Preload was pretty broken in Chrome for quite a while (I'm still not sure whether they fixed the issues, actually) so it's possible there wasn't ever much pressure to implement it
I know it's not the important part of this post but their presentation really is good.
Particularly the security fixes. Easy to find case numbers, impact levels and clear descriptions. All with decent spacing that makes the page feel clear and legible.
That said, I downloaded Pale Moon yesterday and tested it briefly: installed TST and one or two other extensions, visited a few ordinary sites.
Even after all those years it still feel good. It is snappy and the lack of a noisy tab bar on the top in addition to TST is actually a huge deal!
So my question for anyone from Mozilla who steps in here:
when will you start fixing the extension API? I get it the new API is more secure, but there is nothing that prevents making tab positions configurable in a safe way.
Also, could someone please fix that nasty UX bug that some UX designer introduced a decade or so ago where - if you select the tiniest thing on the page - the navigation buttons disappear from the context menus. After a decade or more this inconsistency still annoys me.
Isn't it obvious? Since Firefox 69 or so, loading of userChrome.css and userContent.css is turned off by default, and must be explicitly enabled in about:config. Which is where features go to die.
Sorry do you want to remove the top tab bar because you use TST? I haven't had a tab bar for ever. I think it might need an edit in user.chrome but is very straight forward.
There is no dedicated feature in js to detect private mode: private mode detection is done using a collection of innovative hacks and misuses of features.
Tracking/detecting/fingerprinting/etc. is an arms race. Every feature a browser has (or could have and lacks), can be used as a variable to compile a tracking profile that identifies you and/or your general browser configuration (including but not limited to private mode).
The biggest one of these though is something private mode can't control: IP. For that you need something like Tor or a VPN.
- they decide that X shouldn't be allowed in incognito (or that incognito mode returns fewer values, has lower quotas, uses different implementation that is slower/faster etc.)
- inadvertently, this becomes incognito detection vector
- people report the issue; the feature X is fixed
- another thing is shipped which accidentally allows
detecting incognito
> Tracking/detecting/fingerprinting/etc. is an arms race. Every feature a browser has (or could have and lacks), can be used as a variable to compile a tracking profile that identifies you and/or your general browser configuration (including but not limited to private mode).
Which is exactly why Firefox needs to push back on adding more and more of those features, especially those that are not needed for websites (rather than applications).
On tablets (and possibly large phones as well depending on your dpi settings), the pre-rewrite version had an actual tab interface similar to Desktop Firefox.
Have you possibly installed Firefox Focus mistakenly? I purposely use this version to force myself to stop hoarding tabs, at least on mobile devices. It sounds as though the main version of mobile Firefox has tabs.
The Firefox team has more or less said that the feature is not coming to desktop. I think a primitive version was hidden behind a flag, but even that is going to be dropped.
> As Gijs says, we have limited resources and so have to spend those resources on work that appears to have the most impact on our mission. Based on the available data we have (both the research we performed as well as looking at how Chrome and Edge's implementations are being received) PWAs on desktop fall behind other work right now.
https://bugzilla.mozilla.org/show_bug.cgi?id=1682593
I use it for about half a dozen apps. Azure Portal, Youtube Music, SoundCloud, Google Cloud Platform, Twitter, Teamwork, and this chat app I maintain. And I keep them pinned to my taskbar. I love this feature.
I can do without the clipboard or PWA mode. Performance and responsiveness are what converted me and plenty others from Firefox when Chrome first appeared. If Firefox performance is at least close to Chrome/Chromium it'd make switching back much more appealing.
In fact, _better_ than Chrome for most websites (exceptions perhaps google's). I used to struggle with Chrome/Chromium hang and chew on CPU cores, crawl to a halt, crash, or just simply run out of memory or a regular basis. Switched to Firefox ~67-69 and such issues are completely gone. I still have significant CPU usage from background tabs occasionally even in Firefox, but the rest of the issues are all nearly inexistent (even though I have on average 30+ tabs open).
My tabs have gotten out of control (they are in the hundreds (due to reasons)), but Firefox handles it quite nice. It only gets restarted after updates, so they are long-lived as well.
Chrome seem to struggle when there are tens of tabs.
I personally know somebody who is currently running a Firefox with 3,000+ (yes, you read that right) tabs as part of their day to day workflow. Firefox just unloads tabs that weren't used for long and cause high memory pressure which is very neat feature for tab addicts.
I daily drive FF and even develop using it. Everyone else in the company use Chrome. Recently one of our clients complained about a performance issue, I tried to replicate it on my fast PC, but could not replicate. The people who could replicate it were on Chrome, but when they followed the replication steps in FF, the problem disappeared.
Google web applications still not great, but still usable I find. Facebook performance isn't great either.
I don't know how it compares to Chrome but it's definitely fast enough to leave me with no complaints. I'm using it on Samsung A40 and Tab 5e, plus a Sony Xperia X Compact. Also as my primary browser on my laptop (Ubuntu 20.04).
Browser performance is not only about objective benchmark but also subjectivity on our feeling when using the browser. So trying it first hand and be open-minded would help confirming it on your very personalized usecase.
I suggest to try Firefox as side browser for your light browsing need. Maybe like when reading news, social media browser, or anything make sense for you.
This worked for me, in my case, now chrome is my side browser.
Lack of OffscreenCanvas (without setting a flag) and OffscreenCanvasRenderingContext2D in WebWorkers (no flag at all) makes my WebXR project almost unusable (I have to jump through some ugly hoops of fading the view to black during scene loading to keep the user from throwing up from the render thread frame drops). Having to polyfill WebXR out of the ancient WebVR API is a pain, too.
Normally, the fact that practically nobody actually uses Firefox would mean it's not a huge problem. But the only standalone VR headsets with a Chromium-based browser are the Facebook headsets. If Firefox were better, I could be running twice as many of the not-Facebook-encumbered Pico Neo headsets for the same price. As it stands, Oculus for Business headsets are almost the same price as a Valve Index, once you add in the mandatory "support" yearly licensing fee.
> Normally, the fact that practically nobody actually uses Firefox would mean it's not a huge problem.
I assume you mean "practically nobody without an adblocker".
I dread the day we could have to live without Firefox. Don't dismiss it like that, please.
Cuz Firefox was in such a strong position before Google came around, right.
Mozilla has never been a competitive company. They've always leaned heavily on the illusion of being a non-profit. They've always sold the "eat your vegetables" version of web browsing, without actually offering anything compelling over the competition. We're just expected to use Firefox because "it's made by not-Google".
My job is not to drive users to Firefox. My job is to create a product that people can use. And in my particular case, my job involves creating a product that doesn't physically harm people.
I agree that browser monoculture is a problem. But there is another problem that Mozilla is not the company that is helping with the problem.
EDIT: to go a little further on this, it's not physically possible to create a good WebXR experience in Firefox, at this time. Despite their announcements of focusing on Hubs as one of the few projects they kept around after the most recent purge, there are key technologies that are fundamentally missing from Firefox that have no replacement. And then they have the termerity to user-agent sniff Chromium browsers on desktop PCs and tell you that they supposedly don't support WebXR, that you need to download Firefox to use Hubs. So it seems even Mozilla doesn't really give a shit about the Open Web.
Can you share anything about what it is that you're working on? I never understood why web VR/AR APIs even exist and why anyone would want to use them with the hardware we have today.
It's a foriegn language instruction environment for government employees. You meet with your language instructor in culturally-appropriate environment and role-play different language training scenarios.
Why shouldn't the browser have VR APIs? WebXR allows us to iterate faster, across more devices, and more easily integrate with other services than building in a framework like Unity can do for us. I've spent the last 6 years doing nothing but WebXR and Unity work and WebXR is hands down far easier to develop the sort of application we're building.
No, you're not going to build MS Flight Simulator in WebXR, but you probably weren't going to do that in Unity, either, and ain't nobody got the budget for AAA++ graphics anyway. The folks who do graphically intensive work in Unity have stripped large parts of Unity away to make it possible.
It's about programmatic access to clipboard, like selecting a part of image in a browser-based image editor (likely a canvas), and copy-pasting it into some other application.
I mean putting an image into a clipboard when the user presses Ctrl+C, or some button in my program (without crating a <img> element on the screen and asking the user to right-click it).
Enabling it on release might take a bit longer though. The specification is currently not in a good shape. And there are some open questions around permissions etc.
This is up to a browser. I believe a browser should give you an option to decline all such requests by default, without asking you each time. Just like you can browse the web with JS disabled, without images, etc.
if this is important to some users (to me it is) why blindly trust an application's claim of what it does without verifying/restricting it[1]? The IMHO logical step for a user (again most don't care) would be to sandbox the application with a precise set of calls that are whitelisted and judge the application not based on trust but based on what they allowed in their security controls (firejail, apparmor, seccomp, SElinux, ...) and so immediately see if they did something different (that breaks the promise/trust)? (even then browsers have million lines of code so even with best intentions ymmv)
Reading/writing clipboards is a problem for sandboxing since they act as a bridge to another layer that otherwise has no contract or understanding of the application. So are many other features not just on browsers but on any application that for some reason needs to handle a gazillion tings (on Linux subscribing to system/user dbus messages is a big issue and out of the box totally unmitigated).
[1] If a monolith like chrome/firefox needs to understand/parse hundreds of protocols, technology-standards, etc, is a challenge to sandbox, maybe it isn't the sandboxing but the application that is the wrong tool for the users threat-model? Note, there is also Tor/Tails/QubesOS if isolation between user-space applications is a serious concern.
If the point is a copy-paste raster image that shall be understood by most other programs, then image/png is a fine choice, as it is lossless and well-known.
Vector images don't really need direct support though, do they? A lot of vector image interchange formats are just plaintext so normal text clipboard APIs should suffice.
Animated images could definitely be somewhat useful though, albeit much more niche than static raster images. In most cases where I want an animated image on my clipboard, a link will suffice. What I want may not map to the majority of course, but at least PNG support is a start!
> A lot of vector image interchange formats are just plaintext so normal text clipboard APIs should suffice.
Yes, but I don't think you can set the MIME type. So whatever you paste in would have to be smart enough to look at a text/plain clipboard data and figure out if it looks like an SVG (or whatever).
Those about:config and chrome:flags fixes are only useful for us hackers. You cannot ask your user base to change the deep settings of your browser. For apps it either works out of the box or it does not.
Why? Why would a harmless feature that the vast majority of people want have to have its own "prominent" setting. I'd argue the exact opposite - that making it prominent would lead people to disable it without knowing the consequences and then think their browser is broken: "Oh, I don't want sites to access my clipboard, that sounds scary", then two months later "this browser sucks! When I copy my selection from Google Docs it strips all formatting! It works in Chrome, Firefox sucks!"
Anyways, this is far more time than I'm willing to spend talking to someone who thinks their PoV is the only correct one (I just now recognize your username from a few other threads under this post). Cheeers!
> Websites should not have access to my clipboard.
Being able to take an image from the web page and place it on the clipboard is not 'the website having access to my clipboard'. It's the _browser_ having access.
Going in the reverse direction, placing data from the clipboard into the web page, is more tricky, but Firefox already does a good job of blocking clipboard accesses unless they're the direct result of user action (keyboard shortcut or button press).
You know that you can just copy an image to the clipboard on Firefox yourself, right? Right click, copy image.
The question is whether the website should be able to push images to the clipboard by itself, which it shouldn't. Firefox already supports doing what you're talking about.
The point is when the image is not an image. Maybe it's being drawn on a canvas, or composited with multiple layers, or you want only a part of it (all of these apply to Photopea, I believe).
I don't like the way clipboard access is handled in browsers either, but the fact remains that if I'm using an in-browser image editor, select a part of the image and press CTRL+C, I want that portion of the image in my clipboard. How it gets there is an implementation detail that the average user doesn't and, if it doesn't affect security/privacy, shouldn't have to care about. And since it's write-only, there's no security/privacy concern.
So let's say it is 2005, some phones have cameras, and some don't. The manufacturer of phones without cameras says: "Phones are for calling, just buy a camera, it is literally what you want".
You can be right, but the market has a final word.
Today, many people enjoy using advanced apps, that can be "installed" and "uninstalled" in one second (by opening and closing a website), without leaving any track (mess) in your computer.
> That's a feature. Icons on my home screen should only ever be native applications. Use bookmarks for websites instead.
Why shouldn’t I be allowed to put a bookmark as an icon? That’s essentially what a PWA is anyways. A fancy bookmark that behaves like a native app. Why are you the arbitrator of what I can do?
Student here, I loathe it and the schools that it et al. convince ChromeOS is an acceptable substitute for real OSes. It seems more crashy than pre-1.0 Inkscape and slow as nitrogen-cooled molasses to boot.
Sadly, "PWA mode" (it probably should be called "Install to desktop") was being worked on under "Site Specific Browser (SSB)" name, but due to lacking resources work will be scrapped. More info here: https://bugzilla.mozilla.org/show_bug.cgi?id=1407202
The thing I miss most in Firefox is the Smart Bookmarks feature they removed a while ago. Smart Bookmarks were fantastic. Add your favorite sites' RSS feeds to your bookmark toolbar and you'd have all the recent headlines from all your favorite sites at one click. Fortunately I wasn't the only one that appreciated this long neglected feature so someone created Livemarks (https://github.com/nt1m/livemarks/) that mostly replicated its functionality, but it's not quite the same as having native support for them.
If Brief synced what you've read between Firefox instances (desktop / mobile in particular for me), it would be heaven. It might even be enough to turn induce me to create an account and turn on Firefox sync. However that is a forlorn wish given it hasn't been updated in 2 years now.
Hey thanks for the cool site -- I've used it numerous times for non-trivial image manipulation I've needed to complete where access to Photoshop was not possible.
Because people want a desktop application experience inside of the browser.
When I was playing a Counter Strike web app example posted here a few months ago, it was endlessly frustrating to have Control and W mapped to actions that you may want to perform simultaneously while also not being able to suppress default behavior. I kept accidentally closing the tab as a result...
I personally think that the ability to override default shortcuts isn't necessarily a bad thing, but I definitely think it should be opt-in, like capturing the mouse cursor is. There should be strict separation between "app" features and what a default website should be able to do. Overriding shortcuts should be one of the "app-only" features imo.
> When I was playing a Counter Strike web app example posted here a few months ago, it was endlessly frustrating to have Control and W mapped to actions that you may want to perform simultaneously while also not being able to suppress default behavior. I kept accidentally closing the tab as a result...
So play the native version - problem solved.
This drive to accomodate people misusing the web for apps just bloats browsers (making it prohibitively expensive to develop alternative implementations) while adding tons of privacy leaks and attack surface for exploits.
As a user I create separate Firefox profiles for every site I want to use as a PWA, add a desktop short-cut and some custom userChrome.css, but while the result is okay, it sucks to set it up.
The only positive seems to be, that I can disable the buggy Spotify service-workers while keeping them enabled for other pages.
It would be awesome, if the PWA implementation would even support the system tray (similar to kdocker), but just the basic functionality would be better than the status quo.
You will see more and more applications being implemented for the browser. Browsers who do not support this trend will simply lose market share. Simple as that.
I really wish they would stop focusing on politics too. Now their latest political stunt has got heads rolling, hopefully Mozilla will learn that their money is best invested into Firefox.
Sorry about the late reply. The Firefox apologist mob managed to get me shadow banned with the unjust down-votes, lol.
A lot of people uninstalled Firefox because of Mozilla's politically-fueled 'disinformation' post on their blog. I don't blame them. I worry that Pocket will have these mysterious AI's enabled to defeat 'disinformation', which is why I actively avoid it.
As I said, without an extension (can't trust them), so I guess the answer for firefox is no, it doesn't support that.
Of course, it may display dark mode in sites that respect the system theme - it's the easy part.
I don't mean that, because I don't want darkmode to be restricted to the few websites that respect my system settings: I want my browser to be "always dark", regardless of how cooperative or well (or badly) done the website is.
Dark mode on Edge is forced on the website: if it doesn't support it, the colors are inverted - with no theme or CSS tweaking required.
That's not rocket science, but still far better than anything I've seen on Firefox
I haven't used the new Edge, but simply inverting the colors is going to give you a bad time, all your photos will look rather strange. Realistically, it would want to do something quite a bit more complicated than that. On simple websites, this sort of thing works well, but on compicated websites, it's a nightmare.
> I haven't used the new Edge, but simply inverting the colors is going to give you a bad time, all your photos will look rather strange
Try it: the invert is intelligent enough to work in most cases. I think it substracts the background, which is often white/whitish, so you get the normal image but on a black background.
Also, there's an option to not invert pictures if you prefer.
Do you consider the developer edition an extension, or is your point about extensions relating to GP's reference of Owl?
Firefox Developer Edition is a first party version of the software from Mozilla. It runs slightly ahead of the standard Firefox version I think.
FWIW, Waterfox also uses dark browser chrome by default, although if you're worried about security risks in installing extensions, a third-party fork of Firefox may not sit well with you either.
Regardless, I've used both pieces of software and had very positive experiences.
> you'd rather run Microsoft's proprietary browser
No, I'd rather use higher quality free software: as it's chromium based it's open source.
Nothing prevents debian from compiling a de-microsofted edgium, like they do with a de-googled chromium.
As for sideloading darkreader, that's a decent idea!
But I'm not sure I want a worse user experience (firefox firing its devs may not have been the brightest idea!) and be forced to sideload extensions for things that are already included in another free software browser.
The Dark Reader extension does that very well and even works on mobile (Firefox for Android).
If you really want to do this without extensions, you could try applying a global CSS filter using one of the CSS files in the profile folder (I don't remember which, but I think it's userStyles or globalStyle.css - should be easy to look up). The filter to apply is first an invert(1), then a hueRotate(180deg) on top of it.
It's not perfect, and it will have the opposite effect on pages that are already dark, but it's the best you can do without an extension.
I haven't noticed Firefox for Enterprise before. At first I thought it was a new name for extended support release, but Enterprise is available in both ESR and the regular releases. I can't tell from the landing page what the difference is. Is this just about streamlining enterprise-wide deployment?
It's not a separate version, it's separate notes about how the new version (and new ESR) are likely to affect enterprise IT. It's explicitly where they put notes about changes to the Group Policy templates, for example.
Yes and Active Directory Group Policies are just one of the ways to distribute and enforce policies on Firefox, there's also macOS profiles and policies.json files for all versions. In my old job I used a policies.json file. Annoyingly, there wasn't a way to write path values in a platform-agnostic way (e.g. to specify download file location) so it was necessary to maintain two versions for macOS and Windows.
Been stuck on waterfox since the password manager downgraded to 'Lockwise' (no field edits, no file imports). And since the great add-on reset i can't get a decent tree tabs that doesn't steal mouse focus from the main window..
So, yes, great, another version i probably won't be using.
Go to google, type something in, then try to select the text by click-dragging right to left, but keep dragging until the cursor is over the Tree Style Tabs, then release.. the page will not have registered the release and if you move the cursor over the page again it will deselect what you have just selected.
Sounds like just a nuisance, and it is, but i use quick-keys with my mouse and it really messes with my workflow.
A lot of websites confuse the field auto detect system, you go back to the page after saving password at login and FF can't find the fields, usually cause it didn't save the field names properly (you can see this in PasswordFox). The old password manager you could edit the field names as well as the U:P and URL fixing this problem. The new Lockwise basically turned 5 minutes of logging in to 25 minutes of copy and pasting for me..
You don't have to love it (I have similar complaints) but the tree tabs thing is weird. I've been using Tree Style Tab for a while and it doesn't have any issue like that.
NoScript; My browser only runs trusted code on my system. And if you are running an updated browser without NoScript or some equivalent, that's very dangerous.
Sure, NoScript makes the danger less significant, but it's still not as good as NoScript+updates. Security bugs in media decoders are fairly common, so there are still plenty of opportunities for danger if your browser is old enough.
But since browser JavaScript engines are some of the best sandboxes in existence due to being constantly tested and updated, not using NoScript really isn't dangerous. Sure, disabling JS reduces the amount of risk, but that amount is already low enough to be tolerable for most people.
Even with all reporting and telemetry disabled Firefox sends network requests to Mozilla’s domains upon launch, providing Mozilla with usage tracking data. It would be nice if users who care about this could get Mozilla to honor its privacy claims and configuration settings.
It's a big leap from "makes a request" to "provides tracking data". One doesn't necessary mean the other. It's even bigger leap to say that it's done in violation of stated privacy policies.
For example, requests for software update have to go to Mozilla, but don't have any personal information, and are legitimately necessary.
Well, shouldn’t the user decide what is legitimate to take out of its behavior?
It might be done without bad intentions, but do Mozilla ask consent before asking their users data about when they are using Firefox, and so that they are (possibly) in front of their screen.
Consent only required for personal data. Absence of visible settings suggests those who trade browser silence for safety is a minority, not target audience. It is open source, you can make own build.
They've said many times they don't log IP addresses so if they do, it's definitely illegal. So let's look at the risk vs reward of that situation:
Risk: very high because they rely on user trust to survive and they could get sued into oblivion under the GDPR.
Reward: they now have a list of IP addresses with Firefox users behind them. Any big website has that so it's not valuable to third parties and it's not valuable to Mozilla because they don't do any targeted advertising or anything similar.
A list of IP addresses is about the least useful thing to log if you want to track people.
If firefox is installed from a system package, or installed by another user, it can't really update itself¹, and updates are not legitimately necessary.
¹ except of course any updates and binaries that firefox downloads and gobbles up behind the users back.
If Firefox is installed by another user (or even by yourself) on Windows, the Mozilla Maintenance Service is installed to automatically update Firefox without requiring you to personally elevate the installer.
I'd argue updates are legitimately necessary for 99% of users (automatic updates are a huge reason why 90% of home PCs aren't in a botnet, and were a big reason why Chrome more secure in the old days vs IE/Firefox), and if you want to disable them it's very easy to do (about:config -> app.update.auto = false). But I don't know why you would, if the browser is changing too much for you you can change to ESR which is security updates only to older versions of Firefox.
Yes, automatic updates are pretty much necessary for about 90-99+% of users, but many lot of them are using system packages (which again, should not be able to update isself), and it is still not a reason why there shouldn't be a way to disable random background connections.
One could argue a silent browser is legitimately necessary for security research/operations, or just severely data-constrained networks, but I have yet to find a way to make firefox quiet.
Will app.update.auto disable all updates (browser, search engines, safe-browsing, user-test, blacklists.. there was at least a dozen features)? Last time I tried disabling almost everything suspicious, yet firefox wouldn't respect half of the settings.
Linux distros don't handle all of the updates, such as add-ons or tracking protection blacklists.
Having an option to disable them would be a footgun. Such "radio silence" serves no useful purpose to normal users, but can make the browser appear buggy, e.g. if tracking protection broke a site, and you wouldn't get a fixed blacklist in a timely manner.
Someone has to host these dynamic components, and the browser has to get them somehow. IMHO it's way better if they're fetched straight from Mozilla that has strong privacy policy and a good reputation to uphold, rather than from some rando free distro mirror.
Come on, you guys are in every thread nitpicking tiny tiny things like this, while the alternative is literally incomparably worse, and the only thing you achieve by this is making firefox’s case harder for those who don’t look up your ridiculous claims...
First of all, all of these things can be turned off; second, checking if you are using an outdated, potentially insecure browser is essential - if there is a vulnerability, the least of your problem will be that one goddamn ping to a mozilla domain...
> First of all, all of these things can be turned off;
They cannot. Reporting off, telemetry off, automatic updates off, every related setting in about:config off -- Firefox still transacts data with not one but several Mozilla domains upon launching.
Mozilla can't ethically constantly talk about privacy out of one side of its mouth while collecting data that can be used to track users who have explicitly requested them not to do that out of the other side.
If I could afford the time to learn Rust, the frameworks used by Firefox, the associated toolchain, and the Firefox codebase, and the time to maintain a fork, I would love to do that.
> Mozilla can't ethically constantly talk about privacy out of one side of its mouth while collecting data that can be used to track users who have explicitly requested them not to do that out of the other side.
1. They can if they're an order of magnitude better than everyone else, just like electric car makers can talk about being environmentally friendly despite the fact lithium isn't renewable
2. Are you sure it's tracking? What data is actually sent? Crash reports, update checks, network tests, motd fetching, cache preloading... don't count as "tracking users". Hell, even reporting on statistics (version, OS, platform, region...) isn't actually tracking users, but FF lets you disable that regardless because they know some people don't like it.
My biggest gripe with firefox is how it tries to hold your session hostage to force you to update. This is absolutely a no-go in a professional context, in my opinion. One of the first things I do when setting up firefox on a personal machine is disable this forced update so I can actually control my computer and its applications, not have them control me.
Are you on a Linux distro? The reason that this happens is because Firefox in Linux uses many internal libraries, some that are incompatible from one (even minor) version to the next due to the tight coupling of some of the libraries. Combine that with distro-managed updates, and the result is the restart dialog. Updates on Windows and macOS are different though, they are controlled by Firefox and you can delay updates even when the update is downloaded (Windows users might even see the loading bar associated with the update).
>When Firefox autoupdate, it won’t let you open a new tab to browse elsewhere.
There must be some additional context here. I've never observed this behavior on Windows or on Linux (although on Linux I'm using an LTS release, which could be a confounding factor).
I use both systems. I can’t remember on which system I saw it happen. Personally I’m fine with relaunching immediately the browser. I just replied to give the information asked, but it seemed that somehow it made some people upset. I really don’t understand how and why, tough.
I have seen it happen also, but it’s rare and I can’t recall if it was on Linux or windows. I tried to open a new tab and it said “no more tabs until you restart Firefox”.
I always assumed this was related to the multiprocess architecture. If you've updated Firefox in the background (e.g. via your package manager), and the new version is not API-compatible, it will not be able to create a content process for the new tab, hence the message.
Obviously this is only a problem on Linux, because on other platforms Firefox's own autoupdater will only apply the update when Firefox is restarting.
Yeah, that's bound to happen on Linux if you run an update while Firefox is open. Being able to continue running while all your files get switched out from under you is a pretty big thing to ask from a program and I think they were having issues with crashes and risking corrupted profiles, so they made it do that just in case.
In my experience, running software updates while using the system is a pretty bad idea in general. It works well most of the time, but there's a reason Linux* is the only system that allows that (every other OS defers applying updates to a reboot).
I find it irritating because one of the core principles of this kind of technology, to me, is that it should serve the user, not the other way around. I expect to be able to run the earliest version of windows 10 and go out to all sorts of virus-laden websites if I decide to. It's one thing to automatically download updates and let the user apply them when ready, but to actually disable the browser until the user complies is just unacceptable for me. Hence why I disable it.
I do applaud firefox for supporting so much customization, as in this case. If I weren't able to disable this behavior I would have stopped using firefox immediately.
Yeah, this is the exact kind of behavior that made me finally nuke my Windows install for good (although Adobe crap eventually forced me to dual-boot again). The irony of Mozilla copying Microsofts anti-features does not escape me and I sure hope this doesn't continue...
Are you on a Linux distro? The reason that this happens is because Firefox in Linux uses many internal libraries, some that are incompatible from one (even minor) version to the next due to the tight coupling of some of the libraries. Combine that with distro-managed updates, and the result is the restart dialog. Updates on Windows and macOS are different though, they are controlled by Firefox and you can delay updates even when the update is downloaded (Windows users might even see the loading bar associated with the update).
This has happened to me on Linux, Windows, and MacOS. This thread has a screenshot and description of what I mean: This thread has a screenshot and description of exactly what I mean. It's happened to me pretty regularly. This is default FF behavior. https://superuser.com/questions/1451210/how-can-i-make-firef...
On Windows and MacOS this happens to users who launch multiple profiles from the same version at the same time via --no-remote and -P/--profile-manager or in multi user systems where one user updates Firefox and the other person is logged in and running the older version of Firefox.
As Jamie mentioned above Firefox is trying to launch a new process and is unable to find a matching binary. Before Mozilla detected the in-between update state there it was common to see spikes of crashes that were related to process spawning.
The choice Mozilla has is to allow the user randomly crash with a chance of profile corruption or alerting the user about the state and asking the user to trigger an orderly shutdown.
Neither of those use cases apply to me. I haven't even heard of those features before as I don't launch via CLI or use multiple user accounts on my machines.
This would be even rarer but do you use Chocolatey and/or Brew or similar to install Firefox? That could put you back in the Linux package manger situation where a 3rd party application updates the Firefox binary out from underneath it.
I've never had this problem over the course of like a decade using FF, I suspect it might be due to your configuration. What kind of message do you get when it happens?
What happens to my Firefox (on Mac) very often is that it does an auto update and then just becomes completely unstable (things just suddenly stop working, like audio in a Google Meet call). Then I restart, and get some happy "Hooray you have the new Firefox" window, which makes me angry, because I was in the middle of something important usually. I then procede by clicking away the tab with the "features" and restore my session.
This happens if another instance of Firefox or an external package manager updates Firefox while you are running Firefox. This can happen if you have installed Firefox via a Linux package manager, or if you are running Firefox with multiple profiles.
While I understand that it is very annoying if you hit this issue, it is not done as some kind of trick to try to get you to update. The issue is that Firefox is trying to start a new content process to load your page, but the old executable no longer exists so it is impossible.
I was under the impression Firefox on Windows only updated before starting (and maybe after stopping) and on Linux, the updates are managed by the system.
I don't use Windows much these days, but I'd love to know which setting it is that turns this off as I tend to hoard tabs and this sounds extremely annoying.
A ton of old web games and animations have suddenly just become inaccessible. I wonder if the flash player could be ported to webasm for legacy applications.
They're still accessible, just not from modern browsers. You can still use an alternative player like Flashpoint. Anyone still relying on Flash to power a web interface is probably SOL though.
It's opt-out. Feel free to check this yourself, instead of mindlessly defending Firefox. I'm tired of this exclusionary attitude on Hacker News, to be perfectly honest.
There is absolutely no warning that this telemetry is active, which is a dark-pattern in itself.
Looks like the Firefox mob have already got to this post. No wonder nothing is changing.
You are right! My information was out of date. I just installed Firefox for Android (I generally use the Beta) and that crap was enabled by default. Sigh.
Chrome/Edge/everything else: anybody and their dog can personally identifiy individuals on the Internet and then sell that information to advertisers who use it to psychologically manipulate you into buying things. There is no consent or opt-out.
Mozilla: we've made sure people can't do any of that, but we collect anonymous statistics about how our own software is used. Oh, and we tell you about it and let you turn it off if you want.
People: Mozilla is evil and doesn't actually respect privacy.
Of course they do! Haven't you seen a fresh install of Firefox in like 10 years? The second thing you see is the little "do you want to opt out of analytics" popup. They don't say anything about the other, non-privacy-related requests FF makes (like portal and update checks), but those are explained in their privacy policy and it's very easy to verify that they in fact don't contain any information you should be worried about.
Like it or not, there isn't a privacy issue here. I wouldn't mind a "silent mode", sure, but ultimately, that's a missing feature, not a critical bug.
I always try Firefox every 6 months or so but end up going back to a Chromium based browser after a few days. It's never anything major but for example this issue with the address bar suggesting the root domain instead of the pages I actually visit drives me nuts - https://www.reddit.com/r/firefox/comments/a2wz6x/firefox_add...
I'm glad they're continuing to improve the browser, maybe this update will be the one that convinces me to switch!
I've had this issue when I switched back to Firefox one year ago, but now I have this sequence in my muscle memory: ctrl + l to focus the address bar, tab to highlight first result, enter to load it.
Every time I see one of these, I try to switch from the beta version to the stable version. I download the latest stable version, quit my browser, copy it to my applications folder, double-click, accept the warning that I'm running new software downloaded from the internet, and find myself in the next beta version.
Is there a way to switch from beta to stable without losing my profile?
If you want to go back and forth between release and beta on a single profile, that’s not recommended. If you want to switch your current beta profile permanently to an installation of the stable release, you can do that from the terminal (command line) by running the Firefox executable with the -p parameter to select a profile. The documentation has instructions on where the profile is located and how to find which profile is used.
I just want to switch one time. I got on the beta like a year ago when the current version was unstable, and I've been trying to get back to release since that version was released. Where can I find this documentation? How do I install the stable release to port the profile to? Every attempt I've made results in me still having the beta version.
Install the stable version but don't run it yet. Then follow the instructions to start the Profile Manager when Firefox is closed. If you need to recover data from your old profile, the link above has instructions too.
You could set up a Firefox Account and use Firefox Sync to synchronize your Beta and stable profiles (and then disable Sync or the account, if you like).
I'd do that, but sync misses things like container settings. Also, I'm unable to run stable at all. Whenever I install and run stable, I somehow end up with the beta version.
That's great news. I have sync enabled already. The only remaining problem is that I can't seem to install the stable release. Whenever I download it and run the executable, it just starts up immediately in beta again.
Do make a backup if you attempt this as I'm talking from memory here, but I believe I managed to do this once by not updating the beta browser for a while and then copying it over once the release channel caught up with the beta. It might've involved modifying a version string in a profile file or something to trick it into accepting it, but it worked perfectly.
That's what I've tried to do every time there's a new release - update to the caught-up stable version before the beta upgrade. I haven't figured out the details of how to make that happen after a year or so of attempts now. I've turned off the automatic updates now, so at least I won't accidentally get upgraded past the stable release this time.
>It’s easier than ever to save and access your bookmarks. Firefox now remembers your preferred location for saved bookmarks, displays the bookmarks toolbar by default on new tabs, and gives you easy access to all of your bookmarks via a toolbar folder.
I don't see a lot of use of Bookmarks toolbar, bookmarks menu, and other bookmarks when there can be simply bookmarks and other bookmarks like Chrome. Bookmark toolbar makes menu utterly useless. I would rather have toolbar and an extension that displays those bookmarks toolbar in a similar way as menu to avoid added cognitive load.
I want to use firefox but I have a very stupid problem that makes it extremely annoying:
I have to use federation to login to slack. When Slack opens a page in the browser, that works fine, but then once I'm signed in it takes me to the web interface rather than opening the native client back up.
This isn't a tech support forum obviously but if someone had a hint of where to look, that'd be really helpful. I'm on ubuntu running i3.
Just a note for anyone who may see it. Something changed in the UI CSS such that some of my customizations around the bookmark bar no longer worked. There seems to be a new option called "Show Other Bookmarks" that was enabled causing the entire bookmark bar to become one large clickable item. Disabling that restored the bookmark bar functionality. I'll have to investigate my user CSS file to see if I can figure out what changed.
301 comments
[ 3.1 ms ] story [ 278 ms ] threadParticularly the security fixes. Easy to find case numbers, impact levels and clear descriptions. All with decent spacing that makes the page feel clear and legible.
This is also why I think Sparkle [https://sparkle-project.org/] is one of the best things about the Mac application ecosystem.
Edit: Should mention why, because it presents a consistent, and clear, UI for users and it encourages developers to write release notes.
In the past you could look up changes here [1], but updates there stopped a while ago.
[1] https://wiki.mozilla.org/Firefox/Roadmap/Updates
That said, I downloaded Pale Moon yesterday and tested it briefly: installed TST and one or two other extensions, visited a few ordinary sites.
Even after all those years it still feel good. It is snappy and the lack of a noisy tab bar on the top in addition to TST is actually a huge deal!
So my question for anyone from Mozilla who steps in here:
when will you start fixing the extension API? I get it the new API is more secure, but there is nothing that prevents making tab positions configurable in a safe way.
Also, could someone please fix that nasty UX bug that some UX designer introduced a decade or so ago where - if you select the tiniest thing on the page - the navigation buttons disappear from the context menus. After a decade or more this inconsistency still annoys me.
https://imgur.com/BPDN1uP
The tabs expand on mouse-over:
https://imgur.com/7iCYykg
And IIRC they have expressed intent to remove this possibility completely.
Report it via https://support.mozilla.org/en-US/kb/file-bug-report-or-feat...
it's terrible, js shouldn't be aware of stuff like this.
Tracking/detecting/fingerprinting/etc. is an arms race. Every feature a browser has (or could have and lacks), can be used as a variable to compile a tracking profile that identifies you and/or your general browser configuration (including but not limited to private mode).
The biggest one of these though is something private mode can't control: IP. For that you need something like Tor or a VPN.
- browser ships a feature X
- they decide that X shouldn't be allowed in incognito (or that incognito mode returns fewer values, has lower quotas, uses different implementation that is slower/faster etc.)
- inadvertently, this becomes incognito detection vector
- people report the issue; the feature X is fixed
- another thing is shipped which accidentally allows detecting incognito
- ad infinitum
Which is exactly why Firefox needs to push back on adding more and more of those features, especially those that are not needed for websites (rather than applications).
> (or could have and lacks)
Absence of features can also be used for detection. Any differentiator.
- impossible to put an image into a clipboard (so that user can e.g. paste it outside a browser)
- no PWA mode (impossible to put an icon of a website to your homescreen, which will open the website without a browser UI)
- impossible to have keyboard shortcuts with Alt https://bugzilla.mozilla.org/show_bug.cgi?id=1568130
Firefox for Android has this. Are you referring to Firefox for desktop?
I can do without the clipboard or PWA mode. Performance and responsiveness are what converted me and plenty others from Firefox when Chrome first appeared. If Firefox performance is at least close to Chrome/Chromium it'd make switching back much more appealing.
Chrome seem to struggle when there are tens of tabs.
Google web applications still not great, but still usable I find. Facebook performance isn't great either.
Sadly Google will typically "accidentally sabotage" performance of their key apps on Firefox.
I also switched to Chrome rims ago when it came out due to how buttery smooth it was, but switched back after it starter to get slow.
Chrome's a memory hog and it runs slow and clunky on older devices, in my experience.
I suggest to try Firefox as side browser for your light browsing need. Maybe like when reading news, social media browser, or anything make sense for you.
This worked for me, in my case, now chrome is my side browser.
Normally, the fact that practically nobody actually uses Firefox would mean it's not a huge problem. But the only standalone VR headsets with a Chromium-based browser are the Facebook headsets. If Firefox were better, I could be running twice as many of the not-Facebook-encumbered Pico Neo headsets for the same price. As it stands, Oculus for Business headsets are almost the same price as a Valve Index, once you add in the mandatory "support" yearly licensing fee.
I assume you mean "practically nobody without an adblocker". I dread the day we could have to live without Firefox. Don't dismiss it like that, please.
Mozilla has never been a competitive company. They've always leaned heavily on the illusion of being a non-profit. They've always sold the "eat your vegetables" version of web browsing, without actually offering anything compelling over the competition. We're just expected to use Firefox because "it's made by not-Google".
You were clearly the issue in the other thread.
With Chrome, Edge, Opera, and Brave all running on Chrome, we're getting awfuly close to a browser monoculture - one controlled by Google.
Supporting FF might be a pain in some cases, but failing to do so drives users away from FF in the long run, and drives away FF users from your site.
I know web devs have limited resources, but look at it this way: supporting FF and Chrome is a lot less of a pain than it used to be supporting IE.
My job is not to drive users to Firefox. My job is to create a product that people can use. And in my particular case, my job involves creating a product that doesn't physically harm people.
I agree that browser monoculture is a problem. But there is another problem that Mozilla is not the company that is helping with the problem.
EDIT: to go a little further on this, it's not physically possible to create a good WebXR experience in Firefox, at this time. Despite their announcements of focusing on Hubs as one of the few projects they kept around after the most recent purge, there are key technologies that are fundamentally missing from Firefox that have no replacement. And then they have the termerity to user-agent sniff Chromium browsers on desktop PCs and tell you that they supposedly don't support WebXR, that you need to download Firefox to use Hubs. So it seems even Mozilla doesn't really give a shit about the Open Web.
Why shouldn't the browser have VR APIs? WebXR allows us to iterate faster, across more devices, and more easily integrate with other services than building in a framework like Unity can do for us. I've spent the last 6 years doing nothing but WebXR and Unity work and WebXR is hands down far easier to develop the sort of application we're building.
No, you're not going to build MS Flight Simulator in WebXR, but you probably weren't going to do that in Unity, either, and ain't nobody got the budget for AAA++ graphics anyway. The folks who do graphically intensive work in Unity have stripped large parts of Unity away to make it possible.
I don't understand your last question.
That's news to me. I do that almost on a daily basis with Firefox.
I literally implemented support for the navigator.clipboard.write API, with image/png support included, in today's Firefox Nightly version: https://bugzilla.mozilla.org/show_bug.cgi?id=1619947
Enabling it on release might take a bit longer though. The specification is currently not in a good shape. And there are some open questions around permissions etc.
I beg you, do not let websites put things into my clipboard.
Reading/writing clipboards is a problem for sandboxing since they act as a bridge to another layer that otherwise has no contract or understanding of the application. So are many other features not just on browsers but on any application that for some reason needs to handle a gazillion tings (on Linux subscribing to system/user dbus messages is a big issue and out of the box totally unmitigated).
[1] If a monolith like chrome/firefox needs to understand/parse hundreds of protocols, technology-standards, etc, is a challenge to sandbox, maybe it isn't the sandboxing but the application that is the wrong tool for the users threat-model? Note, there is also Tor/Tails/QubesOS if isolation between user-space applications is a serious concern.
There are other use cases though that aren't supported by PNG, such as vector images and animated images. Or more niche use cases like RAW images.
Animated images could definitely be somewhat useful though, albeit much more niche than static raster images. In most cases where I want an animated image on my clipboard, a link will suffice. What I want may not map to the majority of course, but at least PNG support is a start!
Raster image support should also be able to support stuff drawn on a canvas element, so I think it is a great place to start.
Yes, but I don't think you can set the MIME type. So whatever you paste in would have to be smart enough to look at a text/plain clipboard data and figure out if it looks like an SVG (or whatever).
I tried the keyboard shortcut fiddle with FF86 and it works just fine after clicking in the white part once.
That's a feature. Websites should not have access to my clipboard.
> - no PWA mode (impossible to put an icon of a website to your homescreen, which will open the website without a browser UI)
That's a feature. Icons on my home screen should only ever be native applications. Use bookmarks for websites instead.
> - impossible to have keyboard shortcuts with Alt https://bugzilla.mozilla.org/show_bug.cgi?id=1568130
Just build a native app. It's literally what you want.
Having a feature that breaks user's security is not a feature.
Anyways, this is far more time than I'm willing to spend talking to someone who thinks their PoV is the only correct one (I just now recognize your username from a few other threads under this post). Cheeers!
Being able to take an image from the web page and place it on the clipboard is not 'the website having access to my clipboard'. It's the _browser_ having access.
Going in the reverse direction, placing data from the clipboard into the web page, is more tricky, but Firefox already does a good job of blocking clipboard accesses unless they're the direct result of user action (keyboard shortcut or button press).
The question is whether the website should be able to push images to the clipboard by itself, which it shouldn't. Firefox already supports doing what you're talking about.
I don't like the way clipboard access is handled in browsers either, but the fact remains that if I'm using an in-browser image editor, select a part of the image and press CTRL+C, I want that portion of the image in my clipboard. How it gets there is an implementation detail that the average user doesn't and, if it doesn't affect security/privacy, shouldn't have to care about. And since it's write-only, there's no security/privacy concern.
You can be right, but the market has a final word.
Today, many people enjoy using advanced apps, that can be "installed" and "uninstalled" in one second (by opening and closing a website), without leaving any track (mess) in your computer.
What happened to giving users control?
What if "literally what I want" is to edit a photo without installing any software?
Why shouldn’t I be allowed to put a bookmark as an icon? That’s essentially what a PWA is anyways. A fancy bookmark that behaves like a native app. Why are you the arbitrator of what I can do?
But there are extensions that do a similar thing, eg Brief. https://addons.mozilla.org/en-US/firefox/addon/brief/ And once you've got past the pain of the move, they do a much better job.
If Brief synced what you've read between Firefox instances (desktop / mobile in particular for me), it would be heaven. It might even be enough to turn induce me to create an account and turn on Firefox sync. However that is a forlorn wish given it hasn't been updated in 2 years now.
Isn't it possible with the convenient "Capture screeenshot" feature in Firefox (the 3 dots next to the address bar)?
Wait, why should web pages be able to usurp keyboard shortcuts traditionally reserved for the browser itself?
When I was playing a Counter Strike web app example posted here a few months ago, it was endlessly frustrating to have Control and W mapped to actions that you may want to perform simultaneously while also not being able to suppress default behavior. I kept accidentally closing the tab as a result...
I personally think that the ability to override default shortcuts isn't necessarily a bad thing, but I definitely think it should be opt-in, like capturing the mouse cursor is. There should be strict separation between "app" features and what a default website should be able to do. Overriding shortcuts should be one of the "app-only" features imo.
So play the native version - problem solved.
This drive to accomodate people misusing the web for apps just bloats browsers (making it prohibitively expensive to develop alternative implementations) while adding tons of privacy leaks and attack surface for exploits.
As a user I create separate Firefox profiles for every site I want to use as a PWA, add a desktop short-cut and some custom userChrome.css, but while the result is okay, it sucks to set it up.
The only positive seems to be, that I can disable the buggy Spotify service-workers while keeping them enabled for other pages.
It would be awesome, if the PWA implementation would even support the system tray (similar to kdocker), but just the basic functionality would be better than the status quo.
No idea what you mean. I can use any image. Right click - "Copy Image". Then paste it anywhere like in image editor. Works without any problems.
Firefox 86.0b1, Debian testing / KDE Plasma 5.20.5.
Care to elaborate?
I assume the "political stunt" part was related to all the Trump deplatforming stuff a few weeks back.
Hadn't heard anything related to anyone actually getting any pushback for it though.
A lot of people uninstalled Firefox because of Mozilla's politically-fueled 'disinformation' post on their blog. I don't blame them. I worry that Pocket will have these mysterious AI's enabled to defeat 'disinformation', which is why I actively avoid it.
-- Tentacles
You can't possibly be serious....
Anything like that on Firefox?
If not, I'm not sure Firefox is currently the best option for any usecase - even on Linux.
>Anything like that on Firefox?
Themes? I use the dark one
Of course, it may display dark mode in sites that respect the system theme - it's the easy part.
I don't mean that, because I don't want darkmode to be restricted to the few websites that respect my system settings: I want my browser to be "always dark", regardless of how cooperative or well (or badly) done the website is.
Dark mode on Edge is forced on the website: if it doesn't support it, the colors are inverted - with no theme or CSS tweaking required.
That's not rocket science, but still far better than anything I've seen on Firefox
Try it: the invert is intelligent enough to work in most cases. I think it substracts the background, which is often white/whitish, so you get the normal image but on a black background.
Also, there's an option to not invert pictures if you prefer.
No browser support for dark mode= no dark mode for me.
I use FF daily and it uses darkmode in sites that respect my system settings, because I have my system set to darkmode.
I use a Mac. Darkmode is a native feature.
I know, but I don't want to rely on their goodwill.
I want the browser to provide a dark mode that work in all cases, therefore:
- if webpages advertise a support of dark mode, oblige them
- if they don't, invert colors and use any other tricks as required
On Linux, Edge is the safest and the simplest way to always have a dark mode everywhere.
Firefox Developer Edition is a first party version of the software from Mozilla. It runs slightly ahead of the standard Firefox version I think.
FWIW, Waterfox also uses dark browser chrome by default, although if you're worried about security risks in installing extensions, a third-party fork of Firefox may not sit well with you either.
Regardless, I've used both pieces of software and had very positive experiences.
If you insist, go download Dark Reader from GitHub, look at the code (it's not particularly complex) and install it into Firefox locally.
No, I'd rather use higher quality free software: as it's chromium based it's open source.
Nothing prevents debian from compiling a de-microsofted edgium, like they do with a de-googled chromium.
As for sideloading darkreader, that's a decent idea!
But I'm not sure I want a worse user experience (firefox firing its devs may not have been the brightest idea!) and be forced to sideload extensions for things that are already included in another free software browser.
If you really want to do this without extensions, you could try applying a global CSS filter using one of the CSS files in the profile folder (I don't remember which, but I think it's userStyles or globalStyle.css - should be easy to look up). The filter to apply is first an invert(1), then a hueRotate(180deg) on top of it.
It's not perfect, and it will have the opposite effect on pages that are already dark, but it's the best you can do without an extension.
https://support.mozilla.org/en-US/products/firefox-enterpris...
So, yes, great, another version i probably won't be using.
Sounds like just a nuisance, and it is, but i use quick-keys with my mouse and it really messes with my workflow.
Not sure what do you mean by "field edits", I can edit the username/password just fine...?
A lot of websites confuse the field auto detect system, you go back to the page after saving password at login and FF can't find the fields, usually cause it didn't save the field names properly (you can see this in PasswordFox). The old password manager you could edit the field names as well as the U:P and URL fixing this problem. The new Lockwise basically turned 5 minutes of logging in to 25 minutes of copy and pasting for me..
https://www.askwoody.com/forums/topic/waterfox-has-been-sold...
That's a really dangerous thing to do for a piece of software that's made to run untrusted code on your system!
But since browser JavaScript engines are some of the best sandboxes in existence due to being constantly tested and updated, not using NoScript really isn't dangerous. Sure, disabling JS reduces the amount of risk, but that amount is already low enough to be tolerable for most people.
For example, requests for software update have to go to Mozilla, but don't have any personal information, and are legitimately necessary.
It might be done without bad intentions, but do Mozilla ask consent before asking their users data about when they are using Firefox, and so that they are (possibly) in front of their screen.
Consent only required for personal data. Absence of visible settings suggests those who trade browser silence for safety is a minority, not target audience. It is open source, you can make own build.
No it isn't.
2) track IP address
Risk: very high because they rely on user trust to survive and they could get sued into oblivion under the GDPR.
Reward: they now have a list of IP addresses with Firefox users behind them. Any big website has that so it's not valuable to third parties and it's not valuable to Mozilla because they don't do any targeted advertising or anything similar.
A list of IP addresses is about the least useful thing to log if you want to track people.
¹ except of course any updates and binaries that firefox downloads and gobbles up behind the users back.
I'd argue updates are legitimately necessary for 99% of users (automatic updates are a huge reason why 90% of home PCs aren't in a botnet, and were a big reason why Chrome more secure in the old days vs IE/Firefox), and if you want to disable them it's very easy to do (about:config -> app.update.auto = false). But I don't know why you would, if the browser is changing too much for you you can change to ESR which is security updates only to older versions of Firefox.
https://wiki.mozilla.org/Windows_Service_Silent_Update
Yes, automatic updates are pretty much necessary for about 90-99+% of users, but many lot of them are using system packages (which again, should not be able to update isself), and it is still not a reason why there shouldn't be a way to disable random background connections.
One could argue a silent browser is legitimately necessary for security research/operations, or just severely data-constrained networks, but I have yet to find a way to make firefox quiet.
Will app.update.auto disable all updates (browser, search engines, safe-browsing, user-test, blacklists.. there was at least a dozen features)? Last time I tried disabling almost everything suspicious, yet firefox wouldn't respect half of the settings.
Having an option to disable them would be a footgun. Such "radio silence" serves no useful purpose to normal users, but can make the browser appear buggy, e.g. if tracking protection broke a site, and you wouldn't get a fixed blacklist in a timely manner.
Someone has to host these dynamic components, and the browser has to get them somehow. IMHO it's way better if they're fetched straight from Mozilla that has strong privacy policy and a good reputation to uphold, rather than from some rando free distro mirror.
First of all, all of these things can be turned off; second, checking if you are using an outdated, potentially insecure browser is essential - if there is a vulnerability, the least of your problem will be that one goddamn ping to a mozilla domain...
They cannot. Reporting off, telemetry off, automatic updates off, every related setting in about:config off -- Firefox still transacts data with not one but several Mozilla domains upon launching.
Mozilla can't ethically constantly talk about privacy out of one side of its mouth while collecting data that can be used to track users who have explicitly requested them not to do that out of the other side.
1. They can if they're an order of magnitude better than everyone else, just like electric car makers can talk about being environmentally friendly despite the fact lithium isn't renewable
2. Are you sure it's tracking? What data is actually sent? Crash reports, update checks, network tests, motd fetching, cache preloading... don't count as "tracking users". Hell, even reporting on statistics (version, OS, platform, region...) isn't actually tracking users, but FF lets you disable that regardless because they know some people don't like it.
https://blog.mozilla.org/security/2021/01/26/supercookie-pro...
It's too bad that we'll have to trade off browser efficiency for privacy.
https://news.ycombinator.com/item?id=25916513
https://blog.mozilla.org/security/2021/01/26/supercookie-pro...
Power users can disable it. For the less advanced users, impose that as default behavior as its pros and cons.
It happens because Firefox closes and re-opens libraries and permits an in-place update (and thus, breaking itself).
There must be some additional context here. I've never observed this behavior on Windows or on Linux (although on Linux I'm using an LTS release, which could be a confounding factor).
Obviously this is only a problem on Linux, because on other platforms Firefox's own autoupdater will only apply the update when Firefox is restarting.
In my experience, running software updates while using the system is a pretty bad idea in general. It works well most of the time, but there's a reason Linux* is the only system that allows that (every other OS defers applying updates to a reboot).
I do applaud firefox for supporting so much customization, as in this case. If I weren't able to disable this behavior I would have stopped using firefox immediately.
As Jamie mentioned above Firefox is trying to launch a new process and is unable to find a matching binary. Before Mozilla detected the in-between update state there it was common to see spikes of crashes that were related to process spawning.
The choice Mozilla has is to allow the user randomly crash with a chance of profile corruption or alerting the user about the state and asking the user to trigger an orderly shutdown.
While I understand that it is very annoying if you hit this issue, it is not done as some kind of trick to try to get you to update. The issue is that Firefox is trying to start a new content process to load your page, but the old executable no longer exists so it is impossible.
I don't use Windows much these days, but I'd love to know which setting it is that turns this off as I tend to hoard tabs and this sounds extremely annoying.
It took half a decade, but it's finally done.
https://blog.archive.org/2020/11/19/flash-animations-live-fo...
https://reports.exodus-privacy.eu.org/en/reports/org.mozilla...
Something like that.
There is absolutely no warning that this telemetry is active, which is a dark-pattern in itself.
Looks like the Firefox mob have already got to this post. No wonder nothing is changing.
-- tentacleuno
Mozilla: we've made sure people can't do any of that, but we collect anonymous statistics about how our own software is used. Oh, and we tell you about it and let you turn it off if you want.
People: Mozilla is evil and doesn't actually respect privacy.
Like it or not, there isn't a privacy issue here. I wouldn't mind a "silent mode", sure, but ultimately, that's a missing feature, not a critical bug.
https://news.ycombinator.com/item?id=25916513
I'm glad they're continuing to improve the browser, maybe this update will be the one that convinces me to switch!
Is there a way to switch from beta to stable without losing my profile?
I believe there's a beta switch in the general settings menu.
How to create a new profile. https://support.mozilla.org/en-US/kb/profile-manager-create-...
Install the stable version but don't run it yet. Then follow the instructions to start the Profile Manager when Firefox is closed. If you need to recover data from your old profile, the link above has instructions too.
https://support.mozilla.org/en-US/kb/containers#w_what-you-c.... (item #7)
I don't see a lot of use of Bookmarks toolbar, bookmarks menu, and other bookmarks when there can be simply bookmarks and other bookmarks like Chrome. Bookmark toolbar makes menu utterly useless. I would rather have toolbar and an extension that displays those bookmarks toolbar in a similar way as menu to avoid added cognitive load.
I have to use federation to login to slack. When Slack opens a page in the browser, that works fine, but then once I'm signed in it takes me to the web interface rather than opening the native client back up.
This isn't a tech support forum obviously but if someone had a hint of where to look, that'd be really helpful. I'm on ubuntu running i3.
Preferences -> General -> Applications
Content Type: slack
Action: Use Slack
Do you have that setting?
I use slack as pinned tab on Firefox, and it runs OK. It's easier for me when doing context switching since most of my works are on the browser.
https://blog.mozilla.org/blog/2021/01/08/we-need-more-than-d...