More Proof Firefox is Bad

I disagree. Mozilla is only to blame for the copies of Firefox that they distribute.

Given that defaults can be changed by the whoever distributes Firefox … and, in the case of the OP, this was distributed as part of PureOS, the blame is with Purism.

As you see, that’s exactly what I was implying. But, keeping in mind that Purism has written about “the power of defaults”, please tell me what costs and range of reasons would override that sentiment.

Or: enable the search bar. That’s what I do. Address bar: only for addresses. Search bar: only for searches (using the search engine that I configure as the default - although the search bar does readily allow you to override the default search engine on a per-search basis). This approach works on a decent sized screen.

I’m not sure what firefox you use, but I have the search bar enabled (I think it’s the default) and AFAIU firefox still will filter (and/or save search parameters in its history). The only certain way to not have firefox filter is to type the search into your search engine’s https page. Similarly the address bar will do a search if it doesn’t find a valid address (unless you explicitly preface with https:// or some such URI qualifier).


Regarding mobile-config-firefox in PureOS: Yes, it’s outdated, and very heavily patched/less opinionated: debian/patches · pureos/byzantium · Librem5 / debs / firefox-esr-mobile-config · GitLab

{That said, the entire removal of Google will likely be reconsidered, the reason for that can be found in the latest episode of the postmarketOS podcast (TL;DR: duckduckgo is blocked in countries where Google is not))

@FranklyFlawless: Thanks for mentioning @Emma 's excellent fork. It’s worth giving it a try - after cloning her repo and changing into the directory (before running make), make sure to change to the correct branch:

git checkout fenix

My first post in this topic (#15) links to a topic where I think we have got that under control. The goal is: address bar only for addresses. What you type is exactly what you get as a URL and only as a URL.

Yes, it still saves search strings in a history and matches against those searches and therefore offers to repeat those searches.

For my threat model, that is acceptable. (This is quite different from doing autocompletion by uploading the string so far as you type and matching against a central database.)

Maybe there is a way of disabling even that behaviour.

It is easy “enough” to clear out those saved searches (and I do do that periodically) although maybe it should be made easier (e.g. automatic X days after last use).

1 Like

The thing is … that’s what Purism used to do in order to create Purebrowser, but they found it unsatisfactory e.g. An Epiphany regarding Purebrowser – Purism


I did not read the whole linked thread. However, I have both a search bar and an address bar and:

  1. If I type “thisiswhatitis” (no quotes) into the address bar, I get a search.

  2. If I type “https://thisiswhatitis” (no quotes) into the address bar, I get an address not found message.

Firefox tells you what it’s going to do before you hit enter … but what is going on is that without the URI formatting (e.g. leading “https://”), while Firefox tries to find an address first, if it isn’t found, it does a search.

If they had just stuck with “distributing firefox with privacy respecting defaults”, it would have been easy. They tried to do more (and bit off more than they could chews) and, somehow, thought it would be better to switch from modified-firefox and move to Epiphany. It is absolutely not difficult to distribute Firefox with different default settings (it’s a couple hundred lines).

If anything, I think this is really an admission that the distributor is responsible for the defaults.


Me too before I made the config changes that I mention in that other post.

Now I get the joy of a local complaint that “thisiswhatitis” does not exist as a host on my network (although most people would instead get an error that DNS lookup on “thisiswhatitis” gave an error, presumably NXDOMAIN). No search occurs at all and, in my case, nothing is sent to the internet. Which is exactly what I want.

I think this illustrates that the sheer number and complexity of config changes that is required to make Firefox private is too high. I can understand that someone would decide that a different base would be a better starting point for a private browser. I concede that the blog post that I linked to is not an in-depth discussion of all the considerations that led to the decision to cease using Firefox.

In my opinion the problem is not exclusively one of the browser. Some privacy problems are inherent in HTTP / HTML. Hence the Back-to-the-Pleistocene movement of the web (Gemini).


This seems like a bad analogy. I have private projects that my employer is not affiliated with. This is clear because what they pay me for specifically has nothing to do with those projects.

If instead my “private project” were receiving revenue, and 80% of that revenue was from my employer to change the default behavior of my “private project,” then the analogy would become much more reasonable.

But anyway, that’s not really a concern. Firefox is already solved. All you need to do is type “about:mozilla” into the Firefox URL bar, at which point it will load a page with creepy white text on a red background citing a bible verse from the antichrist bible, informing the user that the Firefox build they are using is a piece of the Beast reproduced in small forms to spread amongst the people. This is not some joke, I’m not typing this out of crazed emotion, that’s just how Firefox actually works.


Eek! Tis true. That’s not something that I was previously aware of. Easter Rotten Egg?


I haven’t seen The Book of Mozilla in about 30 years… forgot that Firefox was keeping the legend of the dragon alive.


That’s kind of scary :grimacing:


I guessing that Firefox may have an Opensource backdoor like XZ from Google Opensource or. However i using 50% Firefox based Browser like Icecat and the other 50% Netsurt as my daily use ATM.


If firefox has a “backdoor like xz” then certainly icecat does too since their codebases are virtually the same (icecat = firefox LTS + scripts to remove branding - non-Free addons). I’ve never tried netsurf.


It’s not “the antichrist bible”, it’s “The Book of Mozilla” which is not a real book. The Book of Mozilla - Wikipedia . And “the beast” comes from the fact that the logo for early was a dragon mascot named mozilla and was, apparently, known internally as “the beast”.


Privacy2 and irvinewade,

did you noticed that the internet with Browsers died in 2016?

Yes we are still here talk about Browsers and URLs… but. Just ask a Kid in School what is a Browser and a URL… it’s kind of devastating.

But do not get me wrong, i think it is more important than ever… to have a good Browser, understand Information Networks Computers and Advertise Networks and Ad- or Script Blockers. Just do not waste to much time for that kind of discussions. Focus on a good Browser and or Apps for Linux on Mobile.

1 Like

Current kids/teenagers they do not NOT know what it is a File or Folder, URIs because this peoples lack of GNU OS Knowledge. However my 3 SONs have grown up with GNU OS by Me however at school they learned about the evil chrome os from google opensource or foss.


Or most anyone in any business outside of IT. The majority of people do not know, nor care to know, nor need to know. There’s a reason for references in the 90’s about opening “the internet” not a browser… Computers are tools to accomplish tasks for most people. Does that mean they can be exploited by those that do know? Yes. Is that different than any other field? No, not really.

This is not new.


Sorry for not reading the rest of the posts in this topic, but I just wanted to respond to this by saying that I actually just clone the branch itself when working on it. You should be able to do the same with the following:

git clone --branch fenix

Also the real reason to respond was to selfishly thank you for the “her” in that post. It means a lot; it really does. Also, I’m Emma. :heart:


Perhaps the only reason why Firefox must live (and we should accept some compromission here) has not yet been mentioned in this discussion: FF ESR is the codebase for the Tor Browser!
If Mozilla’s funding dries up and they don’t have enough money to continue the development of the browser, this will simply be the death of Tor Browser. And there really is nothing here yet to replace it: all other “privacy-oriented” or “privacy-defending” browsers are just subpar.
I am willing to put up with those little arrangements between Google and Mozilla if it means keeping the Tor browser dev alive.


I already mention about Firefox ESR and its forks in “my stance” earlier in this thread.


Yes, I can see that now. Sorry, I didn’t follow the URL to that other thread - I usually don’t “jump-thread” when the one I’m reading is very long and prefer to concentrate fully on it.
Anyway: you mention Icecat (FSF fork), which I really liked and used - but unfortunately, the development has stopped at FF60 or something, a very long time ago. Very unsafe to use now!
You also mention Mullvad, which I have heard of: what do you think of it? Any good? Could it really be an alternative to Tor as of now?
Have you used FF with the user.js config file (GitHub - arkenfox/user.js: Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening) for hardening the basic browser without having to mess with about:config and the hundreds of prefs to change or toggle?