How to Quash Firefox's Silent Requests 294
An anonymous reader writes: Unlike older versions of Firefox, more recent versions will make a request to a destination server just by hovering over a link. No CSS, no JavaScript, no prefetch required. Try it for yourself. Disable CSS and JavaScript and fire up iftop or Windows Resource Monitor, hover over some links and watch the fun begin. There once was a time when you hovered over a link to check the 'real link' before you clicked on it. Well no more. Just looking at it makes a 'silent request.' This behavior is the result of the Mozilla speculative connect API . Here is a bug referencing the API when hovering over a thumbnail on the new tab page. And another bug requesting there be an option to turn it off. Strangely enough the latter bug is still labeled WONTFIX even though the solution is in the comments (setting network.http.speculative-parallel-limit to 0).
Firefox's own How to stop Firefox from making automatic connections also mentions setting network.http.speculative-parallel-limit to 0 to to stop predictive connections when a user "hovers their mouse over thumbnails on the New Tab Page or the user starts to search in the Search Bar" but no mention regarding hovering over a normal link. Good thing setting network.http.speculative-parallel-limit to 0 does appear to disable speculative connect on normal links too. One can expect Firefox to make requests in the background to its own servers for things such as checking for updates to plugins etc. But silently making requests to random links on a page (and connecting to those servers) simply by hovering over them is something very different.
Firefox's own How to stop Firefox from making automatic connections also mentions setting network.http.speculative-parallel-limit to 0 to to stop predictive connections when a user "hovers their mouse over thumbnails on the New Tab Page or the user starts to search in the Search Bar" but no mention regarding hovering over a normal link. Good thing setting network.http.speculative-parallel-limit to 0 does appear to disable speculative connect on normal links too. One can expect Firefox to make requests in the background to its own servers for things such as checking for updates to plugins etc. But silently making requests to random links on a page (and connecting to those servers) simply by hovering over them is something very different.
Thanks anonymous reader! (Score:5, Insightful)
Thanks for the info! (And for putting it in the summary)
Re:Thanks anonymous reader! (Score:5, Informative)
And for anyone new to Firefox, to set that variable:
1. Type "about:config" into the address bar (and you'll see a list of variables)
2. Copy'n'paste "network.http.speculative-parallel-limit" into the search bar at the top of that page and hit Return
3. You'll now just have that one line on the page. Double-click it (or right click on it and select "Modify")
4. A box pops up, you change the value to 0, and hit OK.
Done.
(The first time you look at "about:config", Firefox might ask you "Are you sure you know what you're doing?" Obviously you say yes to this.)
(Yes I know I've explained it as if talking to a ten year old, but protecting your privacy is important so it's important that absolutely everyone can do it.)
Re: (Score:2)
You think this'll change back when Firefox updates?
Re:Thanks anonymous reader! (Score:5, Informative)
You think this'll change back when Firefox updates?
I've always had good luck with explicitly set variables being carried forward successfully.
Re: (Score:3, Informative)
Most likely not. But you can create a file called user.js in your Firefox profile folder with the line
user_pref("network.http.speculative-parallel-limit", 0); // no connections on link hover
IMO keeping your GUI-less settings in this file is the easiest way to manage them and remember what you've changed. Be aware though that support for it might be removed one day: https://bugzilla.mozilla.org/show_bug.cgi?id=672630
Re: (Score:2)
Privacy is important, indeed, but I wonder if this will also break functionality on some websites. What if the final "Buy Now" function in one of your apps is a link rather than a button? You hover over it, thinking about it; but little do you know, your browser has already made the decision for you. When you realize your bank account doesn't have enough money for the purchase, you decide not to place the order, but then you check your email and have an order confirmation ID from the vendor.
Ouch.
Re:Thanks anonymous reader! (Score:4, Interesting)
So you are saying that you can make sense of the FireFox build process. Good for you!
I've been writing code for more than 30 years, and I can assure you that no even moderately competent software professional would claim that "It's a hell of a lot easier to make changes in binaries at this point in time." Claiming #ifdefs are a problem just cuts to the core of how completely incompetent you are.
Re: (Score:2)
So you are able to find the routine that sets up the speculative requests in the disassembly, but somehow can't find them in the source code... I actually just searched for "speculativeConnect" and quickly discovered the function with the same name, which can easily be patched to permanently disable this feature if you are paranoid enough not to trust the about:config stuff. Not #ifdefs in there either.
You have your way of working, fine. But to claim that it is easier than just doing a text search for "spec
Re:Thanks anonymous reader! (Score:4, Insightful)
RMS was right.
Hmmm, a nugget of sense in your second load of nonsense. Or is it just a case of a stopped clock being right twice a day...
Re: (Score:2)
I thought like you when I first heard about this, but then I thought, wait, if everyone's browser is doing speculative gets, then it's nigh impossible to look in someone's cache and prove someone clicked a link. There's anonymity in the crowd. I guess as long as none of the links are actually buy buttons, I'm ok with this.
If you want real control, use wget and/or lynx.
Re: (Score:2)
On the other hand, the SEO scammers "we'll get you lots of traffic" are going to love this.
Re: (Score:2)
The point of open source is you have access to the source code and do changes to the code. That has nothing to do with quality of the software, or if it happens to do stuff that YOU PERSONALLY do not like.
If you mouse over a link, it will get the connection open to get the data, is meant for a speed advantage, a feature the programmers and the approves felt would be a good idea. Then there is a spot to turn this off.
It is in the spot where advanced configuration options are anyways. I don't see the big de
Re: (Score:2)
I did read the bug report and it makes silent connections, just not silent requests. So the website logged the IP address, which is often unique for years depending on where you live, and if you were on someone else's network the network admin may have logged that you made a connection to http://www.bighorsecocks.com/ [bighorsecocks.com]
Re: (Score:2)
Re:Thanks anonymous reader! (Score:4, Funny)
(No, we're just mightily surprised that you'd admit to trying to follow the link.)
Re: (Score:3)
Re: (Score:2)
Being on an incredibly slow connection I can at least confirm that if I open a new tab in Firefox, JUST a new tab with the list of frequently visited sites, other people in the house experience severe latency in online games for several seconds up to half a minute. Have I hovered over a thumbnail or two? Possibly.
Re: (Score:3)
Re:Thanks anonymous reader! (Score:4, Interesting)
AFAIK, it's actually better still: only a *portion* of the hash is sent. Google then sends you its matching hashes and their corresponding classification (malware, not malware), and your computer compares the full has to the list received.
So Google doesn't even know if you accessed a blacklisted URL.
Re: (Score:2)
To bad that it's misleading.
It doesn't send any requests. It just opens a connection.
Which means it will do a DNS-lookup, open a TCP-connections and maybe set up a SSL/TLS-connection.
There are no HTTP-requests being send.
Re: (Score:2)
Nothing misleading. The story says "requests", and DNS lookups are called "requests" in a lot of documentation. TCP connections are opened by sending "requests". SSL/TLS too probably.
Even if you personally think "requests" should only be used for HTTP requests (which the story didn't claim), Firefox is sending something to a third-party server, so the substance of the story is accurate. (The substance of the story is that third party servers get notified when you hover over a link.)
Re: (Score:2)
It seems more like Slashdot has a resident passive-aggressive anonymous-cowardly FF fanboi/troll who's posting horseshit.
Tired... (Score:5, Insightful)
Tired of keeping track of how to disable firefox new 'features'...
Re: Tired... (Score:2)
Then again these 'features' aren't limited to FF. My current pieve is later 'fad' of 'simplified URLs' in the address bar that strip the protocol and other useful information.
Re: (Score:2)
My current pieve
You have a rural church from the Middle Ages?
Re: (Score:2, Informative)
Yeah that's a pain, fix it by flipping "browser.urlbar.formatting.enabled" to false.
Re: (Score:2)
Tack så mycket! Danke schön! Xiexie ni! Gracias!
That has irritated the holy hell out of me for ages.
Sorry I don't have mod points today, but you have my gratitude. THANK YOU.
Re: (Score:3)
In the next release or two, Firefox is going to start blocking you from loading any extension that hasn't been approved and signed by them. People have been SCREAMING on their message boards for a way to disable/override this, but they flat out refuse. The only way to get around it is to install a non-standard browser executable.
-
Re: (Score:2)
I switched to Pale Moon.
Need a new browser. Not Chome, not IE, Not FF. (Score:5, Insightful)
*Another* setting I have to alter.
I can't trust FF any more. A little while back I looked around for a replacement, but no luck.
Chrome is obviously so far beyond the pale it's keeping New Horizons in good company. MS have jumped the shark on privacy, IE is out. Firefox you can't trust, every update makes changes I dislike and it's huge, fat, slow and bloated.
Re:Need a new browser. Not Chome, not IE, Not FF. (Score:5, Funny)
Upgrade to Windows 10 and use Microsoft Edge.
Re:Need a new browser. Not Chome, not IE, Not FF. (Score:5, Insightful)
Firefox disappoints sometimes, but only because we have high expectations of it.
I disagree with a few things they've done in the last two or three years but it's still light years ahead of the rest in terms of respecting your privacy, not trying to lock you in, being free software, supporting open standards (and not just as part 1 of a bait-and-switch, which I suspect all other browsers of), and a few other metrics.
I've no idea how it compares for speed - I wouldn't even give the other browsers a test run.
Re: (Score:2)
Cleaned-up Firefox builds: Iceweasel and Palemoon
Re: (Score:2)
What makes you think Iceweasel "cleans" things up? Most, if not all, of the Firefox behaviors are left as is in Iceweasel, with the exception of auto-updating being the major exception, as far as I can tell.
Re: (Score:3)
Re: (Score:3)
Pale Moon is no longer a Firefox build, having diverged and fully forked the codebase well before Australis hit. It's now its own thing. Pretty much the only way to avoid the endless stream of crap going into the Firefox codebase these days.
Re: Need a new browser. Not Chome, not IE, Not FF. (Score:4)
By default FF doesn't respect privacy. Having the option is nice but would be nicer if the default was to respect privacy.
What are the other things it does that are bad for privacy?
Does anyone have a link to a page with ways to configure Firefox to respect privacy better? I'm talking about during everyday browsing, not "private mode".
(In any case, I'm sticking with Firefox (or a derivative). It might have some spots on it but the alternatives are rotten to the core.)
Re: (Score:2, Interesting)
The only other major thing I can think of is that it (like other browsers) doesn't ask you for permissions for websites to use WebRTC, which means that sites can sniff your local IP addresses if they're clever. This is a spec issue, but unless you're in the know as to what debates are going on about this misfeature, it's easy to assume that Mozilla are dropping the ball on this (and people love to conveniently blame Mozilla when they aren't stopping bad things, but never thank them for the good they do).
Re: (Score:2)
What are the other things it does that are bad for privacy?
Phoning home every damn time you start it up to "check for updates" to plugins.
Having a mozilla website be the default home page, so you automatically visit mozilla.com before you can get to the point where you can set your home page to be about:blank.
Having a default where it shows you (and anyone who happens to be in eyeshot) thumbnails of sites you've visited.
I haven't found a way around the second issue, but the first can be stopped. Set plugins.update.url to "" using about:config.
Re: (Score:2)
Phoning home every damn time you start it up to "check for updates" to plugins.
If the only data it's sending is "I'm version 39.0.1 (GNU/Linux i686)", I wouldn't call that "phoning home". Most people probably want this behaviour.
Having a mozilla website be the default home page, so you automatically visit mozilla.com before you can get to the point where you can set your home page to be about:blank.
Again, if all they know is that someone on your IP address has opened a browser while connected to the internet, it's barely a privacy issue.
Having a default where it shows you (and anyone who happens to be in eyeshot) thumbnails of sites you've visited.
I think most users want that behaviour. It's more useful than a blank page. It's no different to your file browser showing thumbnails and filenames of whatever's in the current working directory when it starts.
If there
Re: (Score:3)
The Home page can be changed in the preferences window. For the tab thumbnails,
In about:config, create these Boolean settings, (right click on page)
name: browser.pagethumbnails.capturing_disabled with value: true
name: pageThumbs.enabled with value: false
Delete the thumbnails directory in your profile.
Alternatively, use SeaMonkey or one of the Firefox forks.
Re: (Score:2)
I'll add: there's also the
browser.pageThumbs.enabled
... boolean; I see references to both on the internet. /shrug
Re: (Score:3)
"browser.pageThumbs.enabled" just stops the tab preview from appearing, which is what many actually want. The other totally disables producing the page, which others are looking for.
As usual it comes down to individual preference and all we can do is give choices.
Re: (Score:2)
Still saves the thumbnails.
Re: (Score:2)
"Lynx" is quite good for detangling bad websites, and for reviewing privacy negligent or security suspicious websites: it's a purely text-only browser and does not run Javascript at all.
Re: (Score:2)
Re: (Score:2)
Use Palemoon. Looks ike classic Firefox including the plugins but without the recent bloat and anti-user behaviour. And without Australis too.
Re: (Score:2)
Give me Nautipolis or Orthodox any day.
Re: (Score:2)
Re: (Score:2)
Thank you (Score:5, Insightful)
Re: (Score:2)
I guess if you accidentally hover their link that they can see you're an active email too!
If you use a web browser as an email client, yes. That's one of the many good reasons not to overload web browers with unnecessary functions. Another is that you don't clutter the net with HTML-ized email without knowing it, and don't create unreadable email for people who use real email clients.
Re: (Score:2)
I've used webmail for about 15 years, and most people do the same. Configure the webmail to not show images, biggest issue is gone.
I tried a mail client recently but I would rather leave the 8000 useless unread mails and other crap out of my PC than bog it down with it, lest bother with it on other PC or computers I can possibly use to check or write mail.
Re: (Score:2)
You're right but if the e-mail provider is evil, it can store all the mail anyway even if told to "delete" it.
Well, I am somehow trapped unless I switch to a less evil e-mail provider. Then I honestly feel like using the less evil email with webmail would be more secure than using the evil email with a mail client.
No, I won't pay for a domain name and VM hosting.
Re: (Score:2)
I thought that Gmail actually circumvented this with an image caching service, but when I (just) researched it, it doesn't (it only does proxying):
"Also, no caching is performed server-side, every time I downloaded that URL, a request showed up on my server." ( https://filippo.io/how-the-new... [filippo.io] )
"In some cases, senders may be able to know whether an individual has opened a message with unique image links. As always, Gmail scans every message for suspicious content and if Gmail considers a sender or message
"more recent" means since 2012... (Score:4, Informative)
Looking at the bug request [mozilla.org] that was linked in the summary, it appears that "more recent versions" of Firefox means "all versions since 2012".
Webmail obvious security issue (Score:5, Insightful)
So... If you open a spam email via some webmail client, and hover over a link to see if it leads to where you expect (common thing to do if you're unsure if the email is legit or not)....
Then, Firefox will connect to that link??????
Their often unique hashes which identify exactly which email recipient the spam got to! It's not much different than actually clicking a link, and validates the email!
That's about the most evil scenario I can think of and I don't like it one bit.
Not in Gmail; images are cached (Score:4, Interesting)
Gmail caches any images in an email, and serves them through their own servers, in order to prevent tracking bugs from having any effect.
The greater concern for me is what happens when you hover over a link that causes action by virtue of the URL being hit? I assume they must have done some filtering-out GET URLs, but...what about URLs that are prettified? Jesus, this is such a bad idea all around.
Re: (Score:2)
Expand that scenario ...
What about the one where a Firefox bug is exploited because you just moved your mouse and during the process it hovered over a malicious link, which then Firefox tried to fetch and then was exploited in the process ...
Oh thats right, Mozilla completely and utterly forgot about the nature of writing a secure browser.
Firefox: Netscape Navigator 50.0 - Same crappy devs, same crappy management, same ignorant development that ran them out of business the first time ... new browser name.
Re: (Score:2)
That's much like the old "webbug" problem, which relied on one pixel sized, transparent images downloaded from the desired upsteam advertiging and usage This sort of behavior was well described by the Electronic Frontier Foundation at https://w2.eff.org/Privacy/Mar... [eff.org]. That problem still exists.
The failure to reject such default optimization on the purely privacy basis is a troubling one. It means that, for example, I can track the location of people who read my email sent through anonymizing services, sim
Re: (Score:2)
This feature only opens the TCP connection, it doesn't send the request until you click.
So What??? You can't imagine that phishers would generate links with a bunch of fake but unique subdomains or port numbers that would communicated to the main phisher domain while a user merely hovers over those links?
Bugs? (Score:5, Insightful)
I could see a nightmare scenario with poorly implemented "click to buy" or voting websites. Some nations, in the cases of stuff like CP, make it illegal to access websites containing banned material. Now mousing over links can look identical to accessing, according to log files. What a mess.
Re:Bugs? (Score:5, Informative)
According to the docs [mozilla.org], this doesn't fire on just any random website's links, only in specific parts of the Firefox UI:
To improve the loading speed, Firefox will open predictive connections to sites when the user hovers their mouse over thumbnails on the New Tab Page or the user starts to search in the Search Bar, or in the search field on the Home or the New Tab Page. In case the user follows through with the action, the page can begin loading faster since some of the work was already started in advance.
That's fortunate, because firing it on any website's hover link would reach that nightmare scenario pretty quickly.
Link prefetcing on websites only happens if the site explicitly marks the link for prefetch. (Example use case: prefetch page 2 of an article from page 1.) Firefox & Chrome have done this for years.
Re:Bugs? (Score:5, Informative)
And looking closer at the API description [mozilla.org], speculative connect isn't supposed to actually make the HTTP request, just set up the TCP connection. No headers, no URL, just an IP address at the network layer.
Still technically a connection, but hardly any information is sent, and it's not mistakable for an actual click.
Re: (Score:2)
The prefetching is also currently disabled on stable builds, and is limited to DNS prefetching, as far as I can tell.
I was wondering if it might be DNS prefetching. That's a whole other animal than actual HTTP requests, and I thought Firefox and Chrome already did it.
Re: (Score:2)
Like making the tabs more rounded and messing up the ability to customize the toolbar?
Re: (Score:2)
Argh! (Score:2)
The last version of Firefox that I used unmodified out-of-the-box was version 2. Worked fine. Ever since it's been a game of whack-a-mole. Cannot think of a single must-have feature that had been added; instead, it's been a down-hill slide of trying to undo all the stupid new "features" that ruin an otherwise fine product. An endless treadmill of installing add-on extensions and tweaking about:config. Please, STOP IT!
Re: (Score:2)
What add-on compatibility would you be talking about? There IS no fucking add-on compatibility. *Every* bloody release breaks extensions and themes.
Re: (Score:2)
As for better, what's the metric? I had a bunch of FF addons that were no longer compatible back when they changed to making their version numbers race Chrome's, so no idea what GP is talking about there. Personally prefer the old style to navigate. Plus, my current 200 tabs open (yeah yeah, I'm bad) has a larger footprint in FF than when in PM (have a few browsers on this computer). YMMV.
Holy crap ... (Score:4, Insightful)
What idiot decided to do this?
I don't want to load a link just by hovering on it. I don't want to tell every damned link in a webpage that I've looked at it. If I click on it I'll click on it, but don't just load random shit you think I might fucking want to load.
I swear, Firefox is making some really stupid decisions of late. For a browser which used to be concerned with privacy they seem to have decided to do everything possible to reverse that.
It's like they're either suddenly staffed by morons.
Disappointing. Very disappointing.
Re: (Score:3)
For a browser which used to be concerned with privacy they seem to have decided to do everything possible to reverse that.
They should separate the actual browser part from the current behemoth, in good Unix style. I suggest the name 'Phoenix'.
Re: (Score:2)
Wow, you should really read the posts above yours.
How this got marked insightful is beyond me.
Re: (Score:3, Insightful)
It doesn't send anything besides the basic TCP headers.
Do anybody here understand the implications of *simply making the connection*? What the hell is the matter with you? Unless I click, I don't want to send anything at all. Is there something here that is difficult to comprehend about this?
Re: (Score:2)
Do anybody here understand the implications of *simply making the connection*?
Yep. When the constables subpoena the network logs from your ISP they'll show a large number of connections to those CP sites, so of course you are a good candidate for a search warrant and visit to the graybar hotel.
That's a good thing, isn't it? For God's sake, man, think of the children.
Re: Holy crap ... (Score:2)
I understand the tradeoffs. It looks like a straightforward compromise between lower latency browsing, and privacy concerns. As long as they allow for opt-out (which they do) I think they made the right call.
Privacy? You've already decided to share which page you're looking at. That's the "mile". Now it goes an extra inch and says where your attention is focused.
Browser must be safe even on dodgy sites (Score:2)
It should not, indeed it must not matter that Firefox loads data from a dodgy website. It has to be safe to read it, render it and run the Javascript.
Because if it isn't then the browser is doomed to be cracked and exploited anyway. Attackers can break into "safe" websites and put their scripts there. Or buy advertisements to their malware.
So all the worry over loading links from untrusted sites is foolish because you cannot trust ANY site on the Internet. Not really.
There's a better argument to be made ove
Are they actually seeing HTTP requests or just DNS (Score:2)
The OP mentions iftop & resource monitor. I wonder if they're seeing the results of DNS Prefetching [blogspot.co.at]? That's something Firefox and Chrome have been doing forever. It doesn't hit the webserver, just resolves the domain name to an IP address in case you hit a link.
Or are they only looking at the new tab page? According to the docs they linked to, the speculative connect API is only used in a few spots in the Firefox UI, not on random webpages.
Re: (Score:3)
The scenarios are entirely possible.
An SSL handshake bug ... which we've seen before is still entirely possible. You don't need to send a HTTP protocol request for an SSL bug to fuck you over.
Its also trivial to continue to leak information by setting up the connect to a particular host without sending the full request based on how the host link is configured.
Simply configure your spam email/site to point to individual IPs and port combos for every email you send, then when viewed in a browser, this preset
What's the problem? (Score:5, Informative)
I don't understand the concern, at least if I'm reading the documentation for the speculative connect API correctly (first link in blurb).
All this seems to do is make the TCP connection (whether SSL or not) in anticipation of a link being clicked. The speculative connect API does not send any data in the TCP pipe it is creating. By opening the TCP link early, once the link is clicked, the TCP connection is probably ready to go, cutting down a bit on setup delay (which can sometimes be substantial if DNS is slow to resolve or the connection is using SSL), thus making the click seem more responsive to the user.
But nowhere in the docs is any mention of actual requests made to the server or any data downloaded from the server... until you click the link. Thus, the only information leaked by hovering over a link but not clicking on it is your externally-known IP address, which may show up in the error logs of the webserver as a dropped connection. There seems to be no danger of accidentally downloading a virus simply by hovering over a click.
If I'm missing something, please let me know.
Re: (Score:2)
It's more of a tracking problem, I think. Anyone monitoring your access will see that you connected to some site even though (a) you did not transfer data and (b) you do not want to actually browse the destination.
For instance, you could see a link without knowing it to be NSFW, or potentially harmful. You would, as usual, hover to check the actual address and decide not to browse it. Yet your browser has already opened a channel which was recorded by your corporate IT department proxy/firewall, your ISP, e
Re:What's the problem? (Score:5, Insightful)
So right off the top of my head, two examples of things you're missing:
An SSL handshake bug ... which we've seen before is still entirely possible. You don't need to send a HTTP protocol request for an SSL bug to fuck you over. Unless of course you think Firefox is flawless and bug free ... which we are 100% certain will never be the case.
Its also trivial to continue to leak information by setting up the connection to a particular host without sending the full request based on how the host link is configured.
Simply configure your spam email/site to point to individual IPs and port combos for every email you send, then when viewed in a browser, this presetting up of conditions can still be used for confirmation of email delievery as well as potentially exploiting bugs in the browser, which is a safe bet to exist based on the ignorance of this feature.
And this is why just because YOU don't understand why security works the way it does, doesn't mean you've thought of all the actual scenarios.
Lets see what else: TCP connects cost bandwidth, not much, but some, this is just another example of speculative wastefulness typical with modern programmers who have no consideration about what the costs are of the operation they are performing because it happens so fast in their dev environment they don't notice the cost. On the other hand, a very popular website will now notice a many more idle connections, which are not free, maybe not even cheap, because Firefox is being retarded and forgetting Internet Security 101.
Throw in using a custom DNS hostname for every URL thrown into an email or web page, and now you can easily track hovered over links of the user without them clicking a thing.
You don't go connecting to random machines on the Internet without specific instruction to do so, #InternetSecurity101
Re: (Score:2)
Easy, I hovered over a link that said security implications, and firefox did a speculative fetch. They have better things to do than fruitlessly pester people about the literally thousands of such instances they'll run into.
Nice... which TLA wanted this... (Score:3)
Simply hovering --
Now my system will connect to things I would elect to not connect to.
It is clear that network connections and data in a cache are no
longer valid in a court of law.
With such a feature there is no reasonable expectation that anyone
looked at or was in fact interested in anything.
The good news is web sites that count will see their hit count
jump for joy... Ponder an email with
https://www.hillaryclinton.com... [hillaryclinton.com]
https://23.235.47.75/ [23.235.47.75]
This was predicted some time ago (Score:4, Insightful)
Mozilla and Korrekt Thoughts (Score:3)
Maybe. But, that's nothing compared to some of the Komrades at Mozilla having inkorrekt thoughts. That had to be end [slate.com]...
Why hasn't anybody forked Firefox already? (Score:3)
Honestly, for the last four years or so, the only news I see about Firefox here on Slashdot is the "bad news". The foundation keeps introducing new features nobody asked for and keeps changing the familiar user interface. About the only time I thought something good is coming out of the Firefox is when they announced that Firefox will block third-party cookies by default, thus ending one of the biggest routes to privacy violation on the web.. then nothing happened. Firefox has already sold itself to commercial interests, but some how we continue using it by default as if there were no alternatives.
Re: (Score:2)
Pale Moon.
Re: (Score:3)
I haven't used it much yet, but Pale Moon [palemoon.org] may be what you're looking for. It's a fork of Firefox. The development design choices favor privacy, user-control, and improving speed&stability by dumping rarely-wanted code. Examples: They removed the Parental Controls code, they're excluding the new Firefox DRM support, they dumped support code for obsolete CPUs, they dumped some of the code for handicap-accessibility, and they currently removing phone-home code for crash reports and other potentially privac
We need a new Phoenix. (Score:3)
When Mozilla - the new browser - was becoming muddled with senseless features and cumbersome crap, someone forked it and created project Phoenix. It was lean, simple, fast and reliable. People loved it and switched to it en masse.
Due to trademark problems, Phoenix was renamed to Firebird, and later to Firefox.
Mozilla team mostly abandonned Mozilla, leaving only a slowly dying "Seamonkey" branch, and moved to Firefox. And they immediately began shitting it up just like they did with original Mozilla. Currently the shit-up is reaching its apogeum.
Someone needs to fork it again and start a new Phoenix. And don't let the current team touch it!
Why does this even exist? (Score:2)
What is the use-case for this sort of action? Was a link between hovering and going to a site established? What makes this a 'feature'?
Well, I guess FF was not hacked often enough (Score:2)
So they felt left-out and added this option to decrease security significantly _and_ make it hard for users to prevent that....
Re:Ancient news (Score:4, Insightful)
I've always thought web accelerator was a dumb naming ... we'll waste your bandwidth by downloading a bunch of shit you haven't clicked on so that if you do want it, the it is cached.
It would load quicker if they weren't pre-fetching the entire fucking internet on the notion that I might want it at some point.
Sorry, Mozilla, but you're simply not getting the point here.
Re: Ancient news (Score:2)
I agree. I develop mostly intranet type web based applications and always recommend firefox to my clients. I code to standards, so any modern browser that respects those standards can use the application as expected.
When creating Delete controls (or any control that modifies something), I typically use a javascript based modal window to display a confirmation box that will POST to the target. If the user doesn't have javascript installed, it will load the target via GET request where I can then display the
Re: Ancient news (Score:2)
Slashdot at part of that post. See below for clarification:
Depending on the application, I use <a> tags styled like <button> tags. I set the href to the target page, and in the onclick trigger I reference this.href as the target that I pass to the modal to POST to. This makes failover simple when javascript is disabled. There is also a simple server-side validation method I use to ensure there are no easy ways to inject dangerous POST requests.
Re: (Score:2)
Re: (Score:2)
I miss Lynx! [browser.org]
corrected link
Re: (Score:3)
Re: (Score:2, Interesting)
I hate to break it to you, but Chromium has done this for years.
Re: (Score:2)
Now you don't even have to even click a link to get on A List!
Doesn't matter. The NSA considers all Firefox users to be extremists anyway.
Given how unsecure firefox is I'd have thought the NSA would prefer everyone use it...