The downside of all of this is that I feel like sites are now intentionally being designed to break if this kind of stuff is blocked. I used to be able to use Firefox Focus (which has tracking protection built-in) to pay most of my bills. This was convenient because I would just open up the one site in FFF, pay the bill, and then close it, with all browsing history automatically deleted.
In the past month about 3 of my credit card sites stopped working on FFF, as well as my ISP's site. Some would flat out reject the agent ("Your browser is no longer supported"), others would let me log in but then immediately tell me I had been logged out or redirect back to the home page. So now I'm forced to open them back up in regular Firefox, history and tracking included.
It's one thing to say "Don't use sites that exploit your data", but it's not like the average person really has a choice when it comes to paying utility bills.
That particular example is just extremely odd because… well, the business model of the utilities whose bills you pay (nor the bank's) shouldn't be based on advertising?? Maybe it's just a pile of web development fail, using 3rd party cookies for no good reason..
> well, the business model of the utilities whose bills you pay (nor the bank's) shouldn't be based on advertising??
They shouldn't need it, but from their point of view why on earth wouldn't they sell their customers out at every opportunity if it means more money for them? Companies are amoral monsters who care about nothing but making money. If a company can do something that will make them more money you should expect them do it regardless of how ethical or legal it is.
Likely they've been sold a bunch of snake oil to prevent "fraud" based around sniffing up their customers' asses.
But you should still use all of the anti-surveillance tech you can, lest the downward spiral continue. The methods are implemented gradually, with soft heuristics. The more customers they have without such vulnerabilities, the harder it is to justify turning the screws.
Right, but regardless of the factuality of these claims, remind me how we continue to sidestep the issue of consent from those that are tracked? “Privacy nuts” such as myself do not struggle to see upsides to say a global DNA database with perfect coverage, it is the fact that we are very much aware of the terrible potential downsides of a world where privacy and consent is largely ignored that makes us concerned.
Utilities shouldn't need advertising in theory, but utilities don't behave well (economically speaking) in general. There is to much regulation (limiting upside from selling their services means squeezing money out of less ethical verticals) or there are monopolistic incentives (you don't have a choice, so we can make you give us ad revenue)
Where is there too much regulation of utilities? Particularly considering the issue with PG&E, it seems unlikely this would be the case in the US; the money in the US is being squeezed toward bonuses and the like.
What I usually see if just poorly implemented tagging. For example, if Google Analytics javascript breaks then so do the links I want to click. I’ve seen it on my 529 plan website and in other places. I suppose tracking blockers could forge GA and other javascript objects to avoid this but what a battle this becomes.
>In the past month about 3 of my credit card sites stopped working on FFF, as well as my ISP's site.
Which sites are these? When you make claims like this, you should specifically name the businesses that do this, so the rest of us can try to avoid them.
The Toyota Financial web site (if you finance a Toyota/Lexus through them) became horribly broken recently. It required me to jump through so many hoops to log in (including turning off ad blocker, turning off tracking protection, not using "private browsing mode," etc.) that I just got fed up with it and went back to paper billing. It's so ridiculous.
I actually pay through my online banking now but I'm forced to receive paper bills unless I agreed to some insanely-long new T&C.
The online banking I use (some local credit union) uses a 3rd-party site so in order to use it I must accept 3rd party cookies on this site. But you don't whitelist <the bank site> you have to find and whitelist <the 3rd party site> which requires some knowledge/skill in this area. I don't know how any "normal" user will be able to use Firefox after these updates; if you can't log in to your bank you're just going to go back to Chrome, right?
>With that said, let's say I specifically name "Chase". Are you going to cancel your existing Chase bank account or credit card upon hearing this?
Well put it this way: if you specifically name "Chase", I'm going to think twice about applying for a credit card there or opening a bank account there. It's harder when you're already invested in a business, but when someone is shopping for a new one, when they hear credible information that shows that business to be a bad actor or that it will provide them a bad experience, it's pretty easy to cause many of them to choose something else.
BTW, I would never advise anyone to get a Chase bank account; they're pretty well-known to be horrible. You can get far better service and interest rates from a good online bank like Ally, Schwab, Discover, etc.
> BTW, I would never advise anyone to get a Chase bank account; they're pretty well-known to be horrible. You can get far better service and interest rates from a good online bank like Ally, Schwab, Discover, etc.
Again, it was a placeholder name. But I'll be honest for the sake of those curious and just say "the credit card that's offered through Costco" :)
yah, absolutely avoid the big 4: chase, citibank, bank of america, and wells fargo. there's always a better local/regional/online alternative at a lower cost and with (often much) better service.
> I avoided doing so because I don't really want the internet to know what credit cards I have.
And that is one of the reasons why we are allowed to have multiple accounts on this site, as long as they aren't all throwaways.
I bet you are aware of this already, so I'm mentioning this mostly for the benefit of those who haven't wasted half a decade (or more in my case here.)
The principal here is that businesses with bad practices should be named and shamed. Companies that act like this are banking on their consumers not caring enough to do anything about it. Even a negative press reaction may be enough to dissuade companies from doing this. Refusing to name the companies is compliance.
> The downside of all of this is that I feel like sites are now intentionally being designed to break if this kind of stuff is blocked.
That's fine by me. It's an up-front indication that I don't want to use that service. In the case of bill pay, I would just change my user agent string.
You are working around the problem, but the underlying issue is still there, which is not fine. I do not consider those practices fine just because I may have found a workaround. :/
> In the case of bill pay, I would just change my user agent string.
He also mentioned "others would let me log in but then immediately tell me I had been logged out". If they implement logging in with some tracking cookies, then changing your agent won't help.
I wouldn't expect it to succeed immediately. But there are often frontend developers within these companies that would prefer to build high-quality websites that work in many browsers, and if there are complaints from end users, it will help these people in their arguments that they should invest more time in quality.
> it's not like the average person really has a choice when it comes to paying utility bills.
You can always use a dedicated browser for that and only that. Brave, Opera, Vivaldi, IE, Chrome, whatever. At least there's enough browsers around to have each dedicated for certain purpose.
Well, that's the thing: Firefox Focus was my dedicated browser for that purpose. So now that's really no longer an option. I guess I can use Chrome in Incognito mode, but god knows how long it will be before payment sites start blacklisting that, too.
Somewhat related, I saw a site today that did a fake Cloudflare style bot check countdown, and then said “click allow to confirm you’re not a bot” before popping up a notification send request UI. I bailed then but presumably it wouldn’t show anything if you declined that, who knows what spam they were sending if you didn’t. Thought that was a clever-ish very shitty way to work around permissions.
I'd like to have that option, but i can understand why they did it this way. If you just hide the notification then the site can still use them to get around other restrictions like how much time the javascript is allowed to run in the background and things like that.
The more I protect my personal data (hi, GDPR!), the more websites are adding recaptacha to all their pages.
Blocking trackers makes Google suspicious, so they're adding more and more recaptcha challenges to let me pass their tests, sometimes 5 to 10 in a row. I'm now working for Google's IA for free just to be able to make purchases online, access some services that I already paid for, or filling in support request forms (sometimes it's for websites operated by local communities and funded by tax payers).
I have absolutely no control over what Google does with all my recaptcha inputs, it could be to build a fleet of autonomous cars (that could end up killing the public transportation in my city), or improving an algorithms that helps drones identify targets during a social unrest (could be a future me).
Just because I want my privacy rights to be respected to the minimum (just don't track me for political/advertising purposes), I have to spend several minutes of my day working for Google and help them make money on advertising and sell AI to governments.
> that could end up killing the public transportation in my city
Don't forget that public transportation can also be self driving and it will be cheaper than riding in a self driving car. So I don't expect public transportation killed, I expect self driving buses.
Thanks for recommending Buster (author here), but I think the right solution is to encourage people to stand up against Google's abuse, especially because they are working on making reCAPTCHA even more pervasive an inescapable.
The recommended way of integrating reCAPTCHA v3 is to load it on every page of your site, not just on pages with forms. Given the popularity of this service, reCAPTCHA v3 is set to become a browsing history and behavioral data collector on a global scale.
They want to monitor your behavior (mouse movements, clicks, etc) site-wide so they can determine whether you're a bot before you get to the "protected" page. So the carrot for the website owner is that people that don't want to solve "click all the stop signs in these 9 pictures" challenges don't abandon your forms because they're never challenged, at the expense of adding behavioral tracking site-wide.
So that they can watch your interactions with the site to confirm that you do it in a “normal” way, nevermind that this discriminates against those with disabilities.
Has been said many times before but the problem is that you look like any other bot that also doesn't save cookies or have any past history. How do you expect recaptcha to identify you from those bots? Or more, how do you expect the websites to identify bots and stop things like credential stuffing attacks (even if recaptcha isn't perfect at stopping those either) without heavily investing in things like the anti-bot systems banks use?
Sites have brought this sort of thing on themselves by enabling (or directly engaging in) the abuse of users. That abuse forces me to take a very defensive posture when browsing the web. It's simply a matter of self defense.
If that means that I can't access the sites, whether it's because of recaptcha or other issues, then I won't access the sites. Easy.
For something similar, I use a Firefox docker container whose data settings are saved to the ephemeral disk which disappears once the browser closes. It's just a standard Firefox (or Chrome, or Brave, or..) otherwise.
I use the same mechanism - but with persisting user data - for things like banking etc. in which I only open that one site.
Whenever I see a link to a website I suspect of siphoning off all my data (usually news websites), I right-click it and select "Open in new Trash Container". Do my thing, then close the tab, and all cookies and such for that site are cleared. It's almost like a Firefox Focus tab, the main difference being that it's not discernable from a regular tab.
When you open a link that opens in a new container, you loose the history that brought you to that link. Clicking a link actually opens a new tab and simultaneously closes your current one. Going backwards is now broken and you have to shift cmd t to go through all your recently closed tabs or dig through your history if you are a user who regularly uses back on a browser.
I also ran into a bug where infinite temporary containers would open until the browser finally crashed. The fix was removing the add on.
I don't have that enabled, even ctrl-clicking something opens in the same container for me. Not perfect in terms of privacy paranoia (my HN container gets cookies from sites I go from HN to, unless I take the effort to explicitly open in a different container) but it has never annoyed me.
I agree you should email the site, but i would be careful not to suggest the site is vulnerable unless you have clear evidence of that or you risk not being taken seriously. Just be honest about it. The devs might not want that shit on their sites either, but were told they had to include them in which case they'd probably love to have something to show it's causing users problems.
It's a pain, but what I do is pay by utility bills in other ways. Usually I can pay in person, over the phone, via a check in the mail, or login once and setup automatic billing.
Browser Fingerprinting is also used for fraud detection and identify verification. There is often overlap between persistent tracking and security verification services.
> it's not like the average person really has a choice when it comes to paying utility bills.
Your utility only takes payments through their website? That's hard to believe. In most places I've lived, the utility companies contract with various local businesses to allow you to pay your bills in person through them, and all have still accepted payments through the mail.
I think helps expose the actual (bidirectional) flow of information - web sites give you stuff because you give them stuff.
Usually you give them personal info about what you do on their site so that they can monetize you, in return you get news, messaging, etc.
If you're unwilling to give them that stuff, maybe it's OK that they are unwilling to give you their (presumably valuable, because you're requesting it) stuff (articles, videos, etc).
Often when I get "we won't show this to you with an adblocker on", I simply turn it off for that page. I want to read that article and I'm happy to exchange some personal info to get it for free. At least in this context I have the chance to opt-in.
I agree that there are probably a lot of places where anti-content-blocking tools are overused (i.e. services that I have already actually paid $$ for), and probably other situations where I'd like more options ("plz disable adblocker OR pay us $0.05 for this article [obviously need some way to pay that doesn't in turn expose my personal info]")
We're not talking about news or content sites here, we're talking about bill-paying sites. People should be able to pay their utility bills with whatever browser they want, without being tracked. The argument over free content vs. ads is a valid argument, but it doesn't apply here at all.
I don't want to sound naive, but... I wonder how much of this might be innocent bugs because developers just don't test the site on this browser configuration?
Honestly its getting out of hand. I have everything blocked I can think of [1], and even browsing in private mode, I still sometimes get the "recommended for you" on YouTube. Stop invading my privacy.
I looked up some DevOps stuff on reddit through a proxy with adblockers in private mode and all of a sudden my front page was filled with posts about depression, men asking advice about how to talk to women, and advice about getting a job and moving out of your parents house. These were based on sessions cookies, but I was still kinda offended it pegged me as a sad loser just because I wanted to know more about NGINX and Heroku.
Are you sure those weren't just regular ads without any personalization ? This seem like the kind of ad which is very broad and could fit most men (how to talk to woman, how to get a job, ...)
I'm unsure of behaviour in firefox, but at least for me chrome at work will keep session information for the private window until chrome is closed completely not just the private window.
Having said that anecdotally I'm sure google do ip/wifi network tracking as after I was connected to a friends wifi network while he was in the process of moving house I began being served ads for moving companies even though I had done no similiar searches or visited related sites.
There is almost no action you can take on Youtube without it recommending a deluge of god-awful 'user generated content' videos on these topics. The only solution is to frequently right click and select "Not Interested" and then "Not interested in the channel: [channel name]".
The recs are poor enough that I don't mind blanket-banning an entire channel from my feed. Youtubers so frequently "compete" by using clickbait titles and thumbnails, I'm glad I at least have this method to punish that kind of behaviour.
Another solution - block the recommendations altogether. On PC, you can use specialized extension, or just Stylus (the latter works especially well with old Youtube layout). On Android, use NewPipe[0] or Youtube Vanced[1]. On iOS, perhaps Ivory[2] will do. Or at least delete your watch & search history[3], so the recommendations will be related only to the video you are currently watching.
If you are subscribed to enough good channels, you won't notice anything aside of suddenly having much more free time. And whenever you're bored, unlock recommendations for a while to learn about new channels (I do it once every few months).
> The only solution is to frequently right click and select "Not Interested" and then "Not interested in the channel: [channel name]".
This has never worked for me. I've tested this while signed in without blocking anything - "not interested in this channel" has never once caused a channel to not be recommended to me.
> These were based on sessions cookies, but I was still kinda offended it pegged me as a sad loser just because I wanted to know more about NGINX and Heroku.
The same thing happened to me except I'm a cis woman and my front page was filled with transgender posts/subs. Reddit seemed to conclude that the only reason I could possibly be interested in DevOps is because I'm actually be a man.
Just because a site says something is recommended for you, doesn't mean it's actually a personalized recommendation. If a site has a recommedation box, they're going to fill it with something. They might be making that recommendation off a lot of data, or they might be making the recommedation off no data other than "people tend to click things when we label them as personalized recommendations".
Yes, that is exactly what happens when you use a VPN. Only services like primevideo and Netflix bother to detect VPNs and force you to get off, 99% of the web treats you like a regular user, but with an insane diversity of interests.
For example, the wiki.debian.org blocks users of (at least) privateinternetaccess VPN. (You get a 403 forbidden. This doesn't happen when I use my personal VPN routed out through a VPS provider, only through PIA.)
I have encountered this with various other sites as well, both outright blocks and degraded experience.
Frustrating. Although I don't really trust VPN providers, I trust my ISP even less, and a VPN helps me get by some of their more heavy handed shaping.
Slightly off-topic but I visited Arch Linux's forum with Tor and it says I have been banned with the reason: "Never come back". I wonder if they were referring to Tor users in general.
It's more likely those IPs were blocked manually due to vandalism. If you set up a VPN server on a VPS with a static IP, you shouldn't run into that problem.
Yeah that's probably that. I always laugh when I see an ads for me on any of my colleague computer. if they use that on ads, they certainly use it on Youtube.
I also gets recommendation for videos that my SO watches even though we don't use the same computer. It's rare but it happens.
They're probably just examining your HTTP requests:
> Even if you opt out of Ads Personalization, you may still see ads based on factors such as your general location derived from your IP address, your browser type, and your search terms.
I see one risk for Firefox: if they block all trackers, e.g. Google Analytics, then it would appear to people viewing browser statistics in Google Analytics that no-one is using Firefox, and thus the developers will be told they don't need to test anything on Firefox.
Or just actively punishing Firefox because blocking tracking is also blocking ads, which is their revenue model. Why spend money optimizing for a browser that doesn't generate revenue?
If Firefox becomes the bastion of privacy sensitive people it will become more and more like Tor users, all tainted with the same labels. I mean it's already the case that recaptcha will more likely trigger on Firefox than Chrome, asking for multiple rounds of checks. Like visitors existing Tor exit nodes, in a bit less worse.
It's not, the Internet is the only medium where it's assumed that tracking/targeting is necessary for advertising. TV, Magazines, radio, podcasts, cinema don't track users.
I agree but podcasting services often track users now - podcasters use services like ACast to generate unique targeted versions of the podcast mp3 on-download when people use feed managers to download.
When I download a few different podcasts, I get an mp3 with targeted ads inserted in it, and they're presumably connecting IP geolocation info.
As far as I remember, when websites were doing window pop-ups and Google toolbar removed them, they didn't block the toolbar users. So, the risk is low... unless Firefox does something stupid like full ad-blocking.
But if something like this happens, I will be happy to build/use an extension for the other browsers that makes such websites invisible in all major social networks.
> As far as I remember, when websites were doing window pop-ups and Google toolbar removed them, they didn't block the toolbar users. So, the risk is low...
He never said anything about blocking, here his exact quote about the retaliation:
> Why spend money optimizing for a browser that doesn't generate revenue?
Nobody ever optimized for a browser that had the Google toolbar installed. It's hard to stop doing something you never did.
As the other parent comment said, it will happens naturally by the mere fact that theses users won't appears on statistics. For sure it will depends on the developers, and many of them will either use Firefox directly, or simply care enough about their craft to optimize for most of the browsers even though they don't appear on stats.
> Why spend money optimizing for a browser that doesn't generate revenue?
Maybe sites will move to a model that you'll be offered to pay for their services if you block trackers. So you'll have a choice of paying with your data or paying with your money.
Either way someone has to foot the bill at the end. I guess in this case most users will let trackers work instead of paying.
That's fair, but before computers, not much was available for free. Getting a newspaper would generally cost money, as would using the payphone to communicate, as would so many other things that are now freely available. So, while its definitely a problem, as long as it's cheap enough for "most" people to afford it, then I think we aren't really regressing?
Perhaps if we consider information on the internet to be vital to daily life, a program like food stamps could be implemented? It sounds rather over engineered but it's the only idea I've ever heard for working around the "privacy is only for the wealthy" concern.
Nobody looks at logs anymore? Strange, those are very useful.
Google Analytics isn't the only analytics tool and as blockers have become more prevalent relying on GA as your sole source of truth is becoming increasingly desperate to worship Google. Ideally you run a simple analytics tool alongside that is lightweight and doesn't get blocked (ie, privacy friendly) as well as running a log analyzer on your apache/webserver logs.
Apparently not, as one other comment on this site lists one of the apparent benefits of using cloudflare as that they provide "the exact numbers on how many people requested or visited my site"
I think we need to nail down what we mean by unique visitors -- we're talking about an estimation which pools from many different sources to calculate as best we can the number of different real human visitors. There is good data in the server logs but if that's your only source of data then your estimation is going to be coarse.
This can be good enough for certain applications, and is plenty for sites with simple access models but you do lose information compared to what you get from client-side tracking.
Nope. It blew my mind as well. I used to work for a company that spent about 70 million per quarter on advertising and they most certainly wanted every .. last .. access log .. line. They would scrutinize the way I did log rotation to ensure nothing was lost.
At my current gig, the web marketing team didn't even know what access logs were. I don't think they left out a single tracker on the site.
This sounds like a risk for using Google Analytics to me. If your analytics suite isn’t representative of your site’s traffic and users, maybe you should look for a more ethical platform/solution?
Log parsing is an option. There are self hosted options. There are also services like https://simpleanalytics.com/ (I have not used them or know much about them tbh).
Personally, on my recent projects I start without analytics. If I want to measure health or growth, I define my own "metrics" and use sql or logs to generate. I don't need to know what country you are in. I don't need to know what browser you are using. If I do need to know something, I can look at useragents. If it truly is for user benefit and not just my curiosity, I can actually ask my users with a survey.
While nowhere near as complete as GA, Cloudflare’s built-in analytics are really useful and require nothing added to the client. The country level geolocation is interesting to look at.
Seems like Firefox's built-in protection is mostly about 3rd-party trackers? Even the description for "Tracking content" (the not-obviously-3rd-party category) talks about "external ads, videos, and other content with tracking code from other companies. For example, a website may embed a video from a video platform". And this category is not blocked by default, only in strict mode.
> And if you obfuscate your Matomo client script to get around the user's preference for trackers you're not being very ethical.
I'm not sure I agree, but you made interesting point and I'm glad you brought it up!
Personally, I don't think I would classify that as unethical. Ethics need to be looked at with intent in mind, and if you are comfortable being honest about what you are doing, I _think_ I would be okay with this. Not sure, though–I do have doubt.
You can run self-hosted analytics without any client side JS. So no. You can't even block those (except if you disallowed any session cookies, but then the site might not work at all if it's login-based).
Theoretically you could use the same way to feed third-party analytics too though.
Even without cookies and without JS you can still get some data for analytics.
Yes they can. But in my experience, at big organizations, the people using Google Analytics are not developers and will have no idea what weblogs are or how they could use them to determine the real browser statistics.
Which part is confusing? The browser sends lots of data to the server with each request. The server usually logs at least some of that data. Among other things, that data can be used to generate a subset of the data that is typically gathered by GA and other client-side analytics tools.
> according to piwik my website had 23% more visitors than on GA
A fair share of that is probably because GA is much better at identifying the same user across multiple browsers / devices. If they identify two browsers as the same person on site A, they can know they're the same person on site B, even if site B on its own doesn't have enough to figure it out (so piwik can't know it).
I think one of the things that GA is doing is actively removing bots visits because they skew country/browser/etc. data. Maybe Matomo is not doing that (so well)?
Another thing is that people blocking GA trackers will also not show up in GA, but will (probably) show up Matomo.
That's only effective against client-side analytics. There's also the user-agent from the client sent to the server. This is sent in most (all?) requests.
Client side analytics is the most prevalent though because it provides far more useful, actionable, information. Everywhere I've worked we have used it in one form or another.
It will take some time for people to adapt to server side analytics since a lot of places won't have that solution in place. Or more specifically a solution in place that overlaps with what client side analytics is meant to be providing already (they may have other server side analytics, like performance and hits).
The new weapon to fight back against the extreme invasion of privacy is exposing the companies and making them accountable. I love this along with the bluetooth warnings on iOS 13.
It would be nice to know the priority of blocking elements between firefox default anti-tracker list, ublock origin, and privacy badger.
When I see a tracker hit ublock origin does it mean that it bypassed firefox anti-tracker blocking, or is it the reverse?
Having three anti-trackers installed is also a bit inconvenient when this breaks a site, I have to disable each one successively to try to make it work again...
It's a noble effort, the amount of tracking going on is just digusting, I have 1.9k blocked trackers in just the past week and I visit a small set of websites.
It is not outdated since it requires you to enable Do not track which makes you a target for tracking. It is bad design and they know it. They don't even respect their own disable analytics toggle.
I don’t think Firefox will get into complete built-in ad blocking, like Brave does. But the days (or years) of uBlock Origin seem to be numbered because of the approach proposed by Chrome (called Manifest V3) to prevent extensions from modifying network requests, and being limited to just providing a block list of URLs for the browser engine to block (this design has been the case with Safari’s built-in content blocking).
> But the days (or years) of uBlock Origin seem to be numbered because of the approach proposed by Chrome (called Manifest V3) to prevent extensions from modifying network requests
Firefox tends to follow Chrome closely. And as time goes on, they limit extensions more and more.
The latest preview of Firefox Mobile doesn't support them at all. Hopefully, it is just temporary but it used to be the killer feature of Firefox mobile.
It is not pure evil, there are security reasons behind that. Manifest V3 is also a security improvement so I wouldn't put it passed Mozilla to implement it.
Mozilla has officially said [1] that it has no immediate plans to implement this kind of content blocking and removing the requests API for extensions, but I think it’s a matter of time before this is done. Mozilla’s FAQ on this [1] is extensive enough for the moment.
GSuite has been getting better in FF. I used to have major issues with GSites (new) but now I can leave FF open for week+ without crashes or spinning if GSites tabs are open.
I use Chrome mostly to edit the GSites or present GSlides in full screen (in FF it still shows the window chrome in fullscreen).
I guess it boils down to your goal with using uBlock Origin. Are you anti-tracking or anti-ad? This blocks some ads as almost a side-effect but that isn't its goal. If ads aren't tracking, they're fully visible/working.
I use this because I value my privacy, but choose not to use uBlock Origin because I understand websites I use need revenue. It is about finding your own personal balance.
I'm anti-tracking. I don't, and have never, blocked ads specifically. I do block scripts, though. The side-effect of that is that I don't see most ads, but that isn't the point.
Don't, ever. There's no reason to trust Mozilla will keep this up forever. They're not even close to doing what uBO does. Blockers are best kept as a third-party solution with no conflict of interest. If too many people stop using uBO because the FF built in tools are "good enough", eventually we'll loose proper extension support and we will be at the mercy of browser vendors again.
I would switch to uMatrix (more detailed than ublock origin, by the same folks) where you can clearly see what sites are referenced and what kinds of things they are doing.
uBO relies on 3rd-party filter lists to know what to block. The most popular of these is Easylist, which is not well-maintained and doesn't have a good appeal process. I don't think Firefox should build this in unless they're going to support the maintenance of a high-quality filter list with a transparent add/remove process.
> The most popular of these is Easylist, which is not well-maintained
I've never had a problem with a website that was solved by turning off Easylist. I also almost never see ads. So it seems high quality to me. What problems have you had?
The inactive CSS feature is great, I've spent a lot of time cleaning up global stylesheets for my employer recently, and it's a big task. Even though I doubt it catches CSS toggled by Javascript, I'm excited to use it.
It's interesting to contemplate that some of the features Firefox now has built in (bookmark sync, password sync, dark web monitoring) overlap with things that are or have been available as paid services as well.
Still wonder why they have multiple backdoor into their own browser and several layers of analytics included. Including when you start the browser for the first time. Feels hypocritical.
Meanwhile, Firefox won't selectively delete hundreds of cookies, despite all the options indicating that it would be possible. Instead, it hangs and fails to delete selected cookies.
But it also doesn't delete my passwords, like Chrome does every single damn update I think. It's been an issue for 10 years. [And don't start with me about lastpass, etc. ...]
Privacy Badger gave me one hit, netdna-ssl, at the "Blocked Cookies" level. No hits on uBlock or the new enhanced tracking protection thing. What trackers are you seeing?
I think Brave is fine, but the important difference between the two is that Brave is Chromium, and ultimately dependent on Chromium development. Firefox is 100% independent, and a true "third party" browser implementation. With Microsoft/Edge switching to Chromium I think that's more important than ever.
IIRC they even collected the tokens on behalf of sites that didn't sign up, creating a quite weird and rather unethical "you basically have to sign up now" situation for publishers.
If Mozilla had any sense of the future, they would start working on Brave instead of Firefox. Chromium already won on technical reasons. Now someone needs to professionally maintain a privacy fork of it.
Anecdotally, Firefox uses a lot more CPU, memory, and battery. Makes sense since the JS engine is so much worse. In this era the browser is just a VM for JavaScript.
Javascript is a terrible language and many users actively fight it by turning it off.
Those users don't typically show up in whatever javascript-based metrics you're looking at. I don't think you'd care, either. You're literally building an echo chamber and then yelling into it that it's the best echo chamber.
Chrome is neither the "best" nor the "worst" javascript VM, nor is Firefox. Chrome is simply the most prolific. And that has nothing to do with Chrome's javascript implementation and everything to do with Google pushing hard for users and developers to switch to Chrome by putting it in front of their faces as much and often as possible. Everything from default-homepage being defaulted to Google.com, to that home page then asking users to switch to Chrome, and even "open sourcing" the engine and pushing for games and "competitors" to utilize it.
I have yet to find Firefox use more CPU, memory, or battery than Chrome. Of course I don't go around with Javascript turned on with every website either.
Given that so many websites utilize Google-based services it makes me wonder just how much of the "more CPU, more memory, and more battery" is also just "more of the same underhanded tactics from Google". Google already demonstrably does that for other products; why leave out third parties' websites from the shenanigans?
For CSS, Firefox devtools are far, far ahead of everything else. JS debugging was a bit behind Chrome, but it should be on par now, except maybe in performance tracing.
In the past month about 3 of my credit card sites stopped working on FFF, as well as my ISP's site. Some would flat out reject the agent ("Your browser is no longer supported"), others would let me log in but then immediately tell me I had been logged out or redirect back to the home page. So now I'm forced to open them back up in regular Firefox, history and tracking included.
It's one thing to say "Don't use sites that exploit your data", but it's not like the average person really has a choice when it comes to paying utility bills.