Slashdot Mirror
NYT: 'Firefox Is Back. It's Time to Give It a Try.' (nytimes.com)
Another high-profile endorsement for Firefox -- this time from the lead consumer technology writer for The New York Times. (Alternate link here).
The web has reached a new low. It has become an annoying, often toxic and occasionally unsafe place to hang out. More important, it has become an unfair trade: You give up your privacy online, and what you get in return are somewhat convenient services and hyper-targeted ads. That's why it may be time to try a different browser.
Remember Firefox...? About two years ago, six Mozilla employees were huddled around a bonfire one night in Santa Cruz, Calif., when they began discussing the state of web browsers. Eventually, they concluded there was a "crisis of confidence" in the web. "If they don't trust the web, they won't use the web," Mark Mayo, Mozilla's chief product officer, said in an interview.... After testing Firefox for the last three months, I found it to be on a par with Chrome in most categories. In the end, Firefox's thoughtful privacy features persuaded me to make the switch and make it my primary browser.
The Times cites privacy features like Firefox's "Facebook Container," which prevents Facebook from tracking you after you've left their site.
While both Chrome and Firefox have tough security (including sandboxing), Cooper Quintin, a security researcher for the Electronic Frontier Foundation, tells the Times that Google "is fundamentally an advertising company, so it's unlikely that they will ever have a business interest in making Chrome more privacy friendly."
Remember Firefox...? About two years ago, six Mozilla employees were huddled around a bonfire one night in Santa Cruz, Calif., when they began discussing the state of web browsers. Eventually, they concluded there was a "crisis of confidence" in the web. "If they don't trust the web, they won't use the web," Mark Mayo, Mozilla's chief product officer, said in an interview.... After testing Firefox for the last three months, I found it to be on a par with Chrome in most categories. In the end, Firefox's thoughtful privacy features persuaded me to make the switch and make it my primary browser.
The Times cites privacy features like Firefox's "Facebook Container," which prevents Facebook from tracking you after you've left their site.
While both Chrome and Firefox have tough security (including sandboxing), Cooper Quintin, a security researcher for the Electronic Frontier Foundation, tells the Times that Google "is fundamentally an advertising company, so it's unlikely that they will ever have a business interest in making Chrome more privacy friendly."
This might be a valid strategy for Firefox future. They destroyed their original advantage of powerful extensions, so they need something new to attract people. Privacy focus just might be it, but if so they really need to emphasize it in their advertising. At least Chrome is unlikely to truly compete with them in this field.
FWIW, the new (or Quantum) version of Firefox stopped me from switching to Chrome entirely. I had been using Chrome more and more as Firefox just seemed to stagnate. Luckily they did seem to make real progress here. I hope they keep it up. A browser monopoly has never been any good for end users.
?
Techno-anarchist delusions. People don't trust Facebook, and yet still use it by the billions...
"I don't know, therefore Aliens" Wafflebox1
That Facebook container is golden. I wish Firefox would take it even further, though. The other day, I was browsing for a new monitor. Then what do you know, I open the desktop Spotify client (free tier) and there's an ad for the same monitor. I really, really hate this shit but I don't know what to do against this tracking. I already use uBlock Origin in Firefox.
8 of 13 people found this answer helpful. Did you?
Firefox was ditched for the same set of reasons that Netscape was ditched:
- Both Firefox and Netscape had become or were perceived as slow and bloated compared to the competition. I vividly remember my eye twitching back in the late 90s during my phone tech support days when I heard a fellow phone jockey recommend Internet Explorer 3 to a customer over Netscape because it was 'so much faster'. This was back in the 28.8/56k dial-up era, so take that into account. Chrome is widely perceived to be faster and more powerful at running webapps than Firefox... and regardless of the reality, this perception goes top to bottom. Developers frequently choose to develop against Chrome and then test against Firefox... if they bother to test against Firefox.
- Privacy, browser configuration, and Internet safety are widely perceived to be 'too difficult'. This was as true in the 90s as it is today. People are intimidated by the reality of what it takes to be safe and private on the Internet and/or far too lazy to learn to configure their browser. Netscape and Mozilla have never quite made it as easy to 'click click click dubya dubya dubya' as their competition. Microsoft and Google both are much better at hand-holding... and leading their 'customers' down the garden path. Installing ad or script blockers *seems* more intimidating on Firefox than similar plugins for Chrome because Google has successfully 'App-Store-Ized' their plugin ecosystem.
- Netscape and Firefox have never been 'The Internet'. Microsoft did its damndest to make sure that Windows users all directly equated that blue 'e' icon with 'The Internet'. Google is its own damn verb. Both companies' marketing divisions have made very good pushes to make themselves synonymous with 'The Internet'.
- Netscape and Mozilla have never had a strong pre-install base. Every Windows Install since 95 has come with IE. Every Android device comes with Chrome. Most folks simply can't be assed to install another browser. Sad but true. If Firefox ever wants to become really relevant, it's going to have to get some kind of mainstream pre-install base going. We're not talking Linux distros here. They're going to have to pull off the Firefox equivalent of an 'Android OS' or 'Chromebook'. It's doable, but Mozilla is not strongly steered the way Microsoft was or Google is. Moz has a long history of dropping the soap far too often.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
Please, Mozilla. I never used any other browser. I won't ever, because I know that you're the Good Folks (TM).
But make it easy again to *completely switch off Javascript*. No "NoScript" plugin with cheap cop-outs. Help in keeping a small-but-significant javascript population out there to keep Web "programmers" and frameworks out there honest.
Yeah, I know: users are too stupid to manage this one checkbox, your telemetry proves it (and those now quaint instructions on how to enable Javascript some sites still carry, as a reminiscence of the 2005s). Know what? If you treat your users as idiots, you'll get idiot users. I know how this may be in Microsoft's or Google's interest, but I don't get how it is in yours.
I know, I know. Your perspective is too tightly intertwined with the ad industry's -- they wet-dream of a Javascript API to a brain implant which goes straight into the dopamine center, and you'll deliver because "the others are doing it and you else become irrelevant".
Sigh. I really love you. I want to. But sometimes I hate you.
I like some features, but chrome does a very good job
Call me when it has NoScript, etc.
No sig today...
I think that they could up the stakes even more by tainting third party (and deeper when a third party site links further) cookies depending on which primary site you access so that the cookies are stored in a hierarchy and won't be cross-site accessible unless you tag them to be for selected sites.
It will of course require a completely new cookie manager and it would consume some more resources. But your privacy would be improved.
And that would of course also apply to other kinds of data as well so that the caching is also isolated as well as http headers.
Isolating information areas from each other is important in the world of today. I just feel sorry for those that have Facebook accounts considering that they are usually logged in to that service and then Facebook sees almost every site they visit. It's hard to filter out Facebook, but if you at least feed them less than useful data so it always looks like you are only visiting a certain site then their pool of data is diluted.
Of course they can still see that you come from the same IP address, but if all Facebook traffic is passed through a proxy then it won't do them any good. Selective proxy traffic routing for your internet access.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
That show 'you have a virus, clean files now' alerts
on mobile ads.
Any site that allows that ad in (ibtimes fuckers) should be auto ad blocked by default as punishment.
The ad hosters should be punished for accepting those ads, or for allowing ads to be updated, or all JS ads.
Those commercial sites deserve to loose millions, if they play dirty, and the advertisers, globally banned on a massive ad black list.
Liberty freedom are no1, not dicks in suits.
It's hard to filter out Facebook
The Facebook Container makes it easy.
Of course they can still see that you come from the same IP address, but if all Facebook traffic is passed through a proxy then it won't do them any good.
Tor is being integrated into Firefox. So once that happens Firefox can offer this out of the box and the Tor project will no longer have to maintain Tor Browser.
Pocket tracks your site usage to "give you a better home page by providing recommendations of sites to visit" among other things.
They have been investing heavily in PR ever since Quantum disaster hit, and a large amount of people left firefox for any other browser, because there was no longer a meaningful reason to use it.
First PR push was "hey look, we have speed parity with chrome now". Took them a few months to realise that "parity in speed and parity with features" means that people that wanted extra features you axed will leave for mainstream browser, while being on par won't make any meaningful number of people switch the other way.
So now they have been trying other ways of selling firefox. This looks to be one of them, which is just silly. Firefox, as you note, most certainly collects usage patterns. Pocket which is built into firefox literally uses those to recommend web pages you should visit next if you go to your default home page in the browser.
My home page is about:blank. Good luck customising that.
Il n'y a pas de Planet B.
Why does chrome need 4 processes before it displays a home/start page?
Why do you care? If anything it will ensure a single process doesn't bring down the browser. Then you also get speed increases for non-threaded workloads on multicore CPUs.
In other news MySQL is currently using 33 processes on my machine processing a grand total of zero requests for zero users with zero CPU time. Are you running out of numbers to assign processes or something?
Why does google schedule update checks once at logon and then *every hour*?
Why wouldn't it? Google's threat and malware database is being continuously updated. Are you on a 28.8k modem where you can't spare the couple of kilobyte to do a web request to check if any components of your system's security have an update?
Change the frequency of google's updates back to once per day, and NOT at logon.
Why are you sacrafacing other people's security for no performance gain? Or are you trying to "tune" up computers that are too slow to fire up a process and run a web request? Maybe they should consider browsing the internet on a computer instead of a TI-84.
Ditto Adobe's products
Ditto the above. Adobe's update service uses less than 1MB of RAM and 0% CPU time while it exists. If you're getting a "performance tuneup" as a result of disabling it then maybe it's time to throw the old 486 away.
Not everyone has the latest and greatest hardware, or a decent, let alone high-speed internet connection. 1.5MBit/s is common around here. Nor - like a lot of my retired customers - do they have the money for the latest and greatest. I haven't seen a 486 for a while, but core2duos with Vista are still common. Do I tell them to upgrade? Sure I do. But they're mostly pensioners and have better things to spend the money on. I also tell them what will happen if malware gets in. Then I do a performance tuneup as best I can.
Now - I've seen chrome freeze, then crash the entire browser. Happened on my ex-wife's computer a few weeks ago. You're lucky it hasn't happened to you. Although it's a good idea in theory, anything can and does happen.
It's not the requests every hour that I mind so much (IME hourly checks simply aren't necessary for domestic users), but that so many programs think they need to do it at logon - while the owner waits, staring at a spinning hourglass. It's simply not necessary. If there was a trigger in MS Task scheduler that said "10/20/30 minutes AFTER logon", that'd be great. I like the option in Windows services to have an automatic but delayed start. it's not available for all processes.
It's a BIG perceived and actual performance gain if I can defer those checks until sometime after logon. FWIW I've not seen a virus, ransomware, or other malware infection for months. IMO the security suites are generally getting better at resisting these attacks. I make an educated assessment of their risk based on questions, needs, and other metrics, and then I tune their computers accordingly. Kids who surf lots of gaming and probably questionable websites? Turn the security up to 11. Ditto businesses with indifferent backup strategies (and don't think I don't berate people for not having dependable offsite backups). Pensioners who look at the weather and the sports results, and nothing else? Performance starts to take a higher priority. I'm approaching 60 myself and life is too short to spend waiting on pre-emptive URL scanning from FUD-loaded security suites. AVG I'm looking at you.
They sentenced me to twenty years of boredom
Mozilla have to watch that they don't make Firefox's default privacy settings so restrictive that they weaken the power of the open Web relative to apps that can ask users permission to do just about anything. Apps are taking over enough already to tie the hands of website developers to do complex things, without any easy way for users to indicate that they trust a site to do certain things.
The Firefox UI still sucks. Looks like Chrome and makes interacting with the browser quite annoying because everything is hidden behind non-descriptive glyphs. Firefox should recreate the pre 3.x UI as many have requested. Also didn't help that they needlessly changed the extension engine making many excellent extensions unusable. There still is plenty of user-ignoring arrogance at Mozilla. Their developers think they are hot stuff and the users are clueless by definition. Build something we want to use and we will use it. What they offer so far is just not compelling enough to make a switch. If it has to be a Mozilla based browser, then use Pale Moon. It is put together by an excellent team of developers who truly care what users want. Even if they disagree with a user request, they explain in detail why. This is how a FOSS project should be run....not like the trash talking in forums from Mozilla's devs and Dotzler.
So is mine. It still shoves "pages recommended by pocket" in my face when I start typing in an address.
Why does chrome need 4 processes before it displays a home/start page?
It's been a few years since I looked, but as I recall:
For something that deals with as much untrusted data and code as a web browser, I'd want it to be compartmentalised as much as possible.
I am TheRaven on Soylent News
Install uMatrix. Now you have "NoScript" and much more (uMatrix = NoScript + RequestPolicy)
Thanks. It's good to keep learning new things. Now I've got a bit more knowledge to help me make decisions. Cheers
They sentenced me to twenty years of boredom
Because that is, as I understood, the problem they had in the first place. Politics over quality and skills and a lot of money put into projects that were not core business at a time where the core business was not in too good a shape.
Don't get me wrong, I have absolutely nothing against women as engineers. But engineers must be judged on skill, experience and capabilities, not their genetic makeup, skin color or preferences in beverages. Anything else can only cause massive problems.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Then in your case I urge you to spend time with the dev-tools of FireFox. I think they are far superior to anything out there. I only use chrome/edge/ie-exploder dev-tools to de-bug those respective browsers, and only when necessary. Otherwise I live the good dev life in Firefox.
Also check out this really good add-on for maintaining multiple, simultaneous logins (identifiable via color-coded tabs): https://addons.mozilla.org/en-...
You can't be ahead of the curve, if you're stuck in a loop.
They may claim to be all about privacy and all that stuff, but in reality their main source of reoccurring income has always been from the embedded search features, provided primarily by Google, the company they're talking up as the main enemy of privacy. Because of that I'm genuinely skeptical as to how truly committed they are to privacy as a proper committing to it would require them to stop using Google as the a search provider and we're not seeing anything even hinting towards this. Not only that, they also rather conveniently try to allude they're the only company trying to dedicate themselves to privacy when Opera has been doing that for years and Chromium is also basically a Chrome fork with much of the privacy-compromising stuff removed.
However the core of Mozilla's problems is that they've spent many years more focused on moonshot projects like FirefoxOS and politics, which includes everything from firing their CTO as he was taking the role of CEO on purely political grounds to spending a considerable amount of money modifying the codebase to modify any functionality using Master/Slave naming to not use it. To make up for this shortfall in spending on actual browser development they've also gone ahead and tried to streamline development by removing features despite very vocal opposition from their userbase. Hell, this isn't even the first time they've tried copying what their competition is doing, the last time they did major changes to the UI those changes ended up only making Firefox look more like Chrome and their users naturally hated that because if they'd want to use Chrome, then they'd actually use Chrome.
No, the real fundamental problem Firefox has had for the last decade or so is simply unfocused and incompetent management. Until they can to a complete management "flush" and replace their management with people focused on the actual product rather than everything else, I can't see Firefox going anywhere in terms of it's already small market share.
"Why should I want to make anything up? Life's bad enough as it is without wanting to invent any more of it."
Intrigued by the claims that Firefox used a third less memory than--was it Chrome? Or older Firefoxes?--I decided to try using it again. That trial only lasted for a week or so. I'd stopped heavily using Firefox a couple of years ago and switched to Chrome. The main reason was that Firefox seemed to handle Javascript so badly. I'd grown tired of the "A script seems to be running slowly..." messages that popped up five minutes after Firefox had become catatonic. Plug-ins helped to a degree but I found that I was spending way too much time fiddling with filters, allowing this, disallowing that: "Great, I've finally tuned Firefox and its helper plug-ins to render this page with screwing up. But what about next week?" In my latest bout with Firefox, I didn't notice those messages popping up as much but with many web pages I still saw the CPUs pegged at 100% until I got to a console and could issue "killall -9 firefox". They may have done some good things with regard to privacy but until they do more--a lot more--about the poor performance I'll stay away.
CUR ALLOC 20195.....5804M
uMatrix is vastly superior to NoScript. I use uMatrix on Firefox.
So is mine. It still shoves "pages recommended by pocket" in my face when I start typing in an address.
Try setting these about:config values to stop Pocket:
browser.pocket.api = ""
browser.pocket.enabled = false
browser.pocket.oAuthConsumerKey = ""
browser.pocket.site = ""
extensions.pocket.api = ""
extensions.pocket.enabled = false
extensions.pocket.oAuthConsumerKey = ""
extensions.pocket.site = ""
In Cyberfox, it kills it dead here.
--
If this is paradise, I wish I had a shovel.
... obviously doesn't use plug-ins, or care about sites rendering properly. I've had too many sites not render properly with Firefox. It's not surprising, given the very low market share of Firefox. Web developers do not seem to want to test against it.
What's more, folks are going on like processes are intrinsically expensive.
If most of them are idle and the IPC is not super chatty, it's not a huge burden on system resources.
Web designers should be the ones caring about their sites not rendering properly, not you. You should care about the quality of the content.
Thanks for the instructions. I hope they will be helpful to me once I switch my main desktop beyond 52ESR.
My point wasn't that I am haven't stopped pocket though. The point is that if you use default browser, without going into about:config fuckery, which average user is not going to do, firefox tracks your usage closely and is not a "privacy minded browser" by any reasonable measure no matter what PR shills try to tell people.
I had switched to Chrome because Firefox was...slow. But a few months ago, Firefox started making dramatic improvements in performance. But the most important feature that brought me back was the setting that lets you prevent videos from automatically playing. I wish they would make it not even load the video, but at least stopping the playback will do, until then.
My point wasn't that I am haven't stopped pocket though. The point is that if you use default browser, without going into about:config fuckery, which average user is not going to do, firefox tracks your usage closely and is not a "privacy minded browser" by any reasonable measure no matter what PR shills try to tell people.
"privacy minded browser" is why I switched from Firefox to Cyberfox. While the dev originally said he was going to quit working on it, he hasn't stopped yet. If no one else picks it up after he stops, then it's time for something else.
There are some about:config changes that can be made to FF that thwart the phoning home, many of which are posted on Martin Brinkmann's gHacks blog by one of the regular commenters.
--
"Pieces of Nine! Pieces of Nine!" Another parroty error.
I don't value pockets functionality so i remove the icon. And I thought it was idiotic that it was integrated instead of left as a 3rd party extension.. but...
As far as I can tell, Pocket operates locally; while the pocket extension functionality in the browser does track you *locally*, its about as evil as the firefox "history" list, which is to say: not even slightly evil.
Neither Mozilla nor Pocket receives a copy of your browser history. The entire process of sorting and filtering which stories you should see happens locally in your copy of Firefox.
https://help.getpocket.com/art...
Near as I can tell, the list of all pocket recommends is sent to you. Your local browser then filters and sorts the list by comparing it to that. Your history and preferences aren't sent to pocket in this process.
Read how it works for yourself. What part specifically do you object to? What am I missing?
Google Chrome is said to have made it easy for an extension to do total snooping on the user's browsing, and many of them do so. Chrome includes a module that activates microphones and transmits audio to its servers, and Chrome contains a key logger that sends Google every URL typed in, one key at a time. Google Chrome does a good job securing access to a user's data without telling the user what's really going on or giving the user a chance to stop the behavior they likely don't agree with.
Google Chrome is proprietary software. Nobody but Google has permission to study what Chrome does, alter Chrome, or distribute a modified Chrome. This is also how Google can get away with malware, hardly surprising behavior for a known international spy. As the GNU Project rightly points out:
The New York Times called Google Chrome "secure" but didn't explain how they arrived at that conclusion. Regardless of what they meant by that claim, it's hard to see how any of the above behavior or whatever else Google can get away with via proprietary malware could reasonably be called 'secure'. Any feature Chrome offers has to be considered in the context of being implemented in proprietary software which by its nature imposes a power over its users.
Firefox was never proprietary; users could always inspect Firefox, edit out the portions of Firefox they didn't want to run or redistribute, edit any other part they wished, and distribute the rest (even if under another name with another logo), and Firefox derivatives have done just that many times. There's good reason Tor Browser, for instance, derives from Firefox. Free software (software that respect's a user's rights and community by allowing users to run, inspect, share, and modify the program) provides verifiable security; one need not guess or blindly trust a proprietor to do right by them. Firefox's technical achievements or detriments are thus a matter of spending time developing Firefox. This is a practical example of how you're better off with less technically capable free software than more technically capable proprietary software; we can make Firefox better in a technical sense but we can't make proprietary software free.
Digital Citizen
so many programs think they need to do it at logon - while the owner waits, staring at a spinning hourglass.
you clearly missed the absurdity of disabling something that uses effectively no resources for "performance gains".
You claim that the dozen updaters that run every time the user logs in are "something that uses effectively no resources". I doubt this claim. This goes double for Windows, on which it's common practice for Windows Defender or some other real-time virus scanner to scan every executable every time it runs.
To resolve this, I'm interested in benchmarks of the most common automatic updaters on the decade-old yet paid-for PCs that pensioners have, many of which have a Core 2 Duo CPU and a conventional HDD. Data I'm looking for include CPU time, peak resident RAM, random disk I/Os, and network data sent and received. I know a Core 2 Duo can still be useful on the web of 2018; I'm typing this very comment into a Core 2 Duo laptop running Debian (which has been upgraded from 2 GB RAM to 4 GB; cache made a difference).
What's more, folks are going on like processes are intrinsically expensive.
On Windows, starting a process is expensive for two reasons: spawn semantics instead of fork semantics, and the common practice of real-time antivirus. On any system, RAM owned by a process and not shared with other processes is expensive, particularly if it causes cached disk sectors to get evicted to make room or (worse) leads to swapping.
They've been working hard to make the new, more secure and (importantly) concurrent system up to scratch.
Let me know when this hard work results in enough functionality in the system to allow a WebExtension counterpart to the defunct Keybinder extension, even if only for disabling accidental presses Ctrl+Q or Ctrl+Shift+Q for quit when I was aiming for Ctrl+Tab or Ctrl+Shift+Tab. (No, Restore Previous Session didn't restore text entered into a Slashdot comment composition form last I checked.) That's reportedly waiting on a fix for long-standing bug 1325692.
... You should care about the quality of the content....
It's difficult to care about content when I have trouble reading the content due to rendering issues. So, yes, I do care about rendering problems.
Another user already posted Mozilla's relevant policy page in this discussion, which clearly states that they do indeed reserve the right to track your usage patterns.
What specific mechanism they use for it is rather irrelevant in scope of this discussion. "Oh it's not Pocket that sends it, it's that other module. Pocket just handles the received data based on it" is quite a disingenuous way of dancing around the issue.
I didn't find it. Where is this policy page? Where does it say they track usage patterns of pocket?
Pocket Privacy Policy
Snippet 1:
And above it in a separate paragraph:
and in that same paragraph:
They are collecting this information and telling you they aren't going to use it for anything bad; this always results in they sell your information at some point. I find it *really* hard to believe it's anonymous, as on mobile devices it captures your advertising ID on iOS and Android.
There's a reason people wanted this to stay as an extension.