hckrnws

The amount of stuff you need to disable on a fresh Firefox install now is getting ridiculous. In settings you need to uncheck:

1. Recommend extensions as you browse

2. Recommend features as you browse

3. Sponsored Shortcuts

4. Recommended stories/Sponsored stories

5. Show trending search suggestions

6. Suggestions from Firefox

7. Suggestions from sponsors

8. Allow Firefox to install and run studies

9. Allow websites to perform privacy-preserving ad measurement 10. Everything AI related in Firefox Labs

One of the most ridiculous hassles is having to connect to the internet to disable an add-on. Mozilla apparently needs to be notified every time a Firefox user disables or enables uBlock Origin.

I didn’t knew this and it’s completely unacceptable. In a real project it would be classified as a bug, and a quick fix would be done for that.

10. Disable Pocket with "extensions.pocket.enabled = false"

11. Disable Privacy Preserving Attribution using "dom.private-attribution.submission.enabled = false"

I like the stories suggested by Pocket, they seems to be from trusted sources and the personalization seems to happen locally[1].

>Are these stories in the new tab personalized to me?

> For the most part, no. Most recommendations on your new tab come from a general list of the best stories on the web. But Pocket is actively exploring ways to deliver personalized recommendations in a way that vigorously protects users’ privacy. Importantly, neither Mozilla nor Pocket ever receives a copy of your browser history. When personalization does occur, recommendations rely on a process of story sorting and filtering that happens locally in your personal copy of Firefox.

[1] https://support.mozilla.org/en-US/kb/pocket-recommendations-...

I like the stories too! Still doesn’t mean Pocket has any business being forcibly built into my browser, though.

Disable harmful website checking too (url leak).

What URL leak? There is a database of malicious URLs that is downloaded by Firefox periodically. It doesn’t use a remote database lookup on demand.

Is there a way to automate this and commit it to a dotfiles repository so that it always gets applied?

You can disable most of these things in user.js. See https://github.com/arkenfox/user.js (née ghacks.net user.js) for an example.

The next problem is FF generates random profile names by default ( ~/.mozilla/firefox/<random>/user.js ) which makes it hard to deploy a user.js via automation. But you can also drop in a ~/.mozilla/firefox/profiles.ini with a fixed profile name of your choice, so then you can use dotfiles or any other mechanism to deploy those two files.

That said, as the original tweet says, they did this particular one by adding new user.js options, so you wouldn't be *automatically* protected from them. You could try to find someone who publishes the exact user.js you want to use to some git repo / URL and set up automation to sync that file to your devices periodically. Unfortunately most user.js have some common elements but also some personal unique elements (because you may want to not change some settings because they break websites you care about), so you may not find such a person.

https://github.com/yokoffing/BetterFox

I set this up once, sometimes do a git pull, and honestly, I can't see "annoyances" others always complain about. Maybe I look at the wrong places / learned to ignore them. Or maybe it's BetterFox removing them. Worth a try.

Edit: https://github.com/yokoffing/Betterfox/wiki/Common-Overrides...

They already included instructions on how to disable it. However, since the defaults also disable most of the new tab clutter, it wasn't shown to me in the first place.

Just use fork of FF. LibreWolf.

https://librewolf.net/

I had no idea LibreWolf supports Firefox Sync, that's pretty much the only reason I'm using Firefox so I'll definitely try it out.

Eh, every time there's a bigger change in Firefox someone forks it, and then the project dies after some time.

LibreWolf is a live since March 2020, still updated regularly.

From what I know it’s one of those forks that disable so much that a lot of web apps become unusable.

Such as?

And much much more: https://unixdigest.com/articles/choose-your-browser-carefull...

Keep in mind that this isn't for everyone.

It's one of the reasons I gave up on Firefox. Mozilla have no incentive to improve Firefox and can afford to keep running it into the ground knowing Google has to foot the bill for them to not get hit with the monopoly hammer by the US and EU governments.

I agree that it sucks. But does it really suck more than the alternative (Blink monopoly and terrible vertical tabs implementations)?. No way. I made most of these changes years ago and have just migrated my Firefox profiles directory since.

An alternative you might consider is LibreWolf, a privacy-preserving fork of Firefox.

what did you choose to move to

Here's my aproximate browser history since I started using the internet. IE(2002) -> Firefox(2004) -> Opera(2008) -> Firefox(2011) -> Chrome(2015-present) -> Brave (probably in the near future)

[flagged]

Let me guess... Another Blink engine browser?

And you can't set new tabs to default to your home page, allegedly because of "security issues." Yet every other browser can handle it.

And then there's the idiotic burying of bookmarks three levels deep on the mobile version.

Oh, and the storage of log-in credentials blows. When you pick a saved log-in ID on a site, Firefox is too dumb to find the matching password. It shows you every password for every ID you've used on the site, and you have to scroll through them.

I really wanted to support Firefox so I switched back to it from Safari recently. But it sucks ass.

Firefox stopped using 'browser.newtab.url' long time ago as it was a preferred attack surface for male are trying to redirect people to scam pages. I understand that you are annoyed but you can still use an addon to do that which gives you more control.

I don't know about other browsers and how they handle the abuse of this situation or if they care at all. But it is not like there did it just to annoy people.

How would a scammer change my browser.newtab.url?

How would a scammer be able to change my browser.newtab.url without an attacker also being able to change my network.proxy.http?

"Firefox stopped using 'browser.newtab.url' long time ago"

That doesn't really mean anything to the end user (including me). If the implementation was flawed, the answer isn't just to abolish the entire feature.

Speaking only for myself: I don't really mind sponsored content as long as there is no tracking and it is not causing FF to be considerably less performant/more resource-hungry. The Mozilla Foundation needs money to keep the lights on, after all.

I might also just pay Mozilla for a premium subscription that completely disables sponsored content if they offered one (at a reasonable price).

One small way I support Mozilla is to pay for Firefox Relay https://relay.firefox.com. It's $1/month and you get a lot of value for that. Being able to create email aliases on the fly to keep your real email private is worth a lot to me!

I also support Thunderbird with a recurring monthly donation. And a dozen other devs of libraries and applications on GitHub.

We have to create the world we want to live in. When I discovered open source software around the year 2000 I was amazed, and it got me where I am today. Engineers and servers cost money. I hope that open source software can survive because I believe in the philosophy and I know there are people out there who depend on it.

Mozilla doesn't need donation money from users. They get paid more than enough by Google and squander it.

I'd gladly pay them if I knew that my money would go into the development of Firefox and not into the social and political causes of their foundation.

yeah that whole deal is basically dead

The problem is there is no way to donate to Firefox development. Mozilla’s operating expenses are in the hundreds of millions a year. They might be putting a fraction of that into Firefox, after CEO pay and whatever the hell else they are doing.

> don't really mind sponsored content as long as there is no tracking

Is Firefox collecting my location and polling Accuweather in a privacy-preserving way? Based on a cursory review of their documentation of this feature, I can't find any mention of privacy.

That's great, but the people who *do* mind didn't consent to being made to view that content. (In fact many had tried to explicitly opt-out from it). A FOSS program is supposed be fully under the control of its end-user.

You do consent when you accept the ToS.

And you're always welcome to use some other browser, if this breaks your camels back.

- "You do consent when you accept the Eula."

Firefox doesn't have a EULA: it's free-and-open-source software—not a commercial service.

- " Mozilla software is made available to you under the terms of the Mozilla Public License 2, a free software license, which gives you the right to run the program for any purpose, to study how it works, to give copies to your friends and to modify it to meet your needs better. There is no separate End User License Agreement (EULA)."

https://www.mozilla.org/en-US/about/legal/eula/

A software requiring its users to agree to terms typical of commercial EULA's, would definitionally not be FOSS.

That's true they archived[0] it now when I look around 2014, but permission to use your data or sending you sponsored content is covered as a ToS instead[1]

[0]https://www.mozilla.org/en-US/about/legal/eula/firefox-2/

[1]https://github.com/mozilla/legal-docs/tree/main/en

The Firefox browser does not have a ToS. You're conflating the FOSS product with Mozilla's additional non-FOSS offerings, like its VPN and Pocket service.

And the sponsored content is not part of the browser but instead as a service.

EULAs are not real consent.

Legally yes it can and is in many, many cases.

Even in the legal sense, EULAs are questionable.

But also I strongly doubt the comment you were replying to meant "consent" in a legal sense.

[dead]

Not from a GDPR perspective.

- "This is the 5th time Mozilla opted me into something like this w/o asking - existing about:config changes didn't apply; they add new ones (15 results for 'sponsor')"

Do I understand right, that you can't disable it normally in about:preferences (i.e. the user-friendly configuration page)? You have to dig into about:config (the hidden debug page for advanced, unsafe stuff) to turn it off?

Does the "sponsored shortcuts" toggle on about:preferences#home, the one that's always been there, not disable whatever this thing is showing for some users?

No they mean that say there a about:config called dontShowSponsored and it's set to true that didn't retroactively disable the new introduction of sponsorsed stuff.

Am I the only one that has a blank page show for new tabs?

In my `about:config`:

  browser.startup.homepage about:blank
  browser.newtabpage.enabled false

I've replaced mine with a random flickr photo. The new tab page has no functionality that isn't matched by the address bar.

I've also got my new tabs set to just display a blank page.

Firefox had a support page if you need help finding the setting...

https://support.mozilla.org/en-US/kb/customize-your-new-tab-...

I do too, I use my history to navigate by typing a couple characters of where I want to go in the location bar

I use the random Google Earth image extension for my new tabs https://addons.mozilla.org/en-US/firefox/addon/earth-view-fr...

Nope, blank page here too. Or, it's actually going to the Firefox Home screen, I just turned off all the content in Settings > Home. I'm on 130, still a blank home screen.

I have: Group Speed Dial. This other stuff is unknown to me.

How do you get money to develop a browser?

1) sell it. You’re competing with Google. Not gonna fly.

2) embed ads. You can now get Google to pay you. Sounds nice, except Google’s own browser doesn’t do that.

3) donations and grants. This could work with a government with enough foresight to ensure viable browser competition, which isn’t even a theoretical problem. Getting enough money to pay for anything but coffee and electricity may be a problem, though.

4) run an ad network and make sure your browser shows those ads ‘better’ than the competition: kinda makes sense, except you don’t need the browser here to make money? Google already makes one, after all. So you need some kind of a long term contract between the ad network and the browser development branch to make sure the browser part keeps doing the browser.

Mozilla has received billions from Google and has a billion in cash reserves. Why didn’t they set up an endowment so they could spend it sustainably instead of assuming the free Google money would just keep flowing forever? They could’ve been independent of Google by now.

I'm all ears on how they could be independent. All I see is using Google's money to invest somewhere else than the browser market and perhaps maybe fund the browser-making foundation with it out of good will.

One solution is already in the comment you're replying to - by setting up a dedicated org financed well into the future via the endowment so that it would not be affected even if all income dries up and the other org collapses. (nothing foolproof about this, it's a challenge, but still)

Not paying their CEO 7mil a year would be a start.

> All I see is using Google's money to invest somewhere else

Yes. Use Google’s money to bootstrap independence from Google instead of spending it all straight away.

>3) donations and grants. This could work with a government with enough foresight to ensure viable browser competition

It's worked for Wikipedia, perhaps a little too well in fact: their foundation spends a bunch of money on stuff unrelated to the Wikipedia website.

And then they beg for more every year on Wikipedia itself. It is gross and no one should give them money any more. The endowment amount was met long ago. No one wants their other shit. Just be happy with Wikipedia being the massive success story it is, you parasitic non-profit management class assholes.

> sell it. You’re competing with Google. Not gonna fly.

The Enterprise™ spends insane money on both real and dubious security products, that often achieve their objectives via hacky ways (TLS interception, etc). The browser being at the forefront of a lot of security threats nowadays means it's the perfect candidate to implement said security features in it and sell it as a paid version, alongside productivity features such as built-in ad/tracker blocking, etc.

Security teams are already mandating chrome as the browser, it's in a local maximum of controllable-enough + usable-enough... a disruptor in this space would need a really compelling value proposition.

I'd say Edge is more popular, especially in the shops that go all in on Microsoft/Office 365. It integrates better with the whole ecosystem, you have more control over it with policies, sync is easier, and most importantly, underneath is all just Chromium.

OP is weird, their second post says that they 'exclusively use Chromium for web dev now as Firefox simply cannot keep up' - who knows what Google Chrome does with your data, you don't even get to opt out.

Tangentially related thread: https://news.ycombinator.com/item?id=41441501

Saw the same with some new sponsored shortcuts that were previously disabled.

Are these still geofenced to just the US?

no, i have the weather thing now and i am not in the US

Yes? And the submission leads to twitter, which blocks FF deliberately, so what's your point?

Wait, Twitter/X blocks FF? How does that work? Is that only in some countries? I'm in Canada and I still use X on a daily basis in the latest Firefox on Windows and I have not noticed a thing.

I am simplifying in saying that they outright block FF, but the site is broken with Enhanced Tracking Protection enabled [0], and has been for a while. They even mention FF in a dedicated error message, which I have to admit just grinds my gears :)

0 - https://cybernews.com/news/x-twitter-not-working-on-firefox/

That's odd. I use X on FF with not only Enhanced Tracking Protection, but also a whole bunch of other privacy extensions (uBlock Origin, Ghosterly, Disconnect.me, DuckDuckGo Privacy Essentials, EFF Privacy Badger) without adding any exception for x.com, and it still works for me.

Are you logged in to your account? Since I suspect that's why.

I am; but for what it's worth, if I open a new private window, I can still browse any public profile on X without logging in, and with Enhanced Tracking Protection enabled.

Try doing it with removing your cookies or in a vm since it could be that Twitter uses super cookie to track you.

I just tried to enable ETP (had it disabled previously) on x.com and it works, so they must have fixed it.

Didn't verify. Twitter is on my mental blocklist anyway.

Yep, the sooner that website disappears into a black hole, the better. Nothing of value will be lost.