> To get the protections, you’ll have to break your habit of using Google’s Chrome browser, which by some estimates has more than half of the worldwide browser usage. Safari and Firefox have less than 20 percent combined.
This point is key here. I switched to FF about 6 months ago and every time I'm showing something to co-workers they will usually remark how unusual it is that I'm not using Chrome. Chrome is the de facto engineer's browser and for good reasons to boot. Here's hoping FF catches up and becomes that some day.
Firefox (and Firebug) used to be THE environment used to develop for the web. Things changed and will change again. Chrome isn't some magic immortal browser.
Well, FF+FB ruled supreme back when there were no decent alternatives, particularly on Windows - which was a very popular platform back then.
We're talking pre-2008, which is before smartphones, most people were browsing on Windows, and the only real alternative to MSIE on Windows was... Firefox.
Of course, it's great that Firefox was there, and that Firebug was developed, and it probably did contribute to the fact Chrome Dev tools are so good.
I think it was that and the ui. It looked much cleaner and better than any other web browser, you could even customize it with themes and so on to match your personal taste. I guess people saw the ads and decided to try out their favorite search engines new product.
I want to say that developers and smaller Saas companies might have played a role in this. Smaller businesses are not as big on ensuring everything works across browsers. Most developers use Chrome, so the likelihood of an issue popping up in Chrome is less than other browsers. When an issue does come up with someone using IE and the customer just wants it to work, the easiest solution is to just get them to download Chrome. Many of these customers don't really care what browser they're using and will gladly listen to whatever instructions customer support tells them.
At some point Firefox started being unstable and sluggish to my recollection. At this point Chrome was up and coming but it was pretty fast and clean. So we tried it and switched over. Now there is lots of inertia to switch back. Also if you use a lot of Google services, you can count on them been well tested with Chrome.
I switched back to FF with Quantum. It was faster and the devtools weren't noticeably different--in fact, devtools was better because of CSS grid support. I'm still disappointed by the comparably small add on ecosystem, but I haven't been tempted to switch back.
I've never had to use this myself (all the addons I want are already in addons.mozilla.org), but I've heard that it works pretty well in the past. (Interestingly, there are a bunch of reviews claiming the auto-download feature doesn't work anymore, so you might have to use something like http://crxextractor.com/first).
Firefox has been the standard for years after IE. Then Google invested huge resources in pushing Chrome and succeeded because they released at the right moment a super simple and optimized product compared to the huge behemoth Firefox was becoming. Things are quite different though now, and FF can fight Chrome in the same league speed wise then win hands down when it comes to privacy. Turning the tables back is definitely possible, but won't be easy or immediate though due to the amount of resources Google can invest in advertising for its products, which are orders of magnitude bigger than what the Mozilla Foundation could use.
Can someone help me figure out the set of privacy features that I miss out by using Chrome even with all the appropriate extensions/settings enabled (e.g. uBlock Origin etc) when compared to using FF?
I always thought of Opera as the quintessential engineer's browser. I switched away from Chrome a couple years ago and haven't looked back since. It's fast, has tons of extensions and works well for pretty much everything.
OK so now I'm considering switching my primary work browser to Safari instead of Chrome (I use Firefox for a lot of my general/personal browsing already). The one thing holding me back is development tools. Which has better devtools, Firefox or Safari? (I've tried both several times but always ended up running back to Chrome...)
I don't have an answer to your question, but I would ask: Why not use what you find best for development tools?
Ie, I've switched away from almost everything Google. My phones, my email, my life. Yet, I still have Chrome installed. It has useful features, like development tools, Hangouts (for random free calls), etc.
Is it worth it to purge Chrome entirely? Are we worried about Google as if they're a virus? I'm asking honestly, do we need to be concerned with even having Chrome installed? If not, then I'd argue to keep it installed and use it for the features you need from it, like dev tools. The majority of your traffic will still be on Safari or Firefox, right?
Chrome and other Google softwares, by default will install a system-wide auto updater (Google Keystone[1]) set to run every 5 hours. The Keystone Agent cannot easily be removed, and will reinstall itself on every updates. There has also been an exploit[2] of this auto updater service.
If what you need is Chrome developer's tools, installing Chromium (or building your own, for the paranoid) seems like a much better choice to me.
[1]: Note that it has nothing to do with the google/keystone project on GitHub
However, this won't remove the agent from the system, and I think there's no way to be sure Google won't change this configuration key in an update (or even overriding its value).
I have never tried, but presumably launchd won't run the Keystone agent (although using defaults command can archive the same, if we were to just disable it from running).
The issue is when we want to keep Chrome and maybe other Google apps installed, while _not_ have Keystone, and not letting any Google software reinstall Keystone. In that case, it involve uninstalling Keystone agent, creating GoogleSoftwareUpdate directory then chmod that directory to 000 both in ~/Library/Google and /Library/Google
I believe Chrome itself do invoke Keystone when visiting chrome://chrome to manually check for updates, as it looks like from a forum post[1] (Chrome unable to check for updates after chmod 000'ing GoogleSoftwareUpdateAgent)
Safari is my daily driver, but for Dev work I switched to FireFox because almost 100% of Devs I know just use Chrome for both dev and everything, which is a good way to miss things breaking elsewhere and falling into an IE-like monoculture.
This. I keep Chrome only to test and sometimes use their dev tools though I am also productive with the ones from Firefox. They both have different things to offer.
I personally use Firefox dev tools about 99% of the time. I prefer it to Chrome. It's different from Chrome, but the performance and features are comparable, if not better.
I use Firefox AND Chrome for work. Chrome for development with the dev tools (I don't really mind if Chrome is phoning home to google with URLs like `localhost:8080`, and my local dev sites certainly aren't setting tracking cookies.
I use Firefox with the new Container Tabs feature for everything else (email, JIRA, etc), which is particularly nice as you can have multiple accounts from the same SAAS site open in the same window.
I think Safari dev tools are great; however, I am not heavy into JavaScript, so I can’t comment on those specifics. I think it’s a full-featured as the others for the most part. There hasn’t been anything I’ve needed that Safari doesn’t provide.
I really wish I could use FF for dev, but until they add a "resend XHR" option (vs/ their "Edit and Resend"), it's unusable. I need immediate "resend" and never, ever, edit.
I'd highly recommend running the Firefox 63 beta, they've (finally) fixed some longstanding macOS performance issues and it feels significantly faster than previous releases.
I'm not sure about Safari, but the last time I evaluated Firefox(the initial Quantum release), it lacked the ability to inspect websocket frames. Was a dealbreaker for me and I had to go back to Chrome.
The level of tracking they do is downright criminal. If someone makes a clear effort to avoid tracking and you track them anyways then you're a stalker. I've tried it all and I never use chrome unless I have no other choice. They track you anyways based on behavioral analysis across sites.
The answer is simple: criminalize their behavior. If you think that measure is extreme then you must not be aware of how dire the situation is. You shouldn't have to go through all these hoops and even when you do it's all futile.
A DNT request header should be treated as a digital court ordered restraining order,where violators get prison time(CEOs of the site).
This will solve sooo many problems without eliminating targeted advertising alltogether. A balance in favor of the people needs to be established.
These efforts are commendable but the UI developed around them, particularly the "don't allow/allow", is atrocious and a pale memory of Firefox philosophy of placing control into user's hands. Where is the additional information? Where are the choices? How is the user being tracked? Will the user have to constantly dismiss these dialog boxes?
I started using FF in 2005 exactly because I felt it gave me a way to peek under the hood and customize my browsing experience. For the first time ever the software I was using was truly mine and it empowered me. I even got interested in programming because I was, for example, learning how to write and edit Adblock filters to nix that one persistent page element or using developer tools to sift through page code and extract Instagram images of bikini models. This would never have happened had my curiosity not been piqued by the notion of software made to serve _me_.
Is this how Firefox is going to be from now on? Incessant dialog boxes?
Yes, captchas are broken with vpns. Sometimes, I was not even able to complete the captcha, if you click on the audio option it says to try again later because it thinks you are sending automated requests.
>"Apple and Mozilla are able to push the boundaries on privacy because neither depends on advertising. Google makes most of its money from selling ads."
I am curious will Google at some point push back on Mozilla's efforts here? Isn't the placement of Google search as the default search engine in Firefox a significant source of funding?
Probably part of the reason why they built and maintain Chrome.
Firefox will always have a dedicated user base -- if Google want to be the default search engine on that browser they will have to pay for it otherwise services like Bing will occupy that space.
OP's point is the other way around. They are wondering if Mozilla can afford the financial hit of not getting that money from Google anymore. If Google leaves that space, then Bing won't have real competition here, and will pay substantially less.
Yeah this was my question. It seem like a slippery slope for Mozilla since their patronage comes form one of the biggest sources of the behavior they are endeavoring to guard against with these features.
Google also built Chrome to send people to Google Search and click on ads on the way to their destinations. That's why auto-completion in Chrome is terrible. You will often end up on Google Search rather than the destination site. The ads are now disguised so well that most people probably click on them without realizing that they are ads.
Unfortunately, Firefox is now making a mistake by copying Chrome and mixing search results with URLs in one box. You have to go into the settings to re-enable two boxes (ctrl-l for URLs, ctrl-k for search).
>"That's why auto-completion in Chrome is terrible. You will often end up on Google Search rather than the destination site."
Interesting I have noticed this lately as well. Really bad one character a second latency. This is recent-ish phenomenon no? I don't remember this ever being an issue before.
>"Unfortunately, Firefox is now making a mistake by copying Chrome and mixing search results with URLs in one box"
I completely agree. I wonder if this is why Google removed the home icon by default in more recent version of Chrome? If you take away the search home button there is no delineation between search and typing a URL. Is this another dark pattern?
It has been like that as long as I can remember. I couldn't understand why people were falling for the "Chrome is faster" line when it was wasting everyone's time by sending people to search results instead of URLs like Firefox.
Google Chrome doesn't really let you set a home page other than a Google Search box. Even if you set your home page to a specific URL, opening a new tab doesn't start you on your home page -- you get a Google Search box.
Google's attempt to remove subdomains and hide URLs from users also appears to be part of a plan to force users to become more dependent on search rather than being able to go directly to destinations.
I wonder if Mozilla has something to offer which will let Apple fund them. Because sooner or later Google is going to dump Mozilla. Clearly, Apple has the money and they could probably get some of the regular heat off themselves by moving some of their offshore money back into the US through mozilla.
What I would like is a browser plugin/extension that jails every website in it's own cookie space. That way websites(and all trackers on that website) can only read their own cookies. Is there anything like that out there?
Firefox's Facebook Container was mentioned in the article, and they have a related tool "Multi-account Containers" [0] that I think was mentioned on HN a few days ago. (Haven't tried either of them myself.)
Facebook Container is very nice. It's curated by the development team, so you just install it and now "Pow" your Facebook is inside a Container. Like, if you click your existing Facebook bookmark, or follow an email link to a Facebook post, anything like that, the page is inside the container, but not only are your other tabs not in the container (so they don't share cookies etcetera) even the tab with Facebook in, stops being inside the container if you leave Facebook.
So long as you aren't relying on Facebook to log you into other sites, it's pretty seamless, and any edges (including that one) are consequences of the containerisation itself, they're evidence it's protecting you. For example, I pay for Youtube, so I don't see adverts, but inside the Facebook container Youtube has no idea that's me, so any Youtube videos embedded in Facebook have ads like for other users. If I leave Facebook and play the same video outside, no adverts.
Multi-account containers aren't curated (well, you do the curating) so for non-trivial sites (where they'd be most useful) you can expect to spend time tweaking things to ensure that e.g. MyBank-savings.example is inside the same container as MyBank-account.example and NewBrandFor-MyBank.example as otherwise confusing stuff can happen as the containers isolate things you actually wanted connected.
Firefox has. It screws third party logins and integration (mainly google/facebook logins) and Google’s captchas, which will be way harder than when cookies are shared.
>"It screws third party logins and integration (mainly google/facebook logins) and Google’s captchas, which will be way harder than when cookies are shared."
Could you elaborate on this? Whats the connection between shared cookies and Google's captcha intenstity? Thanks.
In short, Google uses part of its behavioral data to decide beforehand how much of a captcha is needed. With no data at all you get the full blown one.
>"As I noted only recently, Google reCAPTCHA has a 99,3 % global marketshare in CAPTCHA services.
No CAPTCHA reCAPTCHA uses Google’s knowledge and insights about you from tracking you around the web to determine whether you’re a computer or a human; instead of asking you to pass a cognitive tests. Google seem to have reduced confidence in their ability to identify you as a human with reduced tracking and an unusual number of unique users (every website is assigned different tracking/user ID/user instead of sharing the same ID) from your IP address."
Google has literally become a gatekeeper for substantial part of the web. I had not seen that statistic before. I'm surprised this particular point is not discussed more. More recently I have just stopped using captchas when possible. I just won't sign up for the service. I'm not sure how else to fight this. The idea that you should penalized for trying to protect your privacy is truly reprehensible.
Have you tried google profiles. It’s not every website but you can for example organize your browsing habits such as social, entertainment, and work into unique browser profiles at least you can do this in chrome
I tried to switch to Firefox. But the biggest roadblock for me were Profiles. My Google Chrome profiles are so old and useful that I feel handicapped when on Firefox.
Also, does Firefox can I have multiple profiles on Firefox now?
If you don't use a very sophisticated blocking system (for example uBlock Origin in medium mode + pihole) the data is being collected independently of serving ads.
While it will be used for Realtime Bidding and ad-retargeting, the data itself is very valuable in lots of other ways, and even though I am not an expert I fear that in many ways personalized profiles attached to your real world self can already be created and sold to those who want to know more about you.
Even with such a blocking system as described above there will be some data send. So the stricter the User agent, the better for the user. Making fingerprinting more difficult, which is what Safari will do with ITP 2.0, is something that is very important regardless of blocking ads, as first parties want to track you too independent of ads.
>"If you don't use a very sophisticated blocking system (for example uBlock Origin in medium mode + pihole)"
I have a related question to the OP's question - why do you need pihole if you are already using uBlock? What does pihole provide beyond what the uBlock plugin is providing?
2. As blockers don’t have the number of uses that the browsers have, so I have seen websites routinely request to turn them off. However if the protection is built into the browser sites cannot ask users to switch to a different browser, they have to figure something out or suck in less data.
3. It’s also a vote against Chrome and Facebook telling them we really don’t want tracking. Switching away from Chrome is the best way to send a message.
Not if you are using iOS or MacOS with Safari. The ad blocker you install just sends a list of blocking rules to Safari and then Safari implements them. The ad blocker can’t intercept your browsing history.
For now, that might be the case; however, there are a large number of more insidious uses when that data is sold to/shared with third parties (e.g. insurance companies could use that data to increase your rates or deny insurance depending on your web traffic, employers could make inferences based on your data and deny employment, banks could use the data to deny loans or charge increased rates, etc.).
People should care about tracking because even though Google and Facebook may only care about serving ads, they also have to provide information in response to requests from the government. Any tracking information available to a company is de facto available to the government where the company resides, the government just has to go through the extra step of requesting it.
The biggest draw to Chrome is the dev tools. The debugger especially is on par with Visual Studio, may be better, and smooth (too smooth actually, especially the scrolling) whereas Firefox chokes 90% of the time as if it were created by novices. For instance, the break point never works, and if it does, the variable values are undefined. I am using v60 but this has been happening for many versions now. I have never faced a hiccup with Chrome. That said, I use Chrome exclusively for debugging and do general development and browsing exclusively on FF. Only if FF could improve theirs and spare us running two memory hogging browsers simultaneously.
--
As for the topic, I am not sure how much of this is out of genuine concern for the users and how much is opportunistic jabs at the competitor's revenue. Will the jabs lead to hooks and upper cuts and eventual KO? IDK but it seems like we have a nice match on.
> Firefox chokes 90% of the time as if it were created by novices
Hey now, don't be mean…
> As for the topic, I am not sure how much of this is out of genuine concern for the users and how much is opportunistic jabs at the competitor's revenue.
I wouldn't call it a jab at competitor's revenue, but it does make good business sense to extol privacy as a "feature" of your products.
On a philosophical level, yes, intentions matter, not just here but in general. There are ample scenarios where wrong intentions lead to positive results, and they are rightly criticized.
As for this point you have highlighted, its just a comment, thinking out aloud, and not worthy of dissection or having a discussion about.
This point is key here. I switched to FF about 6 months ago and every time I'm showing something to co-workers they will usually remark how unusual it is that I'm not using Chrome. Chrome is the de facto engineer's browser and for good reasons to boot. Here's hoping FF catches up and becomes that some day.