[codedokode]

Have been using Firefox for a long time, no issues, though long ago when I had little memory, Chrome was using less of it. Firefox also has HTTPS-only mode, encrypted DNS without fallbacks, supports SOCKS and Encrypted Client Hello (although almost no website support it). However, it is better to just buy more memory (unless you are lucky to use Apple products).

Regarding analytics, I believe browsers should take user's side and do not cooperate with marketing companies; even better, they should implement measures to make user tracking and fingerprinting more difficult. There is no need to track user's browsing history; just make a product better than competitors (so that it gets first place in reviews and comparisons) and buy ads from influencers.

It would be great if browsers made fingerprinting more difficult, i.e.: not allowed to read canvas data, not allowed to read GPU name, enumerate audio cards, probe for installed extensions etc. Every new web API should guarantee that it doesn't provide more fingerprinting data or hides the data behind a permission.

Regarding 3rd party cookies: instead of shady lists like RWS browsers should just add a button that allows 3rd party cookies as an exception on a legacy website relying on them (which is probably not very secure). Although, there is a risk that newspaper websites, blog websites and question-answers websites will force users to press the button to see the content.

[autoexec]

> Regarding analytics, I believe browsers should take user's side and do not cooperate with marketing companies

Browsers were supposed to act as agents working for the user. User-agents. These days it's getting harder and harder to find a browser that doesn't work for an ad company at the expense of the user.

Chrome's entire reason for existing is data collection. Firefox can, for now at least, be hardened to work for the user (and prevent a lot of fingerprinting), but Mozilla is an ad-tech company too now. They've made their lack of respect for Firefox users clear by making Firefox spy on users by default so that Mozilla can sell that data to marketers.

Currently, you can disable that spying in about:config by setting dom.private-attribution.submission.enabled to false (see https://news.ycombinator.com/item?id=41311479 and also https://web.archive.org/web/20240827185708/https://make-fire...). No idea how long that will continue to be an option or how often you'll have to go back and reset that back to false following updates though.

We really need a new browser that actually works in the interest of the users.

[rpastuszak]

> but Mozilla is an ad-tech company too now.

The recent events related to FF are not that much of a shift, considering that Google pays $20B per annum to its (technically non-ad tech) partners, then 85% of Mozilla's total revenue comes from its partnership with Google. That ship had sailed long time ago.

https://untested.sonnet.io/Defaults+Matter%2C+Don't+Assume+C...

[autoexec]

Firefox really has been going downhill for a long time. Forcing Pocket into the browser, the ad infested new tab page, telemetry, making user accounts a thing, force installing TV show promotions, etc.

What they haven't done before is spend a fortune buying up an ad-tech start up. They barely even bother to maintain a pretense that they care about Firefox users. They basically came right out and said "We know that users don't want this, we can't convince them to, so we were right to force it on them by default and just hope most people don't notice and start complaining" (https://cdn.adtidy.org/blog/new/2wffyscreen_mozilla.png?mw=1...)

[bad_user]

> Forcing Pocket into the browser

Fun fact: by subscribing to Pocket, you're directly contributing to Firefox's development.

Mozilla found itself in a situation of damned if they do, damned if they don't. People scream at them for depending on Google, and then they scream at them for trying to diversify their revenue.

Nobody wants to pay for a browser, browsers are essentially incredibly complex nowadays, and I have yet to hear how in the world are browsers supposed to get funding.

And of course they want to cater to advertisers because it is advertising that maintains the open web, and it is advertising that is paying for all browser development, actually, including Safari. And the open web is also dying, because people have been moving to mobile apps, where all pretence that "the user agent must act on your behalf" is gone. In other words, even if you get what you wish for, in a couple of years it may not matter at all.

[rpastuszak]

> And of course they want to cater to advertisers because it is advertising that maintains the open web

As someone who worked both on advertiser and publisher sides (incl. content monetisation): advertisers like to say that they support publishers and the open web, but in fact, they are keeping it hostage.

We've had the means/tech to support publishers directly for years (I don't mean crypto). It's in the interest of companies like Google to keep users (and publishers, and brands) in the dark. And one of the issues here is that they have so much impact on the discourse. There are only few places, where I saw more people using ad blockers than the adtech businesses I worked with or at.

> Nobody wants to pay for a browser

True, but I don't think people would have an issue with paying for browsers if they understood the value of it. At this stage, I think the only solution would involve:

1) education 2) regulation/better legislation

[bad_user]

> As someone who worked both on advertiser and publisher sides (incl. content monetisation): advertisers like to say that they support publishers and the open web, but in fact, they are keeping it hostage.

I know what you're saying, I agree, as I worked (in the past) on advertising platforms as well, but both of those statements can be true at the same time.

The open web was built on advertising, but the perverse incentives in advertising are also poisoning the open web.

I don't think we've ever had a good solution. People like free stuff, and also, micro-transactions are not possible given the huge banking fees. What we're seeing, the alternative, are subscription-based services behind closed hardens, and mobile apps whose ads can no longer be blocked, so here we are.

I also think that Google isn't the greater evil, because Google has an incentive to keep the web going. For instance, what happens with local newspapers, when they die, besides depriving ad networks of revenue, is that the audience of these newspapers moves to walled gardens like Facebook. The failure of advertising on the web right now results in more centralisation.

[greenchair]

When I was a kid you could buy a browser in an electronics store :)

[Y_Y]

> Mozilla found itself in a situation of damned if they do, damned if they don't. People scream at them for depending on Google, and then they scream at them for trying to diversify their revenue.

People didn't like Pocket as a product. It wasn't as if they just didn't like it because Firdfox wanted to make money out of it.

Sure they should diversify, but with something that isn't otherwise (so) objectionable. Like their VPN, or sponsorship, or just let go of all the upper management.

[krzyk]

What people? Do you have source for that?

Anectodal one: I liked it.

[autoexec]

> Fun fact: by subscribing to Pocket, you're directly contributing to Firefox's development.

That's not true. It isn't directly supporting anything except surveillance capitalism. Allowing yourself to be exploited in that way may indirectly support Firefox, but it's not the same thing as direct support.

Firefox users have literally begged Mozilla to let them actually directly support Firefox's development in the form of donations explicitly for that purpose alone, but Mozilla has always refused to allow it.

> Mozilla found itself in a situation of damned if they do, damned if they don't. People scream at them for depending on Google, and then they scream at them for trying to diversify their revenue.

People scream at them when they involve themselves in surveillance capitalism so yeah, spending a ton of money that could have gone into firefox development to instead buy an ad company so they can start spying on us while we use the internet isn't helping.

> Nobody wants to pay for a browser, browsers are essentially incredibly complex nowadays, and I have yet to hear how in the world are browsers supposed to get funding.

Are web browsers more "incredibly complex" than linux? I don't understand how people assume that web browsers are impossible to develop without selling users to the marketing industry while somehow linux and countless other open source projects have never once needed to do that.

Mozilla could at the very least try letting users pay for firefox development like users have been asking them to before they jump to selling firefox users out to the ad industry.

> And of course they want to cater to advertisers because it is advertising that maintains the open web

Advertising doesn't maintain the open web, it poisons it.

> And the open web is also dying, because people have been moving to mobile apps,

That's because many people don't own even computers anymore. Even where computers haven't been entirely replaced by devices that are designed for data collection and mindless content consumption, the cell phone is the computer that people have with them at all times. The dire situation around computing in general wouldn't be so bleak if we could get some decent and affordable mobile devices that weren't designed to spy on us, but I guess you might see it as that spying being what maintains the computer industry.

[chipdart]

> Firefox really has been going downhill for a long time. Forcing Pocket into the browser, the ad infested new tab page, telemetry, making user accounts a thing, force installing TV show promotions, etc.

It might be just me, but I find Pocket quite useful and interesting. That, and syncing user accounts across browsers. It's extremely convenient to just stash a link that you can later open while browsing the web on your browser or sitting at home with another laptop.

I guess you can try to make an argument about that being better served with extensions, but that would be missing the forest for the trees. Meaning, extensions are intended to provide third-partied with a convenient way to add custom features and behavior. That is just wasted effort if it's Firefox wanting to add a feature.

Also, you don't need to use any of that if you don't want to. No one forces you to. At most, it takes a couple of clicks to hide the toolbar button. Is that what you call "downhill"?

Frankly, this blend of criticism sounds like grasping at straws. Some people sound like all they want to do is complain about something, and proceed to work backwards to try to find something anything to complain about. This stance is particularly baffling when taking into consideration how god-awful Chrome and Edge are.

[AyyEye]

Mozilla is a Google vassal and nothing more. Google analytics? Check. Firefox Safebrowsing sending your private tab traffic to google? Of course!

https://spyware.neocities.org/articles/firefox

Mozilla only has their Google billion$ in mind, not you. https://digdeeper.neocities.org/articles/mozilla

[dheera]

> Google analytics? Check.

Add this to /etc/hosts

    0.0.0.0 www.google-analytics.com
    0.0.0.0 google-analytics.com
    0.0.0.0 ssl.google-analytics.com

[_Algernon_]

Firefox doesn't respect hosts by default. An about:config option needs to be toggled for this to work.

[shadowgovt]

Fascinating. I wonder what the history is of Firefox deciding to ignore hosts? Hosts has been standard since the early days of the Internet.

[jhpacker]

With GA4, the tracker code is loaded from www.googletagmanager.com (even if the tag isn't loaded via a GTM container). The measurement requests can be sent to (region1|www).google-analytics.com or analytics.google.com (to share cookies with Google login better).

[tommica]

Is it as simple as this?

[dogecoinbase]

Unfortunately no. The entire point of DoH is to bypass the ability of the users to prevent browsers from providing browsing habits to their owners.

[TacticalCoder]

> The entire point of DoH is to bypass the ability of the users to prevent browsers from providing browsing habits to their owners.

It is the entire point of DoH indeed, while hiding behind the idea that is somehow prevents the state/ISP from knowing which sites you go to (which it really doesn't).

There only one way to get best of both world:

    - force your browser to never ever use DoH / DoT: force good old, in the clear, DNS over port 53

    - run your own local DNS resolver (I run *unbound*)

    - only ever allow DNS port 53 to/from your machine and your local resolver (I run *unbound* on an old Raspberry Pi)

    - have your DNS resolver use DoH

This way you get the imaginary protection that your DNS traffic is "encrypted" between you and your ISP: I mean, it is encrypted... But it's an illusion to believe it prevents your ISP / friendly-state-after-your-well-being from knowing which sites you visit.

But you also get full control over which domains can be resolved or not.

As a sidenote unbound supports "wildcards" when blocking domains, which is sweet (as opposed to your typical OS's hosts files, which doesn't support wildcard).

FWIW I've configured unbound to return 0.0.0.0 for the millions (!) of (wildcarded) domains I'm blocking and then I use dnsmasq, locally, to convert any 0.0.0.0 to transform into NXDOMAIN. It's versatile and I like that way.

It's Linux so you set that up once and it works for years.

[bluejekyll]

No, that is not the entire point of DoH. That’s like saying the entire point of TLS is to prevent users from looking at the traffic being sent to a website.

DNS without DoH, DoT, or DoQ, is wide open to anyone snooping traffic in the raw, that’s not necessarily information you want to share with the world.

[grishka]

DoH and similar technologies don't override /etc/hosts. They're just a different way of making DNS queries. The entire point of these technologies is to prevent your ISP and everyone else along the way from knowing which websites you visit.

[cyanydeez]

Power balance is how relationships always evolve. Browsers are basically politicians at this point and they are easily swayed by the power of the dollar and have varying degrees of requirements to side with the users.

Google, of course, has rammed chrome into it's primary place.

[kilolima]

I just switched to Libre Wolf, seems like a pretty good Firefox replacement but without the malware.

[ineptech]

> Mozilla is an ad-tech company too now.

I'm sorry, this seems egregious. I agree that it should've been off by default but I challenge anyone to read how the implementation works (not just the blog post and the FUD responses to it) before calling it a giveaway to the ad industry: https://github.com/mozilla/explainers/tree/main/ppa-experime...

FF is currently a key tool in the fight to avoid a Google-top-to-bottom future, and before we start the meme that it's gone to shit we should be really really sure that's actually true.

[codedokode]

It is ridicoulous. Why do browser developers cooperate with ad companies? They were supposed to protect us from them.

It gives no benefits to end users. Ad companies will not stop using old methods, they will just add one more method.

I hope responsible Linux distributions will patch this out and disable by default.

A fair model would be if this feature was opt-in and if Mozilla paid to the users who enabled it.

> The purpose of this API is to provide a privacy-first design for advertising companies to be able to measure how advertising drives conversions. That is, answering the question of whether advertising effectively achieves its goals, such as increased sales.

Not my problem. I don't earn anything from their sales.

[axolotlgod]

It really is disheartening to see so many technically-inclined people berate the one browser that is preventing Apple/Google hegemony. The expectations set upon Mozilla and Firefox are so unrealistic it's laughable.

Firefox is rock solid, open-source, backed by a great organization (which has recently reinvested additional resources in it) and a joy to use imo. Also, the levels of vitriol that even the slightest bit of anonymous telemetry incurs is unhelpful and I encourage people who hold that viewpoint to really interrogate it.

[codedokode]

While Firefox is great, they should not sell their userbase to Facebook with such proposals. If ad companies want to know about ad effectiveness, they must pay the users for collecting the data, not collect it for free without asking the user.

[nuker]

> FF is currently a key tool in the fight to avoid a Google-top-to-bottom future, ...

Right now is actually Safari that prevents it, like it or not. Especially iOS one where users have to use it. Firefox is rounding error in this fight.

[autoexec]

Ultimately, the problem is that entire premise is deeply offensive. I do not want my browsing history being monitored, collected, sent to third parties, and sold to marketers in any form period. I do not want a browser using my data in any way to support surveillance capitalism.

The implementation is just FLoC/Topics API all over again and it's still not compelling. The first kick in the teeth comes right at the start where the entire thing is predicated on data gathered from having an ad shoved in your face.

> At impression time, information about an advertisement is saved by the browser in a write-only store. This includes an identifier for the ad and whether this was an ad view or an ad click.

I do not want ads. Ever. Like many (likely most) firefox users, I go to some lengths to prevent them from showing up in any form. Now that firefox is going to be profiting directly off of firefox users seeing and clicking on ads they will certainly degrade our ability to prevent them.

It then involves sending my data to third parties so that it can be aggregated. Then my browsing has to be monitored to identify conversion events. None of this is acceptable.

Here's what their Cookie Monster paper says:

> User perspective. Ann browses various publisher sites that provide content she is interested in, such as nytimes.com and facebook.com. Ann does not mind seeing relevant advertising, understanding that it funds the free content she enjoys.

I am not Ann. I very much mind seeing advertising, relevant or not. I do not understand that if funds "free content" I enjoy. If I need to be exploited to pay for something, that thing it isn't "free" and if it's infested with ads I do not enjoy it. The entire thing is based on a fantasy where users find this acceptable. We don't and it isn't. If we did, we'd probably all just be using chrome.

> FF is currently a key tool in the fight to avoid a Google-top-to-bottom future

Why should we care if Firefox isn't Google if both are just going to exploit us?

[ineptech]

You're preaching to the choir, but even preaching needs to be truthful and I don't think calling Mozilla ad-tech or suggesting that it's just as bad as Google is remotely true. This is where "the perfect is the enemy of the good" comes from.

I mean, what do we have now? Google and a bunch of middle-man ad techs are hoovering up everything they can get, including a crap-ton of stuff that browsers can't affect at all, and wink-wink-promising that they anonymize some of it in some cases even though no one can verify that. A world in which the subset of that data that passes through a browser has been provably anonymized would seem to be strictly better, even if you still don't like it.

[autoexec]

> You're preaching to the choir, but even preaching needs to be truthful and I don't think calling Mozilla ad-tech or suggesting that it's just as bad as Google is remotely true.

Mozilla is literally an ad-tech company. They bought and now own an actual ad-tech start up, they are partnering with Facebook to develop and implement protocols like DAP, and they are currently working on turning firefox into an ad platform that will deliver reports of people's browsing history to marketers in exchange for money. In what way are they are not an ad-tech company exactly?

I'll admit that they aren't as bad as Google, but they're heading in that direction and they've also only just gotten into the ad-tech game. It took Google a long time to get as evil as they are now.

Rejecting firefox because of Mozilla's new role as an ad-tech company and their insistence on exploiting firefox users isn't the perfect becoming the enemy of the good. Surveillance capitalism isn't good. Maybe standing up for ourselves and our values by saying no to spying from Firefox will cause Mozilla to look to other options. Even if it doesn't, it will keep us from being exploited and tarnished by our participation in their decline.

I've been a firefox user from the very beginning. My first browser of choice was Netscape. I hate that the enshittification of firefox is here, but I won't ignore it any longer. We still have a few alternatives like librewolf that provide the benefits of firefox without the recent corruption, and there's some hope on the horizon with ladybird too. The internet is only in the sorry state it is now because we've conceded too much to advertisers. We need to start holding ourselves and the software/services we use to a higher standard or it's only going to get worse. If Mozilla suddenly wants to be a part of the problem, I'll leave them behind while I look for a new solution.

[ineptech]

What browser do you use?

[sebazzz]

> Firefox can, for now at least, be hardened to work for the user (and prevent a lot of fingerprinting), but Mozilla is an ad-tech company too now.

That still isn’t a great reason to then keep using the even worse option, being Chrome, instead.

[crooked-v]

Safari does a decent job of that, especially with Apple pushing an increasing number of privacy features by default. Of course, that comes with it being as a feature of an expensive hardware ecosystem, rather than an independent product.

[lcnPylGDnU4H9OF]

> Every new web API should guarantee that it doesn't provide more fingerprinting data or hides the data behind a permission.

FWIW, it's practically impossible to provide that guarantee because the API necessarily provides at least the data point of, "Did they select an option in the permission notification?" ("If yes, what option was selected?" etc.)

It's often said that the only solution to this is regulation and there seems to be a good case for that perspective.

[SpaghettiCthulu]

> FWIW, it's practically impossible to provide that guarantee because the API necessarily provides at least the data point of, "Did they select an option in the permission notification?" ("If yes, what option was selected?" etc.)

Wrong. The status of permissions should not be visible to the page in most cases. Instead, fake data should be returned from them. That would be practical.

[autoexec]

It's always better to give no data (aside from leaving them with "we couldn't collect that data") than it is to give fake data because that fake data will be used against you just as often as real data would. Don't hand companies extra ammo to use against you, or think that you're safe just because they've written an incorrect assumption about you on the bullet. You're still going to be taking the hit.

[lcnPylGDnU4H9OF]

This gives me the idea to add features to target specific types of advertisements and pages for clicks and visits. Actively try to use the data in your favor to convince whatever algorithm that you’re a healthy eater with an active lifestyle.

To your point, unfocused fake data can be harmful to the faker but it seems focused fake data can work against the collectors.

[autoexec]

It really might in some ways, but it's risky. Nobody is using the data they collect on us to help us. They use it against us to help themselves. You could limit the harm caused by one system, but expose yourself to new harms by another. It's also a safe bet that faced with conflicting data, companies and their algorithms will favor whatever information they think would make them the most money. It's still worth considering though, especially if you can get privileged information on how a specific system is using people's data.

[paulryanrogers]

I've heard that fake data, like from AdNausium, just becomes noise as the advertisers know the patterns to filter them out.

Assuming that's true, it seems to waste everyone's time and bits to fake it instead of just not answering or a minimal denial.

[autoexec]

> I've heard that fake data, like from AdNausium, just becomes noise as the advertisers know the patterns to filter them out.

It's actually much worse. That fake data is dangerous because data brokers don't really care how accurate their data is. Even the fake data AdNausium stuffs into your dossier will be used against you eventually, just like the real data will be. If you get turned down for a job, or your health insurance rates go up, or you have to pay more for something than you would have otherwise, you won't even be told that it was because of data someone collected/sold/bought. You sure won't be told if it was fake or real data and you won't be given any opportunity to correct it.

[greiskul]

> If you get turned down for a job, or your health insurance rates go up, or you have to pay more for something than you would have otherwise

It must suck to live in a capitalist dystopia. Dunno why Americans put up with it.

[adastra22]

We don’t. Individualized health insurance rates like that are illegal.

[digging]

> Dunno why Americans put up with it.

Have you seen the guns that enforce it?

[chrisweekly]

Where do you live, that sucks less?

[zx8080]

It's the democracy. The big capital one.

/s

[HappMacDonald]

> That fake data is dangerous because data brokers don't really care how accurate their data is.

This makes me think that people could make bank by doing nothing at all but generating 100% fabricated data to sell to brokers then. Why bother even collecting it, just have some GPT clone hallucinate some gigabytes of formatted BS. xD

[XlA5vEKsMISoIln]

> API necessarily provides at least the data point of, "Did they select an option in the permission notification?"

If a bird app (or, heck, pancake recipe site) asked for WebRTC or GPU access I would be rightfully suspicious. It's a shame these things don't happen.

[chgs]

They do ask for location data, and it tends to mostly work - sites like openstreetmap will ask for it when you press the right button for example, which makes sense.

There is a risk that it ends up like cookie banners, and the adtech industry manages to brainwash the world into thinking that the government is the bad guy and they just want some harmless data to share with their 1,345 best friends and they are “forced” to show these. Despite there being no requirement at all to track data, and they break the law with it anyway so why bother.

[USiBqidmOOkAqRb]

This is a poorly explored avenue. I think a lot of these more advanced APIs ought to be permitted to "installed" PWAs. Maybe it could even look like permissions menu for apps in phone OSes.

I was a bit dismayed when mozillians in the bugtracker dismissed the idea of requiring consent to initialize WebRTC. F'k it, scan the local network.

[codedokode]

> FWIW, it's practically impossible to provide that guarantee because the API necessarily provides at least the data point of, "Did they select an option in the permission notification?" ("If yes, what option was selected?" etc.)

If 99% of users will have permission disabled then it has little value, and only those who enabled it can be tracked. I don't give permissions to sites so this will not apply to me.

Also, the status of permission (1 bit) provides less information than API it protects (for example, list of installed fonts or GPU name) so it is a win.

[thescriptkiddie]

One solution to this is to have the option to feed the application fake but plausible data. Android (or maybe some Android fork I was using) used to have this option for dealing with apps that insist on asking for location permission for no reason.

[pndy]

> Regarding analytics, I believe browsers should take user's side and do not cooperate with marketing companies

https://news.ycombinator.com/item?id=40703546 - from 2 months ago

[noirscape]

https://news.ycombinator.com/item?id=40966312 - 20 days ago.

In light of that acquisition, this also seems related. Firefox is the best choice but Mozilla is the biggest reason why people aren't using it and shit like this doesn't help.

[MisterTea]

> Regarding analytics, I believe browsers should take user's side and do not cooperate with marketing companies; even better, they should implement measures to make user tracking and fingerprinting more difficult.

Kinda hard to enact when the leading browser is developed by an ad company. Worse, the same company is contributing to the firefox foundation and drives web "standards." Its all collusion and the simple fact that browsers are more complex than the OS they run on is deliberate in ensuring no scrappy team can disrupt them.

My curmudgeonly solution is to avoid as much of the web as possible and focus on human scale computing.

[factormeta]

>It would be great if browsers made fingerprinting more difficult, i.e.: not allowed to read canvas data, not allowed to read GPU name, enumerate audio cards, probe for installed extensions etc. Every new web API should guarantee that it doesn't provide more fingerprinting data or hides the data behind a permission.

This should be what browser maker's #1 focus! Preventing fingerprinting of user's browser.

Seems all this cookies talk the news and for policy makers are just limited hangouts.

[nine_k]

BTW I don't understand the anti-tracking absolutism. I don't care about being profiled as long as the profile lands me in a group of thousands of people like me. Yes, I live in ${CITY}, identify as ${GEDNER}, am approximately ${AGE_RANGE} years old, run ${BROWSER} under set to ${LOCALE}. This does not allow to easily harm me. If it allows ad networks to target their ads, so be it, uBlock Origin still works well.

But anything more precise would be uncomfortable.

[JohnFen]

That's a reasonable stance to take, certainly. I also think it's reasonable for others to be even more sensitive about it. I'm an anti-tracking absolutist because I am angered by the strong-arming, the deception, and the hacking around defenses against it.

The tracking is a constant assault, and I'm no longer willing to put up any of it, even if the data being tracked is relatively minor. Screw the bastards, they've burned one too many bridges.

[mbb70]

How do you feel about ${INCOME}, ${SEXUAL_PREFERENCE}, ${RACE}, ${WEIGHT}, ${RELIGION}? Those categories are at least as broad as the ones you mentioned and are absolutely profiled.

[nine_k]

Fine enough, if the ranges for each value are wide enough. Compare:

- $120-140k, hetero, white, 190-220 lb, broadly Christian.

- $137,500/y, prefers tall redhead females, Irishman originally from Cork, 197 lb, observant Catholic.

The first one is too unspecific, while the second could suffice to identify a particular person in a neighborhood.

What makes a butter knife safe is not that it's completely devoid of an edge, but that its edge is sufficiently blunt.

[throwaway937474]

Now substitute the first one for "gay", and you might get a death sentence in several parts of the world. Why does almost nobody on this site thinks about the wider world bedsides their own extremely privileged position?

I would very much prefer for advertisers to not even be able to determine my city, for personal safety. Throwaway account for obvious reasons.

[nine_k]

This is very true. Usually the discussion goes about tracking by commercial entities in rich Westernized countries, which, by no coincidence, are the principal market of the ad industry. (Yes, China exists and is a huge market, but commercial tracking is a minor problem here, compared to other forms of surveillance.)

If you belong to such a category that the mere belonging to it is a death sentence, if revealed, the situation is vastly different. You have to act more like a secret agent or a spy. This means constant, pervasive, fastidious opsec. Any death-sentence-invoking activities should be strictly separated from the normal civil life. Only use the normal browser to visit commerce, official news, and government web sites. Everything that is not openly pious and loyal should belong to ephemeral VMs with a fresh browser install every time (preferably several different), VPNs that are indistinguishable from legitimate web traffic, like XRay, truecrypt-protected media with some plausible deniability data, etc. It all takes quite some technical chops, but is not sufficient. Many other small details, related to technology or not, have to be carefully, well, sanitized, and any small slip can out you.

Such undercover life, while possible, is very tiring, takes a lot of extra time and energy, and noticing this also may mark you as suspicious.

Another browser API that may slightly help track you is a minor problem on this background, unless it pierces any of your layers of protection.

[mindslight]

Government and commercial surveillance are intrinsically linked and framing them as some dichotomy is essentially just a coping mechanism. It's quite plausible that someone in a category that is openly accepted in the western world ends up traveling to a country where that category has been criminalized, and then ends up in the sights of the authorities based off surveillance records/analysis bought from consumer surveillance companies in the western world.

[codedokode]

I don't want any of my data be collected without my permission and without a negotiated monetary compensation and expect that the browser is on my side here.

Also the data about you can be used to charge you a higher price. For example, if a company knows that the user is reading HN, and we know that people using HN (expect for me of course) all are mostly filthy rich Californian software engineers or enterpreneurs so they should have no problem with paying a little more.

[TacticalCoder]

> Have been using Firefox for a long time, no issues, though long ago when I had little memory, Chrome was using less of it.

I'd say the only area where I still see Chrome leading a bit is for web development: when I run super-heavy JavaScript in dev mode, Chrome is faster than Firefox at executing all the JavaScript nonsense. Seen that there's no ecosystem with more turds, bloatedness and slowness than that horror that JavaScript-the-piece-of-crap is, having a browser a bit quicker at running JavaScript helps.

Long story short: for Web development, I use Chromium (it ships with Debian). For the rest I use Firefox.

> Firefox also has HTTPS-only mode...

In doubt port 80 is blocked by the firewall too.

> encrypted DNS without fallbacks,

And Firefox has a relatively easy "corporate" setting too where you can force also DNS "in the clear" over port 53 UDP (well, it's 99.9999% of the time going to be UDP so you can even firewall port 53 TCP and things shall keep working: believe me I know: theory vs practice and all that)

It's convenient if you run your own DNS resolver (which, itself, can then be forced to only use encrypted DNS).

> supports SOCKS

I confirm: a SOCKS5 proxy over ssh is always sweet.

Firefox just works.

[morjom]

Firefox doesn't have ECH support (atleast not turned on by default)

https://privacytests.org/

(Scroll down to Misc tests)

[codedokode]

I observed Firefox sending ECH extension in ClientHello, maybe I just enabled it in the settings, so Firefox supports ECH (on by default since version 119). However, virtually no servers support ECH now. Not Google, not Hackernews, not Cloudflare etc.

This seems to be a not very good comparison, and it looks like it cherry-picks convenient for a certain browser points and ignores others. Look at "fingerprint protection", for example, and see that it does not include features that provide most fingerprinting data:

- preventing reading GPU name via WebGL debugging extension (does Brave block this?)

- preventing reading back canvas data which is used to fingerprint browser and OS code responsible for rendering graphics and text

- enumerating audio devices

And if you read the issues in Brave github [1], then you'll notice that Brave developers refuse to block features providing important fingerprinting information under compatibility" reasons (including GPU vendor and model), although these features could be made blocked only in high security mode.

So regarding fingerprinting, the comparison you refer to is pretty much worthless: it doesn't mention many important fingerprinting APIs.

[1] https://github.com/brave/brave-browser/issues/35646

[morjom]

Fair points. Ill try to educate myself on this more.

FWIW the about section says this: "Each privacy test examines whether the browser, on default settings, protects against a specific kind of data leak."

The maintainer is a Brave employee and this is a project they were already doing before joining Brave. I'm hoping that they aren't manipulating it in favor of Brave.

I sent those three options as a feature request. Do you think the site is still useful in some capacity?

[codedokode]

As for fingerprinting, there are more APIs that leak data allowing fingerprinting, what I mentioned were the most known APIs. Also, I looked at Brave Github and they seem to have counter-measures for some of those APIs to randomize results. So adding more tests could also be benefitial to Brave.

> Do you think the site is still useful in some capacity?

Well, it is better than nothing although it would be better if there were more tests regarding fingerprinting.

[netdevnet]

tbh, many of the main browsers have marketing companies as their main customers

[threeseed]

> Have been using Firefox for a long time

It allows long lived first party cookies so isn't that much better.

Only Safari clears them after 7 days to prevent tracking.

[Terr_]

As far as I can tell from some quick searching around, that limit only applies to cookies set through JavaScript code, as opposed to through server headers.

I assume it's because of situations where websites include JavaScript from a third party, and then that JS uses first party cookies as a state-keeping workaround while synchronizing tracking information in some other way.