Firefox Icon

Firefox

Firefox is an open-source web browser developed by Mozilla.
30 Stories
All Topics

Marcel Klehr floccus.org

Sync bookmarks privately across browsers with a server of your choosing

Marcel Klehr:

Remember Xmarks? It was great. Floccus does the same thing and even allows you to sync with whatever server you want: any Google Drive, any Nextcloud, any WebDAV server. With more backends in the works.

Floccus has extensions for Chrome (and its derivatives), Firefox, and Edge browsers.

Mozilla Icon Mozilla

Firefox 85 cracks down on supercookies

supercookies can be used in place of ordinary cookies to store user identifiers, but they are much more difficult to delete and block. This makes it nearly impossible for users to protect their privacy as they browse the web. Over the years, trackers have been found storing user identifiers as supercookies in increasingly obscure parts of the browser, including in Flash storage, ETags, and HSTS flags.

To hell with these trackers and the tech they rode in on.

In Firefox 85, we’re introducing a fundamental change in the browser’s network architecture to make all of our users safer: we now partition network connections and caches by the website being visited. Trackers can abuse caches to create supercookies and can use connection identifiers to track users. But by isolating caches and network connections to the website they were created on, we make them useless for cross-site tracking.

You gotta love it 🍻

JavaScript omar.website

TabFS mounts your browser tabs as a filesystem

A Chrome and Firefox extension that mounts your browser tabs as a filesystem on your computer.

This gives you a ton of power, because now you can apply all the existing tools on your computer that already know how to deal with files – terminal commands, scripting languages, point-and-click explorers, etc – and use them to control and communicate with your browser.

Now you don’t need to code up a browser extension from scratch every time you want to do anything. You can write a script that talks to your browser in, like, a melange of Python and bash, and you can save it as a single ordinary file that you can run whenever, and it’s no different from scripting any other part of your computer.

TabFS mounts your browser tabs as a filesystem

Firefox github.com

Firefox Reader View as a Linux CLI

Command line tool to extract the main content from a webpage, as done by the “Reader View” feature of most modern browsers. It’s intended to be used with terminal RSS readers, to make the articles more readable on web browsers such as lynx. The code is closely adapted from the Firefox version and the output is expected to be mostly equivalent.

I could see this fitting in nicely in a pipeline between curl and, well, lots of other commands.

Firefox github.com

Saying farewell to Firefox Send 😢

The fallout from Mozilla’s August shake-up is beginning to land and Firefox Send has been officially shuttered. The free file sharing service was already taken offline over the summer to fend off some spear phishing attacks, but any hopes of it coming back online are now dashed.

The project’s GitHub repo continues to trend in Changelog Nightly despite its now-archived status. Why all the posthumous starring? Maybe people are quietly paying their respects for the deceased… 🤔

Saying farewell to Firefox Send 😢

Mozilla Icon Mozilla

Innovating on web monetization: Coil and Firefox Reality

Coil is a web monetization effort where you subscribe for $5 a month and get access to various exclusive content things on participating websites. I think of it like Brave meets Patreon.

Firefox Reality is “mixed reality” (AR/VR) games and experiences from around the web.

The news here is that Mozilla is adopting Coil to experiment with monetization on Firefox Reality. Coil is for-profit, which adds a wrinkle to things. It uses Interledger to move money, which means creators can work in whichever currency they like. Lots of details and explanations in the linked post from Mozilla’s blog.

Firefox hacks.mozilla.org

Securing Firefox with WebAssembly

Firefox is mostly written in C and C++. These languages are notoriously difficult to use safely, since any mistake can lead to complete compromise of the program.

The team has thus far had 2 strategies for securing the codebase, breaking code into multiple sandboxed processes with reduced privileges and rewriting code in a safe language like Rust.

today, we’re adding a third approach to our arsenal. RLBox, a new sandboxing technology developed by researchers at the University of California, San Diego, the University of Texas, Austin, and Stanford University, allows us to quickly and efficiently convert existing Firefox components to run inside a WebAssembly sandbox.

This strikes me as a bonkers idea and kinda brilliant.

The core implementation idea behind wasm sandboxing is that you can compile C/C++ into wasm code, and then you can compile that wasm code into native code for the machine your program actually runs on.

Click through to read more about how they’re pulling this off.

Firefox krabby.netlify.com

Krabby – control your browser with your keyboard

The main differences with existing extensions are: multiple selections, keyboard layout agnostic, SOV (subject–object–verb) constructs and simple interaction with external programs. It is also quite usable with the mouse.

Demo videos are (temporarily?) unavailable, but there’s a fun tutorial that achieves a bunch of tasks on pokemon.com. Inspired by Kakoune.

Productivity github.com

Add full-text search to your browsing history & bookmarks

A fully private memory-boosting extension to eliminate time spent bookmarking, retracing steps to recall an old webpage, or copy-pasting notes into scattered documents. Its name and functionalities are heavily inspired by Vannevar Bush’s vision of a Memex.

“Memex” is thought by some to be a portmanteau of “memory” and “index”. Makes sense to me.

Add full-text search to your browsing history & bookmarks

Chrome webwewant.fyi

The web we want

A collective effort by browser makers (Microsoft, Mozilla, and Google) to understand where the dev community would like them to invest their energy.

We started this project to collect your feedback about the current state of the web and to give you a voice to help shape what the future of web.

They’re taking this effort on the road to various conferences, but there’s also a non-geographically-constrained way of sounding off as well: you can fill out the form on the website. 😄

Firefox zdnet.com

Firefox to add Tor Browser anti-fingerprinting technique called letterboxing

Called “letterboxing,” this new technique adds “gray spaces” to the sides of a web page when the user resizes the browser window, which are then gradually removed after the window resize operation has finished.

This appears to be a major win for privacy advocates. It also seems like a chink in the armor of Chrome’s dominance, given that many people have lost trust in its privacy model.

Ferdy Christant ferdychristant.com

The state of web browsers

Should I read this 22 minute read on the state of web browsers? Sure. Count me in!

Microsoft has confirmed the rumor to be true. We now have one less browser engine, and a last man standing (Firefox) in deep trouble (reasons below).

The web now runs on a single engine. There is not a single browser with a non-Chromium engine on mobile of any significance other than Safari. Which runs webkit, kind of the same engine as Chromium, which is based on webkit.

Caroline Haskins motherboard.vice.com

Old school 'sniffing' attacks can still reveal your browsing history

Several major browsers you and I use everyday are capable of leaking our browsing history, and they all know about it. Caroline Haskins at Motherboard writes:

Most modern browsers—such as Chrome, Firefox, and Edge … have vulnerabilities that allow hosts of malicious websites to extract hundreds to thousands of URLs in a user’s web history, per new research from the University of California San Diego.

In a statement provided to Motherboard via email, senior engineering manager of Firefox security Wennie Leung said that Firefox will “prioritize our review of these bugs based on the threat assessment.” Google spokesperson Ivy Choi told Motherboard in an email that they are aware of the issue and are “evaluating possible solutions.”

Ben Adida shared this on Twitter:

When first web history sniffing attacks came out, I suggested we had to change the notion of a visited link: a link would be marked visited by origin (edges, not nodes.) That was considered too dramatic a change. Maybe it’s necessary after all.

Who’s ready to dig into this research and share how vulnerable we really are and what types of malicious websites could/would extract our browsing history? If you do, let us know so we can link it up.

Bert Hubert blog.powerdns.com

Firefox is considering a move to third party DNS lookups

Specifically, they are considering making CloudFlare the default nameserver. A new feature called “Trusted Recursive Resolver” (TRR) could be turned on by default, and therefore override the DNS changes you’ve configured in your network.

Cloudflare says it takes your privacy more seriously than telecommunication service providers do because this DNS query will be encrypted, unlike regular DNS. They also promise not to sell your data or engage in user profiling.

Cloudflare and Mozilla have set out a privacy policy that rules out any form of customer profiling. Their story is that many ISPs are doing user profiling and marketing, and that moving your DNS to Cloudflare is therefore a win for your privacy.

This is a deep subject with many, many layers. Dig deep on this one. So, the question is — under what circumstances would it be OK for Cloudflare (or any other third party) to take over our DNS by default?

0:00 / 0:00