PPS Possibly a better approach to Firefox default settings would be that you can choose between High, Medium and Low security/privacy defaults - and changing the set of defaults would change every individual setting that has not already been overridden explicitly by the user.
So on a brand new computer, I would choose High - and then have to make fewer explicit changes to individual settings before I use the computer.
Firefox already does that for Enhanced Tracking Protection, but what I assume you want is more like how Tor Browser’s Security Level slider works. @pyllyukko’s user.js GitHub repository has two branches for those who prefer a hardened or relaxed configuration:
The answer is using multiple browsers for browser fingerprint isolation. I use google chrome for google accounts, facebook logins, and other big tech accounts. I use brave browser for other persistent logins. I use librewolf for temporary logins. I use yet another browser for simple searching without login. I also use hardened firefox when librewolf doesn’t work well. I use tor browser for circumventing VPN censorship or geographical censorship. Use ad blockers in browsers that support ad blockers.
Combine browser fingerprint isolation with VPN. Even if VPN servers are watched by ISP, traffic timing analysis is going to be an expensive manual targeted attack that requires human brain, and the destination websites will not know your real IP address. If you physically roam on mobile networks, then you don’t need VPN because mobile networks are like VPNs.
Sandbox web browsers in firejail or apparmor. Firejail is easy. Web browsers are going to execute arbitrary untrusted remote javascript code. Some people criticize firejail for being a relatively large SUID binary, but its threat model is preventing user applications from having full user rights which are essentially root. firejail is also not much larger than ping which is another SUID binary.
Bubblewrap is smaller than firejail and is not a SUID binary, but it can’t choose a network namespace or do other privileged operations because it is not SUID.
It’s weird that this thread was forked from a reply on one of my posts, and now it looks like I took the bait and weighed in on this topic out of nowhere… not quite my style.
But yes, I agree. Can’t just believe everything you hear – and I haven’t really seen anything to give me reason to believe Firefox is doing things that I wouldn’t be happy about. Even the woke comment, was just something I heard and don’t know first-hand. I couldn’t name a thing they’ve done that could be considered woke.
I was more so being polite and replying to someone on a post I made. Wasn’t trying to open any doors!
Firefox tracks you with “privacy preserving” features
Mozilla for quietly enabling a supposed “privacy feature” (called Privacy Preserving Attribution) in its Firefox browser. Contrary to its reassuring name, this technology allows Firefox to track user behaviour on websites. In essence, the browser is now controlling the tracking, rather than individual websites. While this might be an improvement compared to even more invasive cookie tracking, the company never asked its users if they wanted to enable it. Instead, Mozilla decided to turn it 0n by default once people installed a recent software update. This is particularly worrying because Mozilla generally has a reputation for being a privacy-friendly alternative when most other browsers are based on Googles Chromium.
Firefox follows Google? With a recent Firefox v128+ update, Mozilla seems to have taken a leaf out of Googles playbook: without directly telling its users, the company has secretly enabled a so-called “Privacy Preserving Attribution” (PPA) feature. Similar to ‘Googles Privacy Sandbox’, this turned the browser into a tracking tool for websites. The idea: instead of placing traditional tracking cookies, websites have to ask Firefox to store information about peoples ad interactions in order to receive the bundled data of multiple users.
Less invasive is still invasive. In this sense, Mozilla claims that the development of “privacy preserving attribution” improves user privacy by allowing ad performance to be measured without individual websites collecting personal data. In reality, part of the tracking is now done directly in Firefox. While this may be less invasive than unlimited tracking, which is still the norm in the US, it still interferes with user rights under the EUs GDPR. In reality, this tracking option doesnt replace cookies either, but is simply an alternative way for websites to target advertising.
Tracking by default, no information. To make matters worse, Mozilla has turned 0n its “privacy preserving attribution” by default. Users have not been informed about this move, nor have they been asked for their consent to be tracked by Firefox. The feature isnt even mentioned in Mozillas data protection policies. The only way for users to turn it 0ff is to find the opt-out function in a sub-menu of the browsers settings.
Better call it a spyware. Thanks for letting me know that mozilla wants to make firefox track users and then shape their behavior based on tracking data.
User tracking is usually done to understand users and then shape their behaviors. It’s about social engineering. If you don’t understand users, you can’t shape their minds through targeted solicitations.
Youtube recommended videos are based on tracking data. Search results might also be based on tracking data.
I still use firefox among many other browsers because I want to implement browser isolation. My firefox is hardened enough.
Ubuntu has a little more Compassion for its Users as far i know than the Evil Fedora, it is possible that Ubuntu would have disabled that option in a mandatory way.
I think increasing privacy violation is a philosophical problem. You can describe such problems endlessly without finding a solution.
We should focus on solutions intead of problems. We will waste a lot of time if we focus on problems instead of solutions.
Purism cannot offer philosophical solutions to philosophical problems. It can only offer technical solutions.
It’s good to know that firefox will probably increase privacy violation, but it is not productive to describe the problem in lengthy details. Just knowing the gist is sufficient.
The technical solution would be to ship a hardened browser in pure os.