Firefox

Let be begin by saying: Selectively blocking Javascript is essential for online privacy.

Fundamental idea

• Javascript is needed for way too many websites to load correctly
• Websites often dont only use their own Javascript to display their own menus etc. but they load tons of external Javascript.
• There is often way more Javascript that you can block than what you need
• No "privacy browser" can protect you if you dont invest the work of blocking Javascript per origin
• there are many origins that just serve bullsh*t so you can always block them
• browser sandboxes, process isolation etc. is only needed because of Javascript or CSS exploits
• there are hacks that work through CSS only, but they are rare
• this is why browser isolate every website in a process. They isolate these processes from the system with strict filters and sandboxes

Sum up

Javascript is a technology used to display fancy websites, moving parts, responsive interfaces etc.

It is executed code, in your browser. Unlike normal applications, the code comes from random places on the internet, and is often malicious.

This is why browsers need to be so secure.

Many developers bundle random 3rd party javascript into their website, mostly for capitalist "get some more cents" purposes.

This is what a shitty website looks like (and yes it runs perfectly fine after blocking all that)

This means often: the website, AND the developers of the javascript will both get your personal data.

If you block Javascript, you avoid 99% of security issues, and automatically block most trackers.

Websites cannot place cookies in the browser, if you block javascript!

Some things to know

• Google reCaptcha is a nasty difference, as it requires many origins at once. NoScript has the "allow all Javascript on this tab" for this purpose
• some sites may load fine without Javascript, but menus dont work.

Setup of NoScript

Install the Addon and go into its settings.

per site permissions

It has some very loose, "security only" settings, so most of "Big Tech" is trusted by default. If you dont use it, set it to "untrusted".

general settings

Here you can select what "default", "trusted" and "untrusted" do.

Default

• I change it to "block all". Most websites dont load with the default settings anyways
• if you set "noscript", websites can see that "your browser does not support Javascript". This may cause them to display a no-js website, but that is really rare.
• The "noscript" makes you stand out from the crowd very likely. There are other methods to check if you support javascript, like just trying to run it.

Trusted

• I enable everything but these:
  • ping: pretty shady stuff, thanks @leanleft@lemmy.ml
  • noscript: you support Javascript so not useful
  • LAN: block requests to your local network, should not be needed in most cases
  • unverified CSS: important blocking this is more secure (see above, CSS-only exploits are possible) but drastically slows down the speed of your browser
  • other: better not enable random other Javascript types

Untrusted

• block everything
• maybe allow noscript (see above)

See the explanations for all Javascript variants here

Workflow of NoScript

I think the author didnt really consider the implications, so these loose settings make little sense.

NoScript makes most sense for "goodness enumeration". By default, all Javascript is blocked.

At the beginning it may be annoying, but it will become less and less work:

1. Open a website
2. It likely doesnt load
3. Click on the NoScript icon
4. Set the Javascript of this Website to "trusted"
5. NoScript automatically reloads the site
6. maybe: Repeat, you may need to allow CDNs, image hosts etc.

Once you did this to all your commonly visited sites, only new ones will need manual configuration.

This approach becomes less effort over time, unlike badness enumeration, which gets more and more.

(I thought about giving you my 2 years old configuration as a headstart, but it is basically my browsing history. I would be interested in sharing a config on some Git host though, as this makes starting with NoScript way more pleasant)

Background on "badness enumeration"

Adblockers use something called "badness enumeration".

Example of badness enumeration:

• Adblockers: allow all content to load, block a, b and c ONLY
• Malware scanners: allow all code to execute, but block hashes a, b, c
• Some Firewall Blocklists: allow all incoming traffic, but block all IPs coming from Russia

The system is fundamentally flawed, as

1. The authors of blocklists always need to be perfectly up to date
2. Once a new malware/site/ad comes out, it will stay unblocked for a while
3. It assumes every user needs the same
4. It needs always growing filterlists and malware databases, that get bigger and bigger

Avoid badness enumeration when possible. Btw, NoScript likely also blocks many Ads on websites.

Firefox 126.0.1, Fairphone 5, Android 13

I keep accidentally tapping it when trying to tap at the end of the address to edit it. Currently this is my biggest struggle with Firefox.

I have the an extension installed for Firefox and I see the green dot under my extension menu on every website visit and everytime I reload a website indicating that it asks for permission to read data on that website again. When I hover over it it tells me that I can allow it for this visit and the cog wheel menu has the option "only when clicked" for "extension can read and write data" ticked. Clicking on that option does nothing.

How do I give the permission permanently? It's annoying to have to click that everytime.

Screenshot from phone, but same warning message when i do it on my computer.

I have my bookmarks, history, etc. saved on my computer (in the firefox profile folder). But i'm afraid firefox may delete my data once i reset my password. If not, will firefox sync my local data to their cloud after pw reset?

How reliable is this? Is it VoIP based or actual phone numbers that will be accepted everywhere?

Does fennec get around this?

So I've been using Firefox's container function for a while now and recently discovered the multi account container extension. What does this add over the built in containers? I've seen a lot of people say they need multi account containers but are disappointed that it's an extension so I'm curious what it adds.

Sometimes I'll be browsing Firefox and things go wrong seemingly at random - all pages load indefinitely or show a screen indicating failure to load. This can be fixed by running pkill firefox and then starting a new instance. A look at Dev Tools shows that all requests fail and a message NS_BINDING_ABORTED is shown. I have looked up "firefox NS_BINDING_ABORTED" but none of the results 1 2 3 4 5 6 7 provided any solution.

Does anyone here know more about this issue?

Firefox version information:

Firefox Borwser 126.0

Mozilla Firefox for Arch LInux

archlinux - 1.0

After some searching, it looks like I need to disable all hardware acceleration ? How can I disable only the minimum amount of stuff ?

cross-posted from: https://lemmy.ml/post/16193001

due to reasons I only have my tbb/ff bookmarks saved as jsonlz4 files, 10 backups.

Ideally, I could recover all those including the structure, but Id settle for the urls (and hopefully the names).

thanks

If I want to opt out, I can only opt out by disabling all usage telemetry according to the official doc https://support.mozilla.org/en-US/kb/share-data-mozilla-help-improve-firefox . That means that my usage habits and the usage habit of all people that do not want to share their search terms with firefox, i.e. all somewhat privacy interested people is just thrown into the void. For future browser decisions, this means that the browsing behavior of a whole group is neglected. This makes me sad.

I mean this context menu

I have been playing around with pwa-like experiences, and as part of that I tested "kiosk mode".

For those who don't know, you can start a "kiosk window" with the command firefox -kiosk --new-window <url>, which will open that url in fullscreen without a titlebar, right click menu, any overlays like the link preview or loading text, ...
I cancelled the fullscreen flag of my window, and had a resizable fully functional website in a frameless window.

Which was great and all, until I realized that in my running profile now every newly opened window is also in kiosk mode, and right click was globally disabled. My running firefox instance has been infected by the kiosk disease.

Anyway, it's not a large issue, I can just restart my infected instance. But I hate restarting my browser, it usually runs for multiple months.

My question is, is it possible to leave kiosk mode without restarting firefox?

Folks I downloaded bypass paywall clean d here and am trying to set it up (on android, mull). After I had to remove the old one, yknow.

I enable the debug menu, click install extension from file but then idk what I'm doing wrong. I did extract the file but nothing seems to work?

Would appreciate any help, thanks!

I don't like it when I go back to a tab and it reloads.

For whatever reason, I want tabs to stop changing. I don't want the to reload from their javascript and I don't want the tab content to be deleted by the automatic discard (to save memory)

If firefox decides to free memory, it should dump tab data and tab state to disk, not delete and reload from the website later.

Sometimes the website won't exist later.

Somewhat related but this one is hard : Some website dynamically delete content after you've scroll past it (firefox) this means even if you scroll to the "true" bottom, you can't ctrl+f search and you can't freeze the page and read it all at your leisure and preserve it for later.

Currently my solution is to video screen capture the whole tab while scrolling slowly, this is quite a ridiculous step to take but apparently the only option to keep our data !?

launched a new extension and now marketing site to pair - hope yall like it

I deal with a lot of VMs for varying purposes, and it seems frequent that my purpose for opening firefox is derailed by some kind of nag. For example, I frequently get the "you haven't used firefox in a while" in vms that I rarely use firefox and have to go disable the "meta refresh" option in the "about:config".

Now, I've started seeing this one... it's not even one of the passive banners but a full-page stop-the-world w/ semi-transparent background and right-click prevention.

Before I invest too much time trying to figure out how to disable these, or templating profile options en-masse, or the like... I thought I might ask... is there a way I can tell firefox that I only want it to only be a web-browser? i.e. an effective tool and not an attention sink or exciting video-game-like challenge of exploration and closing popups and suggestions while trying to remember why I launched it.

Somewhat relatedly, there is some kind of irony with firefox prominently offering to copy a URL without tracking for other sites, but when it is their own ad (however benign it might seem) that they disable right-clicks and load up on the trackers. The above button links to:

• https://support.mozilla.org/en-US/kb/switching-devices?utm_source=spotlight-default&utm_medium=firefox-desktop&utm_campaign=migration&utm_content=new-device-in-your-future&entrypoint=device-migration-spotlight-experiment-v2&utm_term=aboutwelcome-default-screen&as=u

TLDR: I want to easily have a bunch of tabs somehow synchronized on both my desktop and mobile devices and in different groups. Safari and other iOS browsers haven't worked well for me.

This has actually been a hard problem I've been trying to solve for over 2 years now. Despite having used Firefox as my main browser the whole time, I had relied on Safari to sync tabs between my MBP and iOS devices since the UX for opening desktop tabs in the Firefox mobile app is really clunky: you have to do lots of taps and to get a list of tabs and you can only open one at a time, to open just one tab you have to do the whole dance all over again (this was from last time I tried it months ago, is it any different now?).

The problem with Safari is that lose a whole bunch of tabs can suddenly disappear open on all devices, replacing the pages with blank tabs, you can image how pissed off I was at that. I tried a bunch of iOS browsers, but none of them came close to having a UI as good as Safari in my opinion, and honestly iOS Safari feels much nicer than Firefox. Later I found Orion, but if I have many tabs open, the browser lags really hard on my M1 iPad Pro and iPhone 14 Pro Max, when all of them except for the current tab are unloaded. I don't get why mobile browsers are generally unpolished compared to desktop ones.

I was opposed to read it later apps like Pocket and Omnivore, because I can't open a bunch of pages quickly and switch between them, like I can with browser tabs, but I think I have to suck it up. I could use the Omnivore iOS app and have a tab open on Firefox desktop, to save page and open them in the browser by default, and it has labels which I can filter pages by, since I like to have pages or tabs in groups like Safari Tab groups.

Having long lists of pages wouldn't lag, or suddenly disappear, and I can mark the pages as read when I'm done with them. I wonder if anyone has any thoughts on this or have other ideas that might work better.