Article update: Firefox Configuration Guide for Privacy Freaks and Performance Buffs

Some slight changes were made to the Firefox Configuration Guide for Privacy Freaks and Performance Buffs. Nothing important, i just removed my Mozilla rant and gave it a dedicated page. Also i added the NoCoin adblock list to uBlock Origin which is a cryptomining blocking filter which you can add to uBlock simply by clicking the link in the description for that repository.

Speaking of cyrptomining, Firefox 67, released today, includes two new options in its 'Privacy & Security' settings; one to block fingerprinting and one to block cryptominers. To my knowledge both of these rely on 3rd party filter lists which are likely pretty rudimentary and therefore i don't recommend enabling these options at this time since the filters used by uBlock are probably much more comprehensive. I need to dig into this deeper to verify how these options work however. It would be great to not have to use Canvas Blocker if the native anti-fingerprinting stuff in Firefox could eventually address all of the important stuff in Canvas Blocker. If anyone has any feedback in this area, please leave a comment.

Update: I think i've confirmed that both of the new fingerprinting and cryptomining prefs in FF v67 rely on lists. If we look at browser.safebrowsing.provider.mozilla.lists in about:config, here's the value of that preference:

base-track-digest256,mozstd-trackwhite-digest256,content-track-digest256,mozplugin-block-digest256,mozplugin2-block-digest256,block-flash-digest256,except-flash-digest256,allow-flashallow-digest256,except-flashallow-digest256,block-flashsubdoc-digest256,except-flashsubdoc-digest256,ads-track-digest256,social-track-digest256,analytics-track-digest256,base-fingerprinting-track-digest256,content-fingerprinting-track-digest256,base-cryptomining-track-digest256,content-cryptomining-track-digest256,fanboyannoyance-ads-digest256,fanboysocial-ads-digest256,easylist-ads-digest256,easyprivacy-ads-digest256,adguard-ads-digest256

In there we see base-fingerprinting-track-digest256, content-fingerprinting-track-digest256, base-cryptomining-track-digest256 and content-cryptomining-track-digest256.

I don't know what lists Firefox is using, but given that Mozilla tries to not break a lot of websites with these privacy options, they are probably rudimentary as i said earlier and so, again, i do not recommend enabling those two options if you're using uBlock. The same goes for all of the Content Blocking options with the exception of cookies and how that should be set depends on how uMatrix is set up and whether you're using the Site Bleacher add-on.

New article: The Mozilla Monster

I have little (and not so little) rants about Firefox and Mozilla tucked into the crevices of several articles and posts and so i decided to consolidate. The Mozilla Monster is now my official watering hole for everything i hate about the Mozilla Foundation… or at least strongly dislike… or question. Don't get me wrong, i still use and recommend Firefox, but i think it's days are numbered.

Article update: Firefox Extensions – My Picks

I added Smart RSS Reader to the article, Firefox Extensions – My Picks.

Ever since Mozilla moved to the WebExtension API my once favorite news feed reader, Newsfox, became obsolete and apparently the developer had no plans to port his extension. I've been looking for a suitable replacement since then and in the process i have tested many feed reader add-ons for Firefox, none of which i really liked. Feedbro is currently the most popular, feature rich and capable, but i don't like the developers ethics. For starters he uses an 'All Rights Reserved' license and refuses to publish the code on a suitable platform, such as GitLab. Also the only support option he offers is email. Lastly, the last Feedbro update was a total disaster in that the reader became the equivalent of an image; in other words, nothing worked and nothing could be clicked. I run a hardened Firefox with a lot of privacy and security enhancements and i have to wonder what this developer is doing that conflicts with my security/privacy settings.

Smart RSS Reader by 'zakius' is a newcomer that was first released on AMO in February, 2019, but it it works fairly well as a basic 3-pane feed reader and the developer is friendly, open to suggestions and very active in its development with over 800 commits. If you're looking for a decent feed reader, check it out. It's getting better by the day and the code is on GitHub.

The Mozilla Monster

My admiration for Mozilla and its flagship product, the Firefox web browser, continues to diminish over the years. To understand why i have lost a huge amount of respect for Mozilla as a company, we'll explore what Mozilla is and some of the controversial activities it has engaged in.

Many of us probably tend to associate the free, open-source software (FOSS) community with individuals or small organizations that selflessly give away their work expecting little or nothing in return, however this perception is wildly inaccurate in the case of the Mozilla Foundation which rakes in hundreds of millions of dollars annually. The vast majority of this revenue is generated as a result of Mozilla's partnerships with various ethically challenged and proprietary search engine companies such as Google, Yahoo, and others (you can read more about this in the article, Firefox Search Engine Cautions, Recommendations). As a result of Snowden, many of the masses are now painfully aware that these corporations track our web activities and sell the collected data to advertisers, governments, intelligence communities and who knows who else or for what other purposes. Other nefarious Mozilla partners have included Microsoft, Telefónica, LG Electronics, Sony, Verizon and Cisco. These kinds of partnerships could hardly be more at odds with statements Mozilla has made in its manifesto, including "Committed to you, your privacy and an open Web" and the current "Mozilla puts people before profit". How can Mozilla claim to be a privacy and free speech advocate while cultivating relationships with a laundry list of companies who have little or no regard for privacy and free speech?

The Mozilla Foundation is a non-profit that owns the taxable subsidiary, Mozilla Corporation. The Foundation was launched in 2003 with financial and other assistance from AOL and the Mozilla Corporation was created two years later. It is the latter that controls the source code for Firefox.

I started using Firefox around the time version 1.0 hit the streets in 2004 during which it enjoyed a small but devoted audience comprised of people who appreciated its customization capabilities. Indeed it was very hackable browser in that almost every element of its graphic interface as well as its core functionality could be extensively modified. While Firefox still remains one of the most customizable web browsers, Mozilla began restricting what users and add-on developers could do with the adoption of the Web Extension API in 2015 and the release of Firefox Quantum in 2017.

The release of Quantum presented a very different graphic interface which was styled to look remarkably similar to Google Chrome and this caused quite a stir in the Firefox community. The uniqueness of Firefox was lost in the minds of many upset users who preferred Firefox because it wasn't Google Chrome. The fallout continued as Mozilla caused several non-trivial headaches for add-on developers by changing the API (Application Programming Interface), eventually settling on the Web Extension API which is far less capable then the older XUL/XPCOM API, albeit less risky as well. As a result many add-on developers tossed in the towel in frustration and thus the community suffered yet another hit with the loss of their work. Further controversy would soon follow.

It has become quite apparent to me that the goals of the Mozilla Foundation clash with the ethics of some of the developers writing code for Firefox. While at least a portion of the developer community has a strong regard for user privacy, decisions at the corporate level have made it abundantly clear they are quite willing to sacrifice privacy in return for financial gain and market share. Some of these decisions have resulted in well deserved and severe backlashes from the community and it seems management is rather incapable of owning up to their mistakes. I think the driving force behind many of the poorer decisions is the perceived need to compete with Google Chrome which is by far the most popular web browser at this time (note that 'popular' does not equate to 'good').

Another issue that has caused numerous concerns regarding the ethics of Mozilla is the fact that Firefox has long shipped with several 'system add-ons' which are installed by default and without user permission. Worse, these add-ons do not appear in the extensions management interface (about:addons) and therefore there is no obvious way for the average user to disable or remove them, or even be aware they're installed at all in some cases. These system add-ons have been used for highly controversial purposes, including the mass collection of user data.

Let's take a look at a bit of the darker side of Mozilla's history…

2014Mozilla CEO resigns over anti-same-sex-marriage controversy

Just ten days after taking the job, Brendan Eich has resigned as CEO of Mozilla after sparking outrage over his donation to an anti-same-sex marriage campaign.

In 2008, Eich donated $1,000 to California's Proposition 8 campaign. Prop 8 was a ballot initiative that sought to make same-sex marriage illegal in the state. News of Eich's donation was first made public in 2012, but attracted a new wave of attention last week when Eich was promoted to CEO from his previous job as chief technology officer.

There is actually a lot more to this story than meets the eye and frankly i find it a little odd that a donation to Prop 8 by Eich, who co-founded Mozilla, would be used against him six years later. Nevertheless, this incident upset many users but i would submit that their reasons were not entirely justified.

2014Mozilla Firefox's 'Sponsored Tabs' Stir up Controversy

Mozilla, the maker of the popular web browser Firefox, recently announced that it still plans to follow through on its controversial plan to sell advertisements on "sponsored tabs."

Mozilla's original plan, introduced in February, called for new "Directory Tiles" to be added on a new tab for new users. In the past, these tiles were left blank until they were customized with recommendations based on a user's browsing history. Mozilla planned to sell these tiles to companies as sponsored ads, much to the chagrin of Firefox users.

[…]

In other words, Firefox plans to sell ad space on its tabs to monetize its user base of over 450 million users, who account for 17% of all web browsers used worldwide.

2015Mozilla responds to Firefox user backlash over Pocket integration

The complaints center around the fact Pocket is a proprietary third-party service, already exists as an add-on, and is not a required component for a browser. Integrating Pocket directly into Firefox means it cannot be removed, only disabled.

2017Mozilla Says It is Raising Privacy Awareness By Violating Privacy of Users

Mozilla's latest Firefox release is better than Google Chrome, both in terms of speed and violating user's privacy.

[…]

As Drew pointed out, this extension is actually an alternate reality Game. This extension will invert text that matches a list of Mr. Robot-related keywords like "fsociety", "robot", "undo", and "fuck", and does a number of other things like adding an HTTP header to certain sites you visit.

While this might sound fun, doing it without end user's consent is a borderline privacy violation.

Let's be very clear here; what the corporate clowns at Mozilla did when they partnered with Mr. Robot for advertising purposes and forced the Looking Glass add-on on its users as part of that fiasco, was not "a borderline privacy violation", it was a flagrant violation of user privacy and trust, period. Ignoring the fact that these 'systems add-ons', 'experiments' and 'Shield Studies' are often enabled by default, manipulating HTTP headers for certain websites as the Looking Glass add-on did, was not only possibly breaking web standards, it was making Firefox uniquely identifiable. That they did this without warning users, some of which may have implemented precautions precisely to guard against such concerns, is unforgivable. The community backlash was immediate and widespread. As a result of the beating they took, Mozilla removed the add-on in the following version of Firefox and reworked their 'Shield Study' rules. The Looking Glass add-on is still available on AMO however where, as of this writing, 17 people gave it a 5 star rating and 52 a 1 star rating (make that 53 since i just dropped my two cents). Following are some of the comments left by disgruntled users…

Mozilla is not better than Google. It's maybe worse, because we expect it from Google but not from Mozilla. Mozilla has no ethics.

And…

Until today I thought that Mozilla's ethics would forbid this kind of action; indeed, it's the kind of thing I thought Mozilla would actively campaign against. I guess I'm disillusioned now.

I'm also concerned that Firefox is, on a technical level, able to install add-ons without explicit user/administrator approval. This seems like a MAJOR security vulnerability to me.

And…

This blunder is astonishing. It's not just that Mozilla installed it without permission or notification; it's also the implication that the company doesn't understand why this was a mistake. The apologies I've seen so far amount to "We're sorry we got caught. We didn't know better."

I don't like Chrome. And today I don't like Firefox. I have used Firefox from when it was Phoenix version 0.67. Last night I downloaded Vivaldi and Opera, and I will check them out.

2017Mozilla to launch Firefox Cliqz Experiment with data collecting

Mozilla notes that it is necessary to transfer address bar content to Cliqz servers to power the functionality. This means, essentially that anything that is entered into the address bar, either automatically or manually, is transferred to Cliqz.

In other words, users who are selected for participation are opted-in automatically in the data collecting.

2017The Mozilla Information Trust Initiative: Building a movement to fight misinformation online

Today, we are announcing the Mozilla Information Trust Initiative (MITI)—a comprehensive effort to keep the Internet credible and healthy. Mozilla is developing products, research, and communities to battle information pollution and so-called 'fake news' online. And we're seeking partners and allies to help us do so.

So the company that is committed to an open web wants to influence what news people read. Mozilla lists a few potential partners they'd like to work with in this venture including one of the kings of mainstream news bias and propaganda, The Wall Street Journal, whom Mozilla sees as a "credible news-gathering organization". I have also seen an influx of 'fake news' detection add-ons in the AMO repository being developed by companies, including The Self Agency, LLC and Trustie, and many of these add-ons are warning users when they visit highly creditable websites run by battle scarred, independent, investigative journalists.

As Mozilla correctly recognizes, there is indeed a massive amount of misinformation, disinformation and heavily biased information floating around on the web in the alternative news scene, however they conveniently ignore the fact that some of the most dangerous offenders are the mainstream new corporations which they want to partner with, including those that promoted the invasion of Iraq, Syria and Libya and are currently frothing at the mouth over the nuclear weapons that Iran doesn't posses and how terrible the elected president of Venezuela is because he's not another puppet of the U.S.. The solution to this problem is not censorship and revenue generation under the transparent guise of community service, but rather to educate people on how to identify unreliable news sources which obviously Mozilla is in no position to do given its desire to partner with those same sources.

2019Firefox caves to pressure, to shut down controversial screenshot upload feature

Mozilla has positioned Firefox as the champion of privacy and independence on the internet but appears to be increasingly at risk of losing the trust of users.

The latest controversy regarding the company is its implementation of the screenshot feature, which uses clear dark patterns to trick users into uploading screenshots to their online screenshot gallery screenshots.firefox.com, which promoted but does not require the use of your Firefox Account.

2019Mozilla apologizes for recent add-on disabling issue and provides details

The last week has not been great for Mozilla. Last Friday, reports started to come in from around the world that installed add-ons would not verify anymore and were disabled as a consequence. Users could not download and install add-ons from Mozilla AMO anymore either.

Latest figures show that about 60% of Firefox users install add-ons in the browser; any issue affecting 60% of the user base, especially when it comes to personal choices made by those users, is as critical as it gets.

I was one of the millions of victims of this stupidity upon which i elaborated in the post, Mozilla showed me what the interwebs look like and now i have mad cow disease.

The future

Meanwhile the market share for Firefox continues to sink like a lead balloon. I don't think the hardcore audience that has stuck with Firefox through the years cared much about how popular it was, but like any corporate behemoth, what the users care about is of secondary importance; growth, market share, revenue and other useless corporate statistics seem to be the primary drivers of the Mozilla Foundation and i think this has caused the gap between Mozilla and its user base to widen even further. I know it has for me. The question is, how much more self-inflicted blow-back can Mozilla handle before it is forced to end development of Firefox entirely? I think Mozilla has pissed off enough people and stabbed its users in the back enough times that the demise of the Firefox brand is imminent absent a radical shift in corporate overlord ethics. That said, i still use and recommend Firefox because i think it is better suited to security and privacy hardening than anything the mainstream competition has to offer, at least for the time being.