SoylentNews is people
SoylentNews
Firefox 87 Adds Stronger User Privacy Protections:
Mozilla today announced the release of Firefox 87 in the stable channel fitted with a new intelligent tracker blocking mechanism.
Called SmartBlock, the feature works in Firefox Private Browsing and Strict Mode and is meant to improve users' browsing experience through fixing pages that Mozilla's tracking protections break.
[...] "To reduce this breakage, Firefox 87 is now introducing a new privacy feature we are calling SmartBlock. SmartBlock intelligently fixes up web pages that are broken by our tracking protections, without compromising user privacy," Mozilla announced.
To improve user experience, SmartBlock provides local stand-ins for the third-party tracking scripts that are blocked. Designed to "behave just enough like the original ones," these scripts ensure that websites load and that their functionality is intact.
With the SmartBlock stand-ins bundled with Firefox, no third-party tracking content is loaded, thus fully preventing potential tracking attempts. SmartBlock automatically replaces specific common scripts that are classified as trackers on the Disconnect Tracking Protection List.
The new browser release also brings along a stricter, more privacy-focused Referrer Policy, where the browser, by default, "will trim path and query string information from referrer headers to prevent sites from accidentally leaking sensitive user data."
[...] Firefox 87 sets the default Referrer Policy to 'strict-origin-when-cross-origin', meaning that user sensitive information that is accessible in the URL will always be trimmed, for all "navigational requests, redirected requests, and subresource (image, style, script) requests." The new policy will be enforced automatically upon updating to Firefox 87.
(Score: 0) by Anonymous Coward on Friday March 26 2021, @04:19AM (6 children)
Do any of these new enhancements conflict with any of the more popular addons like uBlock Origin in any way?
(Score: 0) by Anti-aristarchus on Friday March 26 2021, @05:57AM (5 children)
When Pale Moon went ballistic over NoScript, I knew the gig was up. Never trust a web browser with you security, they have already sold out, even the smallest of open-source projects.
(Score: 0) by Anonymous Coward on Friday March 26 2021, @07:06AM (2 children)
Interesting, can you provide any further information?
(Score: 1, Funny) by Anonymous Coward on Friday March 26 2021, @08:11AM (1 child)
https://forum.avast.com/index.php?topic=218953.0 [avast.com]
https://forum.palemoon.org/viewtopic.php?t=17619 [palemoon.org]
https://www.neowin.net/forum/topic/1363542-pale-moon-team-disables-noscript-by-default-faces-backlash-blocks-discussion/ [neowin.net]
https://spyware.neocities.org/articles/palemoon.html [neocities.org]
https://www.ghacks.net/2020/09/20/umatrix-development-has-ended/ [ghacks.net]
There are these things, they are called "search engines". You can search for stuff with them.
(Score: 2) by Tork on Friday March 26 2021, @04:29PM
But what if I'm demanding proof that masks work? No no I must insist that you prepare memes for me.
🏳️🌈 Proud Ally 🏳️🌈
(Score: 0) by Anonymous Coward on Friday March 26 2021, @12:53PM (1 child)
moonchild's blocked a few extensions over the years for completely inane reasons (adnauseam, at least), but calling that selling out is kind of a stretch - that was just him making yet another boneheaded decision. plus, he at least gave people the choice of circumventing the blocklist in about:config and installing adnauseam anyway, even if he personally considers it to be "harmful"... although i think adnauseam is webextensions-only now so uhhh
meanwhile, google just pulled clearurls [ghacks.net] from their web store merely because they felt like being dicks, so if you want to complain about big bad browser devs purposefully antagonizing their own userbase, i'd start by targeting the silicon valley technocracy that's been abusing those tactics for well over a decade
(Score: 1, Touché) by Anonymous Coward on Friday March 26 2021, @02:26PM
wait let me see if i got this right....
noscript which basically is a huge break everything plugin because everything uses javascript is blocked for the reason it breaks everything?
I mean duh... that is what it is supposed to do. I know I use the thing every day. It is a pain to use but hey it has saved my ass more than I know from stupid sites.
But to say 'you can not install this' kind of is a pain move. Just do what most projects do. Have you upload a log. You see the 'black list plugins' you say 'i will not help you with those plugins'. You are free to install and use them but no real help from the devs. I get that because time is limited and you get tired of running down issues that are not your issue. But to go the extra step and block it? That is kind of dick move.
(Score: 2, Insightful) by Arik on Friday March 26 2021, @05:29AM (12 children)
Then we'll partially alleviate the problem we created, by scanning everything you want to look at /before you get to see it/ and blocking things we decided need to be blocked.
No. Mozilla org; DIAF.
It's sad that every other player on the field is worse, but you're so bad at this point there isn't any positive to keeping you around.
Hopefully from your funeral fire there will spring a bird; a bird of freedom and sanity, that will replace the firefox you have no completely destroyed.
Again, and from the deepest cockles of my calcified heart, please; DIAF.
If laughter is the best medicine, who are the best doctors?
(Score: 2) by maxwell demon on Friday March 26 2021, @06:45AM (3 children)
To be fair, JavaScript was introduced by Netscape long before the Mozilla organization formed.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 3, Touché) by Arik on Friday March 26 2021, @06:59AM (2 children)
To be fair, JavaScript is credited[!] to Benjamin Eich, who worked at Netscape and co-founded Mozilla.
If laughter is the best medicine, who are the best doctors?
(Score: 0) by Anonymous Coward on Friday March 26 2021, @04:22PM (1 child)
To be fair, whoever dealt it needs to smelt it.
(Score: 0) by Anonymous Coward on Friday March 26 2021, @07:58PM
(Score: 1) by shrewdsheep on Friday March 26 2021, @11:08AM (4 children)
I can agree with the second part. What waste of resources.
On javascript per se, however, I wholeheartedly disagree. I want abstraction that really works (where is my cross-platform in all these decades). I want to sandbox my applications. I want to be able to run stuff I cannot be sure of (like my Linux distribution). Conceptually, the web browser w/ javascript (soon to be replaced by WebAssembly at its root) is the only solution that has emerged since the invention of the computer. If you point out flaws in the architecture of the web or the language itself, you are just beating a straw man and seeing the bigger picture.
(Score: 2) by Arik on Friday March 26 2021, @11:20AM
You saying that to my face. Get your hands up, dammit. I'm not going to clock you and let people say it was a sucker punch. Get your hands up.
"I want abstraction that really works"
While you're at it how about anulling gravity too.
<Slinks>
Yeah that was probably just slightly overboard on my side.
Sawwwwry.
But look, everyone wants an intuitive inerface and no one has found one.
The nipple is the closest approximation and oh boy do I expect some criticism for saying that.
"Closest." Not "close," Rearrange the panties, please.
Seriously, it all has to be learned. And seriously Tog had this shit right 30 years ago to a degree no one on the market can rival today.
Nothing succeeeds like failure.
If laughter is the best medicine, who are the best doctors?
(Score: 0) by Anonymous Coward on Friday March 26 2021, @02:41PM (2 children)
What I do not get is JS is a known PITA to use, work with, and optimize for. Yet we put up with it. The ESx bits kind of bandaid what is wrong but only kinda. So now we slathered typescript on top of that to just have it emit a js file that is 'conformant' and basically just works around the basic ideas that are wrong with JS.
Why have we NOT added in other scripting langs in? Python, groovy, etc etc etc.
So now we decided to add in webassembly which *sorta* fixes the issue. But in reality just creates another java/activex pain which we already did and booted out. Not only that it will let companies further cement the idea of software as a service instead of you owning your data and software. At least when I bought a CD from MS I knew I would get something I could keep and use. Now if my credit card stops working everything halts.
Oh the tech is 'cool' and 'kinda works' but the reality is we put up with it not because it is best. But because it is the only one there. So you work with what you got.
(Score: 2) by Freeman on Friday March 26 2021, @03:23PM
The reason it's still around is it's good enough and it'd be even more of a PITA to replace. Assuming, you'd get something better is a big assumption.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 1) by narcc on Friday March 26 2021, @11:33PM
JavaScript is very easy to use effectively -- once you understand the language. (You're close to enlightenment once you understand why `this` works the way it does and why it doesn't make any sense for it to work like it does in Java.)
If you try to use JS like Java or C#, you're in for a lot of pain. No question about it. It's just not that kind of language. The `new` keyword, in particular, was a huge mistake, but Eich didn't have a choice there.
How does that go? "You Can Write FORTRAN in any Language" I guess the modern equivalent would be "I can use the GoF patterns in any language"
Those were the worst mistakes yet! The ES5 additions make it easier to pretend that JS is a language like Java or C#, I guess, but they completely misunderstand how the language is designed and how it should be used. They are the things you want before you learn the language, and couldn't care less about afterward. That is, they just make the problem worse.
I don't see how more is better in this case. If you think we've got problems now, imagine what it would be like with more than one interpreter and all the potential problems mixing languages on a page will inevitably cause!
Besides, JS is really fast and pretty safe now. That's pretty good considering that most developers don't know how to use it effectively and end up writing ... less than optimal code.
Could we replace JS with another language? (ignoring the obvious practical problem for now) Could we do it with python? It's not known for its speed, and it's syntax means that it can't be used in the browser the same way that JS has been used. Groovy seems to have its own problems as a drop-in, and we gleefully kicked Java out of the browser ages ago. If we were to find a replacement, it would probably need to be designed explicitly for the web.
Though I don't expect that something like just switching to a new language, one that isn't JS, is going to get rid of any complaints. We'll have all of the same problems we have now, so the complaints will just be directed at the new language instead!
There was competition early on. We had things like Java and Shockwave taking one approach and VBScript and JavaScript taking another. More recently, Google tried with Dart, but it didn't catch on. As far as I can tell, JavaScript has never been "the only one there". It's just been the only viable option as nothing else seems to stick around!
I don't think WebAssembly is necessarily the way forward. I liked the asm.js approach better. While we're waiting to see if this new things sticks around, I think we can find a better way to move forward. I'd recommend that we educate existing developers on JS and offer them new ways to approach development.
It really is a well-designed language. It's fantastic to use, once you've taken the time to learn it. It's biggest warts are bolt-on features from the demand that the language look like Java. They're easy enough to avoid using though.
(Score: 3, Interesting) by Freeman on Friday March 26 2021, @03:30PM (2 children)
You've got some serious pent up frustration with regards to Mozilla / Firefox or maybe it's just JavaScript and Mozilla wandered into the firing line. Mozilla / Firefox is the only web browser that doesn't have a horse in the race, so to speak. Sure, you have Mozilla spin-offs, but they exist, because Mozilla. Chrome/Edge, Opera, have their own agenda. Even Brave, doesn't necessarily mesh with the ideals espoused by Mozilla. Sure, this is the real world and those ideals get all kinds of screwed up at times, but at least they are there to shoot for. What kind of ideal is Google going for? Microsoft, pretty much has given up and just said screw it, we'll let Google do the work and siphon off data anyway. Google is definitely siphoning off data and trying to monetize literally everything. Brave is somewhat different, but I don't trust them.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2) by Arik on Monday March 29 2021, @10:35PM (1 child)
Netscape created javascript. That's not hyperbole, that's fact, look it up if you're too young to remember it.
Mozilla took the assets and promised to do better. That's why it was setup as a nonprofit, remember? And it did do better for some time, nowhere near undoing the damage already done but at least they were somewhat resistant to more damage... for a few years.
Nowadays? Frankly they're probably worse than the folks you mentioned. You go to work for Microsoft you know you've just become a mercenary who's expected to be happy to murder his own grandchildren to make a bonus. You deal with them, you should know that too. But mozilla? They pretend to be doing this for the good of humanity.
If laughter is the best medicine, who are the best doctors?
(Score: 2) by Freeman on Monday March 29 2021, @10:46PM
You say that like you're refuting what I said, but all I can say is, it's still better than the alternatives.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2) by maxwell demon on Friday March 26 2021, @06:42AM (1 child)
How is this different from NoScript's surrogates?
The Tao of math: The numbers you can count are not the real numbers.
(Score: 3, Funny) by Anonymous Coward on Friday March 26 2021, @12:30PM
>> How is this different from NoScript's surrogates?
Firefox's CoC ensures that the local stand-ins are all hired from repressed minority groups.
(Score: 0) by Anonymous Coward on Friday March 26 2021, @07:54PM (1 child)
Why do I still get the XSS popup? That thing is damned annoying. I never want to allow the XSS, and not allowing it doesn't break anything I care about, so why am I still seeing that damned popup? Usually it's just one, but I was on ZeroHedge this morning and saw 3 of the damned things.
(Score: 1, Informative) by Anonymous Coward on Friday March 26 2021, @08:09PM
Don't go on Zelohenge! Most of that type of site are rife with malware and cross-scriping from Russia.