The article has it wrong with Safari. While ITP (Intelligent Tracking Protection) started in 2017 indeed, Safari has been blocking all third party (and thus all tracking) cookies since almost forever. Safari started to block all third party cookies in 2003 with the release of Safari version 1. [1]
Not only that, Safari also started to partition web cache in 2013, and it's still the only browser with such partitioning. [2] Without it, tracking doesnt even need cookies.
"If you only block cookies, you still have all the other storage and stateful things to worry about." - Safari ITP engineer John Wilander [3]
Also the spin of the article is slightly dishonest, simply turning off third-party cookies in Chrome achieves to negate most of the explicit criticism in the article. The author probably had the conclusion of the article in mind (setting up good Firefox against evil Chrome) before looking for supporting arguments.
It's a bit ironic. While mainstream media starts to discover the existence of third-party cookies, which had been a known issue for around 20 years, Big Tech tracking has already moved to first-party tracking, fingerpringing and cache tracking.
For example, Facebook switched to first-party cookie tracking in 2018. [4]
Everyone who wants to understand the dynamic needs to look into the relationship between Apple and ad tech, with Apple's recent counter-move being the addition of ITP 2.2. [5]
Since the release of ITP 2.1, even first-party cookies now are limited to 7 days, and all first-party cookies that are even potentially tracking cookies get deleted after already 1 day. [6]
Firefox doesn't play much of a role in this fight. In fact, Firefox never did anything pro-actively to make ad-tech sweat. The decision by Mozilla to block all third-party cookies in 2013 [7] was reverted in fear of Ad-Tech.
Mozilla is better at marketing than with the technology, and still hasn't enabled tracking-protection except for new users.
I'm one of the many devs who worked at one point or another on Mozilla's third-party tracking protection. We had prototypes working in ~2012, if my memory serves. Unfortunately, these prototypes broke the web badly. The web was simply not ready for such protection.
Now, Apple, with their iOS monopoly, managed to strong-arm the web into a position in which third-party tracking protection was finally possible. Kudos to them, now we can finally release this technology. We're doing it slowly, because by opposition to Apple, we cannot afford to break the web.
Why did Apple do this, though? If you recall, Apple's stance on privacy is quite recent. The tech world has a short memory, but I remember Apple being caught red-handed slurping data from user's iPhones not so long ago. Also, unless things have changed (honestly, I haven't followed), Apple tracks users through their native apps, because you're pretty much obligated to go through Apple's SDKs for many things, and they require a tracking ID, which brings revenue to Apple.
So, yeah, Apple's actions have had some good impact on web-tracking, and that's great. But don't forget that they do this for strategic reasons: 1/ because they want to encourage devs to use another tracking mechanism that the competition cannot emulate; 2/ to immediately hurt the competition.
Now, you are right about the double-keyed caches – although using this to track users is quite more complicated, less precise and less reliable than first-/third-party cookies, it's something we need to address. We're working on it at this very moment.
Finally, yeah, first-party cookies... hard to counter. We're also working on it (is anyone else doing so?), but that will be a tough fight.
> Why did Apple do this, though? If you recall, Apple's stance on privacy is quite recent. The tech world has a short memory, but I remember Apple being caught red-handed slurping data from user's iPhones not so long ago. Also, unless things have changed (honestly, I haven't followed), Apple tracks users through their native apps, because you're pretty much obligated to go through Apple's SDKs for many things, and they require a tracking ID, which brings revenue to Apple.
This is incredibly misleading. Apple has been mostly criticized for allowing apps to collect excessive user data--for example, apps could access contacts at first without permission. It has been slowly shutting down these methods, as the realization has sunk in the the more open environment of Macs and PCs is just not appropriate for mobile phones. For example, apps in iOS 13 cannot access bluetooth or Wifi information by default, since it was being used to infer location.
Apple does of course collect some user data, e.g. for Siri or app analytics. But it's all painstakingly disclosed and its practices around differential privacy, deletion, and so on are quite good.
The tracking ID was Apple throwing a bone to ad industry and app makers, when it shut down far more precise ways of tracking users.
> the more open environment of Macs and PCs is just not appropriate for mobile phones
This is changing too. The last major MacOS upgrade added iOS-style permissions for some things (contacts access comes to mind) and the latest version of MacOS (Catalina) VASTLY expands that.
We're not just talking about apps from the Mac App store either which are sandboxed. Fire up terminal and you can't access the underlying SQLite database powering contacts anymore. sudo to root and you still can't!
MacOS is gradually adopting a more iOS-style permission model in an incredible way. One which does not even remotely phase or inhibit me as an extreme shell power-user. It's a quite impressive transformation they're undertaking here.
> This is incredibly misleading. Apple has been mostly criticized for allowing apps to collect excessive user data--for example, apps could access contacts at first without permission. It has been slowly shutting down these methods, as the realization has sunk in the the more open environment of Macs and PCs is just not appropriate for mobile phones. For example, apps in iOS 13 cannot access bluetooth or Wifi information by default, since it was being used to infer location.
Yep, the tech world has a short memory :) I distinctly remember Apple caught red-handed slurping GPS data from their users.
> The tracking ID was Apple throwing a bone to ad industry and app makers, when it shut down far more precise ways of tracking users.
Unless I'm mistaken, it's still much more precise than any form of web tracking.
Which is literally when they began to take privacy very seriously. Keep in mind that's 8 years ago & the first iPhone was released 12 years ago. I wouldn't characterize that as "recent".
You say “caught red handed” and other accusatory statements. The article says they had announced how (encrypted, anonymised) and why (to provide more accurate location information to users) before it was “discovered”.
It doesn’t really appear to be very nefarious, nor an advertising issue. Maybe an unintentional or neglectful privacy issue at worst, in the case of an already-stolen phone.
> If you recall, Apple's stance on privacy is quite recent
Apple's position on privacy really started accelerating in the pro-privacy direction in 2011 due to the issue around unencrypted location backups, which was also around the time Tim Cook took over. I don't know that 8 continuous years of trying to improve privacy (2/3 of the duration of the mobile revolution & going) is fair to characterize as "recent". Having worked there 6 years ago I can tell you that not only did Apple have internal messaging about privacy being important, they walked the walk in terms of supporting initiatives to continue to push the envelope.
> If you recall, Apple's stance on privacy is quite recent. The tech world has a short memory, but I remember Apple being caught red-handed slurping data from user's iPhones not so long ago
Which instance are you referring to? (sounds like the GPS incident above which doesn't seem recent to me).
> Also, unless things have changed (honestly, I haven't followed), Apple tracks users through their native apps, because you're pretty much obligated to go through Apple's SDKs for many things, and they require a tracking ID, which brings revenue to Apple.
AFAIK Apple doesn't track what you do within the app. They do track things like crashes, other issues, general 3p app usage (for understanding what's important to their customers), & their own apps. All things you would expect ANY vendor to do. It's super hard to add things to collect because above the privacy impact there's also typically a battery impact.
Well, you seem to have better knowledge of Apple than me, so I'll bow to your knowledge. I had the feeling that Apple's privacy stance was privacywashing, but if it is serious, that's great.
To return to the initial point, though, the reason for which Mozilla hasn't shaken the web as much as it wants in terms of privacy is that it doesn't have Apple's sole-king-of-iOS position. Whenever the web breaks on Firefox, users blame Firefox. Whenever it breaks on iOS, users blame the web.
So Firefox needs to be smart and intentional. It's hard and slow work, but things improve :)
Mac Safari doesn't have that kind of protection. Indeed, Firefox has higher global desktop browsing share than Safari.
We found ways to add privacy without breaking the web by taking gradual steps and finding clever technical solutions.
I appreciate Firefox getting on the privacy-by-default train, but it's just wrong to say that iOS gave us the ability to do something that others couldn't. Our only superpower was being willing to ignore those who said tracking protection would destroy the web economy and/or tank revenue (plus aforementioned crafty trickery).
> Now, you are right about the double-keyed caches – although using this to track users is quite more complicated, less precise and less reliable than first-/third-party cookies, it's something we need to address. We're working on it at this very moment.
> Finally, yeah, first-party cookies... hard to counter. We're also working on it (is anyone else doing so?), but that will be a tough fight.
That sounds awesome. Ad-tech is a burden to society.
What's complicated with first-party cookies though? Didn't Apple for example just give them a limit of 7 days? I guess Apple just accepts that people have to log-in again after the 7 day period, but I haven't looked into the technical details about this feature.
> If you recall, Apple's stance on privacy is quite recent.
You should read some of the history of Steve Jobs, and you will learn that he was very serious about privacy and it seems like his values have been imbued into Apple and now Tim Cook.
So what? The web wasn't ready to mandate JavaScript for rendering HTML, so why should we double-down on "not breaking things" now, instead of when it mattered?
It's hard to take anything you write seriously when you're being disingenuous.
>Unfortunately, these prototypes broke the web badly. The web was simply not ready for such protection.
Yet Apple was fine disabling third-party tracking since 2001 according to GP?
>Now, Apple, with their iOS monopoly
A monopoly over their own product?
>If you recall, Apple's stance on privacy is quite recent. The tech world has a short memory, but I remember Apple being caught red-handed slurping data from user's iPhones not so long ago.
A quick Google search shows that Apple was embroiled because they enabled WiFi-assist by default, which caused some people to use more cellular data than intended. Is this the privacy-invading data "slurp" you mean?
>But don't forget that they do this for strategic reasons
Who doesn't? Apple is not a charity. We should rejoice that Apple is monetizing privacy, because it means the system is working.
>We're also working on it (is anyone else doing so?)
GP literally just mentioned expiring first-party cookies after 7-days.
I don't trust Mozilla _at all_ these days. Instead Mozilla seems interested in marketing themselves as privacy-focused only enough to grow their userbase for the near future. Once at some critical mass, Mozilla seems to proceed exactly like Google.
Bookmark and password syncing is very important to me. As far as I know Safari is unusable on Linux and Windows so it’s not an option. I’ve settled on Firefox Developer edition after finally getting sick of chrome a couple of years ago. Also had good success with Brave and Vivaldi but Brave isn’t quite there yet and Vivaldi needs syncing and a mobile app.
This is a great explanation of the range of Safari privacy protections. Besides cache, it's also necessary to partition or restrict all other storage mechanisms and communication channels. This includes IndexedDB, Web Storage, Service Workers and HSTS state(!), among the various things we've had to address.
> Firefox doesn't play much of a role in this fight. In fact, Firefox never did anything pro-actively to make ad-tech sweat. The decision by Mozilla to block all third-party cookies in 2013 [7] was reverted in fear of Ad-Tech.
This is the problem I have with Mozilla -- they claim to be defending the internet, but they clearly have no leverage or power to effect change because their market share is so small.
I can't name a single bad thing that Mozilla has prevented from happening to the internet in the past decade or so.
I also cannot think of a single good thing that happened only because of Mozilla's support. A lot of this do-not-track stuff, for example, was pushed by other browser vendors and would have happened whether Mozilla wanted it or not.
Just providing an alternative browser to Chrome is a good thing, in my opinion. Especially now that Microsoft also has caved in. I think it would be bad if Chrome where to have even less competition than it has today. So, I put Firefox down as a good thing for the Internet, on the whole.
Android is barely mentioned in the article, but Firefox for Android offers significantly more compelling advantages over Chrome on Android than desktop. For some users, the ability to run extensions is a big win.
My problem with Firefox on Android is extreme latency on initial page load.
I select a URL, and literally sit there for 5 to 10 full seconds before the page even starts to load (it does render quickly once it starts).
I load the same page on the same device with Brave, or Chrome, and there's near-zero latency. It just starts loading right away.
I'd love to switch over, as Firefox is my daily driver on the desktop and it's where all of my passwords are synced. But on Android it just hasn't been usable for me yet.
That has not been my experience, or I would probably not be satisfied with Firefox on Android. I just checked and saw no difference between Firefox and Chrome starting to load a page.
I have the same problem as OP, which makes me think that this is not common, and yet it affects some people. If it were common, the app wouldn't exist because it is just entirely unusable.
I used to have this problem and I remember it being DNS related. It was a while ago and I don't quite remember what I did to resolve it, but it had something to do with disabling IPv6 dns resolution while not using IPv6 in about:config and possibly something else as well.
Yes I think you're on the right track. It must be some lurking network misconfiguration. Firefox itself is not broken in this way in my experience (which is not short).
Also not my experience. In fact I moved from Chrome to Firefox because I preferred the Firefox UI.
I was almost pulled back by Chrome's "translate page" option. It's near indispensable when holidaying overseas. But then I discovered I could install ublock origin on Android Firefox. The difference is literally spectacular. You use less data - but data caps are so big now that doesn't matter so much. It's not just the fast page load, although that is nice. It's the fact that screen real estate is precious on mobile. It's the different between regularly having to scroll to see the page you clicked on, and not.
A new generation of Firefox for Android is coming next week. It's called Firefox Preview – it doesn't have all the features, but it should be much faster, if you want to give it a try.
Firefox for android is the only way I can block reddit and twitter as a means to improve my focus. I can't access my hosts file because to do so would require root, which apparently would break Android / Google / Samsung Pay (I'm not sure the difference between them, but apparently rooting breaks them, and I use.. er.. one of them, I dunno which one).
These days you don't need to. Blokada (https://blokada.org/index.html) takes over your DNS and gives a bad response when a domain on your blocklist is requested.
Other options are to set your phone's DNS server to a pi-hole or to use a VPN to a network that has a pi-hole.
> which apparently would break Android / Google / Samsung Pay
I've been trying to switch over to Firefox for the last few weeks. The experience hasn't been great, but most of the issues I'm willing to live with. However, even after disabling all extensions, it still pegs my cpus and freezes my machine, several times a day.
I'm planning on moving back to chrome this weekend. No amount of privacy can make up for the disruption.
This is not normal behaviour. I've never had Firefox do that, even with a whole bunch of extensions, on Windows, Linux or Mac, over the past 10+ years.
It did used to run out of memory for images, and the UI of Firefox (and just Firefox) would sometimes pause, but those issues are a couple of years back now.
I'd dig deeper. There's something odd in your machine configuration.
This is simply not true. It seems like a common problem. Chrome just seems more optimized and works flawlessly on a wider range of devices. Waving away individual issues is not the right solution
A quick search on google search history trends show this statement: "It seems like a common problem" is "simply not true". Searching for firefox and freeze decreased significantly over the years.
In current iteration I would say it's way more probable that the person who started this chain has an overall issue with PC performance outside of firefox.
I see this kinda of post on every post about Firefox here and it's so weird because I use Firefox on every device and have never had any issues. Even on sites like youtube.
It’ll be interesting to find out how it works these fake news piece about Firefox that’s always there. I switched to Firefox few years back and if there’s something very noticeable about it currently (other than slickness) it’s how performant it has become, even with 10s of tabs open.
Anyone who's worked in the video game industry knows how insanely inconsistent compatibility can be on across different device configurations. With browsers using more and more GPU acceleration, it wouldn't surprising if some configurations have major performance bugs. The one thing with Chrome is that it has very good compatibility.
I've had a lot of unstable behaviour on Firefox, ironically, from the stable branch. Moving to the beta channel a couple of years ago solved most of my issues. And I've absolutely loved the Quantum upgrades so far, even though some seemed a bit iffy at first[0, 1].
[0] the roadmap to get GPU support on WebRender for example -- but I guess in time we'll see how that turns out.
[1] one which I had a few issues was the multiprocess approach. That brought me some trouble at first but in the end got ironed out just fine.
I get full OS freezes periodically and it's the only thing keeping me from switching, really. It usually unfreezes after anywhere between 10-60 seconds. But mouse won't move or anything during the freeze.
It's on Windows 10, Nvidia GPU. Have tried the bucket list of things to solve this without any solution so far. It happens even with just two or three tabs open.
It only happens with Firefox, nothing else. All other games, programs, browsers, etc run without issue. Firefox is the only commonality that causes the freezes. If there are no Firefox processes open, the freeze does not occur.
Oddly, I see you're on macOS, where I also used Firefox- but I never had an issue there. Interesting, because it seems my experience is the reverse of that of most Firefox users.
I am the developer who ported Gecko a11y to multiprocess on Windows. Some third-party software unnecessarily tries to use the Windows a11y API to do stuff with other programs, but in Firefox that may incur a performance penalty depending on what the third-party code is doing.
That's really interesting because I've had the exact opposite experience.
I switched from Firefox to Chromium after some problems I ran into on a laptop. The experience wasn't great, but I was willing to live with most of the issues.
However, even after disabling all extensions, it still pegged my cpus and froze my machine, several times a day.
I moved back to Firefox. No amount of features was going to make up for that disruption.
I have similar complaints with Firefox. It doesn't freeze my machine to the point of rebooting, but a whole lot of seeing MacOS's "rainbow beachball."
Overall it is just a clunky experience. And I can't run stuff I'm working on because they don't support communication with MIDI devices (they've been talking about it for years)
I think a better solution for many of us is an un-Googled version of Chrome/Blink, such as Brave or maybe even Edge when it is ready. You CAN get the best of Chrome without the worst, and the more Google does these things, the more effort people will go to to make it easier to do so.
> It doesn't freeze my machine to the point of rebooting, but a whole lot of seeing MacOS's "rainbow beachball."
Yikes, still? That exact thing happening way too often—with like a half-dozen very normal tabs open, and when FF wasn't even in focus—was what drove me first to Chrome (where I could open a stupid number of heavy tabs and not see problems as bad as FF), then later to Safari (for the double-digit-percentage better battery life than Chrome) on my Macbooks, and that was... wow, probably 2010 or so.
It’s not normal — usually it’s caused by buggy extensions but even that improved when they dropped the legacy extension interface due to problems like that.
Do you run mac OS? Because I had this same issue with a macbook, when jump to Windows and Linux, the CPU keep the same as Chrome, but in mac Firefox was slow, and make the fans be at top speed.
Sounds like buggy behavior. The logical conclusion is that the devs aren't rebooting their computer 7 times a day so your experience differs from theirs.
If I was running a beta, I'd happily do that. But I have little goodwill left at this point and little expectation of being rewarded for investing any more time, or interesting waiting for a fix.
There's a plethora of 'how to stop Firefox from being a cpu hog' articles online, which suggests that this isn't uncommon behaviour, nor limited to a recent release.
Complaining on hacker news doesn't get stuff fixed bug reports preferably with specific info like specific software/hardware versions and sites on which the behavior occur do. In all likelihood
- 10% of laptops/desktops are mac
- 5-10% or less run firefox on mac. If firefox has more problems on mac I wouldn't be surprised if firefox had less marketshare on mac than overall.
-Some unknown percentage have major issues, lets call it 1% since lots of people report firefox works fine for them on mac.
You could be facing issues faced by only 0.05%-0.5% of firefox users. If people who face such issues overwhelmingly choose not to bother to report them then they will never be corrected.
Beta testing is unlikely to ever find all possible issues that will be uncovered when a product is exposed to millions of users.
Obvious bugs that effect everyone are quickly fixed. What's left is often less obvious issues that effect a smaller portion of the user base.
I use Firefox daily on a Mac. It just works. Since Quantum or so, it works fast. Before that, I resorted to Chrome on Mac. And because of that, I resorted to Chrome in general. At work, in the virtual desktop (which I can actually avoid using most of the time) I only get to choose between IE or Chrome.
My point? You lost me as a Firefox user in the past. And I have been an avid Netscape Navigator, Netscape Communicator, Mozilla SeaMonkey (first milestones) and Mozilla Phoenix/Firebird/Firefox user in the past (I even used Phoenix 0.1). The only other browser which I used with pleasure, is Opera (with Presto).
It's not just that. I don't want a homogeneous browser culture. I believe that is bad on the long term.
I've never seen this in a Firefox install and I've seen many installs. At least in the last several years and further back I either don't remember or it's useless to mention now.
Assuming you didn't start clean, try starting with a new profile. If you did, try updating your GPU drivers. You also may want to try the Developer Edition which may contain some improvements.
I have seen similar problems right after using GMail or watching YouTube videos. Firefox would keep CPU busy even if I closed those tabs. I stopped watching YouTube on Firefox because of this.
If you close the tabs and Firefox keeps using CPU, how's that Google's fault? Or are you suggesting that Google is exploiting some bug in Firefox to have it use CPU time even when the tab is closed?
To be honest, I'm not using that many websites. Maybe 20-30 in total. It is possible that other sites have similar problems, but I noticed with Gmail and YouTube because I use those two a lot.
Or maybe, unlike the rest of the sites, Google engineers don't bother to test stuff on Firefox?
Not to be all "me too", but yeah, I've had a lot of problems with Firefox like this. It stops responding or the entire desktop stops responding. The only systems I use Firefox on are Lubuntu laptops I use for monitoring my Twitch dashboard when I stream, so it isn't like I'm browsing esoteric sites with strange and complicated workloads or something.
Every now and then I see one of these articles that talks of the evils of Google. It makes me give Firefox a go again. Every single time I go back to Chrome. I've had 5 different computers and FF always freezes at some point on every one of them. I'm a front-end dev and having all of my working tabs go away is not great. Secondly, this last FF freeze (a couple days ago) blew up my profile.
Google may not care about my privacy, but there are no alternatives.
Have you tried starting with a clean profile and no extensions? It’s been many years since crashes have been common on Windows or MacOS – generally since they moved Flash into a separate process.
If I use Chromium, how would I get security updates in time?
If there is no good answer to that, then how would I get warned of a vulnerability so that I can switch temporarily to Chrome till the vulnerability is fixed in Chromium?
Similar to my experience. First on MacOS, then when I switched to dual-boot Win/Linux in 2018, I found it to be the same on all three platforms. I don't get extreme CPU & machine freeze often, but FF itself frequently (2 or 3 times a day) stops responding & I have to kill it. Shame, as there are things I really like about it (notably multi-account containers). But it just doesn't work well enough for me.
Finally the narrative is changing from features to privacy. It’s a fantastic modern and fast browser but it’s really Mozilla as an organization and their commitment to users that’s making Firefox the most important browser out there, if not the only one, users can trust.
I think it's reasonable to start bringing Servo into limelight, and start removing all Chromium based code eventually, given the amount of control Google has over Blink.
I for one, would like things like Opera/Electron to start moving us over, because of the fears that Chromium may no more be safe from eventual interference.
I really at a loss why decent browsers for "techies" cannot be better. I really like uzbl-tabbed even though it's fairly primitive and the code is getting older.
All I need in a browser is the ability to browse (tabbed) while blocking ads. Browsers anymore have become walled gardens what with their add-on web stores, garbage like Pocket, sync, etc. I don't want any of that. Browsers could all be more like the old-school Konqueror, in the sense that one could import ad block lists at will without resorting to visiting store. No telemetry. No built in search for a certain search engine.
> All I need in a browser is the ability to browse (tabbed) while blocking ads.
You can do this in Firefox, with several great ad-blocking extensions, such as uBlock Origin or Adnsaueum.
> Browsers anymore have become walled gardens what with their add-on web stores, garbage like Pocket, sync, etc. I don't want any of that. Browsers could all be more like the old-school Konqueror, in the sense that one could import ad block lists at will without resorting to visiting store.
Firefox allows you to remove what you don't need, especially Pocket. Sync is optional.
> No telemetry. No built in search for a certain search engine.
The issue is that stuff just keeps being added. There's always something new to disable. Mozilla talk the talk on community input but then bypass it for Pocket or TV show tie-ins.
Importing a list implies there is something to consume the list like an adblocker.
While this could and I think should be built into the browser having a complex enough addon system to build something like ublock origin ensures that you can always use best in class tools. As an example adblock plus was the best option years back until ublock origin came into being.
ublock origin uses less resources, improves latency, and blocks some things that adblock does not.
Had your hypothetical browser for techies standardized on building adblock plus into the browser you would be stuck with it for some years until they moved on instead of clicking a link in an addon store.
Complex tools always end up being about the ecosystem because core developers neither have man centuries to scratch every itch nor a monopoly on good ideas.
Insofar as you have an ecosystem distributing it via a central store or stores is a proven idea. You can make an informed decision to trust a store which can vet individual developers/companies and also make the decision to remove people who later abuse that trust.
Example stylish was used by many users then sold to scummy people.
Having your users browse the entire web and make the decision on the spot as to what to trust to run on their computer has failed so many times its hard to imagine it needs another try.
It's all well and good to imagine that a sandbox should be used to limit the access an individual app or addon is allowed to have but such cages always have weak hinges somewhere and furthermore people often want at least some apps to have relatively expansive permissions so that interesting tools can be built.
This leaves the users vulnerable to your hypothetical bad addon requesting permission to own the world and the user reflexively clicking yes.
Because many "techies" want something more advanced. I use a bunch of extensions to improve my experience (NoScript, uBlock Origin, HTTPS Everywhere, Bitwarden, Vimium etc). You could argue that many of these features should be built in (eg adblock) but not all of them (eg vimium).
You don't have to install extensions if you don't want them. They're not walled gardens. I can install Firefox extensions without ever browsing any of Firefox's websites.
I agree there should be no telemetry but there are FF forks with that removed.
Bit of a digression but check out qutebrowser, it uses a chromium derived library under the hood, it has a VIM like interface. And it's engine isn't massively insecurely out of date like uzbl and co.
However this has little to do with the discussion, I don't think qutebrowser does anything to stop fingerprinting and tracking like FireFox.
What users would Apple truly to lure away? The only platform that has both is MacOS and iOS. AFAIK most Mac users use Safari and even if you are using Chrome on iOS you’re still using the WebKit engine.
How would winning users from a Chrome even help Apple if they did go head to head with Chrome?
While developers may ignore Safari on the desktop, they can’t ignore iOS.
After having read this article, I read a bit more about third-party cookie blocking, and I was reminded that cookies are not the only way to track internet users: localStorage, and cache tracking with HTTP ETag, also enable tracking.
This led me to Safari which partitions cookies, cache and HTML 5 storage for all third-party domains. As far as I know, Firefox (and Chrome of course) don’t to that.
It’s easy to check with the browser developer tools open:
- Empty your cache.
- Visit a website that uses a given font hosted on fonts.google.com.
- You should see the HTTP request for the font in the network tab.
- Then visit another website that uses the same font on fonts.google.com.
- In Safari, you should see another HTTP request, because the cache is not shared.
- In Chrome and Firefox, you’ll see the font is retrieved from the cache.
Kudos to Apple for their work on the privacy features of Safari! I’d be happy to see Firefox put the same emphasis on this :-)
It also has a working location bar that doesn't forget my history from a day ago. And a functional history that indexes on more than component prefixes (thanks Chrome).
Yeah, I feel like when I type `h` in chrome's url bar, I always want hacker news. In Firefox it's always the first result for me, but I feel like with chrome it never is. Does anyone else observe this or am I holding it wrong?
It seems to me like if you visit a URL about three times, then any time you type a fragment of that URL it assumes that's what you want.
This happens to me at work all the time. When I'm working I'll visit localhost:8080/feature/abc over and over, as I'm working on feature ABC. But a month later when I start working on feature XYZ and typing localhost:8080/feature/xyz, it does not pick up on the pattern. Typing "l", "localhost", or even "localhost:8080/feature/" will always autocomplete to ABC, no matter how many times I visit XYZ.
I'm glad the author recognizes the danger of trackers and the value of Firefox blocking them. Unfortunately, the rest of the Washington Post hasn't gotten the message. When I try to read the article just get a message that I have to disable tracking protection first.
I've been critical of reporters for ignoring this hypocracy, but I don't think it applies here.
The reporter doesn't control what the Washington Post does; they can only choose what they report on. I am critical of reporters who refuse to acknowledge that conflict of interest, or who only report on the Facebook/Google side of things without acknowledging that this is something that applies to the web (and news sites) in general.
But I don't feel like that's what happened here, the author is reporting on web tracking in general, and giving mostly accurate information, regardless of the fact that consumers who follow it will also be blocking some of the WP's own trackers.
I do kind of get annoyed that journalists aren't doing more to champion ad blockers, given that they are one of the easiest, simplest steps someone can take to reduce tracking. But... baby steps.
Is the WP itself as a business being hypocritical? Sure, but to me that's a very different problem than what I typically see in privacy reporting. I'm more worried about whether or not reporters are willing to include browser tracking and news trackers in the discussion about privacy at all. Is the narrative, "Google is evil", or is it, "we have a structural problem that many, many businesses are complicit in"?
I just disable JS any time a site does this to me. It forces them to either renege on their threats and send me the HTML, or I just leave and never come back because there's nothing to see.
Speaking of disabling JS. I wish Firefox had the same simple per site JS toggle like Chrome has it the Site settings area.
I can't find a way to disable JS per site without using an extension such as uBlock Origin. Firefox has some site policy settings but I never got them to work not to mention they are a pain to manage even if they did work. I would like a simple enable/disable toggle as part of the site permissions interface they have when you click on the (i) next to the address.
I am very fond of Firefox and use it on macOS & Android as my daily driver but the one thing where it doesn't hold a candle to Safari and Chrome is its Applescript support which is simply abysmal.
Example: with Safari and Chrome I can use Applescript to query the browser for a list of open tabs, and switch to a particular one. In Firefox there is no way to do that.
the reason i couldn't make the switch was the poor bookmarking/topsites. so i finally got around to making a speed dial extension that replicates the awesomeness of opera's.
every other speed dial extension i could find was shady -- defeating the purpose of going to ff in the first place :o
I suspect the downvotes are for those who think it really can be answered with a simple no. Or perhaps because it doesn't end in a question mark..
On topic though I recently tried switching to FF and was surprised at how much slower pages were loading. Has anyone else experienced this? Is this just a matter of caching?
I've actually had the opposite experience recently, but it was a page I developed myself using FF as my primary browser, and when I switched to Chrome discovered it was very slow (>10s vs. <1s in FF). I expect it depends mostly on what the developer is targeting. As Chrome approaches monoculture status similar to IE in the 90's, devs are more and more paying attention only to it.
The downvotes are just for mentioning "Betteridge's Law of Headlines." 8-10 years ago on every headline that was phrased as a question, it was like every 3rd comment. It adds nothing, and I still reflexively downvote it without any particular malice.
A) Everybody has heard of it (or can hear about it from somewhere else), B) nobody cares if a particular headline comports with it, because C) it's not a law, just a funny observation somebody made once that definitely doesn't hold anymore because headline writers are familiar with it, too.
Yea stuff is always loading a bit slower on FF versus Chrome, both on my phone and actual computers. Regardless, I only use FF. It's worth it if only for the ad-blocking extensions on mobile.
Betteridge's law doesn't apply here because it answers the question: it comes down to privacy.
But even if it did, then Bettridge's law would apply. If you read the article, you will see that he doesn't say that Firefox is flat out better than Chrome. If fact, he even gives the performance advantage to Chrome and says that there are ways of "defanging" Chrome when it comes to privacy.
Really, the point of the article is not a technical comparison of browsers, but rather a statement of the importance of Firefox when it comes to privacy. And the value of not using a browser made by an adtech company.
Not to mention they are far too involved in politics, which tech companies should not be, at least not overtly.
I realize I'm likely in the minority here, but I grow weary of tech companies thinking they need to overtly champion causes, many of which I vociferously disagree with. If you make widgets, make them. Don't get involved in politics and then use your company to champion your beliefs, because this tends to alienate people.
Since you asked, I have read the code (quite a while ago).
The telemetry bits can be disabled easily. A new firefox installation (or rather, a new firefox profile) will open in a tab: https://www.mozilla.org/en-US/privacy/firefox/ . That website has a button under the "Improve performance and stability for users everywhere" section that will bring you directly to the section of the preferences where you can disable telemetry and crash reports and such.
Did you read the privacy page?
PS: Firefox used to pop up a small notification bar at the bottom on fresh profiles instead of that privacy pge that asked you to allow telemetry data sharing. That seems to be gone now. The previous solution was more obvious about the stuff but also worse UI/UX. The privacy page could and should be improved to make the preferences button more visible or at least not-hidden in a collapsed section by default.
People unfortunately equivocate the idea of telemetry, and will compare the idea of a web browser sending version information with a web browser collecting actual web traffic. Both may be bad, but they're certainly different kinds of bad.
Do we have a thorough and detailed list of what information is possible in the default Firefox telemetry?
The downvotes seems a bit unfair. I think this is a good comment.
Any chance you could give more info on which metrics they're looking at though? Because if it's mainly CPU usage and the like it doesn't seem to be a big concern.
If you load about:telemetry in Firefox, it will tell you what information is being collected, link to various documentation, etc. It also tells you whether telemetry is actually enabled right now or not, and links to the preference section where you can enable/disable telemetry.
The set of telemetry collected by default depends on the build channel: release builds collect much less data than nightly or beta.
You can also see exactly what data Firefox engineers can see at https://telemetry.mozilla.org/ -- there is no special behind-a-login view for this stuff that I know of.
The problem is there are more lines of telemetry than most projects have code. You should probably have it audited - or better yet - just remove the telemetry.
That is the great thing about firefox, when I disable the telemetry which they make extremely easy to do. I can be certain that it is actually disabled. Unlike the shady practices Chrome uses where I never feel comfortable or like they are telling me the whole story. Hidden options and settings force me to not be able to feel safe using their product after an update. I have stopped using Chrome entirely over 3 years ago and have no tried it since. Too many shady and irresponsible practices at play there.
How can you be certain about Firefox? They did disable all addons due to a "failed certficate update" and then proceeded to bash Chrome for 2 weeks about a fake story of adblocker addons being blocked, which turned out to be completely false, then they had two 0day exploits in 2 days. Same can't be said for Chrome or Chromium, which actually has video decoding hardware acceleration on Linux because they are more serious advocates for open source.
Every telemetry probe requires a privacy review in addition to the code review. If you want more, the source code is available online. Do you have more in mind?
I laughed when I discovered that, while the mobile data on https://data.firefox.com has been "coming soon" for more than a year now, they had opened a github issue for adding Google Analytics to the site, and subsequently added it. Talk about priorities.
I mean, presumably the people at data.firefox.com are data scientists; and presumably those same data scientists are used by Mozilla to answer any number of internal questions. So, like any proper data scientists, their response to "how highly should we prioritize this task for the public" is "let's get data on how interested people are in the report."
There is a significant pro-FF brigade here. I'm ambivalent really, I don't care about the OMG Privacy so much and I think all modern browsers are over-complicated garbage fires, but if I say something like "Firefox has some memory leak issue that constantly gives me trouble on the Lubuntu laptops I have" I expect to be downvoted because how dare I tarnish the good name of their preferred software! It's a lot like dealing with Linux Desktop evangelists actually, and probably helps FF adoption as much as that does Linux Desktop adoption.
I have issues with memory usage and crashing with Chrome, but you don't see me filling up threads about Chrome with posts about the isolated issues I'm having with it. It's not relevant. Put bugs in bugzilla, please.
There IS currently a pro-Firefox sentiment on HN. But like most things here, it operates on a pendulum.
* Sentiment was sharply NEGATIVE not so long ago... when Firefox cut off support for the legacy plugin ecosystem.
* Sentiment was POSITIVE not so long before that... when Quantum shipped. Improving performance, and delighting the Rust crowd.
* Sentiment was NEGATIVE not so long before that... as Mozilla was too distracted by mobile OS misadventures, and Firefox's performance had become awful relative to its competitors.
* Sentiment was POSITIVE not so long before that... as Mozilla was the only voice somewhat pushing against DRM in HTML5 standards.
And so on.
At any rate, I don't think you're being downvoted due to a pro-Firefox brigage. I think you're being downvoted because you are posting in an immature "Reddit" style, without contributing much of interest to the discusion, and that style generally does not fare well here.
HN is pretty different from Reddit at least, at least taking Reddit as a whole (e.g. r/lisp may be different). Whether it's better or not I suppose depends on one's point of view.
Firefox has weird font rendering issues (tested on Fedora 30). Fonts that look perfect on Chrome look like they bleed on Firefox.
Firefox's containers is also a poor man's version of Chrome profiles. I want completely separate _everything_. Firefox's Profiles is similar, but then you get warnings about Firefox already running when you click a link in a non-Firefox program.
> Firefox's containers is also a poor man's version of Chrome profiles. I want completely separate _everything_. Firefox's Profiles is similar, but then you get warnings about Firefox already running when you click a link in a non-Firefox program.
Containers is solving a different problem than you have. If you have multiple profiles running, how do you want it to know which in profile to load the link? You could set your link helper in your OS to run Firefox with the --profile option, to pre-set it, if that's what you want.
> After the sign-in shift, Johns Hopkins associate professor Matthew Green made waves in the computer science world when he blogged he was done with Chrome. “I lost faith,” he told me. “It only takes a few tiny changes to make it very privacy unfriendly.”
Did he ever say why he lost faith? Cause at least Chromium has hardware acceleration for video decoding on Linux. The story about ablock extensions being blocked was completely false.
>The story about ablock extensions being blocked was completely false.
What about it was false? Developers made it clear that the changes would neuter many ad blocking extensions, and Google actually backtracked due to the outrage (to a position that still prevents effective ad blocking).
No, they didn't make it clear that it would do anything to ad-blocking extensions, only in their current for would they have to make changes which are actually supposed to speed up adblocking. Poor developers had to make some changes because Chromium wanted to improve things. They didn't backtrack due to the outrage either. They are still moving forward with the improvements and Firefox crowd is still lying about what is actually going on. Guess they are looking for new users to exploit with their 0days.
Isn't Chrome just as private as Safari or Firefox with the right extensions to block tracking and other common issues?
I understand that most people won't know which extensions to install or how to install them, but for tech savvy people, isn't Chrome with Privacy Badger and HTTPS Only just as private as Firefox, with a much better overall browsing experience?
This is even more in the weeds, but if you turn off sync, google services, page preloading and use a non-google default search engine, what's left for them to track?
It comes down to ignoring Firefox's inferior UI/UX and blindly buying into Firefox marketing.
Seeing as how the internet is actually a shitload of poorly organized data it's unclear what advantage Mozilla gains by not being in the 'data collection business'.
"Firefox isn’t perfect — it still defaults searches to Google and permits some other tracking. But it doesn’t share browsing data with Mozilla, which isn’t in the data-collection business."
Needlessly relearning things to avoid collecting them doesn't make any part of browsing faster or more efficient.
Data provides advantage, but it's also a liability. If you collect the data and store it, then it can leak out (perfect anonymization is a pipe dream). Or you can get hacked.
More generally, using collected data means you are making decisions based on something that some of your users don't want you to have. That may be fine if you're careful with the data and you provide something of value in return, but the minute you do something that your users don't like, then they can reasonably blame you for acting against their best interests.
If you carry around a can of spray paint, don't be surprised if you get blamed for graffiti.
(This doesn't respond directly to your post; I'm responding to the idea that data collection is a fine and good thing because it helps make browsing faster or more efficient and that's all that matters.)
Firefox is a much better designed app than Chrome, which never looks or acts like normal apps. It has even intercepted cmd-q now which is super annoying. Which browser works better or is faster, I have no idea, though I've never run into problems with Firefox.
> It has even intercepted cmd-q now which is super annoying.
I can understand reasoning behind that. I had to install a Firefox extension that disables cmd-q on macOS because I had closed the whole browser many times by accident (while trying to quickly hit cmd-w). You can still use cmd-q but you have to press it twice in a very short time. Maybe Chrome could do the same.
Firefox uses Ctrl+Shift+Q to quit the entire browser now on Windows and Linux based platforms, presumably because of that reason. You might not need that Firefox extension anymore.
Fantastic service does not require giving up your privacy. There are privacy-protecting ways to do personalization, gather data for machine learning, and so on. Even advertising business models do not require that people give up their privacy.
I think we'd be silly to not recognise that there are some tradeoffs between privacy and UX. Facebook tracks your cursor for a reason, they're analysing what users do and changing the UX based on it. I can imagine wanting to look at this data using any number of filters for a/s/l/etc., and once you're cataloging enough criteria tying a session to a specific user can be done as an afterthought. I think GP is correct about most users valuing UX over privacy, unfortunately.
But this data can be collected with differential privacy, some learning can be done on-device, etc etc. There are ways to get the best of both worlds, but they require more careful engineering.
I agree that a balance can be struck, and a lot can be learned without sacrificing substantial privacy. I don't think it's the best of both worlds, though; some sacrifices must be made somewhere. Do you think the amount of information described in my prior comment (cursor movement records that can be filtered based on any demographic data from the profile that generated it) can be analysed at arbitrary points in the future without sacrificing some amount of privacy? Note that I'm not placing a value on this and saying such data should be collected, I'm just arguing that there is a tradeoff. Differential privacy systems do make such tradeoffs.
I think much of the value can be gained by collecting the data with some kind of differential privacy noise added to keep it from being traced back to any given user. But obviously data collected in this way is less useful--it may not matter, given diminishing returns, for services with enough scale, but yeah these techniques can make things harder for smaller services.
The end result is the same though. Any client side tracking, privacy-friendly or not will be blocked. So many sites just use GA anyway - because some users will block regardless.
HN is Reddit: SV WebDev edition these days. Why is there even a downvote button? Look at this thread: lots of perfectly normal comments are greyed out because they say something involving Firefox not being perfect software. It's ridiculous. What possible purpose does a downvote button serve except to encourage this kind of behavior?
Your lack of privacy hurts other people's privacy too. You live in a society that's hurt by mass surveillance. Defending your own privacy is a moral imperative because of that.
Not only that, Safari also started to partition web cache in 2013, and it's still the only browser with such partitioning. [2] Without it, tracking doesnt even need cookies.
"If you only block cookies, you still have all the other storage and stateful things to worry about." - Safari ITP engineer John Wilander [3]
Also the spin of the article is slightly dishonest, simply turning off third-party cookies in Chrome achieves to negate most of the explicit criticism in the article. The author probably had the conclusion of the article in mind (setting up good Firefox against evil Chrome) before looking for supporting arguments.
It's a bit ironic. While mainstream media starts to discover the existence of third-party cookies, which had been a known issue for around 20 years, Big Tech tracking has already moved to first-party tracking, fingerpringing and cache tracking.
For example, Facebook switched to first-party cookie tracking in 2018. [4]
Everyone who wants to understand the dynamic needs to look into the relationship between Apple and ad tech, with Apple's recent counter-move being the addition of ITP 2.2. [5]
Since the release of ITP 2.1, even first-party cookies now are limited to 7 days, and all first-party cookies that are even potentially tracking cookies get deleted after already 1 day. [6]
Firefox doesn't play much of a role in this fight. In fact, Firefox never did anything pro-actively to make ad-tech sweat. The decision by Mozilla to block all third-party cookies in 2013 [7] was reverted in fear of Ad-Tech.
Mozilla is better at marketing than with the technology, and still hasn't enabled tracking-protection except for new users.
[1] https://twitter.com/brendaneich/status/982631777574338561
[2] https://twitter.com/johnwilander/status/1126191449161158657
[3] https://twitter.com/johnwilander/status/1126208457214836736
[4] https://www.adweek.com/programmatic/the-facebook-pixel-will-...
[5] https://webkit.org/blog/8828/intelligent-tracking-prevention...
[6] https://webkit.org/blog/8613/intelligent-tracking-prevention...
[7] https://blog.mozilla.org/netpolicy/2013/02/25/firefox-gettin...