How to Quash Firefox's Silent Requests

An anonymous reader writes: Unlike older versions of Firefox, more recent versions will make a request to a destination server just by hovering over a link. No CSS, no JavaScript, no prefetch required. Try it for yourself. Disable CSS and JavaScript and fire up iftop or Windows Resource Monitor, hover over some links and watch the fun begin. There once was a time when you hovered over a link to check the 'real link' before you clicked on it. Well no more. Just looking at it makes a 'silent request.' This behavior is the result of the Mozilla speculative connect API . Here is a bug referencing the API when hovering over a thumbnail on the new tab page. And another bug requesting there be an option to turn it off. Strangely enough the latter bug is still labeled WONTFIX even though the solution is in the comments (setting network.http.speculative-parallel-limit to 0).

Firefox's own How to stop Firefox from making automatic connections also mentions setting network.http.speculative-parallel-limit to 0 to to stop predictive connections when a user "hovers their mouse over thumbnails on the New Tab Page or the user starts to search in the Search Bar" but no mention regarding hovering over a normal link. Good thing setting network.http.speculative-parallel-limit to 0 does appear to disable speculative connect on normal links too. One can expect Firefox to make requests in the background to its own servers for things such as checking for updates to plugins etc. But silently making requests to random links on a page (and connecting to those servers) simply by hovering over them is something very different.

Re: Need a new browser. Not Chome, not IE, Not FF.

The only other major thing I can think of is that it (like other browsers) doesn't ask you for permissions for websites to use WebRTC, which means that sites can sniff your local IP addresses if they're clever. This is a spec issue, but unless you're in the know as to what debates are going on about this misfeature, it's easy to assume that Mozilla are dropping the ball on this (and people love to conveniently blame Mozilla when they aren't stopping bad things, but never thank them for the good they do).

Not in Gmail; images are cached

[SuperBanana]

Gmail caches any images in an email, and serves them through their own servers, in order to prevent tracking bugs from having any effect.

The greater concern for me is what happens when you hover over a link that causes action by virtue of the URL being hit? I assume they must have done some filtering-out GET URLs, but...what about URLs that are prettified? Jesus, this is such a bad idea all around.

Re:that's just

[narcc]

I hate to break it to you, but Chromium has done this for years.

Re:Thanks anonymous reader!

[Zero__Kelvin]

"And I'll be a monkey's buttplug if I can make sense of the FireFox build process."

So you are saying that you can make sense of the FireFox build process. Good for you!

"Make sure you've read and understood the whole comment before replying."

I've been writing code for more than 30 years, and I can assure you that no even moderately competent software professional would claim that "It's a hell of a lot easier to make changes in binaries at this point in time." Claiming #ifdefs are a problem just cuts to the core of how completely incompetent you are.

Re:Thanks anonymous reader!

[ciaran2014]

AFAIK, it's actually better still: only a *portion* of the hash is sent. Google then sends you its matching hashes and their corresponding classification (malware, not malware), and your computer compares the full has to the list received.

So Google doesn't even know if you accessed a blacklisted URL.