I'm sure Firefox developers read Hacker News, so I'm going to talk here.
I have "Provide Search Suggestions" disabled. All 3 of the options underneath them are disabled, because search suggestions are disabled. This makes sense.
THEN, I click "change settings for other address bar suggestions" and in *THERE* everything is in there, INCLUDING "Contextual suggestions".
What do you think the first disabling of suggestions meant? You're searching without my consent. If I would have consented, it would have been in that first check box. What are you guys doing? What happened to the Firefox I trust and choose over Google to avoid the monoculture?
When I was still a Firefox user, I just ended up blocking any domain owned by mozilla. And by 'when I was still a Firefox user' I mean 'until approximately 12 hours ago.' What priorities and values Mozilla has left I don't seem to share.
I'm currently using Brave to reply to this comment because it was already on my drive. I don't like Brave's philosophy and I don't like its proximity to Google. I'm using it as a stop gap till I find something better.
It's going to take me a few weeks of research to pick my new permanent browser. I want something far-removed from Google, but with an active enough developer community that it doesn't fall apart after an OS update or turn out to have a back-door hidden in the code base.
Firefox is alive because of Google money. It looks like they don't like this single-source dependency too much, and want to find their own monetization model. Unfortunately, it's looks like it's the same old one - sell user's eyeballs (and maybe also tracking data, who knows) to advertisers.
I honestly believe that the leaders at Mozilla are actively trying to ruin Firefox, and are perhaps paid off/run by people with interests in another competing browser. Even if that's the case I can't keep using this shitty browser, Chromium here I come
I don't care how few users Firefox has. I do care that the product has become a pile of garbage. I already tolerate the dumb tab bar, the update nag screen that interrupts my work, the telemetry setting that doesn't actually disable telemetry, the web services I don't want like Pocket, the ads, the memory issues that hobble my machine when I stream video...
I won't move to a browser like Chromium with a connection to Google, but I'm moving to something. I'm done with Firefox.
If you're on Linux, exclude it from automatic updates in your package manager, and it won't interrupt you. On Windows, you should be able to set app.update.auto to false in about:config, but I don't know if that still works.
And what browser would that be? Mozilla keeps doing these things because they're desperately searching for a revenue stream that doesn't make them beholden to their biggest competitor. There aren't any other viable options because no one else knows of any better revenue streams for web browsers either
To avoid significant layoffs they'd something like 10% of their user base to donate $20/year. I'm far from an expert on nonprofit finances, but that strikes me as a tough but potentially doable goal
The reason I stopped donating to Mozilla is because they have too many people not doing things I think are important and are paying their executives too much.
None of these projects have enough resources to keep up with web standards, and patch security bugs on their own. So forks are either almost the same as Firefox, or may be less secure and/or doesn't work for as many websites and addons as Firefox.
Try LibreWolf -- it's Firefox with the nasty stuff stripped out. You can use your existing Firefox profile, but be sure to go through LibreWolf's settings as some of the defauts may be different than what you already have set up (they select privacy-protecting options by default).
Try Brave, really. I always had issues with Chrome and RAM usage. Brave behaves better, plus the UI is slick.
People here complain about it having some sort of cryptocurrency embedded, but it's opt-in, so as long as you don't enable it, I don't see the issue. Plus it comes with an ad-blocker / anti-tracker out of the box.
Seems to me that Brendan Eich actually knows what he's doing.
Using Brave right now and no stupid popups. Make sure you turn off "Brave ads" or whatever causes popups. Always scan through every option in Settings at least once and turn all the junk off. The only mild annoyance left after doing this is that sometimes the new tab page has a little box shilling some Crypto coin biz which you can then silence. If this is all I have to suffer in order to fund a solid de-googled Chromium it's not too bad.
We don't put any popups anywhere by default. Are you sure the website wasn't trying, which flies a permission prompt same as in Chrome and other browsers?
I turned on the special, approved Brave ads thing last time I used it because I wanted to support Brave; and they only showed up as little pop ups on the systray and were infinitely more annoying to me than a static banner ad.
You click on them to open new tab pages if interested, can thumbs down and lower frequency in ads settings. You also get 70% of the sponsored images shown in 1 of 4 new tab pages. Static banner isn’t going to perform as well, so I hope you will give ads a try again. You could even turn off notifications but keep the sponsored images.
I think those ads are much better. In-page ads interrupt my content, claim my attention when I want to see something else, and distract from the page (and sometimes even break it). Ad-heavy pages are nearly unusable, especially on lower-power mobile devices. OTOH, I don't mind a popup once per hour - it's not modal, does not require me to do anything, does not consume resources and I can easily deal with it whenever I want. Page popup ads are infuriating, but Brave ones never really bothered me.
Just so I understand you, is your position that Sundar Pichai or Tim Cook or whoever is approaching Mozilla employees in dark alleys, Willy Wonka and the Chocolate Factory Slugworth style, and offering cash to covertly sabotage the product?
It's really amazing how far Firefox has fallen. This used to be a browser people bought TSHIRTS for. TSHIRTS! And wore them! And not just in SV: I'd see them in the wild in small cities too.
The discussion is always the same, I'm not sure what can be added at this point. Yes the way they're actively destroying it is mystifying, yes, maybe money issues are part of that but god can't you just make your own browser? Mozilla's problem, more than any specific incident like this, is that they've become completely incapable of thinking for themselves. Everything is a follower move, trying to find something popular and than emulating it.
I'll continue to use FF, but only because it's easier to massively "tweak" into a usable product than chrome.
They fired Eich and turned from a company of smart engineers and users of their product to randos who work on weird projects using their big paycheck from Google.
Their products suck because they don’t care about them. They don’t genuinely want to compete with or anger Google for fear of losing funding.
They’d be better off cutting down to a lean $5/year spend and just making a browser.
A lot of their lack of focus predated Brendan Eich's 11 day CEO tenure. By 2014 Firefox had already lost a ton of mindshare and Mozilla was working on their unsuccessful Firefox Phone.
Eichs short lived reign was a symptom, not a cause. The decision to put him there was certainly a decision made by an executive board that is out of touch.
In retrospect it seems firefox phone was actually a good idea, it’s been reborn as KaiOS and doing great. Pretty embarrassing for Mozilla to fail and cancel the project and then have another company take it and succeed…
Before reading TFA, I would have called you paranoid. Now I wonder... Excluding Firefox from my package manager won't work for long -- surely I'll have to update, just for security purposes. Does anyone know of a good Firefox fork?
I cannot overstate my disgust with everyone at Mozilla for doing this. This is the straw that broke the camel's back. I have been using Firefox begrudgingly every since the "studies" feature got unearthed.
It seems to me there are entirely too many people feeding at the trough at Mozilla and they are not managing their money very well.
It seems like I am going to MITM our browser traffic and set up custom filters or something.
When I looked, I saw that the option was automatically checked during the upgrade with not a notice given. This is the latest in a series of scummy moves. I spent the last hour trawling through Firefox source code.
In any case, when people act like this, I do not trust that turning off the option actually stops them from keylogging, which is why I am going to look into inspecting traffic.
Furious. I encourage users on Linux distros to file distro bugs about this. I just handled the Gentoo bug report[1]. We can't trust Mozilla upstream at this point to resolve these issues.
The issue wasn't so much that they added this functionality to grub some extra money, the issue was the opt-in happened on our targets without any notification or informed consent.
Thanks for filing the report! I don't know that we can expect distributions to have the manpower to manage these issues, but neither can we expect users in the middle of the "Juse Use Chrome -> GHacks User Config" to be served by any other mechanism right now. I'd like to see Mozilla respond to the expressions in this thread, but that's frankly unlikely, so at the very least; it warms my heart to that this despise exists, has representation, calls to action, and demands which may someday be fulfilled, be it by leadership at Mozilla or elsewhere.
I think this is the correct way of phrasing it. "Suggestions based on X" merely implies that information on X is now sent to an (additional) 3rd party, and doesn't state so explicitly.
In fact I would say the lack of explicit statements on what data is sent is a deliberate attempt to hide that fact from users. Note how similar the language is to the privacy options on Google's Android.
Maybe this is a bit naive of me, but has anyone been of the impression that keystrokes in an address bar are not public (or at least un-private)?
I have been under the operating assumption since circa 2006 that anything done in a browser is potentially sent of somewhere to somebody's server. If I want privacy, I use tor.
Anything that's not the body of an https request is at minimum going to be logged somewhere.
You are not alone. I operate under the assumption that any application that connects to the internet indeed sends back my activity in that app back home.
What frustrates me is that everyone goes out of their way to make fragile, internet connected and internet dependent applications when there basically no need to.
I still use a split address bar and search bar with "Show search suggestions in the address bar" toggled off, so until this version the address bar suggestions were only from bookmarks and history items.
Firefox has been using Google's safe search since version 6. So unless you disable or block it, Google knows about your whereabouts, even if you used Bing.
> anyone been of the impression that keystrokes in an address bar are not public
They shouldn't be. Logs containing URLs are commonly considered private information, and while it's a bad practice to put passwords, etc. in the URLs, people still do it, and even more often things like tokens, keys, object IDs etc. are part of the URLs. Disclosing this to a third party is essentially a MITM attack, and even though we're talking only about user input, this still includes stuff like URLs copies from emails, terminals, documentation files, etc. - and those may contain very un-public thing. Simplest example - do you consider the password reset URL many sites send to be public or private? Of course, not many people would type it - but people would copy-paste it and then maybe type something else - and who can guarantee the whole URL isn't then sent to an untrusted party?
The title is misleading. Sending keystrokes isn't new. Both Firefox and Chrome have "keylogged" address bar tying for a long time to perform search suggestions. What's changed is that now Mozilla gets a copy too instead of just Google
(There's also the part about showing ads, which bleugh, but that's separate from the 'sending' part)
"Firefox Now Sends Your Address Bar Keystrokes to Mozilla like it already did for Google but only if you had search suggestions turned on in the address bar" doesn't have quite the same ring to it.
As others have mentioned[0], this happens even when search suggestions have already been disabled. I’m pretty disappointed over this, I’m not moving to a chrome based browser but I wish we had more options.
I dunno if I agree the title is misleading - it's right on the spot for someone like me - I always turn off search suggestions when I install ffx - for the privacy.
So this title is an important warning for folks who want privacy - and I would guess that a higher percentage of ffx users care about that than chrome.
Is it not possible to embed Gecko anymore? Why aren't there a couple of browsers with the Firefox engine but wothout the horrible Firefox UI decisions?
Iirc, it's mostly not practical to embed gecko anymore. Mozilla stopped maintaining/caring that ability and the best you can realistically do is to just fork Firefox now. Gecko is basically intended to just be part of Firefox nowadays.
The time has come to fork Firefox. That’s the benefit of open source software, it’s not beholden to one entity. Don’t give in to a chromium monoculture.
Maybe it's time for Firefox premium. Same as on youtube premium or gitlab premium, no ads, no annoyances, additional features, maybe better performance, maybe some value add cloud features, all for 1-20$ a month.
With premium it'd probably be worse, because signing up you'd surely sign an agreement that somewhere on page 37 says "we can track you any way we like, and do anything we like with the data" and you couldn't claim you didn't know - you made an explicit action to sign up and even paid money for it, surely you knew what you're doing!
Sadly It doesn’t come as a complete surprise to me. About 2 years ago using Firefox Focus on iOS I came across an odd behavior - each time I launched the app it was accessing and reading the device’s clipboard.
I called it out to Mozilla both through the app review and Mozilla support. The only response I got was that it was a feature. That I misunderstood what they were attempting to do. They removed that “feature” in the following version.
Just a guess, but it could've been a way for them to determine if you were about to paste content into the address bar. I worked for a company that did something similar. It would compare the clipboard to the contents of the input field. If it was a URL and they matched it would assume you had pasted a URL and would take some extra actions based on that.
It wasn't until the OS started alerting the user to this clipboard read that it started to look very suspicious.
I don’t think phoning home by default is part of the mission of being a ‘Privacy focused browser’.
Worse thing is Mozilla keeps projecting this empty message of ‘privacy’ whilst still continuing to be more than 80% funded by one of the most anti-privacy companies in the world who directly goes against their entire mission statement.
I explicitly chose the option to have a Search bar separate from the address bar... why would I want Search suggestions or Contextual suggestions in the address bar.
I've been using Firefox since version 1, but this is the first time I'm considering switching to something else. (like ungoogled-chromium)
Where else can I go to get a quality, privacy focused FOSS browser? I want non-chromium. Someone on HN the other day suggested using the TOR browser without connecting to a tor circuit, but that seems overkill.
"We haven't quite hit our mark. We've received feedback that it's difficult to figure out which Firefox experience you've got enabled. We are hard at work to address this and continue to improve the feature."
There's no technical solution to this, short of writing your own browser. Web browsers are big, and there will only ever be a few organisations capable of building one. Like Boeing and Airbus. Those organisations are rich targets for all kinds of shonks, spivs and chancers, who are more motivated than you are. Resistance is as futile as wearing a parcahute on a 737 Max.
There is a time tested and effective political solution: separation of powers. If Abine Blur blocks Mozilla from doing this stuff, and the Firefox plugin auditors keep an eye on what rorts Abine is pulling, then we dumb punters are in with a chance. Abine and Mozilla could gang up, but that puts them in a prisoner's dilemma—either one could win free advertising, then customers, by dobbing the other in to 60 Minutes. Some people are capable of resolving the prisoner's dilemma superrationally, but they don't become shonks, spivs, or chancers, so this is a fairly reliable solution. I think the priority for a privacy respecting internet should be to get Mozilla, Abine, and Duck Duck Go to start acting as if the others exist, and users of any are likely to use them all.
Maybe, in the end, big tech bastards are just another kind of bastard. That would be nice. In 200 years of democratic reform, the people have invented some sophisticated and effective ways of stuffing the bastards back underneath whatever rock they most recently slithered out from.
What's worse is that even if you have "Search Suggestions" disabled, which I do, then the "other address bar suggestions", which includes "contextual suggestions" *remains enabled*.
Why isn't it off by default! We always get mad at all these companies invading our privacy by default, or why aren't we notified and given the chance to turn it off from the start.
I don't trust any company that much. But in this regard, its even worse - Google makes it no secret that theyre collecting your data, while mozilla goes all-in on the privacy messaging and then pulls a stunt like this.
I'm sure Firefox developers read Hacker News, so I'm going to talk here.
I have "Provide Search Suggestions" disabled. All 3 of the options underneath them are disabled, because search suggestions are disabled. This makes sense.
THEN, I click "change settings for other address bar suggestions" and in *THERE* everything is in there, INCLUDING "Contextual suggestions".
What do you think the first disabling of suggestions meant? You're searching without my consent. If I would have consented, it would have been in that first check box. What are you guys doing? What happened to the Firefox I trust and choose over Google to avoid the monoculture?
When I was still a Firefox user, I just ended up blocking any domain owned by mozilla. And by 'when I was still a Firefox user' I mean 'until approximately 12 hours ago.' What priorities and values Mozilla has left I don't seem to share.
What have you switched to?
I'm currently using Brave to reply to this comment because it was already on my drive. I don't like Brave's philosophy and I don't like its proximity to Google. I'm using it as a stop gap till I find something better.
It's going to take me a few weeks of research to pick my new permanent browser. I want something far-removed from Google, but with an active enough developer community that it doesn't fall apart after an OS update or turn out to have a back-door hidden in the code base.
Firefox is alive because of Google money. It looks like they don't like this single-source dependency too much, and want to find their own monetization model. Unfortunately, it's looks like it's the same old one - sell user's eyeballs (and maybe also tracking data, who knows) to advertisers.
I'm using Firefox 93.0 on macOS and I don't see "contextual suggestions" anywhere.
In the address bar suggestions I do have everything ticked. The full list is: Browsing history, Bookmarks, Open tabs, Shortcuts and Search engines.
Edit: having now read the linked article, I realise this is a US-only (anti-)feature, at least for now.
I honestly believe that the leaders at Mozilla are actively trying to ruin Firefox, and are perhaps paid off/run by people with interests in another competing browser. Even if that's the case I can't keep using this shitty browser, Chromium here I come
I'm out!
I don't care how few users Firefox has. I do care that the product has become a pile of garbage. I already tolerate the dumb tab bar, the update nag screen that interrupts my work, the telemetry setting that doesn't actually disable telemetry, the web services I don't want like Pocket, the ads, the memory issues that hobble my machine when I stream video...
I won't move to a browser like Chromium with a connection to Google, but I'm moving to something. I'm done with Firefox.
>the update nag screen that interrupts my work
If you're on Linux, exclude it from automatic updates in your package manager, and it won't interrupt you. On Windows, you should be able to set app.update.auto to false in about:config, but I don't know if that still works.
And what browser would that be? Mozilla keeps doing these things because they're desperately searching for a revenue stream that doesn't make them beholden to their biggest competitor. There aren't any other viable options because no one else knows of any better revenue streams for web browsers either
Of Wikipedia can survive on donation, why not Firefox and MDN?
Firefox might survive, but the salaries of the people in charge of that decision might not.
Boom. "Mozilla Firefox Usage Down 85% but why are Exec’s Salary Up 400%?"
https://itdm.com/mozilla-firefox-usage-down-85-but-why-are-e...
Firefox could, I think. I don't think the Mozilla Foundation could. And that's the rub, at least to those in charge at the Mozilla Foundation.
To avoid significant layoffs they'd something like 10% of their user base to donate $20/year. I'm far from an expert on nonprofit finances, but that strikes me as a tough but potentially doable goal
There is no single piece of software I use more than Firefox. At $20.00/month it would be a bargain. Assuming it wasn’t a dumpster fire.
Their cost base is too bloated.
The reason I stopped donating to Mozilla is because they have too many people not doing things I think are important and are paying their executives too much.
Opera / Vivaldi
That's another chromium browser.
yes, but with a completely separate set of features, options, defaults, revenue stream, incentives, etc.
what about Firefox's forks such as Waterfox[1], Pale Moon[2], IceCat[3], SeaMonkey[4]...? Genuinely asking.
[1] https://en.wikipedia.org/wiki/Waterfox
[2] https://en.wikipedia.org/wiki/Pale_Moon_(web_browser)
[3] https://en.wikipedia.org/wiki/GNU_IceCat
[4] https://en.wikipedia.org/wiki/SeaMonkey
Waterfox is owned by an ad company, which IMO is enough to disqualify it. Sure it's probably fine now, but it'll assuredly have problems soon.
Of the four, I've only ever heard of SeaMonkey before. I'll definitely check them out though.
None of these projects have enough resources to keep up with web standards, and patch security bugs on their own. So forks are either almost the same as Firefox, or may be less secure and/or doesn't work for as many websites and addons as Firefox.
Try LibreWolf -- it's Firefox with the nasty stuff stripped out. You can use your existing Firefox profile, but be sure to go through LibreWolf's settings as some of the defauts may be different than what you already have set up (they select privacy-protecting options by default).
Try Brave, really. I always had issues with Chrome and RAM usage. Brave behaves better, plus the UI is slick.
People here complain about it having some sort of cryptocurrency embedded, but it's opt-in, so as long as you don't enable it, I don't see the issue. Plus it comes with an ad-blocker / anti-tracker out of the box.
Seems to me that Brendan Eich actually knows what he's doing.
Brave would be better if they replaced ads with their own ads.
Last I used Brave, it gave me stupid little popups on my notification bar and that's, to me, worse than in-page ads.
Using Brave right now and no stupid popups. Make sure you turn off "Brave ads" or whatever causes popups. Always scan through every option in Settings at least once and turn all the junk off. The only mild annoyance left after doing this is that sometimes the new tab page has a little box shilling some Crypto coin biz which you can then silence. If this is all I have to suffer in order to fund a solid de-googled Chromium it's not too bad.
We don't put any popups anywhere by default. Are you sure the website wasn't trying, which flies a permission prompt same as in Chrome and other browsers?
Not sure your definition of pop ups but the brave ad units definitely “pop up” over my browser screen and I never opted in (iOS)
I turned on the special, approved Brave ads thing last time I used it because I wanted to support Brave; and they only showed up as little pop ups on the systray and were infinitely more annoying to me than a static banner ad.
You click on them to open new tab pages if interested, can thumbs down and lower frequency in ads settings. You also get 70% of the sponsored images shown in 1 of 4 new tab pages. Static banner isn’t going to perform as well, so I hope you will give ads a try again. You could even turn off notifications but keep the sponsored images.
Speaking of sponsored images: If I've chosen to see them, but don't have Rewards enabled, do you still get ad revenue?
Yes, we need to keep the lights on and we won’t just give the sponsors free lunches. Here is a comment on Reddit (sorry) I wrote about it. TANSTAAFL!
https://www.reddit.com/r/BATProject/comments/pl2lgi/were_bre...
I think those ads are much better. In-page ads interrupt my content, claim my attention when I want to see something else, and distract from the page (and sometimes even break it). Ad-heavy pages are nearly unusable, especially on lower-power mobile devices. OTOH, I don't mind a popup once per hour - it's not modal, does not require me to do anything, does not consume resources and I can easily deal with it whenever I want. Page popup ads are infuriating, but Brave ones never really bothered me.
To each their own. I don’t like anything blinking or appearing in my peripheral
Chromium also has search suggestions by Google per default.
Just so I understand you, is your position that Sundar Pichai or Tim Cook or whoever is approaching Mozilla employees in dark alleys, Willy Wonka and the Chocolate Factory Slugworth style, and offering cash to covertly sabotage the product?
And to protest they go use their product instead.
It's really amazing how far Firefox has fallen. This used to be a browser people bought TSHIRTS for. TSHIRTS! And wore them! And not just in SV: I'd see them in the wild in small cities too.
The discussion is always the same, I'm not sure what can be added at this point. Yes the way they're actively destroying it is mystifying, yes, maybe money issues are part of that but god can't you just make your own browser? Mozilla's problem, more than any specific incident like this, is that they've become completely incapable of thinking for themselves. Everything is a follower move, trying to find something popular and than emulating it.
I'll continue to use FF, but only because it's easier to massively "tweak" into a usable product than chrome.
They fired Eich and turned from a company of smart engineers and users of their product to randos who work on weird projects using their big paycheck from Google.
Their products suck because they don’t care about them. They don’t genuinely want to compete with or anger Google for fear of losing funding.
They’d be better off cutting down to a lean $5/year spend and just making a browser.
I think.
A lot of their lack of focus predated Brendan Eich's 11 day CEO tenure. By 2014 Firefox had already lost a ton of mindshare and Mozilla was working on their unsuccessful Firefox Phone.
Eichs short lived reign was a symptom, not a cause. The decision to put him there was certainly a decision made by an executive board that is out of touch.
(HANGS UP JAVASCRIPT PHONE) https://www.bonequest.com/5546
In retrospect it seems firefox phone was actually a good idea, it’s been reborn as KaiOS and doing great. Pretty embarrassing for Mozilla to fail and cancel the project and then have another company take it and succeed…
I owned several of those shirts and wore them proudly.
Before reading TFA, I would have called you paranoid. Now I wonder... Excluding Firefox from my package manager won't work for long -- surely I'll have to update, just for security purposes. Does anyone know of a good Firefox fork?
I cannot overstate my disgust with everyone at Mozilla for doing this. This is the straw that broke the camel's back. I have been using Firefox begrudgingly every since the "studies" feature got unearthed.
It seems to me there are entirely too many people feeding at the trough at Mozilla and they are not managing their money very well.
It seems like I am going to MITM our browser traffic and set up custom filters or something.
As stated in the article, disabling Firefox Suggest will disable the key logging.
Of course, that doesn't make this any less of a scumbag move.
When I looked, I saw that the option was automatically checked during the upgrade with not a notice given. This is the latest in a series of scummy moves. I spent the last hour trawling through Firefox source code.
In any case, when people act like this, I do not trust that turning off the option actually stops them from keylogging, which is why I am going to look into inspecting traffic.
I don't fucking care if this can be disabled. It's a shit default and the people at Mozilla should personally feel bad it shipped.
Furious. I encourage users on Linux distros to file distro bugs about this. I just handled the Gentoo bug report[1]. We can't trust Mozilla upstream at this point to resolve these issues.
The issue wasn't so much that they added this functionality to grub some extra money, the issue was the opt-in happened on our targets without any notification or informed consent.
[1] https://bugs.gentoo.org/817014
Thanks for filing the report! I don't know that we can expect distributions to have the manpower to manage these issues, but neither can we expect users in the middle of the "Juse Use Chrome -> GHacks User Config" to be served by any other mechanism right now. I'd like to see Mozilla respond to the expressions in this thread, but that's frankly unlikely, so at the very least; it warms my heart to that this despise exists, has representation, calls to action, and demands which may someday be fulfilled, be it by leadership at Mozilla or elsewhere.
I think this is the correct way of phrasing it. "Suggestions based on X" merely implies that information on X is now sent to an (additional) 3rd party, and doesn't state so explicitly.
In fact I would say the lack of explicit statements on what data is sent is a deliberate attempt to hide that fact from users. Note how similar the language is to the privacy options on Google's Android.
Maybe this is a bit naive of me, but has anyone been of the impression that keystrokes in an address bar are not public (or at least un-private)?
I have been under the operating assumption since circa 2006 that anything done in a browser is potentially sent of somewhere to somebody's server. If I want privacy, I use tor.
Anything that's not the body of an https request is at minimum going to be logged somewhere.
You are not alone. I operate under the assumption that any application that connects to the internet indeed sends back my activity in that app back home.
What frustrates me is that everyone goes out of their way to make fragile, internet connected and internet dependent applications when there basically no need to.
This was not previously the case and shows an evolution of this tragedy from the past to the present.
There was pandemonium back when Ubuntu first started doing that in its search line, for example.
Now, no one cares and thinks it's "just how it is", except for some privacy holdouts, like myself.
This isn't the way the world used to be.
I still use a split address bar and search bar with "Show search suggestions in the address bar" toggled off, so until this version the address bar suggestions were only from bookmarks and history items.
My thoughts. I have never once in my life typed something in to the browser search bar that I intended to be local or private.
Firefox has been using Google's safe search since version 6. So unless you disable or block it, Google knows about your whereabouts, even if you used Bing.
> anyone been of the impression that keystrokes in an address bar are not public
They shouldn't be. Logs containing URLs are commonly considered private information, and while it's a bad practice to put passwords, etc. in the URLs, people still do it, and even more often things like tokens, keys, object IDs etc. are part of the URLs. Disclosing this to a third party is essentially a MITM attack, and even though we're talking only about user input, this still includes stuff like URLs copies from emails, terminals, documentation files, etc. - and those may contain very un-public thing. Simplest example - do you consider the password reset URL many sites send to be public or private? Of course, not many people would type it - but people would copy-paste it and then maybe type something else - and who can guarantee the whole URL isn't then sent to an untrusted party?
The title is misleading. Sending keystrokes isn't new. Both Firefox and Chrome have "keylogged" address bar tying for a long time to perform search suggestions. What's changed is that now Mozilla gets a copy too instead of just Google
(There's also the part about showing ads, which bleugh, but that's separate from the 'sending' part)
"Firefox Now Sends Your Address Bar Keystrokes to Mozilla like it already did for Google but only if you had search suggestions turned on in the address bar" doesn't have quite the same ring to it.
As others have mentioned[0], this happens even when search suggestions have already been disabled. I’m pretty disappointed over this, I’m not moving to a chrome based browser but I wish we had more options.
[0] https://news.ycombinator.com/item?id=28805896
I dunno if I agree the title is misleading - it's right on the spot for someone like me - I always turn off search suggestions when I install ffx - for the privacy.
So this title is an important warning for folks who want privacy - and I would guess that a higher percentage of ffx users care about that than chrome.
When I thought Firefox couldn't go any lower, Mozilla manages to surprise me. Impressive.
That's why their management is so highly paid. They're true DISRUPTORS.
Is it not possible to embed Gecko anymore? Why aren't there a couple of browsers with the Firefox engine but wothout the horrible Firefox UI decisions?
Iirc, it's mostly not practical to embed gecko anymore. Mozilla stopped maintaining/caring that ability and the best you can realistically do is to just fork Firefox now. Gecko is basically intended to just be part of Firefox nowadays.
Mozilla killed Gecko embedding about 10 years ago to focus on Firefox. They resurrected it just for Android.
The time has come to fork Firefox. That’s the benefit of open source software, it’s not beholden to one entity. Don’t give in to a chromium monoculture.
There's plenty of forks already.
I suppose I meant a ‘fork coup’ where it takes the dominant position. More libreoffice style than waterfox style.
Maybe it's time for Firefox premium. Same as on youtube premium or gitlab premium, no ads, no annoyances, additional features, maybe better performance, maybe some value add cloud features, all for 1-20$ a month.
YouTube Premium is riddled with the same type of user tracking Firefox is implementing. Firefox Premium would probably do the same.
Frankly, fuck that. It's a browser.
With premium it'd probably be worse, because signing up you'd surely sign an agreement that somewhere on page 37 says "we can track you any way we like, and do anything we like with the data" and you couldn't claim you didn't know - you made an explicit action to sign up and even paid money for it, surely you knew what you're doing!
Sadly It doesn’t come as a complete surprise to me. About 2 years ago using Firefox Focus on iOS I came across an odd behavior - each time I launched the app it was accessing and reading the device’s clipboard. I called it out to Mozilla both through the app review and Mozilla support. The only response I got was that it was a feature. That I misunderstood what they were attempting to do. They removed that “feature” in the following version.
Just a guess, but it could've been a way for them to determine if you were about to paste content into the address bar. I worked for a company that did something similar. It would compare the clipboard to the contents of the input field. If it was a URL and they matched it would assume you had pasted a URL and would take some extra actions based on that.
It wasn't until the OS started alerting the user to this clipboard read that it started to look very suspicious.
I’ll grant you that it’s a possibility. But it’s unsettling when your clipboard has your recently used password.
> It wasn't until the OS started alerting the user to this clipboard read that it started to look very suspicious.
Maybe sprinkle in a bit of users didn't consider it suspicious until it was reported that some apps were abusing the privilege.
In about:config, while it lasts -- if it's even available--, try flipping the bool for:
dom.event.clipboardevents.enabled
To false
Edit: my mental molasses delayed my seeing that the feature was removed and that you've moved on. I'll leave the comment though.
If you had a URL in the clipboard, it would allow you to 1 press open the URL
I don’t think phoning home by default is part of the mission of being a ‘Privacy focused browser’.
Worse thing is Mozilla keeps projecting this empty message of ‘privacy’ whilst still continuing to be more than 80% funded by one of the most anti-privacy companies in the world who directly goes against their entire mission statement.
This is hardly surprising.
I explicitly chose the option to have a Search bar separate from the address bar... why would I want Search suggestions or Contextual suggestions in the address bar.
I've been using Firefox since version 1, but this is the first time I'm considering switching to something else. (like ungoogled-chromium)
To me Chromium is not "ungoogled" as long as google engineers have such a powerful influence over it.
What are the about:config settings I need to set to stop every kind of snooping like this?
Where else can I go to get a quality, privacy focused FOSS browser? I want non-chromium. Someone on HN the other day suggested using the TOR browser without connecting to a tor circuit, but that seems overkill.
What is the general opinion on Vivaldi?
Vivaldi is okay, but it is not really FOSS and it is based on Chromium
Here's the page the in-preferences "Learn more" link takes you to, which I didn't see linked in the article: https://support.mozilla.org/en-US/kb/navigate-web-faster-fir...
"We haven't quite hit our mark. We've received feedback that it's difficult to figure out which Firefox experience you've got enabled. We are hard at work to address this and continue to improve the feature."
Does that mean they are rolling this back?
There's no technical solution to this, short of writing your own browser. Web browsers are big, and there will only ever be a few organisations capable of building one. Like Boeing and Airbus. Those organisations are rich targets for all kinds of shonks, spivs and chancers, who are more motivated than you are. Resistance is as futile as wearing a parcahute on a 737 Max.
There is a time tested and effective political solution: separation of powers. If Abine Blur blocks Mozilla from doing this stuff, and the Firefox plugin auditors keep an eye on what rorts Abine is pulling, then we dumb punters are in with a chance. Abine and Mozilla could gang up, but that puts them in a prisoner's dilemma—either one could win free advertising, then customers, by dobbing the other in to 60 Minutes. Some people are capable of resolving the prisoner's dilemma superrationally, but they don't become shonks, spivs, or chancers, so this is a fairly reliable solution. I think the priority for a privacy respecting internet should be to get Mozilla, Abine, and Duck Duck Go to start acting as if the others exist, and users of any are likely to use them all.
Maybe, in the end, big tech bastards are just another kind of bastard. That would be nice. In 200 years of democratic reform, the people have invented some sophisticated and effective ways of stuffing the bastards back underneath whatever rock they most recently slithered out from.
about:preferences#privacy
Scroll down to Address Bar — Firefox Suggest
uncheck Contextual suggestions
No, this is a slippery slope that attemps against your right to privacy.
What's worse is that even if you have "Search Suggestions" disabled, which I do, then the "other address bar suggestions", which includes "contextual suggestions" *remains enabled*.
This is unacceptable.
Why isn't it off by default! We always get mad at all these companies invading our privacy by default, or why aren't we notified and given the chance to turn it off from the start.
But they’ve always send them to third parties.
Why do you trust google with this data over Mozilla?
I don't trust any company that much. But in this regard, its even worse - Google makes it no secret that theyre collecting your data, while mozilla goes all-in on the privacy messaging and then pulls a stunt like this.