NYT: 'Firefox Is Back. It's Time to Give It a Try.'

Another high-profile endorsement for Firefox -- this time from the lead consumer technology writer for The New York Times. (Alternate link here). The web has reached a new low. It has become an annoying, often toxic and occasionally unsafe place to hang out. More important, it has become an unfair trade: You give up your privacy online, and what you get in return are somewhat convenient services and hyper-targeted ads. That's why it may be time to try a different browser.

Remember Firefox...? About two years ago, six Mozilla employees were huddled around a bonfire one night in Santa Cruz, Calif., when they began discussing the state of web browsers. Eventually, they concluded there was a "crisis of confidence" in the web. "If they don't trust the web, they won't use the web," Mark Mayo, Mozilla's chief product officer, said in an interview.... After testing Firefox for the last three months, I found it to be on a par with Chrome in most categories. In the end, Firefox's thoughtful privacy features persuaded me to make the switch and make it my primary browser.
The Times cites privacy features like Firefox's "Facebook Container," which prevents Facebook from tracking you after you've left their site.

While both Chrome and Firefox have tough security (including sandboxing), Cooper Quintin, a security researcher for the Electronic Frontier Foundation, tells the Times that Google "is fundamentally an advertising company, so it's unlikely that they will ever have a business interest in making Chrome more privacy friendly."

might be a valid strategy

[jarkus4]

This might be a valid strategy for Firefox future. They destroyed their original advantage of powerful extensions, so they need something new to attract people. Privacy focus just might be it, but if so they really need to emphasize it in their advertising. At least Chrome is unlikely to truly compete with them in this field.

I want my "disable Javascript" checkbox back

Please, Mozilla. I never used any other browser. I won't ever, because I know that you're the Good Folks (TM).

But make it easy again to *completely switch off Javascript*. No "NoScript" plugin with cheap cop-outs. Help in keeping a small-but-significant javascript population out there to keep Web "programmers" and frameworks out there honest.

Yeah, I know: users are too stupid to manage this one checkbox, your telemetry proves it (and those now quaint instructions on how to enable Javascript some sites still carry, as a reminiscence of the 2005s). Know what? If you treat your users as idiots, you'll get idiot users. I know how this may be in Microsoft's or Google's interest, but I don't get how it is in yours.

I know, I know. Your perspective is too tightly intertwined with the ad industry's -- they wet-dream of a Javascript API to a brain implant which goes straight into the dopamine center, and you'll deliver because "the others are doing it and you else become irrelevant".

Sigh. I really love you. I want to. But sometimes I hate you.

Re: Strong Maybe?

[theweatherelectric]

It's hard to filter out Facebook

The Facebook Container makes it easy.

Of course they can still see that you come from the same IP address, but if all Facebook traffic is passed through a proxy then it won't do them any good.

Tor is being integrated into Firefox. So once that happens Firefox can offer this out of the box and the Tor project will no longer have to maintain Tor Browser.

Re:Firefox? Never left it.

[thegarbz]

Why does chrome need 4 processes before it displays a home/start page?

Why do you care? If anything it will ensure a single process doesn't bring down the browser. Then you also get speed increases for non-threaded workloads on multicore CPUs.
In other news MySQL is currently using 33 processes on my machine processing a grand total of zero requests for zero users with zero CPU time. Are you running out of numbers to assign processes or something?

Why does google schedule update checks once at logon and then *every hour*?

Why wouldn't it? Google's threat and malware database is being continuously updated. Are you on a 28.8k modem where you can't spare the couple of kilobyte to do a web request to check if any components of your system's security have an update?

Change the frequency of google's updates back to once per day, and NOT at logon.

Why are you sacrafacing other people's security for no performance gain? Or are you trying to "tune" up computers that are too slow to fire up a process and run a web request? Maybe they should consider browsing the internet on a computer instead of a TI-84.

Ditto Adobe's products

Ditto the above. Adobe's update service uses less than 1MB of RAM and 0% CPU time while it exists. If you're getting a "performance tuneup" as a result of disabling it then maybe it's time to throw the old 486 away.

Re:Firefox? Never left it.

[TheRaven64]

Why does chrome need 4 processes before it displays a home/start page?

It's been a few years since I looked, but as I recall:

• One is the parent process which manages the rest and holds all the rights that the program is started with.
• One is the credential store. It manages passwords and hands them out only to the correct renderers.
• One is the zygote for renderer processes. This does all of its initialisation and then fork()s clones so that each new tab can have a pristine renderer.
• One is the owner for plugins (or possibly the zygote for plugins). NAPI plugins run in a separate process with reduced privileges, so that they can't compromise the rest of the tab's state.

For something that deals with as much untrusted data and code as a web browser, I'd want it to be compartmentalised as much as possible.

Re: manually disable pocket?

[OtisSnerd]

So is mine. It still shoves "pages recommended by pocket" in my face when I start typing in an address.

Try setting these about:config values to stop Pocket:

browser.pocket.api = ""
browser.pocket.enabled = false
browser.pocket.oAuthConsumerKey = ""
browser.pocket.site = ""
extensions.pocket.api = ""
extensions.pocket.enabled = false
extensions.pocket.oAuthConsumerKey = ""
extensions.pocket.site = ""

In Cyberfox, it kills it dead here.
--
If this is paradise, I wish I had a shovel.