseline Requirements forbid issuing certificates in RFC 1918 private networks (such as 10/8 and 192.168/16) or the mDNS reserved domain (.local). This means everything on the average user's local area network will end up marked "Not Secure", such as the administration interface of the user's router, printer, or network attached storage (NAS) device.

The document "Deprecating Non-Secure HTTP" states that Mozilla is aware of this problem but fails to offer a solution:

Q. What about my home router? Or my printer?

The challenge here is not that these machines can’t do HTTPS, it’s that they’re not provisioned with a certificate. A lot of times, this is because the device doesn’t have a globally unique name, so it can’t be issued a certificate in the same way that a web site can. There is a legitimate need for better technology in this space, and we’re talking to some device vendors about how to improve the situation.

It should also be noted, though, that the gradual nature of our plan means that we have some time to work on this. As noted above, everything that works today will continue to work for a while, so we have some time to solve this problem.

(subject too long; "... is insecure?")

AWS leak, Cloud Offline, Google Chromebook incident, Cloudflare's Cloudbleed, etc etc.

Stop using Cloud and install WAF. Use ISP's packet throttle system to reduce DDoS damage. You can do it without cloud.

https://addons.mozilla.org/en-...

It was pretty prominent in the update info for FF 57.

You're full of bullshit.

Here are the Firefox 57 release notes.

This is what I see:

The introductory paragraphs say nothing about this extension injection or "studies".

The "new" section says nothing about extension injection or "studies".

The "fixed" section says nothing about extension injection or "studies".

The "changed" section says nothing about extension injection or "studies".

The "developer" section says nothing about extension injection or "studies".

The "unresolved" section says nothing about extension injection or "studies".

I don't see the release notes saying anything about this extension injection or "studies" junk at all.

So that's why I think you're full of bullshit when you say it was "pretty prominent in the update info for FF 57".

It's no wonder that so many people had no idea that Mozilla could infect Firefox in such a way.

The Firefox 57 release notes don't, from what I can see, make it clear that this was supported.

Speed isn't the only factor to consider when choosing a web browser. Another important factor to consider is how well the browser respects the privacy of its users.

For a long time I had been under the misconception that Firefox respected my privacy more than Chrome or other browsers. But then I actually read Firefox's privacy policy.

It turns out that Firefox's very own privacy policy readily admits that it can share personal data with Google and other companies in a variety of ways.

The September 28, 2017 version of it states (with emphasis added):

Webpage and technical data to Google’s SafeBrowsing service: To help protect you from malicious downloads, Firefox sends basic information about unrecognized downloads to Google's SafeBrowsing Service, including the filename and the URL it was downloaded from.

Location data to Google's geolocation service: Firefox always asks before determining and sharing your location with a requesting website (for example, if a map website needs your location to provide directions). To determine location, Firefox may use your operating system’s geolocation features, Wi-fi networks, cell phone towers, or IP address, and may send this data to Google's geolocation service, which has its own privacy policy.

On iOS and Android: Firefox by default sends mobile campaign data to Adjust, our analytics vendor, which has its own privacy policy. Mobile campaign data includes a Google advertising ID, IP address, timestamp, country, language/locale, operating system, and app version.

It can also send information to SalesForce:

Your email address is sent to our email vendor, SalesForce Marketing Cloud

And to some "Adjust" company:

Firefox by default sends mobile campaign data to Adjust, our analytics vendor

And to some "Leanplum" company:

Firefox by default sends data about what features you use in Firefox to Leanplum, our mobile marketing vendor

Those are just some very small excerpts from a rather long privacy policy, too. Firefox also sends a lot of information to Mozilla.

I had no idea that Firefox collected so much information about me and my browsing habits, and I had no idea that Firefox sent this data to so many different organizations, including Google and these other companies.

It doesn't matter that I could potentially disable some of this data collection and sending. The fact remains that even if it's disabled, the code is still present to collect and send this data, and there's always the risk of it being re-enabled without me noticing it. After all, it was only days ago that Mozilla itself remotely injected an advertising-related extension into many Firefox installations. I can't trust them to not make other changes to my Firefox installation now.

Frankly, I don't know which browser to use at this point. I've temporarily moved to Edge because it's not Chrome, and it's not FIrefox (which as far as I'm concerned is no better than Chrome at this point, and may actually be much worse). I may end up settling on Chromium.

A little Googling leads me to think the Looking Glass add-on was installed via the Firefox built-in Shield Recipe Client Feature, also described here: Firefox/Shield/Shield Studies, which is documented as:

Shield is a Firefox user testing platform for proposed, new and existing features and ideas.

Shield Studies is a function of the Shield project that prompts a random population of users to help us try out new products, features, and ideas.

I have this disabled via the following pref.js settings:

// Disable Shield Recipe Client
user_pref("app.shield.optoutstudies.enabled", false);
user_pref("extensions.shield-recipe-client.enabled", false);

A little Googling leads me to think the Looking Glass add-on was installed via the Firefox built-in Shield Recipe Client Feature, also described here: Firefox/Shield/Shield Studies, which is documented as:

Shield is a Firefox user testing platform for proposed, new and existing features and ideas.

Shield Studies is a function of the Shield project that prompts a random population of users to help us try out new products, features, and ideas.

I have this disabled via the following pref.js settings:

// Disable Shield Recipe Client
user_pref("app.shield.optoutstudies.enabled", false);
user_pref("extensions.shield-recipe-client.enabled", false);

> HTML can’t handle Python spaces.

Oh rly?

I think that most people are in agreement that it would be wrong for a B&B or hotel or motel host to spy on users/customer of the facility in question, especially when in areas where the utmost level of privacy is expected, such as a washroom.

These people would consider it even worse if any information captured by way of such spying was shared with unrelated third parties.

But why isn't that same standard applied to web browsers?

For example, read Firefox's privacy policy.

Firefox's very own privacy policy readily admits that it can collect and share personal data with Google and other companies in a variety of ways.

The September 28, 2017 version of it states (with emphasis added):

Webpage and technical data to Google’s SafeBrowsing service: To help protect you from malicious downloads, Firefox sends basic information about unrecognized downloads to Google's SafeBrowsing Service, including the filename and the URL it was downloaded from.

Location data to Google's geolocation service: Firefox always asks before determining and sharing your location with a requesting website (for example, if a map website needs your location to provide directions). To determine location, Firefox may use your operating system’s geolocation features, Wi-fi networks, cell phone towers, or IP address, and may send this data to Google's geolocation service, which has its own privacy policy.

On iOS and Android: Firefox by default sends mobile campaign data to Adjust, our analytics vendor, which has its own privacy policy. Mobile campaign data includes a Google advertising ID, IP address, timestamp, country, language/locale, operating system, and app version.

It can also send information to SalesForce:

Your email address is sent to our email vendor, SalesForce Marketing Cloud

And to some "Adjust" company:

Firefox by default sends mobile campaign data to Adjust, our analytics vendor

And to some "Leanplum" company:

Firefox by default sends data about what features you use in Firefox to Leanplum, our mobile marketing vendor

Some people will probably say, "It's not a big deal! Just disable it!". That's like saying, "It's not a big deal that the hotel operator has a camera in the bathroom and they're watching you shower! Just turn off the lights and be very quiet!". We can all see how stupid and flawed that argument is.

Just like a hotel room's bathroom should not have cameras or listening devices in it, a web browser should not even support data collection and transmission like is described in Firefox's privacy policy.

Browser data collection and transmission that is merely disabled is no different from a camera/microphone that's in a hotel bathroom and turned off. In both cases it's extremely creepy and any reasonable person would consider such monitoring to be invasive and totally unacceptable.

You should really read Firefox's privacy policy.

Firefox's very own privacy policy readily admits that it can share personal data with Google and other companies in a variety of ways.

The September 28, 2017 version of it states (with emphasis added):

Webpage and technical data to Google’s SafeBrowsing service: To help protect you from malicious downloads, Firefox sends basic information about unrecognized downloads to Google's SafeBrowsing Service, including the filename and the URL it was downloaded from.

Location data to Google's geolocation service: Firefox always asks before determining and sharing your location with a requesting website (for example, if a map website needs your location to provide directions). To determine location, Firefox may use your operating system’s geolocation features, Wi-fi networks, cell phone towers, or IP address, and may send this data to Google's geolocation service, which has its own privacy policy.

On iOS and Android: Firefox by default sends mobile campaign data to Adjust, our analytics vendor, which has its own privacy policy. Mobile campaign data includes a Google advertising ID, IP address, timestamp, country, language/locale, operating system, and app version.

It can also send information to SalesForce:

Your email address is sent to our email vendor, SalesForce Marketing Cloud

And to some "Adjust" company:

Firefox by default sends mobile campaign data to Adjust, our analytics vendor

And to some "Leanplum" company:

Firefox by default sends data about what features you use in Firefox to Leanplum, our mobile marketing vendor

If you're using Firefox because you want to avoid sending data to Google or other companies, well, you've fucked up!

In my opinion, Firefox does not respect its users privacy at all. It's even worse that there are people like you spreading misinformation about Firefox, suggesting it respects the privacy of its users when as far as I'm concerned it very clearly doesn't.

As far as I'm concerned, Firefox is just as bad as Chrome is. In fact, Firefox might even be worse, because so many people mistakenly believe it's somehow better.

If you think that Chrome is "creepy" and you don't trust Opera and Vivaldi because they're based on Chromium, then you really, really, really should read Firefox's privacy policy.

Firefox's very own privacy policy readily admits that it will share personal data with Google and other companies in a variety of ways.

The September 28, 2017 version of it states (with emphasis added):

Webpage and technical data to Google’s SafeBrowsing service: To help protect you from malicious downloads, Firefox sends basic information about unrecognized downloads to Google's SafeBrowsing Service, including the filename and the URL it was downloaded from.

Location data to Google's geolocation service: Firefox always asks before determining and sharing your location with a requesting website (for example, if a map website needs your location to provide directions). To determine location, Firefox may use your operating system’s geolocation features, Wi-fi networks, cell phone towers, or IP address, and may send this data to Google's geolocation service, which has its own privacy policy.

On iOS and Android: Firefox by default sends mobile campaign data to Adjust, our analytics vendor, which has its own privacy policy. Mobile campaign data includes a Google advertising ID, IP address, timestamp, country, language/locale, operating system, and app version.

It can also send information to SalesForce:

Your email address is sent to our email vendor, SalesForce Marketing Cloud

And to some "Adjust" company:

Firefox by default sends mobile campaign data to Adjust, our analytics vendor

And to some "Leanplum" company:

Firefox by default sends data about what features you use in Firefox to Leanplum, our mobile marketing vendor

If you're using Firefox because you want to avoid sending data to Google or other companies, well, you've fucked up!

Some Firefox fanatics will probably come along and claim that it's "not a big deal" because this data collection and tracking "can be disabled in some cases" or claim that "'can' doesn't mean 'will'". None of that matters! Even just being able to collect and send out personal data like described in Firefox's privacy policy is unacceptable, even if it's disabled.

In my opinion, Firefox does not respect its users' privacy at all. It's even worse that there are people like you spreading misinformation about Firefox, suggesting it respects the privacy of its users when as far as I'm concerned it very clearly doesn't.

This has nothing to do with their business model or any other CA's ... other than the one who bought them.
Mozilla has a very detailed rundown of what the problems were with Startcom and Wosign. Both Startcom and their parent have multiple failings listed against them which breached their trust.

Things like these are the reason why I'm not donating money to Mozilla.

If - and I don't yet know if this is the case, they don't actually seem to say - this represents a stand-alone, does-not-go-to-the-LAN-or-WAN speech-to-text system... with an error rate of 6.5% on English speech as claimed... then it's way more important than Yet Another Web Browser.

This is precisely the kind of thing projects like Mycroft need to become not just another way to send your activity out on the net, which inherently decreases both reliability and security.

If indeed this is what this is, then the door opens for all manner of sophisticated home advances we can actually trust and depend on.

They claim around 1:1 [decode rate : normal speech rate] with a reasonably modern CPU/GPU. That needs considerable improvement. Reference quote from here:

On a MacBook Pro, using the GPU, the model can do inference at a real-time factor of around 0.3x, and around 1.4x on the CPU alone. (A real-time factor of 1x means you can transcribe 1 second of audio in 1 second.)

That's a lot of computing power to hand off, particularly in a laptop. Using just the CPU, you'll be pegging it the whole time you're talking, and then some. For a decent desktop, it's at least doable, but it's still a very heavy compute load.

Though... saying "MacBook Pro" doesn't really tell us enough... I have a MacBook Pro that is a dual-core Intel machine... it's not what you'd call quick. There are a lot of different hardware configs that could be described by "MacBook Pro."

Seems like a pretty big deal to have to dedicate a server to the STT task (but then again, if I could get my STT tasks out from under the cloud... I'd probably do it. I have a spare 3 GHz 8-core hanging around, so...) but I think for general use, they have to do better. This isn't going to fly well on a Raspberry pi, for instance, it'll just get way behind.

Still. IMHO, this may be important. Very.

Actually Web browsers need to implement a standardized speech recognition API (WebSpeech --- https://developer.mozilla.org/...), so this work could and probably will become part of Firefox. We wouldn't want speech-dependent Web applications to suck in Firefox on Linux because Firefox doesn't have access to a quality recognizer on free operating systems, would we?

This sort of thing is why building and maintaining Firefox is tremendously expensive. http://robert.ocallahan.org/20...

Mozilla needs something else to do instead of working on Firefox.

At least they are no longer spending donor dollars on sponsoring surfing contests.

After installing an outgoing firewall on my laptop I was amazed to see that Firefox was continuously sending updates about the wifi networks I was connected to to a maps.google.com/something address.

I was quite dissapointed, and switched to Waterfox for a while.

Why were you disappointed? How else do you think Geolocation features in a modern browser on the modern internet is supposed to work? If you want to drop the evil conspiracy then here's some information:

What, why and how: https://www.mozilla.org/en-US/...
Google's specific policy of how it handles Mozilla's requests: https://www.google.com/privacy...

Of course this API request is for Mozilla to get the current location from Google, so it sends your connected WiFi spot and Google replies with where you are. Nothing too exciting since all it's doing is getting the information from Google. It doesn't hand anything out without your permission (and neither does Chrome). That can all be managed under Settings > Permissions > Location.

Finally if you're truly paranoid, head to about:config and set geo.enabled = false.

The worst thing we ever did was give data to those people who are unwilling to take the time to understand it. With the curiosity of what is being sent where you should also add the curiosity of why, how and for what reason. Then you may actually simply turn the relevant setting off instead of panic switching to a whole different product for the wrong reasons.