Pretty much this drives my Firefox usage... I use it on mobile because I can still use various adblock/privacy extensions without trouble. Use it on the desktop, too, because Google being deeply linked into my browser creeps me out.

Excellent point about privacy. This is why Firefox is (still?) the top browser in Germany (think history, GDR and before). There is actually a huge majority of people who want to have control over their own data. Firefox should make this a real priority, in actions, not just in words. This really matters, especially to a lot of tech people who understand the issues, and who will translate this to regular users if Firefox makes a real effort (which they have not done to date).

Note that Mozilla is working more closely with the Tor project with an eye towards making it easier for more people to get the privacy enhancing benefits of browsing over the Tor network.

Just as a thought, would it be impossible for Firefox to render the Tor browser bundle unnecessary, by making every release of Firefox feature Tor functions (and other privacy controls) by default?

Here are some Tor privacy controls that might be a bit hard to ship by default:

1) Various navigator.* APIs all claim you're on Windows. Some people on non-Windows platforms may have issues with this.

2) Various window-sizing APIs lie about sizing, so pages that use them will end up making windows too small for their content.

3) Geolocation is disabled altogether.

4) The performance API is effectively disabled (claims pretty much everything took 0 time).

5) Media queries on the device pixel ratio lie and claim it's 1, no matter what it actually is.

6) All timing functions are clamped to the nearest 100ms. That means Date.now(), performance.now(), etc. If nothing else, shipping this by default will make all benchmark results _very_ weird.

There's also various other functionality that gets disabled (gamepad API, orientation API, etc, etc). These are generally not used much yet, so might be ok to remove, if people think these should actually not exist as web APIs.

1) So make a request that Tor-like functions tell servers that our OS is Ubuntu. Perhaps I'm obtuse here, but who gives a darn if it's a matter of privacy - isn't the issue to hide under the most common OS?

2) So we send (through a Tor-backed PGP/GPG-encrypted message) a message saying "hey dev.dork, your minimuum window size is unrealistic".

3) Yay!

4) Yay!

5) And...? maybe it'd be wise to declare 4:3, but otherwise I see no issue.

6) Well, obviously we should have a button of "This page is requesting private data - Share for this page load? Y/N"

And I really, really don't mind if literally everything called an "API" were to go out the bloody window. Sure, it's throwing the baby out with the bathwater, but there's too much bathwater and the baby's a squalling jerkface anyhow.

> Perhaps I'm obtuse here, but who gives a darn if it's a matter of privacy

Some sites actually work incorrectly (e.g. keep giving you an .exe to download instead of something you can actually use) if they think you're on Windows when you actually aren't. I'm not saying this is good practice, just that people do it.

> So we send

Normal users don't do that. Remember, we're not talking about a "privacy mode you can enable", but a "privacy mode that is shipped by default out of the box". Obviously for an opt-in mode things are simpler.

> 3) Yay!

Turns out some sites break without geolocation. Again, not saying it's a good idea, but it is what it is.

> 4) Yay!

Just so you understand, the next likely step is Facebook blocking your browser.

> 5) And...? maybe it'd be wise to declare 4:3, but otherwise I see no issue.

Um... I don't think you understand what device pixel ratio is. This is the ratio of CSS to device pixels. Aka "is this a high-dpi screen", aka "which images should actually be used to look nice?

> 6) Well, obviously we should have a button of "This page is requesting private data - Share for this page load? Y/N"

So every page that uses performance.now() (hint: pretty much everything) would have this thing appear? Again, remember that we're talking about a default mode here. Do you really think this is the experience most users are looking for?

I really think you're talking about a quite different situation (opt-in privacy mode) than the one I was responding to...

I'd be happier with a more private experience, at whatever cost it takes. As far as device pixel ratio, when I think of pixel ratio, I think of 4:3, 16:10, etc. Frankly, loading larger images means more data sent and received, which in turn gives the website longer to attempt to inject tracking data through EXIF or whatnot. Frankly, disabling off-page CSS wouldn't bother me either unless somehow we'd be able to show different "user instances" to the server when we request the CSS sheet from one part of the server compared to the one where we render the page we actually want.

If sites break because people control their web experience, then one of two things will happen:

1) People who are not security-focused will switch to Chrome, which is what's already happened. So focus on a specific group and push the edge-case agenda with both the browser product and an ongoing marketing budget.

2) People will become aware of what webpages are demanding by default and just how little respect these groups have for their privacy - and have a means to fight back through browser selection.

I'm willing to accept that there will be the need for certain opt-out options because some people are going to actually want to give up private data, for purposes of online shopping, online banking, etc.. I want it default closed down, but again, I accept that most people aren't focused on it.

> People who are not security-focused will switch to Chrome, which is what's already happened

No, it hasn't. And I think explaining to people exactly why a web page expecting Date.now() to work is somehow demanding something and invading their privacy is a pretty tough job. Like "requires reading academic papers to understand why it could be a problem" tough.

So what you're basically suggesting is that Firefox resign itself to being an extremely niche browser. I don't think that really aligns with Mozilla's goals, for what it's worth.

> Privacy is the one problem that Mozilla/Firefox can address

could address, unfortunately Firefox default settings are no better than Chrome nowadays - what a shame. Every time the Firefox settings dialog gets changed, privacy related settings get less, and default options changed for the worse. One has to dig through the about:config mess, and even there the settings get renamed. It feels like their new devs learned their work at Microsoft, with Win10 as shameful disrespectful highlight of user hostile behavior.

Mozilla have recently released Firefox Focus, which is a stripped down, privacy enhanced version of the browser. So it seems they are somewhat aware that they need to be targeting privacy conscious users.

No reason to do so when world clearly shows all one need to do is to stick "private", "secure", "end-to-end encrypted", "anonymous" etc labels (and keep buzzwords up-to-date with current year's trends) and just don't do something too obviously contradicting that.

That's really sad but seem to be true. Too many examples out there.