Firefox In 2018: We'll Tackle Bad Ads, Breach Alerts, Autoplay Video, Says Mozilla (zdnet.com) 84
An anonymous reader quotes a report from ZDNet: Firefox maker Mozilla has outlined its 2018 roadmap to make the web less intrusive and safer for users. First up, Mozilla says it will proceed and implement last year's experiment with a breach alerts service, which will warn users when their credentials have been leaked or stolen in a data breach. Mozilla aims to roll out the service around October. Breach Alerts is based on security consultant Troy Hunt's data breach site Have I Been Pwned. Firefox will also implement a similar block on autoplay video to the one Chrome 66 will introduce next month, and that Safari already has. However, Dotzler says Firefox's implementation will "provide users with a way to block video auto-play that doesn't break websites". This feature is set to arrive in Firefox 62, which is scheduled for release in May.
After Firefox 62 the browser will gain an optional Chrome-like ad filter and several privacy-enhancing features similar to those that Apple's WebKit developers have been working on for Safari's Intelligent Tracking Prevention. By the third quarter of 2018, Firefox should also be blocking ad-retargeting through cross-domain tracking. It's also going to move all key privacy controls into a single location in the browser, and offer more "fine-grained" tracking protection. Dotzler says Mozilla is in the "early stages" of determining what types of ads Firefox should block by default. Also on the roadmap is a feature that arrived in Firefox 59, released earlier this month. A new Global Permissions feature will help users avoid having to deny every site that requests permission for location, camera, microphone and notifications. Beyond security and privacy, Mozilla plans to build on speed-focused Quantum improvements that came in Firefox 57 with smoother page rendering.
After Firefox 62 the browser will gain an optional Chrome-like ad filter and several privacy-enhancing features similar to those that Apple's WebKit developers have been working on for Safari's Intelligent Tracking Prevention. By the third quarter of 2018, Firefox should also be blocking ad-retargeting through cross-domain tracking. It's also going to move all key privacy controls into a single location in the browser, and offer more "fine-grained" tracking protection. Dotzler says Mozilla is in the "early stages" of determining what types of ads Firefox should block by default. Also on the roadmap is a feature that arrived in Firefox 59, released earlier this month. A new Global Permissions feature will help users avoid having to deny every site that requests permission for location, camera, microphone and notifications. Beyond security and privacy, Mozilla plans to build on speed-focused Quantum improvements that came in Firefox 57 with smoother page rendering.
Bad ads? (Score:4, Funny)
So ... all ads then?
What other revenue source? (Score:4, Interesting)
Let's say the web were to lose all advertisements tomorrow. What replacement for the lost revenue would you prefer as a way to cover the cost of writing and hosting the articles that you read?
A. Paywalls on most websites, causing your web searches to result in a lot more clicks on the back button
B. Shutting down commercial websites in favor of those run on hobbyists' pocket money
C. Some other option, which you plan to explain
Re: (Score:1)
They already make shady money off of profiling people through all sorts of tracking methods.
They can just use that; there's somewhat less avenues for malware, and it'd be much less obnoxious to casual users.
What use for profiles other than ads? (Score:3)
They already make shady money off of profiling people through all sorts of tracking methods.
They can just use that
What use is there for such profiles if they cannot be used to improve specificity of an advertisement campaign?
Re: (Score:2)
nah i just read slashdot and it has a box to disable ads already ;-)
Requires Excellent karma (Score:2)
That checkbox is offered only to users near maximum karma. Stack Overflow has a similar model of presenting fewer ads once a user reaches a particular reputation level [stackoverflow.com]. But what would you do between signup and reaching the karma threshold?
Re: (Score:2)
What other reason would content publishers have for displaying advertisement? And what alternate means would you have for paying the bills for site hosting? Servers and data connection isn't cost-free.
Sorry, the days of running a hobby site and expecting for it to stay alive if you actually have content people want to see are long over. The real world uses load balancers, caching servers, content delivery networks, DDOS protection, multiple back-end servers, high throughput connections; and these all cos
Re: (Score:3)
Having to hire an ad sales team (Score:3)
They shouldn't auto-play if they're video based.
Exactly. Such an ad will pause on the first frame and cover up the page until the user clicks to start the ad playing and waits for the ad to finish playing. This is a prestitial, and Chrome would likely automatically block it because countdown prestitials before a non-video payload [betterads.org] violate the Better Ads Standards, but a publisher* can deploy anti-adblock to send more people to the back button.
And, last but not least, they shouldn't track you.
In order for an ad not to track the viewer across websites, it would have to be hosted by the publisher, as oppose
Re: (Score:2)
Tracking isn't an inherent property of serving HTTP. Ad services could be audited the same way as certificate authorities. It's not perfect but it would stop most of the abuse.
Subscriptions are usually per-site (Score:5, Insightful)
What replacement for the lost revenue would you prefer as a way to cover the cost of writing and hosting the articles that you read?
A. Paywalls on most websites, causing your web searches to result in a lot more clicks on the back button
I wouldn't mind A since that would mean we're going to be treated as customers instead of as products and search engines/browser extensions would adapt to it
How many pages on The Wall Street Journal can I read with a subscription to The New York Times? Zero.
Let's assume that over the course of a month, you read two articles on each of 20 different pay sites, each of which demands (say) $5 for a 30-day subscription or $5 for 150 page views. How many people would be willing to pay $100 per month only for most of the subscription to go to waste?
Re: (Score:2)
What replacement for the lost revenue would you prefer as a way to cover the cost of writing and hosting the articles that you read?
A. Paywalls on most websites, causing your web searches to result in a lot more clicks on the back button
I wouldn't mind A since that would mean we're going to be treated as customers instead of as products and search engines/browser extensions would adapt to it
How many pages on The Wall Street Journal can I read with a subscription to The New York Times? Zero.
So? We've had this problem in the sciences for centuries - if you subscribe to one journal you will miss content from another journal.
You know what the journal solution is? Open-access journals. Author pays if they want to publish. If they cannot afford to pay for a *single* article then the content is probably worthless.
Will this work for news publications? Probably not, but I see nothing wrong with putting news publications behind a paywall. Most of their content is worthless and they'll quickly find thi
Re: (Score:2, Insightful)
C. Sites run by special interests offering heavily biased articles designed to push a specific narrative
Re:What other revenue source? (Score:4, Informative)
Let's say the web were to lose all advertisements tomorrow. What replacement for the lost revenue would you prefer as a way to cover the cost of writing and hosting the articles that you read?
A. Paywalls on most websites, causing your web searches to result in a lot more clicks on the back button
B. Shutting down commercial websites in favor of those run on hobbyists' pocket money
C. Some other option, which you plan to explain
B. This was the internet before 1999 and it was a great place before everyone else showed up.
Internet back then was dial-up (Score:2)
What replacement for the lost revenue would you prefer as a way to cover the cost of writing and hosting the articles that you read?
[...]
B. Shutting down commercial websites in favor of those run on hobbyists' pocket money
B. This was the internet before 1999
Except "the internet before 1999" was 0.05 Mbps dial-up, or sub-Mbps DSL if you were rich enough to move to one of the cities where the local incumbent phone company chose to test-market it. Even if you would be willing to go back to dial-up, what fraction of other Internet users would? And even though modern high-speed home Internet access is available right now, how long do you think demand therefor would continue without the availability of commercial websites?
Re:Slashdot deals (Score:1)
Re:What other revenue source? (Score:4, Interesting)
Let's say the web were to lose all advertisements tomorrow. What replacement for the lost revenue would you prefer as a way to cover the cost of writing and hosting the articles that you read?
A. Paywalls on most websites, causing your web searches to result in a lot more clicks on the back button B. Shutting down commercial websites in favor of those run on hobbyists' pocket money C. Some other option, which you plan to explain
HOSTING:Hosting a website with almost all text-based content like /. is possible on the $5/m droplet from digital ocean. I'd be surprised if this site needs more than a 100GB of storage for its archive. A less popular site with less history should do fine on a 25GB droplet. If a site's owner cannot afford $5/m, then maybe they shouldn't host the site. If more processing power is required you can selectively spin up more VMs.
The reason for the high hosting costs is due to the serving of ads - you need a fancy backend that auctions each user for ad delivery, you need to use ad-delivery frameworks written in cycle-wasting interpreted languages, you need to provide unnecessary images just so that you have at least some images that aren't ads, you need to use a client-side framework that is compatible with the ad network, your backend needs to talk to some tracking site for users, you need facebook, twitter, G+ integration .... for ad purposes.
Take the ads away and your need for space and complexity goes away.
CONTENT:You don't need full-time staff to generate content for the sites I read. In fact, the best quality content is user generated content not full-time writer content. I'd rather read a forum for comparative shopping when looking for a new car/computer/sewing-machine than a clickbait "Ten Things You Need To Know When Buying A New Car (#4 Will Shock You!)". All the most popular sites on the internet, the most visited, are the ones with user-generated content. If the site has a few hundred thousand users on some stable forum software you don't need *any* full-time staff. A few part-timers will keep things going. If you have more than a few million registered users, a 1% donation-rate of $1 per month will let you have *ONE* fulltime staff, and that person should ideally be ensuring that everything continues running.
You only need full-time staff for generating content when that content is worthless. When you need to generate "content" that pushes some particular political view, you need to pay people to write those views. When you generate content about the top 5 document editing tools, you'll need to *PAY* people to generate that content. When you need to generate content about stripping and reassembling a Chevy V8, people will (and already have) generate that content for you. How to do $FOO? Yeah, experts have chimed in on some forum somewhere already.
Frankly, the only reason it costs to run a site is because ads have driven up the costs. Sure, ads bring in (say) $10000/m, but you're essentially spending more than that just to support the fact that you want to run ads.
Taking away ads and ad-supported sites will, ironically, leave us with better content. The ads arms race has resulted in every second site needing to use clickbait links and ads just to keep the users they have, because then they can advertise to those users.
I will not miss the demise of ad-supported sites. Only advertisers will.
Vidme shut down (Score:2)
Hosting a website with almost all text-based content like /. is possible on the $5/m droplet from digital ocean.
Then what would you recommend for someone whose works aren't "text-based"? Or would you instead encourage freelance photograhers, illustrators, and animators to give up their trade and instead retrain to become writers?
If a site's owner cannot afford $5/m, then maybe they shouldn't host the site.
Then who, other than the site's owner, would host the site? I don't see each of the billion-plus Facebook members joining the IndieWeb movement [indieweb.org] and subscribing to a $15 per year domain and $60 per year VPS just to run his own website. Where would a minor even come by that sort of money, espec
Re: (Score:2)
Hosting a website with almost all text-based content like /. is possible on the $5/m droplet from digital ocean.
Then what would you recommend for someone whose works aren't "text-based"? Or would you instead encourage freelance photograhers, illustrators, and animators to give up their trade and instead retrain to become writers?
If they're using the website for work then they can bloody well pay for it. Their content is unavailable? Not my problem because I wasn't viewing it anyway.
If a site's owner cannot afford $5/m, then maybe they shouldn't host the site.
Then who, other than the site's owner, would host the site? I don't see each of the billion-plus Facebook members joining the IndieWeb movement [indieweb.org] and subscribing to a $15 per year domain and $60 per year VPS just to run his own website. Where would a minor even come by that sort of money, especially if other kids have already swallowed up all the lawn mowing jobs in the neighborhood?
Why would they each need their own website? You're presenting a false dichotomy. If facebook didn't exist because of no ads, why are you presenting the only other option being "everyone has their own website"? The other option, one that was prevalent before the ad-infested web, is that groups pool their money together for the $60/year needed to keep the
What's your forum's attachment limit? (Score:2)
If a forum cannot get enough paying members, why is that my problem to solve?
It's your problem to solve if you happen to be a member of such a forum that can no longer pay its bills.
Once again, I don't care. If *YOU* care about watching videos on the internet, maybe you go and put your money into the pot for those sites you care about. The topics I care about can survive with minimal donations.
I wouldn't be so sure that affordable high-speed home Internet access can keep its economies of scale if the only topics that the Internet covers are those that "can survive with minimal donations". What's the size limit for photo attachments on forums that discuss the topics you care about? Because if people decide to cut back to dial-up in response to withdrawal of advertising-supported works, then you
And advertisers... (Score:4, Insightful)
#DeleteMozillaAndChromeAndIEAndOpera (Score:2)
Re: (Score:1)
Safari could not be reached for comment as it was apparently on some adventure tour through Africa.
Chrome was found on the bumpers of an old classic car.
Opera was last seen running from a stage after hitting a very high C and shattering windows in adjacent buildings.
Firefox has caused multiple callouts to the Animal Anti-Cruelty League. Foxes are cute, no need to set them on fire with petrol.
IE is curled up in a little ball in the corner, muttering "it est, it est" (it is, it is) to itself. 911 has been cal
"... that doesn't break websites" (Score:3, Insightful)
Video Autoplay completely breaks websites from a usability standpoint.
There are zero times I look up an article on a website where I would prefer to watch a video over READING a story. That's AFTER. If I feel I need to.
Re: (Score:1)
The current about:config pref that blocks video auto-play breaks the manual playing of video on some sites. We're working on a way to fix that.
Muted videos fall back to less efficient codecs (Score:2)
Good luck finding a way to "provide users with a way to block video auto-play that doesn't break websites", especially if it's muted. Site operators will fall back to less efficient methods to display video, which include a canvas displaying video decoded in JavaScript, animated GIF, or even a pure CSS motion JPEG player [pineight.com].
Re: (Score:2)
Good luck finding a way to "provide users with a way to block video auto-play that doesn't break websites", especially if it's muted.
Oh, I've got a way. If click on a link and it leads to an autoplaying video, I close the page, knowing that it was a 90-second bloat with a 30 second intro, of what would have been one paragraph of text, the context of which you can often infer from the url.
"And nothing of value was lost."
block autoplay videos right now (Score:2)
about:config
Accept the Risk
media.autoplay.enabled = False
Doesn't block CSS MJPEG (Score:2)
I set media.autoplay.enabled in my copy of Firefox ESR 52 (default browser on Debian 9) to false, but this horse [pineight.com] was still animated. What did I do wrong?
Re: (Score:3)
That's the Muybridge Horse. NOTHING can stop the Muybridge horse, not even death.
Re: (Score:2)
I set media.autoplay.enabled in my copy of Firefox ESR 52 (default browser on Debian 9) to false, but this horse [pineight.com] was still animated. What did I do wrong?
You thought that a 15-frame image loop that is less than 1MB is the same thing as the 5 x 30MB videos that autoload on some sites. We should be lucky if advertisers are forced to use the mpeg-css - the extra work might result in fewer ads.
Re: (Score:3, Informative)
Unfortunately, this breaks manually playing video on some major video sites so it's not a great option. That's why we're re-working it in 2018 so you can have auto-play blocked but still be able to play by pressing the play button manually (which as I said doesn't work on some sites today.)
Welcome to 2011 (Score:2)
Wow welcome to 2011 Firefox :: Dev.Opera — Autoplay, Go Away! [opera.com]
Back before Opera became a useless Chrome clone, and had preemptive JavaScript.
Re: (Score:2)
Preemptive JavaScript could:
Easily override a given page function with a user-defined function.
Alter the page document (DOM) before it was rendered by the browser.
No browser allows you to do those things anymore.
My browser extension list (add-ons) (Score:3)
Firefox, WaterFox, and Pale Moon Browsers
For security: Get add-ons only from the Mozilla.org add-on web pages [mozilla.org].
Visit those links with Firefox. Visiting with the latest version of Pale Moon (27.8.2) shows an error: """This add-on requires a newer version of Firefox (at least version 52.0). You are using Firefox 27.9."
Pale moon add-ons [palemoon.org]
Adblock Latitude [palemoon.org] For Pale Moon browser only. Blocks display of ads. "Adblock Latitude is a direct fork of Adblock Plus made specifically for the Pale Moon browser."
BetterPrivacy [mozilla.org] Removed by the author. Deletes Local Shared Objects, LSOs. LSOs are files placed on your computer by the Adobe Systems Flash plug-in. Use of Adobe Flash allows web sites to track you, permanently even though your browser is configured to delete the files known as "Cookies" after each re-starting of your operating system.
CanvasBiocker [mozilla.org] Prevents websites from using the Javascript <canvas> API to fingerprint them.
Classic Theme Restorer [mozilla.org] Quoting 3 paragraphs:
"This add-on will stop working when Firefox 57 arrives in November 2017."
"This add-on will stop working when Firefox 57 arrives in November 2017 and Mozilla drops support for XUL / XPCOM / legacy add-ons. It should still work on Firefox 52 ESR until ESR moves to Firefox 59 ESR in 2018 (~Q2)".
"There is no 'please port it' or 'please add support for it' this time, because the entire add-on eco system changes and the technology behind this kind of add-on gets dropped without replacement."
Cookies Manager+ [mozilla.org]
Disconnect [mozilla.org] Updates to Pale Moon browser don't install.
Facebook Blocker [mozilla.org] Prevents Facebook from following you everywhere there are Facebook "Like" buttons.
Firebug [mozilla.org] "Firebug integrates with Firefox to put a wealth of development tools at your fingertips while you browse. You can edit, debug, and monitor CSS, HTML, and JavaScript live in any web page..." Firebug development page [getfirebug.com].
FlashStopper [mozilla.org] Stops video autoplay and shows a preview thumbnail. On Sept. 9, 2017 does not work with YouTube because it prevents reading comments; there is a working version in the development branch.
Ghostery [mozilla.org] I don't know if Ghostery still sells data: Ghostery sells data it collects. [businessinsider.com] (Business Insider, Jun 18, 2013) Ghostery web site [ghostery.com]. See the article, Ghostery is Acquired by Cliqz! [ghostery.com] (Feb 15, 2017)
HTTPS Everywhere [mozilla.org] Doesn't install in Pale Moon. Encrypts traffic by using HTTPS encryption rather than HTTP wherever web sites accept HTTPS. See How to Protect You [vogue.com]
Re: (Score:3)
LSOs are files placed on your computer by the Adobe Systems Flash plug-in.
The wise thing to do is to not install Flash in the first place. Time's running out for Flash [pcworld.com] anyhow. Might as well uninstall now.
Re: (Score:2)
Ghostery [mozilla.org] I
don't know if Ghostery still sells data: Ghostery [businessinsider.com]
sells data it collects. (Business Insider, Jun 18, 2013) Ghostery web site [ghostery.com]. See the article, Ghostery [ghostery.com]
is Acquired by Cliqz! (Feb 15, 2017)
I am very happy with Ghostery, use it in all of my browsers. I also use their browser on my Android phone, mainly to stop any additional data consumption. To the best of my understanding you can opt out of their data collection.
I would also recommend ShareMeNot.. I don't use Facebook and do not want them (and others) tracking me.
Privacy Badger looks good. (Score:2)
Re: (Score:2)
Very recently DuckDuckGo has made available their Privacy Essentials and it seems to block more trackers than Ghostery does.
Plus I'd give more trust to DuckDuckGo.
One more thing (Score:2)
Re: (Score:2)
Hahaha, right. I mean, what will all their UX artists on staff do if they can't constantly fiddle with the UI?
How about giving me back (Score:4)
Re: (Score:2)
The old plugin system was limiting performance and didn't support any kind of permission system.
What plugins are you missing?
Re: (Score:3)
What plugins are you missing?
Session Manager; Theres ABSOLUTELY NOTHING among the new plugins that does anything with utility this thing does.
Re: (Score:1)
The one single reason I will not update Firefox is DownThemAll. Mozilla has no plans to make it possible to download files fast in newer versions of Firefox.
Captcha: chrome
Re: (Score:2)
I don't recall plugins being much of a vector for viruses
So you clearly never looked then. But hey it's not just viruses. The old API can be blamed for much of the problems that were attributed to Firefox itself. Endless complaints about user's CPU and RAM usage. There were several high profile malware plugins. Many of the vectors have been closed and many of the issues the *users* were complaining about resolved as well by the API change.
Re: (Score:2)
Comprehensive metered connection strategy (Score:3)
I'd like some browser maker, any really, to come up with a browser profile which allows for use of the web in a metered connection. There are times when all i have access to is my mobile hotspot, and I pay per gig, so I'd really like to be able to flip a switch and have things like the disabling of multi-media downloads and pictures over Xkb.
Re: (Score:2)
Re: (Score:2)
Even My Mom Hates the New FF (Score:2)
I might lie to you about some things, but I would never tell a lie about my own mother.
I want a tab-top (Score:2)
something that would let me find which tab(s) are eating my CPU with some crappy javascript. I would then be able to close the tab; although a ''stop javascript in this tab'' button would be better.
From the people who disabled the ESC key. (Score:3)
Bring back the goddamned ESC key. [slashdot.org] Until a user can hit hyper pages like Yahoo News with a tranquilizer dart that delivers a static page that can be scrolled and read until the user hits the end or hovers over something... it will not be complete. It should cancel Javascript time triggers also, something addons cannot presently do far as I know.
Sorry, you cannot have access to the content you can plainly see in the window because an oversold cloud appliance or gobblegook DNS abuse tactic is failing to respond.
cite [elgurutech.com] "Without getting into too much technical details, pressing the Esc key can cause major problems for sites that use Web Apps that are coded in Ajax or use jQuerry. With the growing popularity and number of web apps came a great number of users accidentally hitting the escape key. So effective with Firefox 20 the Esc key will no longer stop anything, it simply won't do anything.
cite bug 614304, comment showing consensus [mozilla.org] "Yeah, I think we should remove this "feature". Having a key to abort network requests seems like an expert feature that at least shouldn't be enabled by default. IMHO it should ideally be removed completely. People can always write an extension to re-add it if desired."
So instead of forcing XMLHttpRequest/WebSocket/Ajax developers to directly address the situation of sudden lost network connectivity... which is a general design issue and might have been solved by now... it was decided that the unwashed masses should lose control of their browsers, forever. There's always yanking the wall plug, until Mozilla addresses that problem at some future date.
</S> humor, kinda. I love Firefox even though I'm frozen at an undisclosed earlier version.