What I want from Firefox is a mode, even hidden behind about:config, even by a combination of settings, that results in 0 network traffic upon start and all traffic is associated with my UI interactions.
Even with telemetry off, all kinds of information about my browsing behavior from the myriad connections it makes upon start and exit can be gleaned. Certificate chain updates, etc can be delayed until a secure connection is requested by me.
The amount of unsolicited and virtually uncontrollable network traffic from macOS, Microsoft Office, Adobe Creative Suite, etc is bad enough, I expect more from Mozilla that never stops marketing its privacy features.
I believe I have the right to control when and for what purpose the computer and software that I own communicates with third parties.
I understand your intention is to launch "cold" Firefox instance that does not call home, update the "safe browsing" databases etc, so this will probably not be of any help, but you may try launching it with `--offline` command line argument and uncheck the (alt) "Menu > File > Work Offline" when you are ready to "reveal yourself". For testing it with throwaway profile you can do:
firefox --offline --no-remote --profile <path where throwaway profile folder can be created>
The `--offline` argument is quite strange for a several reasons:
1. it is quite undocumented, but works from what I've tried. It is not even exposed in `firefox --help | more`. It used to be mentioned at MDN page [1] but that is gone now.
2. From what I've tried now, offline mode lets you browse localhost, what seems super useful but I don't recall it have always been this way.
3. Also browsing properly cached pages seems to work super well; not sure it is due service workers finally caught up and works or proper HTTP headers are used nowadays. Interesting is that even the hard refresh of cached page gives you cached version in offline mode. (Again, I'm not sure it used to be this way in the past. I remember that nearly no webpage worked well in offline mode few years back.)
I have not run any network traffic audit so I cannot verify it really does not attempt to reach for something outside localhost.
(Update) And one more thing: when using Profile Manager there is a nifty "Work offline" checkbox in there. Run
firefox --profilemanager
There is also checkbox "Use selected profile without asking" that when unchecked presumably adds
[General]
StartWithLastProfile=0
to the `<appdata>\Mozilla\Firefox\installs.ini`. I've found this handy to do if you occasionally mess with various Fx versions and want to be sure you will not unintentionally load "nightly" profile with "stable" executable.
"I believe I have the right to control when and for what purpose the computer and software that I own communicates with third parties."
Theoretically we already have this control. We can edit the Firefox source to disable the undesired traffic before compiling. In practice it takes me more time and resources to compile Firefox than it does to compile the kernel for the host OS (NetBSD). Most Firefox users probably use binaries and do not compile from source.
I would prefer to see a smaller, less featureful additonal version of Firefox that compiles faster and with fewer required resources. For advanced users, this would remove the friction against making source changes and compiling as opposed to using binaries. It would also potentially open up an opportunity for others to create customised versions of Firefox with, e.g., reduced attack surface, less need for "updates" and better suited to avoiding telemetry, and internet advertising-related surveillance.
The actual or effective inability to compile from source places more control with Mozilla and less control with the user. Thus we continually find Firefox users on HN pleading with Mozilla to make changes instead of making the changes themselves.
I find your demands reasonable, especially the principle where HTTP traffic is initiated if and only if carried out in response to direct user interaction.
The thing with right to control, though, is that someone, somehow has to develop a browser and make ends meet.
(Cue complaints about it not being the right way to fund Firefox, because it’s not a pure donation. Before you go down that road, tell me: what evidence do you have that pure donations would get enough transactions to be worth the overhead? Have they ever worked at scale for any other software?)
Their business model doesn't have to be donation-based. It can be, (surprise!) purchase based.
I pay for lots of software I use, and do so happily if it delivers value — it would be extremely easy for me to justify paying for what's probably one of the apps I use the most. Why can't we pay for good browsers, that put the focus squarely on being the best tool to access the www? Why can't that money be used to hire back some of the talent Mozilla has been letting go? I say it elsewhere in this thread — Mozilla should let us pay for the bloody thing.
I would pay for a "Firefox Pro" which allowed greater control/modifications for power users.
Make it open source, but have the official download for builds (and source code?[0]) be payed. Bonus points if the download bundle includes source code and a simplified build process.
[0] obviously it'll be mirrored in 2 seconds, but still.
I don't mind sending telemetry data however, as long as I'm reasonably convinced that Mozilla isn't doing anything shady with it.
However, I respect the “Telemetry? Absolutely not” stance and can only hope and pray that Firefox PMs use telemetry as only ONE among a whole host of other signals to support decision-making.
the few people who might pay for a firefox pro would probably not even pay the wages of the people required to setup the payment and infrastructure therein.
That creates a branding risk. If the idea spreads that Firefox is a paid product you might scare people away from the free version and the net impact becomes negative.
Honestly, the real branding risk is Mozilla's brand being tarnished by firing engineering talent, bundling Pocket, adding opt-out telemetry, etc. I'll take the branding risk that saves a beloved browser and company, over the branding risk that destroys both.
I honestly think the core dev work on Firefox could be done by 6 devs. I get an impression that half their devs are doing UI tweaks, which could be left alone for a decade without any issues.
The rest, outside of core, seem to write code as you mention. Product additions which most always give zero real value, no income, and even detract from the brand.
This might be a new low point for HN discourse regarding Firefox. Wow.
No, you can't maintain an entire modern browser (25 million lines of code) with 6 people.
You probably can't even maintain a complete multi-architecture, JIT-enabled Javascript engine with 6 people. Or GPU-accelerated rendering that works across thousands of hardware / software combinations. Much less that plus all the other things a browser has to do.
People always post this in reply. I don't want to donate to the Mozilla Foundation's CEO salary package, or their navel-gazing side projects, or their endless reshuffling of deckchairs. I want to fund _Firefox_, the only browser engine keeping us from an endless monopoly of Chrome reskins.
So you need to fund either individual developers or a 3rd party like Igalia to develop the features you want, including the work to ensure it will end up in the upstream repo and not in a fork.
Since that's "a donation with restrictions", you can probably set up a grant / anything with a contract instead. It may be onerous for an individual, but get enough people to be worth the effort and it should work fine.
Donations to the Mozilla Foundation support the Foundation's outreach and education efforts, not Firefox development. Firefox is developed by the Mozilla Corporation, which is a for-profit entity owned by the Foundation and is not donation-supported.
As far as I remember the problem was that you can donate to Mozilla foundation, but not the Mozilla corporation ( which is responsible for Firefox + other stuff ). There is no direct way to finance/donate for Firefox developement (without other projects).
they fired a ton of engineering talent working on exciting tech (servo) to chase some bundled vpn rebrand. what a misguided move, like most everything they've done in non-engineering space. sad.
before, i would have donated hundreds or more if there was a way to pay directly for firefox and thunderbird. but not anymore.
But eventually the “need” for never-ending growth means a manager somewhere will be looking to eek out that x% growth - and their individual (professional) needs will lead to suggesting monetizing the paid user base…
Why would this be a default, or an inevitability? Sounds like a reasonable incentive structure for VC-funded companies looking to be a unicorn. But it’s far from the only option culturally. It certainly doesn’t seem like the sort of thing that makes sense for Mozilla.
This makes it sound like these initial connections are there to earn Mozilla money. Updating certificate lists, checking for updates, that's all just housekeeping stuff.
I also find it very strange that so many people here disable telemetry. Really weakens complaints about removed features, if you're disabling the primary way that shows you're using it.
This comment is a deathflag which you should become attuned to, so you can stay ahead of the curve.
Telemetry driven catabolism is a feedback loop which can not be halted once it's begun.
What's happening under the surface is that the project has reached the maximum complexity it ever can, after which it collapses being unable to maintain even low-maintanance features, let alone add new ones. Complexity unlike funding is fundamental, and just throwing money at it will not halt the process.
Seeing rude obstructionist PR types showing up on bugzilla was the first outward facing symptom there was a cultural problem driven by an underlying material problem. An insider could probably tell you an even earlier warning sign.
As the project collapses it will grow tumors (eg Pocket). Totally random pieces of junk code which don't coherently belong to the base project.
In the terminal stage it loses its ability to even remove features, or bolt on tumors. Tweaking the logo, churning the UI, and redesigning the website are the only actions the zombie project is physically able to take. So that's what it does.
I hope they won't. All notifications I need and even more I get from my phone. I hate to ignore multiple notifications for the same event from multiple devices, I'd prefer to ignore it only once.
Don't know, but I think one part of the solutions is to drastically simplify the web stack and separate essential (content-oriented) from incidental (app) tasks.
Do yt, twitter really have to live in the browser?
I agree. It's fucking ridiculous that someone at Mozilla forgetting to renew a cert resulted in the simultaneous disabling of every single Firefox extension on earth. I wouldn't be surprised if someone (an activist, a gay person, etc) in an oppressive country died as a result of suddenly losing their VPN/privacy extensions.
Is there a phrase that describes the process of taking something one thinks is bad - here, Firefox extensions being disabled - and searching for the most egregious possible negative consequence that might have occurred (here, someone being murdered), and then using that as a hypothetical? The goal is obviously to try to increase the emotional weight of the argument against... whatever... but I'm seeing this demilogical construction used more and more in the wild and would like to know its name.
> searching for the most egregious possible negative consequence that might have occurred
On the one hand, stretching consequences is bad. On the other hand, thinking about a "one in a million" consequence isn't stretching when something affects a million people.
Maybe that example is closer to "one in a billion" or higher? We can hope so.
Hyperbole? I agree with your sentiment, but it's been the 'Internet rant' rhetoric for decades IME. Find a HN thread, with a moderate number of comments, without it.
IMHO, such comments are so tired, poisonous, and add so little that if I were king of HN, I would ban them. They may be hard to define, but 'no hyperole' is a start.
I sure hope that none of the people that are in danger trust in the obscurity provided by in browser vpns.
If they do then it always was just a question of time for them to be found out, as just adding a webrtc session to the website makes their ip transparent again. Same with unique dns queries etc
It's also not beyond the realm of possibility that the person responsible for monitoring this cert read your post just now, contemplated the potential gravity of their mistake, and decided that they couldn't live knowing those potential consequences.
There is no limit to what can disgusting thoughts could be posited in a hypothetical.
The person responsible for monitoring the cert was the proximal cause but not the ultimate cause. The ultimate cause was the colossal fool who decided a cert check failure should cause an immediate and nonconsensual disabling of all extensions instead of a pop-up box warning the user their extensions may be untrustworthy. That's like a car's ECU slamming on brakes because it failed to read the tire pressure.
My comment was a response to your singling out the "someone at Mozilla forgetting to renew a cert" which you referred to earlier. You are correct in acknowledging that you had only identified a proximal cause in your grandparent post.
I agree that the underlying problem is that extensions were disabled without user notification. The correct behaviour is simple enough: if any extension gets disabled for ANY reason other than manually by the user, the browser should lock out ALL network connections until the user has acknowledged this change of state. Someone should submit this to bugzilla as a high priority fix, if it hasn't already been done.
Someone should submit this to bugzilla as a high priority fix, if it hasn't already been done.
Not gonna happen. These days Mozilla doesn't even pretend to give a damn about user control. "We know better than you" has been the watchword for a while now.
That's not an argument, that's just emotional guff. Sure, they change the UI around every now and again. But they also maintain a firehose of improvements which keep users in control of things which actually matter, like Firefox's highly configurable enhanced tracking protection.
Not gonna happen? If you refuse to partake in the most minimal of engagement with the process, don't complain if you don't like the outcome.
things which actually matter, like Firefox's highly configurable enhanced tracking protection.
What's your criteria for things that actually matter? For example, as an adblocking, scriptblocking person, whether or not a company tracks me has no impact on my life whatsoever. What does have an impact on my life is my web browser being half-crippled and my mobile browser being a pile of half-working shit that soft-locks if I open it too quickly after closing it.
It seems this could be accomplished by extensions - at the very least for tab-related requests, as far as I know - since uBlock Origin has a setting that holds every request until it can update the filter lists.
Similarly, I have developed a habit of opening a new tab that loads about:home before I exit. That way, the other tabs act as active bookmarks. I'm not immediately faced with any given one of them when I start a new session. I don't know if anyone else does this, but it also saves me from loading any pages unless I really want to see what it is.
Well a popup asking if it okay to check for updates which would run every x times the browser is launched or on a schedule. The popup should have an option to not ask again for those that get annoyed. Otherwise the browser would need to call home to see if an update is available before asking if you want the new version of course.
It shouldn't. Users should be using a package manager to manage software. Windows fucked up users expectations by not including a sane one by default... ever. And no, Windows Store doesn't count.
Package managers are a necessary evil on systems where installing software scatters a bunch of files all over because of a dogmatic adherence to an obsolete FHS. It’s a huge burden on either the distro maintainers or the developers to produce new packages for already-written software, which often results in outdated or broken releases available in the package repos.
And now every language ecosystem has one or more package managers for development libs - pip, conda, cargo, npm, opam, dub, etc. - and then optional package managers like choco, homebrew, and probably some others I missed. It’s a huge mess. So instead we throw up our hands and just bundle everything we need in a container and duplicate the _whole distro_ because the “package” ecosystem is such a disaster.
The sane way to handle software installs and uninstalls would have been cp/rm.
One more addition to my rant here - could we pick even more ridiculous, unintuitive names for package manager binaries? zypper? apt-get? yum? xbps-install? pacman at least kind of reminds you of “package manager”. This isn’t meant to dump all over the hard work that goes into all these. I suppose too that “install” is taken by a command which copies files with certain flags (anyone ever use this?).
Every one of these uses different flags too, so for someone who uses a number of different distros it’s a huge pain to remember them and switch back and forth.
FreeBSD at least uses the eminently sensible “pkg” command with flags like “search” and “add.”
You don't own Firefox. You have a license to use it. Background network traffic is not a big deal. Ignoring downloading important updates the bandwidth the requests use is not significant. In such a large and complex piece of software as a web browser I do not understand why traffic should be associated with UI interactions. How is the browser supposed to show a notification when someone tweets? Would you prefer to hit a "Check for Notifications" button or would you prefer to just get a notification. The latter option has a million times better UX.
> Would you prefer to hit a "Check for Notifications" button or would you prefer to just get a notification. The latter option has a million times better UX.
I would a love a button for every action. Particularly for things like check for notifications. The current problem is that someone else believes they know what a better UX is, any by better they mean better for the company for whatever reason.
It sort of annoys me that 'pocket' can't just be disabled from the UI bar to hide it everywhere, but that's not nearly as annoying as the last link you provided...
The Telemetry stuff is insanely invasive and really needs to all have one _system_ level toggle for it rather than the like _twenty_ different flags and settings (even with the 5 dupes from the article's dump cleaned up)...
When I see this list, my question is, are there entries which are redundant and only in there, because the original author didn't understand them?
From my understanding f.e.
toolkit.telemetry.enabled = false
Should disable everything under
toolkit.telemetry.*
Furthermore I would expect the UI flag to disable telemetry to overrule all other settings and globally disable telemetry
In a couple min of searching it looked unlikely that I'd find any current documentation about these flags, the bhrPing and hybridContent are probably remains, but were still present in my existing profiles.
I used TreeStyleTab for a while but it never quite felt "right" and all the tweaks to get rid of the top tab bar are such a pain. It almost seems like too much with all the nested tabs (I know you can turn these off)
I hate to say it but the best vertical tab implementation I've seen is in Edge. Easily toggle-able between horizontal/vertical tabs, there's a way to collapse it to just favicons, you can use collections to group tabs together (like in Chrome). It's honestly one of the features that keeps me coming back to Edge, privacy be damned.
I think the only feature I really miss from Firefox is container tabs.
$ cat userChrome.css
/* Hide horizontal tabs at the top of the window */
#main-window[tabsintitlebar="true"]:not([extradragspace="true"]) #TabsToolbar > .toolbar-items {
opacity: 0;
pointer-events: none;
}
#main-window:not([tabsintitlebar="true"]) #TabsToolbar {
visibility: collapse !important;
}
/* Hide the "Tree Style Tab" header at the top of the sidebar */
#sidebar-box[sidebarcommand="treestyletab_piro_sakura_ne_jp-sidebar-action"] #sidebar-header {
display: none;
}
gfx.webrender.all shouldn't be needed anymore. Does it make a difference for you? i.e. Does the value of "Compositor:" change if you change the pref and restart?
Unlike many Firefox forks, it tracks modern Firefox. I believe they run a similar set of tweaks to Tor browser, just without the Tor. This is quite nice. It’s autoplay blocking has actual teeth: I’m delighted when YouTube’s annoying autoplay-next-video is foiled by it.
Since it is smaller and from a less well-known group of developers, I can totally understand this being untenable. But the added risk is worth it for me, because while it isn’t perfect, it feels like I have gotten a little slice of control back with it.
Came here to state the same, for a few years my firefox fix was to use waterfox[1] instead of firefox.
And now my best firefox fix is to use librewolf[2] instead of waterfox instead of firefox.
I had enough of mozilla treating me and my business like sh*t when the silently dropped alsa support on a ESR release and justifying by saying linux distro package maintainer should have not disabled our surveillance and tracking and no one wants to work on ALSA as it is a mess, turns mozilla code was a mess and in a matter of days someone came up volunteering to do the works they refused to, but then they switched their stance to say it's too late they're not going back to alsa just deal with it.
So I dealt with it by switching to waterfox which supported alsa with no plan of stopping and allowed firefox extensions to keep working.
When will mozilla stop hurting its own product by trying to make it the same as google's browser and mistreating their user base and supporters ?
Librewolf applies a few very small patches to the Firefox codebase (to remove Mozilla's VPN promotion, etc), but I don't think they have the resources to maintain dropped features, or any other significant deviations from the official codebase. I view it as a custom Firefox build rather than a fork.
I don’t think they ever shipped it without the ability to disable it, I’m just happy it doesn’t work by default. It will try, but it can’t actually play unless you click. This tiny detail made me instantly feel more in control again.
Makes me wonder what the web would be like if browsers were never subject to this conflict of interest in the first place and always prioritized keeping the user in control.
Easy fix: just allow it to autoplay using the icon in the address bar. And you can add this allowance permanently.
This is how it should work. It only doesn’t because autoplay is great for metrics and it’s nice for their metrics that all major browsers allow YouTube to autoplay.
Yeah, the annoying thing about that button is it defaults to “on”, though.
So if you’re, say, opening a video in incognito because you want to watch a single video without that channel being recommended for the next 6 months, that little autoplay button is always toggling itself back on.
I find the experience way better than vanilla youtube in a browser. It allows to remove all youtube annonyances (autoplay, comments, suggestions, ads, in video ads, and more) and tweak a number of things.
Only a couple downside for me, the playlist support is a bit shaky and once in while a video will fail to load or start and requires closing and reopening the window.
It looks like a great project, but I'm afraid it exceeds the privacy protections rendering it somewhat unfeasible to be a primary browser.
uBO pre installed, telemetry turned off, etc are all great steps, but the lack of DRM, for example, makes it a deal breaker for me. Brave, despite their shady practices with their own ads and cryptocurrency, is at the sweetspot balance between privacy and functionality.
I find the time it takes to fine tune my Firefox worth the work, but Librewolf looks like a project I would gladly trust with good privacy defaults.
I'm not 100% sure, but I think vanilla Firefox also comes with DRM disabled. Like on librewolf, you can just enable DRM and be on your way.
One thing I've found, is that even if you enable DRM, librewolf sometimes still fails on Netflix. Just the other day I got redirected to a help page about Microsoft silverlight when trying to play a movie, had to fallback to Firefox.
1. disable Fullscreen "XY is now Fullscreen" text. Set full-screen-api.warning.timeout to 0
2. disable Alt key: set ui.key.menuAccessKeyFocuses to false
3. don't select space after double clicking a word (together with auto highlight selection addon very nice for skimming code in browser like GH): set layout.word_select.eat_space_to_next_word to false
4. reduce forced wait when downloading a file (Download button in small FF-modal takes time to enable/activate, hard to explain, but annoying) : set security.dialog_enable_delay to 300ms
5. disable "This Connection is not Secure" Warning in (for pages like fritz.box together with XCkeepass very annoying) security.insecure_field_warning.contextual.enabled
Click-jacking seems like the correct term. Not sure what the word would be for the keyboard type of click-jacking though, where you unexpectedly present a dialog while the user is typing and they accidentally accept it by pressing certain characters...
those first four are things that i didn't even realize bother me but i feel like it'll be a massive QoL improvement to have them turned off. thank you!
I use "HighlightAll by Jerome Goudey". If you use this, you might have to tweak your addon preferences. I have set "Always enabled", "Native Highlighting" (without whitespace) and a minimum number of characters of 2. Nothing else is selected for me.
Tangential -- but my biggest pet peeve with firefox is its autocomplete behavior in the address bar. It seems to be impossible to prevent it from putting website.com before website.com/page_I_actally_want
The specific case I have:
I use the URL bar basically as my bookmarks (turned off browsing history and top sites in address bar suggestions), and one of the pages I frequency is https://hackaday.com/blog/ (note that this is distinct from the base https://hackaday.com). In chrome it works fine, if I hit h in the address bar it immediately autocompletes it to the full url, but in firefox it autocompletes it to the base url so I have to hit h then down arrow to get to the site I want.
For the life of me I haven't been able to figure out a way to change the behavior, and it absolutely infuriates me that there is no obvious way to fix it.
I have the exact opposite wish most of the time, in Safari for instance, it's almost impossible to go to https://example.com/blog when you've previously gone to https://example.com/blog/2022/01/01/my-article.html. In FF I like how it autocompletes with letter + right-arrow + letter + right-arrow. This way I can quickly go to different subreddits by just typeing r -> r -> f -> n for reddit.com/r/formula1/new and other subreddits using other first letters.
I had the exact same problem! There is no configuration option to change this, and I literally kept using Chromium based browsers for years because of this.
This workaround isn't perfect, but it has allowed me to switch:
- Bookmark the url
- Go to Bookmarks > Manage Bookmarks > [location of your bookmark]
- In the keywords section, put the first two or three characters (I settled on three) of the domain, so 'hac' in this case
Now when you start typing in the domain and you type those first two or three characters (or however many you want to setup), the first suggestion from firefox will be your keyworded bookmark and you can just hit enter instead of having to hit down!
Crazy how Firefox always defaults to the domain instead of the most frequently visited URL for the characters typed in, but this has worked for me.
This is intriguing -- can you explain your preference setup a bit more to get this behavior?
I was not able to get this to work on my setup. I added a keyword 'uniquekeyword' to the hackaday bookmark, but if I start typing uni... it just tries to give me a web search. I tried enabling/disabling the search bar and messing with my address bar preferences but no dice.
Counter-intuitively, it does sort of work if I put the keyword as a tag. It still tries to offer me a search as the top hit, but the tag result is the second hit.
I basically did what was suggested there. (The 2-3 character length I suggested was just from my experience of avoiding collisions with other urls I might visit and was when I wanted to hit return when I started typing.)
Not sure if these settings matter or not. I just tried disabling a few and it doesn't seem to make a difference These are the only ones that seem relevant.
In about:preferences#search I have this enabled:
- Provide search suggestions
- Show search suggestions in address bar results
In about:preferences#privacy I have this enabled (plus a few other things):
Thanks so much for this. I confirmed that this works on a virgin firefox install, and was able to get it working on my config after messing with the search settings to enable search suggestions.
The key here is that if firefox sees an exact match to a bookmark keyword, it will put that as the top hit on the address bar. So if you put a short keyword for your bookmark (in this case, ha for the aforementioned hackaday example) you can type in h a {enter} and it will take you to the full url of the bookmark instead of the base.
For me it's the opposite. Chrome's insistence to not give you the result you want from your history (because it want's you to do a Google search) is infuriating.
This is actually the root of the problem, the address bar behavior in my firefox config always gives me the first hit as one of 2 options:
1. Base url of a website (in my case, it only searches bookmarks, but if you enable search history it will match to base url of historical searches as well)
2. If it can't find a match, then it defaults to a web search
What I want is for it to match full url's from either the history or bookmarks, but this does not seem to be an option
Temporary Containers https://addons.mozilla.org/en-US/firefox/addon/temporary-con... is a great addition. It gives you a semi-"private browsing" mode without missing features (some browser features are turned off in the actual private browsing mode). This is great for testing development web apps, as it gives you a fresh start every time.
With custom userchrome currently slated for getting axed, what I want most from Mozilla right now is a built in way to:
1. Hide the unnecessarily huge sidebar header (allowing addons to show their own arbitrary fully custom sidebars separate from the official sidebar system could also work)
2. Hide the default tab bar
I currently run a vertical tab setup with Sidebery that looks great with custom userchrome, but the release that kills userchrome will make it too much of a mess to bother with a redundant tab bar and ugly space stealing sidebar header.
Additionally, an “adaptive” theme that pulls colors from the OS like Sublime Text’s adaptive theme does would be greatly welcome. While it’s nice that Firefox comes with a dark theme (and that there are plenty of third party dark themes), it’s irritating that it’s always a different shade than the rest of the OS — both the background colors (which change dynamically with wallpaper-adaptive appearance enabled) and accent colors (which is user specified on both macOS and Windows and soon on Linux with GNOME too).
I'm somewhat active on r/FirefoxCSS, and have substantially customized my Firefox UI. Never saw any deprecation notices in the console, or a message on the subreddit.
I highly doubt Firefox would ever drop support for userChrome. The themes aren't nearly as powerful and low level. The about:config toggles works as a footgun protection. I have yet to see any technical reason for them to drop support.
That said, Firefox has dropped support for small yet useful features for no apparent reason, so there is a non-zero chance of them dropping support for userChrome customizations.
Killing userChrome would be extremely on brand for Mozilla, so I'm sure it will happen at some point. Killing features beloved by a subset of power users appears to be a guiding design principle there. I've seen userChrome suggested as the fix for all kinds of UX regressions that Firefox pushed on users. But if Firefox is willing to go out of its way to break the UX in various ways, why would I ever trust it to maintain that support?
Of course people are going to find ways around it, simply because the alternatives are still so much worse, but it definitely disappoints me to see that we have to be fighting this constant war with the developers at Mozilla who are continuing to oppress users while thinking that they're doing the right thing.
Note that if you spend a lot of money online, extensions like Honey or Capital One Shopping won't work as they often use a url parameter for tracking affiliates and thus giving out cash back.
I use Tab Stash at the moment but I think I might prefer One Tab. Tab Stash kind of just feels like "better" bookmarks as oppose to a way to keep tabs open without them using resources
Huge fan of Firefox (and Mozilla in general, leaving aside the recent controversies) for a decade and a half. But after the great improvements in performance as part of Quantum (v57), the last 2 years or so have been a slow degradation of performance for all power users (esp. users who keep a large number of tabs open, and especially so on OSX. Firefox is almost always the single biggest memory hog on my system, and pushes the fan spinning at full speed every few hours.
I wish there was more focus from Mozilla on continuously improving (or atleast keeping stable) Firefox performance, instead of these cycles of degradation, 1 great release to fix issues, and then a few years of ignoring perf again. ;(
Firefox performance is very important to Mozilla. Mozilla has a dedicated Firefox performance team and some of the team members are "tab hoarders" with (literally) thousands of tabs, so they have a personal interest in keeping Firefox performing well with many tabs. :)
If you experience a performance problem, you can use the Firefox profiler to record a performance profile and share it in a Bugzilla bug report. Having a profile makes a performance bug much easier to diagnose and hopefully fix.
The profiler is easy to use: it's just a toolbar button to start/stop recording. Here are the instructions for enabling it:
My most essential fix is getting the unbranded builds of Firefox so that I can control my own browser. These builds have no FF branding and they've disabled auto-update in them but they have the major advantage of actually allowing you to edit your extensions/add-ons without having to play security theater with Mozilla's automated signing portal every time you make a change.
And no, running the unstable developer builds is not an option. The dev line goes back to "alpha"/aurora in the old times and it still plays that role. It crashes in my experience on weird setups.
Yeah, I really wish they'd allow auto-update for the unbranded builds. Now I just do it manually, often. But with the profiles being the same it's not too bad. It's much better than having to ask Moz every time I tweak an extension.
Sure. It's technically possible for me to re-make Mozilla's infrastructure with a great effort. But what I mean is, Mozilla doesn't want to provide support (like security updates) or services for their browser unless they completely control it. Probably the argument is that this prevents ignorant users from accidentally downloading unbranded and accidentally installing some malware extension and blaming FF brand for it. But it's about branding and perception far more that security or resources.
> These builds have no FF branding and they've disabled auto-update in them but they have the major advantage of actually allowing you to edit your extensions/add-ons without having to play security theater with Mozilla's automated signing portal every time you make a change.
“Security” isn’t even the word I’d use for what extension signing seems to do. After all, full-out malware — the illegal stuff — can replace firefox.exe with their own.
What it really seems to be intended to protect against is legal-but-scummy applications like Oracle Java that installed random toolbars and add-ons that almost nobody wants. They can legally install an add-on, but patching Firefox itself would be a clear-cut trademark violation, so they won’t do that. Since the Java installer ran with the same permissions that a regular user runs as, they can’t really stop that thing without stopping you.
The phrase I’d use to describe this is brand protection, not security.
One thing I do is re-enable the searchbar and then disable the "everything you type in the URL bar is sent to Google" option.
However, recent Firefox has this annoying feature where if you type in the search box on the main page it redirects your typing into the URL bar instead of the search box, making it then fail because a search is not a URL.
Interestingly enough I find myself fixing and customizing Firefox less and less. It feels like all the functionality that allows customization is bit by bit being deprecated away and I don't want to get disappointed.
Now I just click through the options on a new setup and disable various things I don't like, remove the search engines and enable the search bar again. After installing Ublock Origin of course.
I'd suggest "first party isolate" here. The feature restricts cookies, cache and other data access to the domain level so that only the domain that dropped the cookie or file on the user system can access it.
I removed Decentraleyes and just have FPI enabled.
What do you like better about it? As a chromium user, I’d be happy just to have a TST option that sits in the same window, not a separate window that causes focus issues.
Last time I tried Vivaldi, it did vertical tabs, but they weren't nested. I find it useful to be able to get a nested tree structure of tabs that show where the tab I clicked came from.
I'm still driving 88.0.11, last version before the UI re-design. I have a current version installed in parallel as well to keep an eye on things.
One problem I have with some applications these days, and now Firefox as well, the techniques they use internally affect rendering which I find gives me more eyestrain. 88 is comfortable for me to use, 99 is tiring. Maybe it promotes too much acutance around letters, I don't know, but it seems like it's flickering subtly like a refresh rate. I've had this problem with other browsers too, sometimes it is fixed by newer versions. It's frustrating.
Maybe there's something funny going on with your graphics stack? I think WebRender got enabled by default in 91/92, it's possible that draws in a different way.
I doubt WebRender itself is to blame (though it's possible) - there is so much other stuff that can go wrong with the layers of graphics code between a browser and your screen, and GPU drivers and differences in text rendering between different methods would be the first thing I'd suspect.
For anyone else who dislikes the recent change with the Downloads status popup behaviour, setting this flag to false resets it to the way it worked before the last update:
browser.download.alwaysOpenPanel
Thanks to a thread a couple weeks ago I also managed to make the scrollbars wider with
Usual reminder that the "I don't care about cookies" is dishonestly named and should be "I don’t care about tracking" as it falls back to allowing all tracking and cookies are just some tiny part of it.
I’m not judging you for not caring about giving people permission to track you in whatever way they choose, but at least be informed about what you do.
Yes. And that helps against tracking without cookies? It doesn’t. That’s the issue with the extensions, it makes people believe it’s about cookies when it is not. It might as well have been created by the adtech industry, considering how much it confuses people.
Just in case it’s not clear, here is the text of the GDPR in full [0]. How many times are cookies mentioned? Literally, only one time. Now, the ePrivacy Directive [1] is also called the cookie law. It mentions cookies more often: 5 times. And only in a single paragraph.
I've been looking for a replacement for OneTab. The import/export functionality is broken (doesn't carry over the tab group titles) and although not everyone would like that, I'd prefer to have cross-device sync.
i like that tab stash uses bookmarks to save things instead of some database. it means you can still access your stashed tabs from another device without needing the extension. (which is useful if you are syncing your bookmarks to your phone)
Be careful with OneTab, something shady is going on with this addon but i can't remember it exactly;
if i remember correct it is very unclear that when you share tabs with a specific person, it also posts it on the web for everyone to see. So people are publishing their tabs while unaware of this.
I wouldn't call it shady since it states this in the add-on page.
>Information about your tabs are never transmitted or disclosed to either the OneTab developers or any other party. The only exception to this is if you intentionally click on our 'share as a web page' feature that allows you to upload your list of tabs into a web page in order to share them with others.
That's like making an unlisted pastebin or youtube video. It is accessible by anyone but will be public only if you make it (e.g. sharing the URL in a forum). Maybe there should be a confirmation.
> allows you to upload your list of tabs into a web page in order to share them with others
I understand, however sharing a link with someone specific (usually you need the specific url to access this) is not the same as publishing for the entire internet/search engines.
It's not a problem if they do this, but at least they should make people unaware of it.
Looking at some of the private bookmarks that are being shared, it seems people are unaware.
My essential Firefox fix in 2022 is to say no to updates. Sad it has come to that, but I just hate their constant destruction of the user experience that I'm used to.
Releasing libre unbranded builds was part of the compromise everyone agreed to when Mozilla took over the browser in version 37 and locked users out from editing things in Firefox proper.
I'd just like my default start/home/new tab page to be my bookmarks. Not my recent bookmarks, not my most visited, not ads. Just a simple scrollable list of my bookmarks and folders.
Truthfully, I haven't updated Firefox in ages. On my other laptop I did and I regretted it immediately with their changes to the tab UI (which at first you could revert by disabling proton... and then they took away the ability to do that). I was eventually able to get them to a decent state again using some CSS chrome hacks I found here. But I don't feel like dealing with the asspain of bad UI changes on every update.
Anyway, my first reaction to this article was: They did WHAT to the search box and toolbar?? Another change I didn't ask for and will inevitably revert when I (maybe) update someday.
I used Firefox for years with no complaints. I don't need or want UI churn in something that worked fine already. Extremely frustrating to have these changes forced on me with little recourse (talking mostly about the proton crap here).
Do you have steps to reproduce the problem? I just tried testing this in Firefox (Nightly) 100 and Firefox doesn't delete the partial download. I started to download a 1 GB zip file from https://www.thinkbroadband.com/download, disabled my Wi-Fi during the download, and quit Firefox. In my Downloads folder I see a zero-sized placeholder file called "1GB.zip" and a 9 MB temporary file called "1GB._VXIwgNp.zip.part".
-- about:profiles is actually a useful way to manage multiple logins. I used to have one set of accounts in ff, another in chrome. But now I just have multiple windows open in different profiles (and themes to distinguish) each with different login states.
> about:profiles is actually a useful way to manage multiple logins. I used to have one set of accounts in ff, another in chrome. But now I just have multiple windows open in different profiles (and themes to distinguish) each with different login state
I wish Firefox would return to XUL. Sure, there were malicious addons that hijacked people's sessions and stole their crypto. Sure, it was impossible for Firefox to parse stack trace telemetry because people were hotloafing random code blobs into their browser engine. But it sure allowed for elegant full-browser customization.
(XUL-supporting browsers still exist, but they're unfunded and far behind the state of the art. http://thereisonlyxul.org/ )
- I use Sidebery for tabs, and have disabled the horizontal tab panel on the top using oldschool userChrome.css file.
- I use the dark theme. However, that makes lots of pages use dark theme as well, so I've changed layout.css.prefers-color-scheme.content-override in about:config to not follow my theme, but my OS settings. (So I can have dark themed web pages during evening, but not all the time)
- And I use containers a lot. Very well integrated with Sidebery I feel.
* Use advanced mode of uBlock Origin rather than NoScript
* Horizontal Wood is a nice theme but still too dark for me, makes text hard to read. It did inspire me to look around a bit and I found BoryWood that is still readable and adds a bit of color:
I am still hoping someone picks up development of uMatrix. NoScript is great, but just too tiresome to use on the modern web, while uMatrix has this genius UI where you can pick the allowed parts of the page easily and save the rules for later if needed. Highly recommend it, though it is sadly no longer supported. For now it works. :-/
I'm consistently surprised that nobody ever talks about HTTP referrers, which are the most egregious of all privacy-invading functionalities -- and are enabled by default in EVERY browser, including the privacy-centric ones. If you're not blocking referrers, you don't have a sliver of privacy online.
People talk about Referer constantly in privacy-related fora, the problem is that there's also still an enormous numbers of sites which will break if it's disabled. Browsers have gradually stripped it down to just the origin, and I expect we'll see it disappear entirely in non-same-origin non-TLS situations eventually, but there's not much more they can do by default.
> Browsers have gradually stripped it down to just the origin
The big caveat is that the new browser policies will only default to origin if the website didn't specify the header, which means the website owner is still in control of whether it gets shared with the third party.
If you mean the originating website, it could send its own URL in any header or parameter, so masking its ability to set Referer would be useless without also some complex supporting feature like ITP / Privacy Budget.
The Referer Control plugin is probably still the best option, even though it hasn't been updated in a long time. There are a few newer ones that supposedly deal with the issue of sites breaking, but I haven't tried them.
uBlock Origin can block them. Some poorly coded sites will break with them blocked, so you'll have to whitelist them. Anything from Atlassian is notable, so Jira/Confluence/Bitbucket.
When the web extension change was new and people were complaining I wondered if this sort of patch would replace some extensions, but it seems that hasn't happened. I guess distribution is too painful?
FYI OneTab has a history of crashing, and unfortunately looses all your saved tabs when it does (likely due to how little thought-out an extension's storage support is). Keep exporting regularly to take backups in txt if you value your tabs. (Speaking from personal experience.)
- uBlock Origin
- Firefox Multi-Account containers
- Facebook container
- Simple Tab Groups -> Allows to organize Tab on different groups. Great to avoid getting the tab bar fill with little icons. On my case, I have a tab group set for working, and another for misc stuff, other for gamedev stuff, etc. Works great with Total Suspender
- Total Suspender -> Better autosupend of tabs. I actually would have around 170 tabs, and the Firefox ram footprint it's ridiculously small (~300 MiB)
- PronounDB
- Enhancer for Youtube -> Mainly because gives me better control of Youtube. Specially about the auto play next video.
- Clickbait remover for Youtube
- Don't Track me Google
For work stuff, I have VUE devtools and AXE Accessibility dev tools
Command-Shift-A takes you to the extensions configuration page. Other than that, some extensions have a button which you can add to the menu by using Firefox’s menu configuration tool.
Citation needed. The addon certainly seems far less legitimate than Decentraleyes. For instance, who maintains this, why did they fork it, who has validated it isn't a malicious fork, etc etc. At least for Decentraleyes you have it being popular and "Recommended" by Firefox which puts a certain expectation to not be a flaming pile of malware.
No my bad I clarified in my comment but it was in response to the author claiming Keypass as the worlds best password manager. Thanks for the links though.
i used bitwarden for about a year and i like how simpler it was compared to lastpass and i recommend that to most people now.
the reason i switched to keepass was i wanted to use autofill desktop passwords as well.
ive mainly been using keepassxc for a few years which is not too ugly i don't think, but have been trying out keeweb recently which is a lot more minimal.
a neat feature with keepass is autotype. i have mine set to alt+x so its easy to activate and using the "add url to window title" extension means there's no connection between your vault and the browser.
another idea i had recently was to create a second vault for passwords that aren't that important. so now they majority of my passwords are in that and the vault master password is shorter so its quicker to type, while anything important goes in my main vault which has a stronger password. its great not having to type a really long password just to unlock my vault so i can log into some random forum! and it also means im less paranoid about leaving the vault unlocked.
(when the autotype list pops up you will see sites from both vaults, as long as they are unlocked)
so yea, there's a few things that keepass does that other don't, but the downside like you said is having to manage the file yourself. i already had synching set up on all of my devices anyway so it was trival to sync the file using that
My firefox for Linux (latest version, 98.0) has had image loading on Facebook broken for a while. Approximately 1/4 of images on my feed never load. Googling shows it's persistent problem. Some complex combination of clearing cache and tweaking configuration supposedly solves but shouldn't it just work?
The primary reason why I don't use Firefox on the Mac is because there's a bug that makes keyboard text-replacement-shortcuts not work (ie. you write some pre-defined keyword and it gets replaced by something else, like replacing ":shrug:" with "¯\_(ツ)_/¯" )
2022 and Firefox still doesn't have gesture stack navigation in Windows with precision touchpads like Chromium does(mainly back/forward in history). I guess it's a another year I'm not going to use it and stick to Chromium Edge. Maybe 2023?
I used to use Firefox as recently as a few months ago. But I went the completely other direction and switched to Edge. Main reason is it has some nice new features like reading aloud PDFs which you usually need extensions for.
Microsoft claims Edge will "scan for discounts" as you browse shopping items as a selling point on the windows login screen. That means every page you visit gets sent to Microsoft to do with anything they want.
Every now and then I catch myself doing some odd: On a new os installation, using firefox to download librewolf and ms-edge. Many moons ago it would have been using IE to download firefox. What's happened here!
I can no longer image using Firefox without Simple Tab Groups. It's like git stash, but for browser tabs -- it makes context-switching much easier when working on many things from the same browser.
I've fiddled with more details than I've bothered to write down. Here's a couple of the less common ones (that I'd consider "essential", to me):
- Customized the response curve of trackpad scrolling. (I think no other browser has this feature? It's actually the top thing keeping me on Firefox). On my specific hardware, something like this is subjectively "snappy" and "precise" and "out of my way":
- Disabled all fonts with about:config's 'downloadable_fonts' toggle. (An alternative is uBlock's remote-font preference, which can be toggled on/off per-domain. That's a useful escape hatch).
gfx.downloadable_fonts.enabled = false
- Enable uBlock Origin's opt-in "annoyances" filters, which affects maybe half the web including every last GDPR banner:
- Firefox bookmarks can have *keywords* that macroexpand in the URL bar; these lower the friction of casual non-Google queries:
en -> https://en.wiktionary.org/wiki/%s#English
man -> https://dyn.manpages.debian.org/jump?suite=bullseye&binarypkg=manpages&language=en&q=%s
hn -> https://hn.algolia.com/?q=%s
- Obscure privacy settings that should have gone into the main privacy panel, IMO:
If beacons go into the privacy panel, adtech will go back to using onunoad+onbeforeunload and everything will be worse. (I don't really have a technical solution other than also preventing requests during unload but last I heard this was not considered a reasonable option by browser developers.)
Anyone know how to disable the timeout on XHR/fetch requests? This is helpful when running a server under a debugger, using breakpoints or single-stepping.
I use Web Annoyances Ultralist, a cosmetic filter for adblockers. It blocks:
> Block annoying web elements such as sticky headers, dickbars, floating headers, scrolling headers, fixed headers, scrolling videos, stickynavs, social icons, social share bars, smartphone app banners, app download prompts, cookie notices, GDPR warnings, scroll to top buttons, modal overlays, interstitial site overlays, removed or hidden overflow scroll bars, subscription nags, and generally distracting elements that have increasingly been turning the web into a user-hostile environment.
Are there specific Chrome keyboard shortcuts you're missing in Firefox? Firefox has some aliases for Chrome and Safari keyboard shortcuts. Adding a new alias is pretty uncontroversial if it doesn't conflict with an existing Firefox keyboard shortcut.
Even with telemetry off, all kinds of information about my browsing behavior from the myriad connections it makes upon start and exit can be gleaned. Certificate chain updates, etc can be delayed until a secure connection is requested by me.
The amount of unsolicited and virtually uncontrollable network traffic from macOS, Microsoft Office, Adobe Creative Suite, etc is bad enough, I expect more from Mozilla that never stops marketing its privacy features.
I believe I have the right to control when and for what purpose the computer and software that I own communicates with third parties.