Slashdot Mirror


How to Quash Firefox's Silent Requests

An anonymous reader writes: Unlike older versions of Firefox, more recent versions will make a request to a destination server just by hovering over a link. No CSS, no JavaScript, no prefetch required. Try it for yourself. Disable CSS and JavaScript and fire up iftop or Windows Resource Monitor, hover over some links and watch the fun begin. There once was a time when you hovered over a link to check the 'real link' before you clicked on it. Well no more. Just looking at it makes a 'silent request.' This behavior is the result of the Mozilla speculative connect API . Here is a bug referencing the API when hovering over a thumbnail on the new tab page. And another bug requesting there be an option to turn it off. Strangely enough the latter bug is still labeled WONTFIX even though the solution is in the comments (setting network.http.speculative-parallel-limit to 0).

Firefox's own How to stop Firefox from making automatic connections also mentions setting network.http.speculative-parallel-limit to 0 to to stop predictive connections when a user "hovers their mouse over thumbnails on the New Tab Page or the user starts to search in the Search Bar" but no mention regarding hovering over a normal link. Good thing setting network.http.speculative-parallel-limit to 0 does appear to disable speculative connect on normal links too. One can expect Firefox to make requests in the background to its own servers for things such as checking for updates to plugins etc. But silently making requests to random links on a page (and connecting to those servers) simply by hovering over them is something very different.

2 of 294 comments (clear)

  1. Re:Tired... by Anonymous Coward · · Score: -1, Troll

    Maybe you're just a little retarded for believing slashdot blindly without reading the article?!

    This has nothing to do making silent requests to random sites.
    Try it yourself, get the HttpFox addon and monitor how firefox doesn't make any random requests on hover!

    Slashdot is on a war against Mozilla/Firefox.

  2. Re:Thanks anonymous reader! by Bite+The+Pillow · · Score: -1, Troll

    If I have to change some obscure setting to make one of the most recognized open source projects not shit my information all over the internet, then what is the point of open source?

    RMS was right. Fuck all of you in betweeners.

    Either you buy Windows 10 enabled shite, or you read the code.

    Otherwise, don't even begin to tell me that something that assjack1745 committed to github is more secure than anything you can comprehend. Because unless you read it, it's not secure.

    I'm posting from 2 day old FireFox. Might as well not trust that it's me.