[Tharkun]

The more they pull stunts like these, the more i realize it's time to fork FF and get rid of all their garbage. Make Pocket optional, remove the (paid?) list of URLs that's apparently preloaded, remove all of the phone home shit.

[yorwba]

> it's time to fork FF and get rid of all their garbage.

The nice thing about Firefox is that you don't even need to fork for that.

> Make Pocket optional

Go to about:config and set extensions.pocket.enabled to false.

> remove the (paid?) list of URLs that's apparently preloaded

If you mean the stuff that's displayed on new tab pages (like the snippet in TFA), you can get rid of it by changing "Firefox Home Content" at about:preferences#home .

> remove all of the phone home shit

I've deliberately enabled all telemetry, because I think it's data that Mozilla should have (check about:telemetry to see what they're measuring) but you can disable it under "Firefox Data Collection and Use" at about:preferences#privacy .

I agree it'd be better if Firefox came with a sane configuration by default, but the fact that you can change it at all makes Firefox a good enough browser for me.

[switch007]

I think it's completely fair to judge Firefox by its defaults though, because I imagine a tiny percentage will fully tweak their about:config to more privacy-conscious settings, and that percentage will go down the more non-technical people install it.

[Tharkun]

> Go to about:config and set extensions.pocket.enabled to false.

That doesn't remove Pocket, it merely disables it. It's a stupid feature and a stupid default. It should be an extension that users can choose to install (or not).

> remove the (paid?) list of URLs that's apparently preloaded

This might be an android thing only, but when I type, for instance "sea", the URL bar autocomplete will suggest "sears.com", even though I have search disabled and have never visited sears.com. There are a bunch of these which seem to have come out of nowhere.

[yorwba]

> This might be an android thing only, but when I type, for instance "sea", the URL bar autocomplete will suggest "sears.com", even though I have search disabled and have never visited sears.com. There are a bunch of these which seem to have come out of nowhere.

I honestly never noticed this, because I look at the keyboard when I type a URL on Android.

Doing a bit of research in Bugzilla, it appears that there are two different systems in Firefox to "seed" the browser with autocomplete results. The first was implemented in Fennec (Firefox Android) [1] and acts as a fallback to the Alexa top 500 sites if no other autocomplete result was found [2]. The second was implemented separately in all of Firefox [3]. Ironically, someone was worried whether this might appear to users as a paid advertisement, but proposed using engagement as a metric to measure the impact [4]. That implementation uses browser.urlbar.usepreloadedtopurls.enabled and .expire_days to stop using the preloaded list after two weeks (when the user probably has generated enough history of their own). But the earlier Fennec version doesn't respect those settings. Someone already complained about that [5], but it doesn't appear like they filed the report in the right place for someone on the Fennec team to see it.

I'm going to file a new report to hopefully get that fixed. In the meantime you can toggle browser.urlbar.autocomplete.enabled to completely disable autocomplete, but I guess you might not want that if the suggestions are otherwise useful.

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=858829

[2] https://hg.mozilla.org/mozilla-central/file/tip/mobile/andro...

[3] https://bugzilla.mozilla.org/show_bug.cgi?id=1211726

[4] https://bugzilla.mozilla.org/show_bug.cgi?id=1211726#c10

[5] https://bugzilla.mozilla.org/show_bug.cgi?id=1211726#c70

[Xylakant]

Go ahead. Really. You’ll quickly find that even just forking and building and distributing your releases for every FF-Release (not to speak of keeping your patches up-to-date) will consume a substantial amount of resources. Just consider the case that a 0day drops, FF gets an urgent maintenance release at what’s midnight in your TZ and your patch doesn’t apply cleanly. That’s why every time something controversial happens there’s talk of “it’s time to fork” and no real, sustainable fork appears.

[zzzcpan]

> Just consider the case that a 0day drops, FF gets an urgent maintenance release

It's only urgent if the browser is adtech optimized and delivers tons of random third party js, html on every page visit by default. Otherwise with sensible defaults that block all that the risk of exploitation of any 0day is too small to make it urgent.

[Xylakant]

There have been sufficient issues with libraries such as zlib and handling of various image formats. Running without js certainly reduces the attack surface substantially, but it’s not a full protection.

[zzzcpan]

Yeah, image libraries is one of the reasons I disable images on all forums that I visit, apart from being tracked by random participants through image requests.

[greenyoda]

Waterfox has done this: https://en.wikipedia.org/wiki/Waterfox