PPS Possibly a better approach to Firefox default settings would be that you can choose between High, Medium and Low security/privacy defaults - and changing the set of defaults would change every individual setting that has not already been overridden explicitly by the user.
So on a brand new computer, I would choose High - and then have to make fewer explicit changes to individual settings before I use the computer.
Firefox already does that for Enhanced Tracking Protection, but what I assume you want is more like how Tor Browser’s Security Level slider works. @pyllyukko’s user.js GitHub repository has two branches for those who prefer a hardened or relaxed configuration:
pyllyukko/user.js - GotHub (on my GotHub instance)
The issue with @pyllyukko’s approach is the maintenance required for each Firefox release.
The answer is using multiple browsers for browser fingerprint isolation. I use google chrome for google accounts, facebook logins, and other big tech accounts. I use brave browser for other persistent logins. I use librewolf for temporary logins. I use yet another browser for simple searching without login. I also use hardened firefox when librewolf doesn’t work well. I use tor browser for circumventing VPN censorship or geographical censorship. Use ad blockers in browsers that support ad blockers.
Combine browser fingerprint isolation with VPN. Even if VPN servers are watched by ISP, traffic timing analysis is going to be an expensive manual targeted attack that requires human brain, and the destination websites will not know your real IP address. If you physically roam on mobile networks, then you don’t need VPN because mobile networks are like VPNs.
Sandbox web browsers in firejail or apparmor. Firejail is easy. Web browsers are going to execute arbitrary untrusted remote javascript code. Some people criticize firejail for being a relatively large SUID binary, but its threat model is preventing user applications from having full user rights which are essentially root. firejail is also not much larger than ping which is another SUID binary.
Bubblewrap is smaller than firejail and is not a SUID binary, but it can’t choose a network namespace or do other privileged operations because it is not SUID.
Librewolf has been great for me for opening something like a link from an email.
It’s weird that this thread was forked from a reply on one of my posts, and now it looks like I took the bait and weighed in on this topic out of nowhere… not quite my style.
But yes, I agree. Can’t just believe everything you hear – and I haven’t really seen anything to give me reason to believe Firefox is doing things that I wouldn’t be happy about. Even the woke comment, was just something I heard and don’t know first-hand. I couldn’t name a thing they’ve done that could be considered woke.
I was more so being polite and replying to someone on a post I made. Wasn’t trying to open any doors!
Mozilla for quietly enabling a supposed “privacy feature” (called Privacy Preserving Attribution) in its Firefox browser. Contrary to its reassuring name, this technology allows Firefox to track user behaviour on websites. In essence, the browser is now controlling the tracking, rather than individual websites. While this might be an improvement compared to even more invasive cookie tracking, the company never asked its users if they wanted to enable it. Instead, Mozilla decided to turn it 0n by default once people installed a recent software update. This is particularly worrying because Mozilla generally has a reputation for being a privacy-friendly alternative when most other browsers are based on Googles Chromium.
Firefox follows Google? With a recent Firefox v128+ update, Mozilla seems to have taken a leaf out of Googles playbook: without directly telling its users, the company has secretly enabled a so-called “Privacy Preserving Attribution” (PPA) feature. Similar to ‘Googles Privacy Sandbox’, this turned the browser into a tracking tool for websites. The idea: instead of placing traditional tracking cookies, websites have to ask Firefox to store information about peoples ad interactions in order to receive the bundled data of multiple users.
Less invasive is still invasive. In this sense, Mozilla claims that the development of “privacy preserving attribution” improves user privacy by allowing ad performance to be measured without individual websites collecting personal data. In reality, part of the tracking is now done directly in Firefox. While this may be less invasive than unlimited tracking, which is still the norm in the US, it still interferes with user rights under the EUs GDPR. In reality, this tracking option doesnt replace cookies either, but is simply an alternative way for websites to target advertising.
Tracking by default, no information. To make matters worse, Mozilla has turned 0n its “privacy preserving attribution” by default. Users have not been informed about this move, nor have they been asked for their consent to be tracked by Firefox. The feature isnt even mentioned in Mozillas data protection policies. The only way for users to turn it 0ff is to find the opt-out function in a sub-menu of the browsers settings.
Time to go for Ladybird Browser
Directly related topic:
Strangely, that setting is “off” and “greyed out” for me i.e. I can’t even turn it on (not that I want to).
I wonder if there’s more to the story here.
Calling firefox a malware is a bit misleading.
Malware includes viruses which firefox is not.
Better call it a spyware. Thanks for letting me know that mozilla wants to make firefox track users and then shape their behavior based on tracking data.
User tracking is usually done to understand users and then shape their behaviors. It’s about social engineering. If you don’t understand users, you can’t shape their minds through targeted solicitations.
Youtube recommended videos are based on tracking data. Search results might also be based on tracking data.
I still use firefox among many other browsers because I want to implement browser isolation. My firefox is hardened enough.
If you are using upstream mobile-config-firefox, their policies.json has changed the value to false and marked the status as locked:
postmarketOS has since archived that GitLab repository.
I was a bit aggressive, but it may falls into the Malware category already.
No, sorry, this is Firefox 131 on a desktop and I don’t have that package. I’ll have to look more closely.
It’s an interaction with
Firefox Data Collection and Use
☐ Allow Firefox to send technical and interaction data to Mozilla
Once you turn that off, it also turns off and locks
Website Advertising Preferences
☐ Allow websites to perform privacy-preserving ad measurement
Ubuntu has a little more Compassion for its Users as far i know than the Evil Fedora, it is possible that Ubuntu would have disabled that option in a mandatory way.
Right, I forgot changing that setting does that.
This post was flagged by the community and is temporarily hidden.
This post was flagged by the community and is temporarily hidden.
This post was flagged by the community and is temporarily hidden.
I think increasing privacy violation is a philosophical problem. You can describe such problems endlessly without finding a solution.
We should focus on solutions intead of problems. We will waste a lot of time if we focus on problems instead of solutions.
Purism cannot offer philosophical solutions to philosophical problems. It can only offer technical solutions.
It’s good to know that firefox will probably increase privacy violation, but it is not productive to describe the problem in lengthy details. Just knowing the gist is sufficient.
The technical solution would be to ship a hardened browser in pure os.
Purism already attempted to do that years ago:
The migration to Epiphany has been less about enlightenment and more about development hell.