I don't think WebAuthn protects against cookie theft. WebAuthn better protects the login process. But if the result of the login process is still a session/auth cookie, that can be stolen like any other cookie.
Be careful since it is a double edged sword. Device bound session means the browser has the capabilities to differentiate devices, and thus can be used for more accurate tracking information. Of course I'm not saying it is not useful, having created a fair share of websites myself, I know the pain of authentication on the web and how it can be challenging to secure from tons of possible attack vectors. And in my experience, the weakest link is always the user.
the browser has the capabilities to differentiate devices
The browser can do it whether this exists or not. The only information the website gets is that the browser supports this feature or not, and nothing else.
My bad, I worded that badly. What I meant is that the website now has access to those features via the browser (js or some other mechanism). Now suddenly fingerprinting a device can be made easier.
That's a valid concern, but according to the article all the website can access is the random public key, or the fact that the feature is unsupported in this browser (for an unspecified reason).
Yeah, I've also read the article. I am just being cautious on how it can be used for other things that cause privacy concern. And so far, I've come up blank too.
We’ve always been clear that the goal of Manifest V3 is to protect existing functionality while improving the security, privacy, performance and trustworthiness of the extension ecosystem as a whole. We appreciate the collaboration and feedback from the community that has allowed us - and continues to allow us - to constantly improve the extensions platform.
"We've always been clear that the goal of our remote-unlockable front door product is to protect your family while improving the efficiency and safety of our field reconnaissance and repo unit. We appreciate your feedback that you really hate unannounced in-home data gathering incursions, and we are integrating that feedback going forward as we work to improve your interactions with our team. See you soon!"
Manifest V2 phase out is a big deal, as Google is pushing towards Manifest 3 only. Google's version of Manifest 3 is hobbled by removing WebRequest blocking which breaks privacy and ad blocking tools - an obvious benefit to Google as an Ad and data harvesting company.
Firefox is implementing Manifest 3 with WebRequest blocking, as well as supporting Google's hobbled version declarativeNetRequest to allow compatibility with chrome extensions.
As far as I know there is no plan to phase out Manifest V2 at Mozilla. As long as V2 and V3 are active in parallel it shouldn't have a negative Impact on adblockers etc.
We also wanted to take this opportunity to address a couple common questions we’ve been seeing in the community, specifically around the webRequest API and MV2:
The webRequest API is not on a deprecation path in Firefox
Mozilla has no current plans to deprecate MV2 as mentioned in our previous MV3 update
That said, I believe Firefox users have gotten a lot of benefits by having extensions made that work in both Firefox and Chromium-based browsers. I don't believe there will still be as much effort for a Firefox-only extension but I believe there will be a sufficient number of motivated users and developers to still develop blockers and other extensions that take advantage of Firefox continuing to support MV2 and webRequest.
Shit like this is exactly why competition is of utmost importance. The internet was never meant to be single-handedly controlled by a corporation with private interests, and more importantly, private pockets
If we don't see a somewhat significant rise in Firefox usage increases after this, then I fear that battle is already lost. People can complain a lot but doing something as easy as switching browsers seems to be the hardest thing for most of them.
Even if Firefox were to win it's still a bleak future because the ridiculously complexity and scope of browsers prevents new ones being made. Without the possibility of newcomers either the war never ends or there is one victor. We should start to abandon browsers in favor of apps that focus on each part of the browser (e.g. why does a browser need to render video to the screen when the user already has an app for that).
"Destroying an empire to win a war is no victory, and ending a battle to save an empire is no defeat."- Kahless
Fuck that. I'm not switching between apps for every god damn function my browser does. I intentionally decline to install apps when I can just use the browser.
no unified password management (or even worse: everything gets just attached to your google/ios account - i hate apps that do not give me the option to keep stuff separate)
no history functions (esp. over multiple devices)
single apps getting bought out by marketing corpos or bad actors without getting notified
data sniffing apps are harder to reign in than my sandboxed browser tabs.
NO ADBLOCKING AVAILABLE IN APPS
I'm sure there are a lot more reasons, that's just what came into my mind
Apps being created seperatly doesn't mean they can't interact with each other, so I don't see those concerns as a problem. Is there anything fundamentally preventing the creation of new apps to do tasks currently exclusive to browsers?
Isn't the possibility of single apps getting bought out an argument against having all your eggs in one basket? 🙃
i think i would get notified in some way if the Mozilla Foundation changes ownership, and since it's open source that is not much of an argument. open source is getting more common the last few years, but it's definitely not common
sure, it doesn't mean they can't. everyone making their own app also means that they don't per default.
and you didn't touch the point regarding NO ADBLOCKING IN APPS while the whole debate here is because alphabet doesn't want effective adblocking in their browser.
I don't know what to say regarding your claim of no ad blocking in apps because I don't understand why you think that. I disagree because it's the same game just in different apps, depending on the medium:
images then you could do what ad blockers fo now: block based on domain
-video you still disregard other ad files, or have a sysyem like sponser block
text (e.g.) on a Gemini client you'd need to detect the text that looks like ads.
domain based blocking systems are nice for a base level of ad removal, they do nothing if the ads are coming from the same domain. sponsorblock is nice, but it's the work of volunteers to remove those ads - if youtubes userbase were splintered over thousands of apps it wouldn't be feasable.
i don't know when i have seen just text-based ads in the last 10 years. those are an non-issue, even for me. the issues are scripts, user profiling and tracking.
the big difference is: the browser gives webpages/apps a standardized environment where the user has the last word regarding what runs on it or not (if you are not using chromium anyway). in apps, the user doesn't have that luxury, especially regarding tracking and profiling.
I value software freedom so I don't promote proprietary apps that prevent users doing their computing the way they want. There's not much I can do about how companies mistreat their users. Just contribute to free (open source) software, advocate for a culture that values freedom over convenience, and advocate for laws against proprietary software.
If the code of your app is like uBlock-Origin then you have the freedom to remove ads from your software. If an app dictates how you do your computing that's a bigger issue than reckless feature creep leading to the end of browsers.
You Grandma and her Chromebook don't care though. The numbers aren't in our favor, but Mozilla absolutely dominating in the features and privacy arenas is.
I'm not asking this facetiously but: is there an easy way to migrate my bookmarks, tabs, and pinned tabs easily to Firefox? I looked maybe a year ago but didn't find a 1 to 1 easy switch way to go to Firefox.
To be clear: my personal laptop is all Firefox, but I don't use it all the time. My main desktop is an integration of all three (please don't judge), but I'd like to go full Firefox if it was convenient.
Convenience, similar to ninite.com. Sure I could download each installer one by one, but when it was made simple I now use it all the time.
Similarly with Firefox: the easier you make it to switch from any Chromium based web browser, to Firefox, the more people will make the switch. To me your comment is equivalent to someone saying RTFM.
With the time you've wasted complaining about having to RTFM you could've already imported your my little pony bookmark collection and be clop clopping off into the sunset.
You are absolutely correct, I could have done it a while ago. But while it is inconvenient, for me specifically, it's not top priority. Once there's a convenient method I'll be all about it.
I do. I'd be surprised if we see any kind of increase.
Firefox is going to slide into obscurity. They've been in a downward spiral for the last few years. So much money wasted on so many failed projects. They're a shadow of their former selves. The features of firefox are improving of course but by every metric that matters they're on life support.
Same thing that happened with the internet also happened with capitalism. It's like you need some regulation to ensure competition. It could have been so awesome if we had what we were promised.
That’s how it works for now, but eventually the code itself will be removed from chromium, not just disabled. At that point they’d have to maintain a large patch set reimplementing it, which would be extremely time intensive to maintain and keep secure.
I know, precisely. But it is an alternative without this nonsense, kinda the only one. And the only option to actually stop the Google monopoly that led to this.
Internet is dominated by Netscape, then crushed by MS giving its browser away.. Firefox steps in for a while and is great but starts to suck / get slow, google steps in people start to shift to google, everyone is on google... Wonder who steps in next.
There’s a lot more vendor lock in than there has been in the past. I don’t see there being a major change without legislation. It’s still too early to see how the EU’s DMA will affect market share, but it’s probably the best hope, even if it is limited to a few geographical areas.
There’s a lot more vendor lock in than there has been in the past. I don’t see there being a major change without legislation
LOL no.. ActiveX on IE was the ultimate lock in, and that is gone now.. Also we have A LOT of chromium based clones that don't have these restrictions.. It will still be a popularity contest.
Firefox however is limited by its in ability / unwillingness to license or implement some DRM features / Codecs which kind of sucks.
An even bigger restriction is how iOS just blocks all competing browser engines. It doesn’t matter what sites do or don’t require. If a site is broken in Safari, I just have to go use a different device. On all other operating systems you do have a bit more options, but they all pretty aggressively push you into using the manufacturer’s choice.
On June 3rd, Chrome(ium) users will start being informed that their MV2 extensions will soon stop to function. uBlock Origin (and others) will lose the "Featured" badge.
The remaining MV2 extensions will be gradually disabled in the "coming months", with the last deadline being the beginning of next year. (Expect that uBO will probably not last that long).
What options do you have if you still want to use uBlock Origin?
Firefox (and up to date forks) have no plans to end support for the webrequest API that uBO requires.
Brave browser will allow MV2 extensions for now. I still have no info on if they are going to use their own store or require manual installation/updating of MV2 extensions.
If you use Chrome. By enabling enterprise policy ExtensionManifestV2Availability, you should be able to extend support till June 2025.
many people here parrot the same things relentlessly. there is no issue with choosing firefox as your primary driver. every user here can decide on what they want for themselves.
i am offering other options as the suggestions in this thread (and threads like these) are homogenous.
Firefox has telemetry settings built-in which you can switch off. LibreWolf strips the telemetry options away and focuses on obfuscating your browser fingerprint.
Yeah it's just that I feel like if someone is still using freaking Chrome in 2024 then asking them to use something even more obscure than FF might be a bridge too far.
LibreWolf is just a fork of Firefox (one of many) which tries to improve its privacy features.
I am not asking anyone to use this, just merely offering an alternate option. Everyone who accesses the internet has used a browser. What makes a difference for the average user is the GUI and UX.
If you use vanilla Firefox and don’t tweak the settings, often your DNS will be resolved by either Google, Cloudflare or your ISP.
It becomes impossible to block ads in all browsers new forks will be made and the features we want will happen. The bar to spin and maintain a new browser is high but it's not impossible on there are a lot of people that want this
You should check out Ladybird browser, it's an impressive piece work, it's definitely no ready for everyday use, but it is proof that a small community can develop and maintain a project as complex and large as a browser.
It is probably the only browser in active development that is not being paid by Google, even Firefox gets most of its income from defaulting the search engine to Google
blog.chromium.org
Oldest