I might switch from the current Firefox for Android (Fennec) when it supports uBlock Origin. I'm not giving up adblocking anymore. It would also help to have it available on F-Droid.
Firefox Preview actually ships with a built-in adblocker. I'll still install uBlock Origin once it becomes available (e.g. I like zapping annoying elements), but browsing with Firefox Preview is already quite pleasant.
First of all, Firefox Preview (code name Fenix) is Mozilla's effort to create a new mobile browser, so this is unrelated to which version of Firefox you run on your desktop.
Second, it's called Preview for a reason. Support for add-ons is currently being implemented, so if you install Firefox Preview on an Android device right now, you won't be able to use uBlock Origin yet.
Third, the built-in tracking protection blocks most ads (at least on websites I frequent EDIT: which do not include Google or Facebook etc.), so you can already try it out if you just want to see fewer ads and don't absolutely need uBlock Origin.
You're probably using the regular Firefox browser (e.g. for Android [1] ) which supports most extensions and has done for a long time.
But this was deprecated a few months ago in favor of a new browser, still early in development, that has no extension support. Previous HN outrage: [2]
At the time I don't think they had any timeline for adding extension support, but now it sounds like major extensions could be supported within the next 9 months.
Was it really deprecated ? I have heard something about it being Firefox 68 based for the time being while their are working on something new (presumably Firefox Preview ?).
It would be really sad if they really did deprecated it without providing a proper replacement first - eq. comparable addon support & other things the current Firefox on Android can do.
They call it "tracking protection." As a side effect, it blocks ads. I guess they wouldn't block ads that don't track you, but those seem to be rare.
Edit: Is my experience unusual? News websites that are normally encrusted with ads (e.g. using Firefox for Android without any add-ons) turn refreshingly ad-free in Firefox Preview.
You might get some accidental adblocking on some news sites through tracking protection, but with reader mode I probably wouldn't really notice.
I mostly use ublock origin to block ads in search, YouTube, Instagram, Facebook or Reddit. AFAIK none of those are blocked by the current Firefox tracking protection.
Ads on Google Search and YouTube aren't blocked. I didn't find any ads to test on Instagram or Facebook without logging in, and didn't feel like creating an account just to check out their ads. Ads on Reddit did get blocked. They're probably using third-party adtech, unlike the others.
I guess my browsing habits are unusual, since the only website among these I've visited since switching to Firefox Preview is Reddit.
Reddit tries to tell me about these things every time I visit, but I just don't see the point. Does the app improve anything in comparison to the website?
It's really ridiculous how much faster websites are with those two add-ons installed. Actually, faster isn't the right way to describe it, "how much dead weight the internet has these days" feels much more apt.
Oddly enough, I always ran into performance issues when running uMatrix. I'd turn off JavaScript by default though and only selectively enable it. That seems like it should speed things up, but I'd often experience the opposite, both on Vivaldi and Firefox.
By default, uMatrix blocks Google Analytics, whereas uBlock Origin stubs it. If both are installed (in my case), uMatrix often wins out. If Google Analytics is blocked, many sites will spend 2 seconds on a white screen waiting for Google Analytics to load.
uMatrix is very low overhead so my first suspicion would be artificial delays introduced when some JavaScript resources are blocked; [1] is an example of this. The artificial delay does not occur in uBlock Origin because it uses a replacement script for the blocked one causing the issue.
I use NoScript, but yeah, same idea. I absolutely cannot use a browser that doesn't have a good JS blocker. It's crazy how much more usable the web is with a JS blocker. Those fucking "give us your email address!" and "this site uses cookies!" pop-ups? Gone. Ad blocking isn't enough these days.
uBlock can work that way with medium mode too. Though it's still a bit less specific in it's permission than uMatrix, because you can't choose the type of content.
I'd love to go into Firefox, but my deal breakers are ad blocking, having a bottom navigation bar, and intuitive and easy to use text reflow. It's getting there, but not quite yet, so I'm stuck with Opera for now which I don't fully trust but is 100% more convenient.
Funnny the seemingly small things we trip over. While still using Chrome on desktop, I switched to Firefox on mobile because of their add-on and specifically ublock origin support.
My biggest issue with it ? When at the top of the page, dragging from top to bottom doesn't trigger a refresh of the page like in other browsers and many apps. I know it's a very petty complaint, but somehow it's major for me.
Still staying with it though, adblocking is even more mandatory on mobile than on desktop ...
This is a massive UX improvement for large screens. I wondered how long it would take UX folks to make this change (along with moving app navigation to the bottom generally).
Minor aside, they don't seem to support the <meta name="theme-color" content="#000000"> to colour the address bar.
This is something I really appreciated in IE for Windows Phone. It's such a small change, but I found it much more pleasant to use. Especially if a phone has a > 5" screen.
Microsoft is really a funny beast. Sort of tangential, but I actually really like the UI in the Edge browser. Unfortunately the interface is laggy, but otherwise I found it very comfortable to use. Also the "save tabs for later" feature is really cool.
Just for the record the default web browser on Sailfish OS (also Gecko based) has had the address bar on the bottom from day one (eq. November 2013). And I think it's predecesor (the MicroB browser on the N900 since ~2009 might have had it like this as well.
Sometimes it takes a surprising amount of time to copy these nice designs. :)
I've used it quite a bit over the last few months. It's a really positive start and does lots of things right, I really love the reader mode. It allows me to bypass all the cookies nagging and just read an article without fuss.
I'm not totally sold on the URL bar being at the bottom, and I kind of miss the support for CSS theme-color, but I can see myself switching at some point.
FYI: regular Firefox for Android also has reader mode.
I still quite like Firefox Preview though. I'm not quite sure what you mean by CSS theme-color, but if that refers to preferes-color-scheme: dark, then as far as I can see it supports that? DuckDuckGo is dark for me.
GeckoView is different from Gecko, which is already used by Firefox Android. I heard GeckoView is closer to Android's WebView API and designed for easy embedding into apps.
Yes. GeckoView is currently used in Firefox Preview, Firefox Focus (on Android), Firefox Reality (VR browser), and some Mozilla test apps. There are a few third-party developers already using GeckoView to embed web content in their apps.
One advantage of using GeckoView in your app instead of WebView is that you know exactly which Gecko engine version and features are available; you don't have to support old random WebView versions across different Android devices and OS versions.
>One advantage of using GeckoView in your app instead of WebView is that you know exactly which Gecko engine version and features are available; you don't have to support old random WebView versions across different Android devices and OS versions.
Is this similar to how each Electron app uses a bundled version of Chromium (which takes up disk space), as opposed to web apps which have to run in whatever Chrome version (or other browser) the user has installed?
Firefox Focus on Android is quite a large app (132MB installed on my phone), even though on my phone, it uses either Chrome or WebView (bundled Gecko is disabled).
> Is this similar to how each Electron app uses a bundled version of Chromium (which takes up disk space),
At the moment, yes. In Android 10, Chrome and WebView are sharing common code (a feature Google calls "Trichrome"), even though they are separate downloads, so perhaps there is a way for GeckoView apps to share one GeckoView in the future.
> Firefox Focus on Android is quite a large app (132MB installed on my phone), even though on my phone, it uses either Chrome or WebView (bundled Gecko is disabled).
Some Firefox Focus users were still getting WebView as part of an A/B test comparing GeckoView to WebView. As of the latest release (Focus 8.0.23), everyone should be getting GeckoView.
The Firefox Focus APK (with GeckoView) download size is about 38MB, but the uncompressed footprint is larger.
But GeckoView still uses Gecko, it's not like a new engine which built from scratch. It's like a wrapper of Gecko, which removes a bunch of things from Gecko.
GeckoView is a wrapper around Gecko to make it easy to embed it into applications. I heard it's API is similar to WebView, but it's not a complete drop-in replacement.
AFAIK there are only two browsers for Android that supports extensions. Firefox and Kiwi Browser. Because of scrolling issues with Firefox I switched to Kiwi Browser. It supports all desktop Chrome extensions and uBlock Origin is working perfectly. I might switch to this if it supports all extensions.
Just started trying out Firefox Preview in response to seeing this post. Firefox has SO many entries in the Google Play store (e.g. regular, Focus, Preview, Nightly, Beta), I didn't really understand what this was.
An immediate concern is that the privacy settings are either dumbed-down, or else altogether missing. I'm noticing a trend in Firefox across the various devices and versions:
* FIREFOX FOR DESKTOP - The "settings" section allows you to block trackers, 3rd-party cookies, and fingerprinting.
* FIREFOX FOR ANDROID - The "settings" section allows you to block trackers and 3rd-party cookies. Fingerprint protection is possible, but hidden. You have to go to "about:config" and know how to enable it manually.
* FIREFOX PREVIEW FOR ANDROID - The "settings" section appears to be built for my Mom. It has a toggle for blocking trackers, and that's it.
Are more granular (or at least visible and understandable) privacy settings coming in future releases, or is this just the UX direction? Why is Mozilla making it so much harder to enable desktop-class protections on mobile devices?
> Are more granular (or at least visible and understandable) privacy settings coming in future releases, or is this just the UX direction? Why is Mozilla making it so much harder to enable desktop-class protections on mobile devices?
Yes, that release is imminent. Preview will include all of those settings. You can try them right now by downloading Firefox Preview Nightly.
I don't use Firefox Preview fully because of lack of login/password sync.
After looking at github, I understood that Fenix won't support Firefox Sync for syncing login and passwords, but will rely on Firefox Lockwise, and is the way forward. It this correct ?
edit : added a precision regarding firefox sync for passwords
> I understood that Fenix won't support Firefox Sync
Based on my user experience Fenix (Firefox Preview) supports Firefox Sync in terms of bookmarks. I believe history and other data is also synchronized, but I haven't had occasion to test it thoroughly. In my opinion claim that "Fenix won't support Firefox Sync" is a bit too far [0]. I noticed the login/password sync feature has not been implemented yet [1]. I suppose it will might materialize soon, because lack of it could be a huge mistake in terms of usability.
I believe they'll add that soon, but they haven't yet because of either:
1) The code base is not production ready yet, and they don't want an issue to come up which leaks users passwords
2) (More likely) They intend to add support for LockBox, their extension that replaces mediocre password support with a full-fledged password manager.
And they need the Add-On support before they can include that.
So most probably you'll see this along with add-on support come in the next few months
Answering to my own question, I have looked a bit further into github.
It seems Lockwise can not work on pre Oreo android devices, so in the end, Fenix will get password sync natively as well, and this is a work in progress.
Are recommended extensions merely curation designed to help users find high quality extensions/themes or are recommended extensions going to ultimately be the only ones available in future versions of firefox mobile?
fondly thinks back to the launch of firefox preview where hn was convinced that them not explicitly mentioning extensions in their first quarter goals meant they weren't ever going to have them and the end of the world was coming
Yes, and you can likely thank the backlash / such comments for this change of heart. Oh, you were implying they always highly valued Addons for their new FF? I don't see anything in this blog post supporting that stance.
Maybe its just me being disgruntled / fondly remembering the XUL days (pre multi-process in 2008ish was when I was messing around with it) were it felt like addons could anything. The possibilities seem way more restrictive now that there only seems to be a specific list of white-listed api's. Scaling that back even more for performance and (somewhat justified) security reasons seemed like the next natural step.
Anyway, I'm thankful for leaving a comment.
At the same time, all Addons I've installed right now require "Access your data for all websites", making absolute trust in the developer / reviewer necessary.
My understanding (from the outside, so probably wrong) was that a while back they had an expired certificate that broke all add-ons. This caused the existing Firefox for Android (Fennec) to get a bunch of 1-star reviews on Google Play Store, and _that_ (plus the complaints elsewhere) convinced them that not having add-ons in Firefox Preview (Fenix) was a bad idea.
Firefox Preview is great but I don't understand why it doesn't have night mode and neither one of Firefoxes. Today night mode is standard for almost all of the applications and that's the only reason why I simply can not switch to Firefox completely. Btw, don't say that addons are good for since they only switch text in dark not UI. Even Chrome now allows UI to change to dark not just text.
Here is the GitHub issue requesting Firefox Preview force dark mode. Firefox for iOS has some CSS hacks to support this, but it can break some websites.
Websites are complex, you cannot make a script that edits every page to make it both dark and readable when things like the background could be light colored images and fonts that are permanently dark exist
It's actually feasible for most websites, with surprisingly good results. CSS tricks go a long way, even if the website doesn't support prefers-color-scheme.
Give this addon a try (on desktop or mobile Fennec only, obviously): Dark Background and Light Text [0]
Meanwhile Mozilla is attempting to prevent users with administrative access from installing private extensions in the release version of Firefox, extensions for which the source code has not been handed over to Mozilla for signing.
Malware will have an unlimited number of methods to continue patching Firefox, this change only makes it harder for regular users to configure Firefox manually for installing extensions that have not been blessed by Mozilla.
The target for this has never really been outright malware but it does make it far more annoying for them. The target is badware or bundleware
where a few missed checkboxes means users with 15 different spyware add-ons “search fixers” or ad-injectors. These grey-market apps aren’t suddenly going to jump the ship into actual malware and binary patch Firefox.
I feel like the people we consider ”regular users” to be really different.
Like we’re talking about a subset of the population that want’s to install their own private extensions or sideload someone else’s but doesn’t understand how to uninstall the release version and install the developer edition when prompoted.
Adware will continue to be able to legally circumvent extension signing when it has root access and consent by the user. This only makes it prohibitive for users to customize their own browsers.
It's also possible to make this setting configurable only from the browser UI, where you get a chance to educate and properly warn your users.
They also want to restrict the config option on Linux, where the adware problem you describe is not really present.
Yes whenever Mozilla announces something exciting that could get some positive feedback, be sure to use the opportunity to complain about something unrelated.
It is related to extension support in Firefox. Not offering any way to override this option, even if it takes 10 steps and it is marked by warnings, is hostile to users. We will continue to raise awareness of Mozilla's actions whenever we believe they go against the public good.
It would be more productive to allow others to learn about the issue and give us a chance to have a public discourse about it, where technical details can be explained and their threat model shared, and possibly allow for feedback by the community to shape the final implementation.
Speaking of something unrelated, I wish the walled gardens (Apple and Google) required developers to hand over source code and machine readable build instructions so the apps get built on their servers.
So install the developer edition? Yes it’s a little more annoying for people who want private extensions but you’re forgetting that we’re in a small minority and this change is a massive win for security and privacy overall.
This site is full of threads talking about how friends, family, and coworkers’ browsers are riddled with badware that was installed behind their backs.
Again, this change prevents regular users from configuring Firefox the way they want. We should not need to install the developer edition, which is based on Firefox Beta, or an unbranded build that does not auto-update to be able to run local extensions in our browsers.
Not even Google is this heavy-handed, they allow installing local extensions in Chrome after users enable an option, although a warning is shown on browser restarts about the presence of external extensions, which can be dismissed.
Why not have sensible defaults, then educate and warn users about certain actions, instead of treating them like cattle?
And has been pointed out in most of these threads, the reason for not allowing people to circumvent some things is because that also allows malicious software to circumvent it.
> You can load local extensions in Firefox as well with warnings
Extensions loaded in about:debugging are not persistent, they are removed at the end of the browsing session.
> And has been pointed out in most of these threads, the reason for not allowing people to circumvent some things is because that also allows malicious software to circumvent it.
Yes, and the discussion mostly ends after people point out that malware if free to circumvent extension signing in any number of ways when it has root access on the device.
The threat model is flawed, or at the very least they're placing minimal security benefits above important user liberties.
Forcing extension signing by default is a great initiative, but we must be given ways to override defaults, guarded by administrative access and appropiate warnings, and be able to install local extensions in the browser we love, and that is the release version of Firefox.
But that's a big if. Extensions can be installed without root access, and can wreck a lot of havoc. I'd also dare to state the the organisation with the best insight into the extent of security benefits is the organisation that has data on the number and nature of exploits, i.e. Mozilla.
> we must be given ways to override defaults, guarded by administrative access and appropiate warnings, and be able to install local extensions
Guarded by administrative access sounds reasonable, and I think that's even already possible with Firefox ESR? I'd also consider an unbranded version of Firefox equal to the branded one, with the unbrandedness being an "appropriate warning". It does need to support auto-updating first, though.
It must be so frustrating working in open source and seeing such entitled comment such as yours.
Malware extensions is a real problem that affects literally millions more people than people who want to use the standard Firefox release with an unsigned extension.
And it's such a lazy thing to say "oh they can just replace the Firefox binary" when that's clearly a significantly more complex task than just writing an extension.
What's so secret about your extension code that you want to be able to distribute it to users without getting it reviewed by Mozilla?
You posted on that Bugzilla post but gave no details as to what your use case is.
Also why can't a user take the code for your extension, create an account on the add-on marketplace and privately get it signed for themselves. It's a multistep process but works.
Though its worth noting that we do not need reasons to expect our privacy being respected. And this issue is not just about me and my needs, but about user liberties, so please refrain from making it personal.
> Also why can't a user take the code for your extension, create an account on the add-on marketplace and privately get it signed for themselves. It's a multistep process but works.
No, it does not work, as the maintainer of Page Translator can attest.
This change is hostile to users and concentrates power in the hands of the browser vendor. Consider that they are making third-party extension stores impossible.
Ouch. I'm generally in favour of having add-ons signed, but I do have an extension that injects an external script into the browser and web pages - for a completely non-nefarious use case.
I do understand the security risk and why they'd block it, but I'm not looking forward to the day my extension is no longer flying under the radar and gets pulled.
Edit: Of note is that the Chrome web-store does allow my extension, but requires a multi-week review every time I upload a new version. Somehow they're fine with the remote code, even though it could change after their review.
The Mozilla Corporation is the only entity that can save us from Google; I can't blame people for getting salty whenever they screw up (which seems to be pretty often).
Given that the leadership of the Mozilla Corporation is completely useless, users have the responsibility to raise these issues so we can push them to fix them.
