55 comments

[ 3.0 ms ] story [ 98.2 ms ] thread
There hasn't been a comment or status change to this bug in three years.

I've been giving Brave a shot due to their recent addition of first-class support for IPFS, and the numerous positive HN comments. It's... So much faster. However, it does a poor job of blocking advertisements and trackers. I'll be going back to Firefox for that reason, I can suffer the slowness.

One common response regarding performance woes on Firefox is that common addons, particularly uBlock, process a large amount of data through complex rules during page load. What I haven't heard is any plans on the part of Mozilla to support that level of ad-blocking and privacy protection at the product level, rather than the extension level, which may provide much needed performance enhancements.

uBlock Origin, HTTPS Everwhere, Decentraleyes, Privacy Badger, au-revoir-utm et al should be native features at this point.

For those of us that haven’t heard of au-revoir-utm:

> How annoying are those "utm_source=rss&utm_medium=rss&utm_campaign=rss" in URLs ? Right!

> So this extension removes them and prevents you from being tracked.

> Source code at https://github.com/Rik/au-revoir-utm

>It's... So much faster. However, it does a poor job of blocking advertisements and trackers. I'll be going back to Firefox for that reason, I can suffer the slowness.

You can block ads just by editing your hosts file. There's no need to depend on any browser's particular functionality in order to get rid of them. Nor on extra hardware (Pi-hole), for that matter. I have a cron job download a prefilled copy from a popular github repository [1] daily.

[1] https://github.com/StevenBlack/hosts

That doesn't scrub all advertisements without also going full-nuclear on certain social media sites and video services.
Blocking by hostnames is a big part of adblocking, but if you want to really block all ads and also not break the Web, you need an in-browser tech to do things like element hiding, scriptlet injections, etc. Which cannot be done via host files.
The other thing is that hosts file records appear to not hold in Firefox by default because of the https everywhere and the secure dns features they added.

Drives me bonkers sometimes when I forget to turn off

That doesn't work if the website serves the ads from the same domain as the content.

For example YouTube ads.

(comment deleted)
How do you selectively turn off this functionality for websites that don't work with such blocking?
Blocking ads via hosts file is a very basic method, delivers no flexibility to get around js/css, whitelisting sites. Acceptable only in a Pi-hole environment, but not in a stand alone browser.
Out of interest, why not use uBlock on brave? That's my setup.
You can also customize Brave's adblock in brave://adblock/
AdGuard with Brave is another solid option (extension and Mac app).
with Safari is pretty terrible.
All those extensions are also available on Brave (and all Chromium derivatives), and the browser themselves are always faster than Firefox.
Let me tell you the future of using brave: you give chrome engine total rule of the law for web "standards". Google can mold the web to their desires.

If you use firefox, google have to at least play nice.

What's the point of using a browser frontend (used to be called chrome, but i guess google stole even the words) if tomorrow all the content depend on google-owned DRM? You will only be able to use your fancy ipfs or whatever transport if you have the google blessed keys or whatnot.

It sounds good in theory, but it just isn't true. Mozilla is null factor these days, and most of their income has actually been from Google.

Google is most likely keeping them afloat just to ward off a stray monopoly charge at this point.

It became clear to me with the recent layoffs.

Their strategy to grow their user share seemed twofold: better tech (through Servo/Rust) and dev-oriented features (their market share among devs was much higher than among the general population).

They cut deeply into both of these.

Adding to this: Getting back dev mindshare was IMO critical for their success.

90% of https://webcompat.com/ is sites that are broken in Firefox, not necessarily because FF isn't standard compliant, but because many Web devs just dont bother testing their sites/apps with it anymore.

As for better tech I suppose they chose a 80/20 approach, but I'm not sure it will suffice.

Well, to be honest, nowadays I think that the sooner mozilla dies, the better for firefox :(

But anything will only happens if there's a user base as contributors are a (small) ratio from that number.

Let me tell you about Mozilla. They get 90% of their funding through google. Google is their customer, you are their product.

Anyone who thinks Mozilla is independent is in deep denial.

No, if the point is staving off anti-trust, the US government is the customer, competition is the product, and Mozilla is surprisingly unconstrained as the first two bulls lock horns.
> If you use firefox, google have to at least play nice.

A browser with the same market share as ‘Samsung internet’ that is primarily funded by google? They have less voice than brave, who at least maintains their independence (and their own forks/build processes).

Safari is the only other real contender with 5x the market share of Firefox (and counting).

> Safari is the only other real contender with 5x the market share of Firefox (and counting).

And only available on Apple devices.

I use Firefox and have for about 15 years now. I still use it, but I no longer have hope. Not since Mozilla rolled over on EME. Mozilla is googles' lapdog, little more. At least the browser still has enough technical merit for me to continue using it, but I fear that won't remain true forever.
how does brave do a poor job of blocking advertisements and trackers? Its the main reason I use it and _I think_ it works well but never done any kind of analysis (nor would I even know how to). Could you elaborate on this for the uninformed?
> Decentraleyes

I would recommend LocalCDN over Decentraleyes. They covers CDNs (more than Decentraleyes) and various libraries such as javascripts (like jQuery) and frameworks.

> uBlock Origin, HTTPS Everwhere, Decentraleyes, Privacy Badger, au-revoir-utm et al should be native features at this point.

these constant debacles of add-ons and extensions being sold to adversarial maintainers, it's a good time to do integrate this if they are serious about security and privacy. I understand blocklists are a massively sensitive topic for mozilla however.

Firefox recently added HTTPS-Only Mode setting, basically equivalent to HTTPS Everywhere.
HTTPS only mode displays a warning every time the HTTPS version is not available.

HTTPS Everywhere/Brave tries to upgrade connections to https, if not falls back without throwing up annoying warnings.

> So much faster. However, it does a poor job of blocking advertisements and trackers. I'll be going back to Firefox for that reason, I can suffer the slowness.

What issues are you having with the blocking?

/Disclaimer, Brave webcompat support

Not OP, but it doesn't block Twitter sponsored posts for me.
Clear cookies/cache, re-login. Check ads/trackers = Aggressive. We mostly fixed the twitter ads a while back.
Reddit, Twitter and other social media sponsored posts and ads are not blocked; and I saw a YouTube ad for the first time in ages.

Generally, I run uBlock with all-but-regional block lists enabled.

Oh, and Brave has its own ads.

I don't like BAT and wish it could be removed like any other extension, but it's opt in?

Also, what's stopping you from installing uBlock on Brave? Considering Chrome doesn't ship with any adblocker, is it not beneficial (given your preference for adblocking) to provide an adblocker out of the box, given you still have the ability to use any extensions you would use with any other browser?

I suppose I opted in as a result of just clicking through some dialogues during install.

The only strong reason I have to keep using Firefox is to support ongoing development of an alternative to chrome's rendering engine on PC.

Is shields enabled on these sites?, Enabling ads/trackers = Aggressive. Regarding social, we have options to disable third-party twitter/facebook/linked in for addtional privacy.

I would try in private window mode, and ensure shields ads/trackers is enabled.

There are lots of very interesting and useful protocols, from ipfs to gopher, hyper to i2p, from freenet to zeronet, etc. - I think it would be cool if browsers added an extensible framework for adding new protocols.
The argument against protocols use to be that they do not want to promote anything. This in turn prevented adoption.

lets hope we get to see ipfs

Isn't that what extensions are?
they used to be, but not anymore. webextensions are usually not capable enough to support most of these protocols unless said protocols were designed to support the "web"
Mozilla gave up on distributed web a long time ago, Just look at the libdweb[0] project. No update in years, nobody even to get almost complete patchset to firefox reviewed and merged.

[0]: https://github.com/mozilla/libdweb

(comment deleted)
Does anyone know how well IPFS protects the privacy of individual users, given that any sort of P2P protocol is going to shift copyright liability for what they read or watch onto them?
It basically doesn't, I found a few years ago that it also makes your browser more fingerprintable (though in recent time browsers are getting more resistant to this)

https://chaoswebs.net/blog/tracking-ipfs-users-via-cache-pro...

So even if you use a VPN with it, if you are logged into a website that knows you, it could scan what you have saved from ipfs (among known IDs anyways)

build a plugin, nothing to see here. thanks for the downvotes.
Is there any reason IPFS wizards could not implement IPFS or equivalents over WebRTC peer-to-peer, as in-page JavaScript application? Even if this were not the real thing, it would bring it closer to the mainstream more quickly.
It's technically feasible. IPFS not so different from Bittorrent, and Bittorrent can run over WebRTC: https://webtorrent.io/

In fact, webtorrent happens to be my favorite bittorrent client.

In general, I wish that more decentralized web tech didn't go about creating incompatible protocols. (Context: I'm working on Braid (https://braid.news) which is adding decentralized tech into today's WWW.)

It's so technically feasible that it already exists. Admittedly still in alpha, but rather feature-complete. There's even a nice demo built into the landing page.

https://js.ipfs.io/