NYT: 'Firefox Is Back. It's Time to Give It a Try.'

Another high-profile endorsement for Firefox -- this time from the lead consumer technology writer for The New York Times. (Alternate link here). The web has reached a new low. It has become an annoying, often toxic and occasionally unsafe place to hang out. More important, it has become an unfair trade: You give up your privacy online, and what you get in return are somewhat convenient services and hyper-targeted ads. That's why it may be time to try a different browser.

Remember Firefox...? About two years ago, six Mozilla employees were huddled around a bonfire one night in Santa Cruz, Calif., when they began discussing the state of web browsers. Eventually, they concluded there was a "crisis of confidence" in the web. "If they don't trust the web, they won't use the web," Mark Mayo, Mozilla's chief product officer, said in an interview.... After testing Firefox for the last three months, I found it to be on a par with Chrome in most categories. In the end, Firefox's thoughtful privacy features persuaded me to make the switch and make it my primary browser.
The Times cites privacy features like Firefox's "Facebook Container," which prevents Facebook from tracking you after you've left their site.

While both Chrome and Firefox have tough security (including sandboxing), Cooper Quintin, a security researcher for the Electronic Frontier Foundation, tells the Times that Google "is fundamentally an advertising company, so it's unlikely that they will ever have a business interest in making Chrome more privacy friendly."

Re:Facebook Container

[theweatherelectric]

I already use uBlock Origin in Firefox.

It might not solve the problem in your particular case, but also turn on Firefox's built-in tracking protection (set it to "always" to have it on all the time). It runs after any blocker add-ons and it blocks some stuff uBlock Origin misses.

Re: Strong Maybe?

[Z00L00K]

I think that they could up the stakes even more by tainting third party (and deeper when a third party site links further) cookies depending on which primary site you access so that the cookies are stored in a hierarchy and won't be cross-site accessible unless you tag them to be for selected sites.

It will of course require a completely new cookie manager and it would consume some more resources. But your privacy would be improved.

And that would of course also apply to other kinds of data as well so that the caching is also isolated as well as http headers.

Isolating information areas from each other is important in the world of today. I just feel sorry for those that have Facebook accounts considering that they are usually logged in to that service and then Facebook sees almost every site they visit. It's hard to filter out Facebook, but if you at least feed them less than useful data so it always looks like you are only visiting a certain site then their pool of data is diluted.

Of course they can still see that you come from the same IP address, but if all Facebook traffic is passed through a proxy then it won't do them any good. Selective proxy traffic routing for your internet access.

Re: manually disable pocket?

[Luckyo]

Pocket tracks your site usage to "give you a better home page by providing recommendations of sites to visit" among other things.

Re:NY Times paid ad??

[Luckyo]

They have been investing heavily in PR ever since Quantum disaster hit, and a large amount of people left firefox for any other browser, because there was no longer a meaningful reason to use it.

First PR push was "hey look, we have speed parity with chrome now". Took them a few months to realise that "parity in speed and parity with features" means that people that wanted extra features you axed will leave for mainstream browser, while being on par won't make any meaningful number of people switch the other way.

So now they have been trying other ways of selling firefox. This looks to be one of them, which is just silly. Firefox, as you note, most certainly collects usage patterns. Pocket which is built into firefox literally uses those to recommend web pages you should visit next if you go to your default home page in the browser.

Re:Firefox? Never left it.

[dwywit]

Not everyone has the latest and greatest hardware, or a decent, let alone high-speed internet connection. 1.5MBit/s is common around here. Nor - like a lot of my retired customers - do they have the money for the latest and greatest. I haven't seen a 486 for a while, but core2duos with Vista are still common. Do I tell them to upgrade? Sure I do. But they're mostly pensioners and have better things to spend the money on. I also tell them what will happen if malware gets in. Then I do a performance tuneup as best I can.

Now - I've seen chrome freeze, then crash the entire browser. Happened on my ex-wife's computer a few weeks ago. You're lucky it hasn't happened to you. Although it's a good idea in theory, anything can and does happen.

It's not the requests every hour that I mind so much (IME hourly checks simply aren't necessary for domestic users), but that so many programs think they need to do it at logon - while the owner waits, staring at a spinning hourglass. It's simply not necessary. If there was a trigger in MS Task scheduler that said "10/20/30 minutes AFTER logon", that'd be great. I like the option in Windows services to have an automatic but delayed start. it's not available for all processes.

It's a BIG perceived and actual performance gain if I can defer those checks until sometime after logon. FWIW I've not seen a virus, ransomware, or other malware infection for months. IMO the security suites are generally getting better at resisting these attacks. I make an educated assessment of their risk based on questions, needs, and other metrics, and then I tune their computers accordingly. Kids who surf lots of gaming and probably questionable websites? Turn the security up to 11. Ditto businesses with indifferent backup strategies (and don't think I don't berate people for not having dependable offsite backups). Pensioners who look at the weather and the sports results, and nothing else? Performance starts to take a higher priority. I'm approaching 60 myself and life is too short to spend waiting on pre-emptive URL scanning from FUD-loaded security suites. AVG I'm looking at you.

Can there be too much privacy protection?

[Mandrel]

Mozilla have to watch that they don't make Firefox's default privacy settings so restrictive that they weaken the power of the open Web relative to apps that can ask users permission to do just about anything. Apps are taking over enough already to tie the hands of website developers to do complex things, without any easy way for users to indicate that they trust a site to do certain things.

Sorry, but I don't buy it...

[The+Cynical+Critic]

They may claim to be all about privacy and all that stuff, but in reality their main source of reoccurring income has always been from the embedded search features, provided primarily by Google, the company they're talking up as the main enemy of privacy. Because of that I'm genuinely skeptical as to how truly committed they are to privacy as a proper committing to it would require them to stop using Google as the a search provider and we're not seeing anything even hinting towards this. Not only that, they also rather conveniently try to allude they're the only company trying to dedicate themselves to privacy when Opera has been doing that for years and Chromium is also basically a Chrome fork with much of the privacy-compromising stuff removed.

However the core of Mozilla's problems is that they've spent many years more focused on moonshot projects like FirefoxOS and politics, which includes everything from firing their CTO as he was taking the role of CEO on purely political grounds to spending a considerable amount of money modifying the codebase to modify any functionality using Master/Slave naming to not use it. To make up for this shortfall in spending on actual browser development they've also gone ahead and tried to streamline development by removing features despite very vocal opposition from their userbase. Hell, this isn't even the first time they've tried copying what their competition is doing, the last time they did major changes to the UI those changes ended up only making Firefox look more like Chrome and their users naturally hated that because if they'd want to use Chrome, then they'd actually use Chrome.

No, the real fundamental problem Firefox has had for the last decade or so is simply unfocused and incompetent management. Until they can to a complete management "flush" and replace their management with people focused on the actual product rather than everything else, I can't see Firefox going anywhere in terms of it's already small market share.

I went back to Firefox... and left again

[rnturn]

Intrigued by the claims that Firefox used a third less memory than--was it Chrome? Or older Firefoxes?--I decided to try using it again. That trial only lasted for a week or so. I'd stopped heavily using Firefox a couple of years ago and switched to Chrome. The main reason was that Firefox seemed to handle Javascript so badly. I'd grown tired of the "A script seems to be running slowly..." messages that popped up five minutes after Firefox had become catatonic. Plug-ins helped to a degree but I found that I was spending way too much time fiddling with filters, allowing this, disallowing that: "Great, I've finally tuned Firefox and its helper plug-ins to render this page with screwing up. But what about next week?" In my latest bout with Firefox, I didn't notice those messages popping up as much but with many web pages I still saw the CPUs pegged at 100% until I got to a console and could issue "killall -9 firefox". They may have done some good things with regard to privacy but until they do more--a lot more--about the poor performance I'll stay away.

Re: manually disable pocket?

[Luckyo]

Thanks for the instructions. I hope they will be helpful to me once I switch my main desktop beyond 52ESR.

My point wasn't that I am haven't stopped pocket though. The point is that if you use default browser, without going into about:config fuckery, which average user is not going to do, firefox tracks your usage closely and is not a "privacy minded browser" by any reasonable measure no matter what PR shills try to tell people.

"Good job" doing what? In whose interest?

[jbn-o]

Google Chrome is said to have made it easy for an extension to do total snooping on the user's browsing, and many of them do so. Chrome includes a module that activates microphones and transmits audio to its servers, and Chrome contains a key logger that sends Google every URL typed in, one key at a time. Google Chrome does a good job securing access to a user's data without telling the user what's really going on or giving the user a chance to stop the behavior they likely don't agree with.

Google Chrome is proprietary software. Nobody but Google has permission to study what Chrome does, alter Chrome, or distribute a modified Chrome. This is also how Google can get away with malware, hardly surprising behavior for a known international spy. As the GNU Project rightly points out:

Power corrupts; the proprietary program's developer is tempted to design the program to mistreat its users. (Software whose functioning mistreats the user is called malware.) Of course, the developer usually does not do this out of malice, but rather to profit more at the users' expense. That does not make it any less nasty or more legitimate.

Yielding to that temptation has become ever more frequent; nowadays it is standard practice. Modern proprietary software is typically a way to be had.

The New York Times called Google Chrome "secure" but didn't explain how they arrived at that conclusion. Regardless of what they meant by that claim, it's hard to see how any of the above behavior or whatever else Google can get away with via proprietary malware could reasonably be called 'secure'. Any feature Chrome offers has to be considered in the context of being implemented in proprietary software which by its nature imposes a power over its users.

Firefox was never proprietary; users could always inspect Firefox, edit out the portions of Firefox they didn't want to run or redistribute, edit any other part they wished, and distribute the rest (even if under another name with another logo), and Firefox derivatives have done just that many times. There's good reason Tor Browser, for instance, derives from Firefox. Free software (software that respect's a user's rights and community by allowing users to run, inspect, share, and modify the program) provides verifiable security; one need not guess or blindly trust a proprietor to do right by them. Firefox's technical achievements or detriments are thus a matter of spending time developing Firefox. This is a practical example of how you're better off with less technically capable free software than more technically capable proprietary software; we can make Firefox better in a technical sense but we can't make proprietary software free.

Re:"Good job" doing what? In whose interest?

[Kjella]

Google Chrome is said to have made it easy for an extension to do total snooping on the user's browsing, and many of them do so. Chrome includes a module that activates microphones and transmits audio to its servers, and Chrome contains a key logger that sends Google every URL typed in, one key at a time. Google Chrome does a good job securing access to a user's data without telling the user what's really going on or giving the user a chance to stop the behavior they likely don't agree with.

You're nuts. The first was a bug that a malicious hacker could use to make Chrome think an extension is corrupted and is long closed. The second is an opt-in extension to enable voice search that was downloaded but never enabled by default. And the third is just Google's autocomplete, which it obviously can't do unless it sends partially typed addresses to Google. Maybe it's not behavior you want - in which case it's possible to disable from the UI - but it's easy to see the moment you type something. If anybody thinks those suggestions appear by magic then it's a PEBCAK problem. Basically you're the kind of tin foil hatter who makes people think they should stay away from Firefox and crazy town.

On Windows, starting a process is expensive

[tepples]

What's more, folks are going on like processes are intrinsically expensive.

On Windows, starting a process is expensive for two reasons: spawn semantics instead of fork semantics, and the common practice of real-time antivirus. On any system, RAM owned by a process and not shared with other processes is expensive, particularly if it causes cached disk sectors to get evicted to make room or (worse) leads to swapping.

Re:I want my "disable Javascript" checkbox back

[fafalone]

NoScript has been increasingly irritating me. I like the blocking, but even when I unblock something a site I (relatively) trust needs to work, half the time it continues to block scripts "partially". "Allow everything on this page", leaves the page unusable because a whole bunch are still partially blocked. As I haven't found a way to prevent this, I frequently find myself having to get around it by allowing scripts globally, then forgetting to turn blocking back on. Between that and the hours building whitelists, I can really sympathize with just forgoing the whole thing for a simple JS toggle.

Re: manually disable pocket?

[Luckyo]

Another user already posted Mozilla's relevant policy page in this discussion, which clearly states that they do indeed reserve the right to track your usage patterns.

What specific mechanism they use for it is rather irrelevant in scope of this discussion. "Oh it's not Pocket that sends it, it's that other module. Pocket just handles the received data based on it" is quite a disingenuous way of dancing around the issue.