back to article Newly born Firefox 71 emerges from its den – with its own VPN and some privacy tricks

Patting itself on the back for blocking more than one trillion web tracking requests through its Enhanced Tracking Protection tech, Mozilla on Tuesday continued its privacy push with a further test of its Firefox Private Network service, an update to Firefox Preview Beta for Android, and the debut of its latest desktop browser, …

  1. graeme leggett

    Printing

    Does this version let you print preview and print just selected part of a webpage?

    1. phuzz Silver badge
      Meh

      Re: Printing

      It does let you Print Preview (you have to select the menu option to print), but other than allowing you to choose which pages you want to print, you can't really select an individual portion of a page.

      1. tony72

        Re: Printing

        Nimbus Capture is a Firefox add-on I use for producing as-it-looks-on-screen captures and prints of web pages or parts thereof; maybe it will be of use to the OP.

        1. Anonymous Coward
          Anonymous Coward

          Re: Printing

          Also can be done via [Lightshot]

          (Do not confuse with Firefox addons with same name.)

          See ..... https://app.prntscr.com/en/index.html

          Runs outside of Firefox, so can capture *anything* displayed on screen, including Firefox !!! :)

          Note:

          You do not need to configure it to upload captures although it can do this.

          Simply select a region on screen and type Ctrl+C to copy to clipboard.

          Paste clipboard wherever you want to save it !!!

        2. phuzz Silver badge

          Re: Printing

          So basically the same as Windows built in Snipping Tool then?

          (soon to be migrated to Snip and Sketch)

  2. W.S.Gosset Silver badge
    FAIL

    Javascript

    And yet still it can not sensibly handle Javascript in any realworld heavy usage (many windows+tabs).

    1. Multiple JS scripts running

    2. User control over same

    Point 1:

    There seems to be some sort of bottleneck within Firefox re JS, such that the browser will grind to a halt as the number of scripts rises. Every other app and the OS will be running along fine at near-normal speed, but all your FF windows are greyed out and in Task Manager shown as "Not Responding".

    You can extend this horizon by keeping JS switched off and only key sites whitelisted, but it's just an extension -- JS is bloody everywhere now. And if you don't also have Ghostery or similar running, the ads' scripts will shorten that horizon drastically (normal now for ads' scripts to run over 20,000 lines -- rarely well written).

    Point 2:

    And FF has no UI for the user to control/manage those scripts. PlugIns allow allornothing (+ex-ante whitelisting) pre-load, but this is useless once a script has run off with your browser (eg, advert or just a JS-happy site). As happens if you temporarily need JS switched back on to be able to properly load a site/page you need.

    VERY useful would be even the ability to auto-pause sites' scripts when the site's tab does not have Focus (and allow manual override eg whitelisting : eg happy to have gmail polling in the background, NOT happy to have a news story('s ads) do the same), would dramatically improve things.

    And/or to auto-pause any 3rdparty scripts.

    These are not new problems (or rather, problem and lacuna/oversight). But the real-world effect is worsening as JS's use (and abuse) spirals ever higher.

    .

    Chrome is even worse, btw. FF will gradually grind to a halt, giving you some warning and ability to react ; Chrome will just suddenly go unresponsive / jam .

    1. Anonymous Coward
      Anonymous Coward

      Re: Javascript

      Can't say I've ever had performance problems with JS on Firefox... on Windows, Linux or Android.

      1. Charlie Clark Silver badge

        Re: Javascript

        I do occasionally have problems with YouTube, presumably because it's trying to run some tracking code.

        1. Missing Semicolon

          Re: Javascript

          Google is doing this to Youtube. It's already killed Edge's rendering engine ( as described here: https://www.theregister.co.uk/2018/12/18/google_monopoly_abuse_claims/)

          1. RegGuy1 Silver badge

            Re: Javascript

            No script and Adblock plus -- they are *always* the first two add-ons I put onto any new Firefox install. That fixes Youtube, as it stops working! Win, win. I don't see any gob-shite videos and I get my life back. :-)

            1. bombastic bob Silver badge
              Devil

              Re: Javascript

              the constantly maintained youtube-dl pythyon script helps me watch videos. I only watch them after downloading. I get better resolution that way, among other things.

            2. phuzz Silver badge

              Re: Javascript

              uBlock Origin removes all the adverts from youtube but otherwise the site works as normal.

    2. iron Silver badge

      Re: Javascript

      It is 2019, you really need to upgrade that 386.

      On a more serious note if you are really getting that performance from Firefox and Chrome then either there is something seriously wrong with your computer or perhaps the websites you are visiting.

      1. karlkarl Silver badge

        Re: Javascript

        "It is 2019, you really need to upgrade that 386."

        No you don't. Just run uBlock or equivalent.

        Not chucking precious metals into landfill needlessly, thank you very much.

        1. Anonymous Coward
          Anonymous Coward

          Re: Javascript

          You don't have to throw in landfill. Plenty of ways to recycle tech.

          1. bombastic bob Silver badge
            Thumb Up

            Re: Javascript

            <i<Plenty of ways to recycle tech.</i>

            ack (even a pentium runs Linux well enough to give to a kid to play with)

            Occasionally a recycle company will do a neighborhood pickup here in San Diego. Just leave the junk out along with the paper thing they hung on your door and they take it. I once left a large screen broken DLP TV out for pickup that way. Another time there was a drive to bring stuff to a local high school parking lot, so I did that with a bunch of old computers.

            (if it's convenient, people will recycle)

        2. bombastic bob Silver badge
          Trollface

          Re: Javascript

          it won't hurt the landfill to have a little gold, silver, and other 'precious metals' in it. It's only worth pennies to you, and you're just putting it back where it was found (in the ground) anyway, more or less...

      2. WolfFan Silver badge

        Re: Javascript

        It’s obviously not a 386, it’s an Original IBM PC-AT, a ‘desktop minicomputer’ according to IBM Marketing, who would surely never lie.

        1. Aussie Doc Bronze badge
          Windows

          Re: Javascript

          ...and 16 kB of memory was more than enough. He remembers -->

      3. fobobob

        Re: Javascript

        Come now, they're clearly on a Celeron 266 by now.

    3. bombastic bob Silver badge
      Devil

      Re: Javascript

      I normally just run 'noscript'

      and if a web site is SO scripty that allowing its components would either screw up my personal "block JS mode" security model (i.e. allowing sites like CloudFlair or Google Analytics) or else (due to all of the 3rd party servers) requires SO many 'allow' clicks that it becomes IMPRACTICAL, then I do the simple thing:

      a) use 'su' to switch to a totally unprivileged dedicated user

      b) use the 'export DISPLAY=localhost:0.0' method to run FF on the desktop already running

      c) set up FF to allow script, but erase ALL history and cache when it closes [I like this feature]

      d) don't open ANY tabs not related to THAT web site

      then, any tracking they do will be on what I did on THEIR SITE ONLY, and it all gets erased when I'm done - cookies, 'crackers' (script that stays running when I close a page), history, web cache, yotta yotta. "Track That" - ha ha ha ha!

      Now, if their VPN plugin involed the TOR network, I might be interested.

      I also can't blame them for trying to monetize their (otherwise free) browser.

      I've ALSO been wanting to fork their browser for a while, RESTORE the 3D skeuomorphic menu-based system with NO 'hamburger' icon, like what the legacy UI plugins let you do prior to 57... so maybe a fork like that would DEFAULT TO USING TOR ??? [oh wait, that's been done, hasn't it? 'Onion' browser]

      1. nekomoto

        Re: Javascript

        I'm interested to know why you allow Google Analytics ? At best it's just a waste of bandwidth.

        My setup sounds much the same as yours, except I keep google blocked since they're the primary armholes that initially weaponised the internet against us. Sometimes I need to allow the maps API to look something up, but then it's blocked again.

        1. Dr Paul Taylor

          Google maps

          I was going to upvote you until I saw you use Google Maps.

          Streetmap.co.uk far superior for Britain. OpenStreetMap improving elsewhere.

          1. Kiwi Silver badge
            Pint

            Re: Google maps

            Streetmap.co.uk far superior for Britain. OpenStreetMap improving elsewhere.

            Last weekend was having a rare look at the plugins for Nextcloud.. A passable map plugin that not only uses OSM but also has something I haven't seen much of in ages, a topographical map!

            (Does reference 3rd-party data though, wonder if there's a plugin to host all that on my own machine? :) )

      2. Martin J Hooper

        Re: Javascript

        Hamburger - Customize menu item, there is a option to turn on the standard menu bar, if that's what your looking for...

    4. W.S.Gosset Silver badge
      Facepalm

      Re: please read the actual post

      Fascinating how many people don't read posts -- instead see only trigger-words, then construct strawmen.

      * My own boxes run with javascript switched OFF, and with Ghostery trapping everything, not just ads. Clearly stated in the post. So my env is NOT raw/unprotected but as harsh as, or harsher than, every suggestion.

      * I have seen this behaviour on a WIDE range of machines, from all-SSD fat-RAM fat-CPU gamesmachines to 12yo laptops on HD to maxspec VMs on light-loaded HP/HA clusters -- with no material change in behaviour.

      * Heavy usage means heavy usage, not "gosh wow you weawwy can wun a youtube window, oo-wah, oo muss be siwwy".

      On this box, I currently have 34 FF windows open with 10-40+ tabs per window. Multiple concurrent work/research/deepdives/quickchecks/etc. I like to be thorough. This is just starting to strain FF's limits -- it's just starting to occasionally jam for a few mins. This is a light-ish session for me -- I periodically run to 3+ pages deep in the window-list popup from the taskbar, and 2 pages deep on the tab-list dropdown.

      The problem only starts once I have to start opening whitelisted sites or have to crack open JS for the duration of opening a site which shows only garbage without it.

      .

      And it's much much worse with Chrome. I do know that Chromium/Chrome has(had?) an acknowledged single-bottleneck/-queue within the browser itself. But JS hammers it harder or hits another one.

      Both browsers' problems with JS have been growing over the last few years as the core problem becomes hammered harder by the world and his dog/ad ramping up the JS running unasked client-side.

      1. Graham 32

        Re: please read the actual post

        Wow! I thought I ran with a lot of tabs open (often 50 or more). You're in the hundreds and maybe topping a 1000 at times. That's definitely in the league where that's so rare the developers aren't going to spend time supporting it.

        I doubt you look at every tab every day, there isn't enough time. I guess you're using them more as bookmarks or task recording (ie an open tab is a reminder to do something). Of course you *could* switch to using bookmarks instead but I know what a pain it can be to change your workflow when you already have a way of working.

        I'd recommend trying a tab unloader addon such Auto Tab Discard.

        https://addons.mozilla.org/en-US/firefox/addon/auto-tab-discard

        I've been using it for a while on a laptop to help battery saving and hasn't impeded me at all. It unloads tabs that haven't been looked at in a while (user-definable timeframe), and so killing background scripts which you probably don't care about and freeing up memory. You can whitelist pages for things you want to keep running, eg webmail. Going to the tab will (re)load the page, so a little slower than if it was already loaded, that's the trade-off.

  3. Gene Cash Silver badge

    Privacy?

    If they really gave a shit, they'd reinstate fine-grained cookie control. This was the feature where you could individually veto/approve domains allowed to set cookies.

    1. arctic_haze

      Re: Privacy?

      There are add-ons for that. I use CookieAutoDelete which allows you choose which cookies are kept after the tab is closed.

      1. Anonymous Coward
        Anonymous Coward

        Re: Privacy?

        Firefox does that, just badly. I think he was referring to blocking specific cookies and allowing others (e.g. login session cookies).

        1. Anonymous Coward
          Anonymous Coward

          Re: Privacy?

          That's easy. Just block third party cookies. That way the cookies for the site you're visiting get set and all those pesky dodgy third party cookies are fucked off.

          1. ThatOne Silver badge

            Re: Privacy?

            No, what the OP meant is that useful and handy feature where you could tell FF that cookies from site A should be kept, cookies from site B dropped, and cookies from site C only kept for the running session. The whole with a handy manager which allowed you to black/white/greylist domains according to your needs and wishes.

            I know there are now add-ons which do that same thing, but it once was part of standard FF. Unfortunately pressure from the ad industry who finances them made them remove this feature many years ago.

            1. LDS Silver badge

              "cookies from site A should be kept, cookies from site B dropped, and cookies from site C"

              It's still there, but for "some reasons" FF made the UI to manage them very user-unfriendly (just like the cookie manager dialog).

              Go to Options -> Privacy & Security -> Cookies and Site Data, click Manage Permissions

              Here you can enter which domains are always allowed/blocked, or allowed only for the session. If you enter just the domain name, both http:// and https:// will be added automatically.

              You can't manage single cookies, though.

            2. Updraft102 Silver badge

              Re: Privacy?

              Chrome never had that feature (being the product of an ad giant), and whatever Chrome does, Firefox copies.

      2. bombastic bob Silver badge
        Devil

        Re: Privacy?

        my favorite cookie-thingy plugin [which had buttons on the toolbar] no longer supports >= 57. But it allowed 'memory only' cookies, which would (literally) ONLY be stored in memory. Set that by default and hardly any cookies would be saved. I guess these other plugins do the equivalent of that? looks like I'll have to go look at them now...

  4. arctic_haze

    Few legitimate uses of VPN?

    I dare to disagree. I use VPN to read many US news web pages which show a finger to Europeans. I do not think it breaks any laws on either side of the pond (a newspaper policy is not law).

    Also it helps you to avoid broken cloud servers. If I see the web page showing the local cloud server cannot be accessed, I try the VPN IP address in another country. This works more often than I expected.

    1. katrinab Silver badge

      Re: Few legitimate uses of VPN?

      Getting around region blocking is a legitimate use of VPN. However they are sold as a security solution, and in most cases VPN won't make you any more secure. In some cases, it can make you less secure.

      1. Halfmad Silver badge

        Re: Few legitimate uses of VPN?

        That's my problem with VPNs being touted as a catch all "it's just more secure" particularly as one VPN vendor varies hugely from another and the end user has little if any visibility or understanding of it. They just read "VPN GOOD" and assume they are doing the right thing.

        VPNs can be very helpful but it's entirely use case related. I can't remember the last time I used one since the web more or less moved to HTTPS tbh.

    2. Anonymous Coward
      Anonymous Coward

      Re: Few legitimate uses of VPN?

      "...outside of hostile network scenarios."

      That would be your ISP.

      1. EnviableOne Silver badge

        Re: Few legitimate uses of VPN?

        Dont they know all networks are hostile, you should allways treat the network as Pwned!

      2. eldel

        Re: Few legitimate uses of VPN?

        Indeed. For those of us who live in the United States of Monopolies and are saddled with Comcast as an ISP a VPN is pretty much mandatory.

      3. Joseba4242

        Re: Few legitimate uses of VPN?

        ISPs are more "hostile" than a US company with no accountability in your country, one that is required to give TLAs any access they request?

    3. Doctor Syntax Silver badge

      Re: Few legitimate uses of VPN?

      "I dare to disagree. I use VPN to read many US news web pages which show a finger to Europeans."

      It sounds as if you're agreeing. You're using the VPN as a proxy which is what he says VPNs are no better than.

    4. chivo243 Silver badge
      Facepalm

      Re: Few legitimate uses of VPN?

      The other side of the pond needs to get some lawyers that can tell them what GDPR means and does... This blocking idiocy has to end! We're seeking solutions?

    5. Anonymous Coward
      Anonymous Coward

      Re: Few legitimate uses of VPN?

      And let's not forget that you can also use Open VPN (or whatever else your home router will support) to VPN your mobile data back home to your router that is running a Pi Hole as your DNS level adblocker

      1. eldakka Silver badge

        Re: Few legitimate uses of VPN?

        If you are going to do that just to get Pi Hole, you might as well just run up a VM on your laptop and run Pi Hole in it,setting it as your DNS resolver for use when away from home. That way, Pi Hole is always available on your laptop irrespective of the local network you connect to (that might not allow a VPN back to your home).

        1. Kiwi Silver badge
          Pint

          Re: Few legitimate uses of VPN?

          If you are going to do that just to get Pi Hole, you might as well just run up a VM on your laptop and run Pi Hole in it,setting it as your DNS resolver for use when away from home. That way, Pi Hole is always available on your laptop irrespective of the local network you connect to (that might not allow a VPN back to your home).

          These days I'm much more likely to take a tablet on a trip than a laptop, and thankfully if someone is blocking VPN's then I have the easy choices of switching to another network or doing without the internet for a while. If I have a situation where I need to get $$$ out of my savings account into my main one, I can phone the bank if I can't use online banking (which I won't use away from home unless on my own VPN or at a bank branch on their network).

          Of course mine is the case of someone who very seldom does IT stuff and if I'm away from home it's not for work purposes :) Cleaning up for people who can't do it for themselves is so relaxing compared to the IT world!

          But I will bear that in mind and if I remember will put that on later today - thanks very much for the suggestion :)

    6. W.S.Gosset Silver badge

      Re: Few legitimate uses of VPN?

      > I use VPN to read many US news web pages which show a finger to Europeans.

      I use Tor to watch BBC iPlayer from Australia : twiddle the config to push your exit out inside the UK borders.

  5. LDS Silver badge

    "expressed skepticism on Twitter about the value of VPNs"

    "Hey, they block some Google tracking! They pay me good money!! Get off your hands from my money"

    Next: Google very busy in finding vulnerabilities in FPN, and publishing them as soon as possible.

  6. Agent Tick
    Pint

    Can you trust FFox?

    They're all Borgs (browsers) but it's your choice to pick the trustworthy ones (sigh)

    1. RegGuy1 Silver badge

      Re: Can you trust FFox?

      Well I for one am sticking with Firefox. If you think I'm moving to Chrome you're delusional.

      1. bombastic bob Silver badge
        Meh

        Re: Can you trust FFox?

        chrome is open source like FF but doesn't even PRETEND to not try to track you, etc..

        However, dumping the chrome cache is pretty easy. It's all in the same directory. Just wipe it out, and the entire history and cache goes byby. THAT is pretty convenient, though ti should be an item in the menu to do that while the browser is running. [maybe it is NOW, but I've never seen it in the past]

        I like chrome for SOME things, like 'slack' [which I use for work-related things sometimes]. But if the only thing running in chrome are those things you don't care about script/tracking with, it's 'ok' I guess...

        (is there a 'noscript'-like plugin that would work with chrome?)

        1. Teiwaz Silver badge

          Re: Can you trust FFox?

          chrome is open source like FF but doesn't even PRETEND to not try to track you, etc..

          Chrome is bankrolled by Google, Surely using it and worrying that you might be tracked is like wading hip deep in unprocessed sewage and chemical waste armed with a packet of wet wipes?

          Sure you're not thinking of Chromium?

        2. Anonymous Coward
          Anonymous Coward

          Re: Can you trust FFox?

          Chrome has plenty of closed source bits. Chromium, which Chrome is based on, is open source.

      2. Sven Coenye
        FAIL

        Re: Can you trust FFox?

        Agent Tick does have a valid point. What is not mentioned in TFA is that with 71 (and beyond), each update will create a new profile. The only way to retain access to saved passwords, autofill, etc. is by handing your data to Mozilla. There is no provision to do a local import from an older FF version.

        1. Havin_it

          Re: Can you trust FFox?

          Agent Tick does have a valid point. What is not mentioned in TFA is that with 71 (and beyond), each update will create a new profile. The only way to retain access to saved passwords, autofill, etc. is by handing your data to Mozilla. There is no provision to do a local import from an older FF version.

          Got a source for this? I can find no details about this anywhere.

          1. Sven Coenye

            Re: Can you trust FFox?

            Sorry for the late response. I installed 71 (the day before this article) and that is what it says on two splash pages on its first run.

            Looks like the change was introduced with 67, but 71 is the first one stating a Sync account is the only way to retain access to your information across versions.

            https://support.mozilla.org/en-US/kb/dedicated-profiles-firefox-installation

            It may be possible to wrangle the Profile Manager to regain access, but for how long? And how many regular users even know that thing exists?

    2. LateAgain

      Re: Can you trust FFox?

      If by "trust" you mean "don't break anything I care about" then they are almost as bad as chrome.

  7. DrXym Silver badge

    I find VPNs very useful

    I can't recall the number of times I've been a bar / restaurant / hotel and their stupid wifi either blocks sites, or tampers with the content (e.g. to inject ads). A very large number of American news websites even block European IP addresses rather than fix the site to comply with privacy rules. And video streaming & game services can get very annoying if they think you're in the wrong country.

    So having a VPN is a very handy tool even if you aren't in an oppressive regime. I can't say I use them all the time, but I like to have one available for when its needed.

    1. Roj Blake

      Re: I find VPNs very useful

      VPNs also mean you don't have to ask for permission to view certain specialist sites every time you change mobile or broadband provider.

      1. Anonymous Coward
        Anonymous Coward

        Re: I find VPNs very useful

        Ah yes, the "I am over 18 I swear" specialist sites.

      2. Anonymous Coward
        Anonymous Coward

        Re: I find VPNs very useful

        For when you want to browse websites single-handed

        1. I sound like Peter Griffin!!
          Pint

          Re: I find VPNs very useful

          Phone in one hand, and pint in t'other of course!

    2. Roland6 Silver badge

      Re: I find VPNs very useful

      The use of VPN's when using public hotspots (WiFi or fixed line) is well established over several decades, because it does increase the security of communications over the local hotspot infrastructure.

      However, the "makes tracking more difficult." claim is a little over egged. Yes, only the VPN provider will see the IP address of the hotspot you are at, but is this style of tracking an everyday cause for concern? I suggest not when compared to tracking cookies et al.

      The circumvention of geoblocking is also a well known feature of VPN's, provided you can use a VPN that puts you inside the relevant geo-fenced region.

      1. e^iπ+1=0

        Re: I find VPNs very useful

        'only the VPN provider will see the IP address'

        Possibly makes you harder to track - sites like Google might see many connections from the VPN exit point, rather than from your "home" IP address.

    3. Mephistro Silver badge

      Re: I find VPNs very useful

      For those tasks you listed, the Tor browser is more than enough, I think. And it's free!

      1. EnviableOne Silver badge

        Re: I find VPNs very useful

        and based on firefox, mozilla are just backporting some of the protections from the Tor Browser into mainline FF

        1. Roland6 Silver badge

          Re: I find VPNs very useful

          >mozilla are just backporting some of the protections from the Tor Browser into mainline FF

          Well if Mozilla are minimising new development, that would mean FF & FF VPN are just a consumer friendly versions of the Tor Browser and VPN connection to the Tor network(*)...

          (*) Not saying that connecting to Tor is difficult, just that it requires a little effort - something many (non-IT) people find difficult and easy to put off.

          1. Mephistro Silver badge

            Re: I find VPNs very useful

            Nowadays the installer takes care of everything, quickly and effortlessly. The biggest issue I see with the Tor browser is that non-IT-knowledgeable users might think that it's a total solution to every form or tracking and not understand how -or when- to tweak the security settings either to prevent breaking the target webpage's functionality or to prevent advanced tracking methods.

            I mainly use it for preventing geoblocking and finding health issues related info, but if I were a dissident in a dictatorship, I'd be extremely careful and only visit "safe-ish pages" that can be used with the highest browser security settings.

    4. tip pc Silver badge

      Re: I find VPNs very useful

      you don't need a vpn you need a proxy

    5. Kiwi Silver badge
      Pint

      Re: I find VPNs very useful

      A very large number of American news websites even block European IP addresses rather than fix the site to comply with privacy rules.

      TBH I can understand them doing that. If they're not under European laws and not trading with European citizens, then those laws simply should not apply. You're coming to my place to view my site, not me going there.

      I'd probably ignore such laws myself, but may put in a disclaimer to say that NZ is my jurisdiction, and anyone visiting agrees to act in accordance with NZ laws. You'd have to do the same if you came to my house anyway :) A different matter if I sell something (I see some sites get around those issues by only shipping locally)

  8. Anonymous Coward
    Anonymous Coward

    inviting US users of the Firefox desktop browser with Firefox Accounts

    pretty ironic they offer you "privacy", as long as you give it up to them (and obviously, they'll keep all the logs to make sure your privacy can be shared for various reasons from "optimizing our performance" to "appropriate legal requests". In other words, instead of having your data captured by google, it will be captured by mozilla. For your own good, no doubt.

    1. Inkey
      IT Angle

      Re: inviting US users of the Firefox desktop browser with Firefox Accounts

      "sure your privacy can be shared for various reasons from "optimizing our performance"

      I think you will find that you can opt out of pretty much all FF telemetry and performance data gathering...

      You cannot do that with Google or M$ products short of breaking their functionality..

      1. Anonymous Coward
        Anonymous Coward

        Re: inviting US users of the Firefox desktop browser with Firefox Accounts

        why should I have to "opt out"? Why should I have to assume that the default "partnership" is my "partner" extending an invisible arm to search my pockets, unless I say "don't fucking do that"?

        1. IGotOut Silver badge
          Mushroom

          Re: inviting US users of the Firefox desktop browser with Firefox Accounts

          "why should I have to "opt out"? Why should I have to assume that the default"

          Translation:

          I'm having a rant without a fucking clue what I'm on about.

          When you install it, these options are VERY clearly presented to you, with decent descriptions of what they do and what they are used for. They are not hidden options you have to spend hours looking for.

          1. Anonymous Coward
            Anonymous Coward

            Re: inviting US users of the Firefox desktop browser with Firefox Accounts

            It appears you missed my point, why should my default position be to ask my new business partner NOT to go through my pockets? Is this a standard default for a relationship?

        2. Anonymous Coward
          Anonymous Coward

          Re: inviting US users of the Firefox desktop browser with Firefox Accounts

          Ah, another commentard assuming that the internet is free.......<sigh>

    2. Phil O'Sophical Silver badge

      Re: inviting US users of the Firefox desktop browser with Firefox Accounts

      pretty ironic they offer you "privacy", as long as you give it up to them

      Yes, when I read "FPN creates a secure tunnel from the user's browser or device to the internet," my first thought was "to which particular bit of the internet?". A VPN needs two endpoints, and I'm not convinced that one which terminates on a Mozilla host will necessarily improve things in terms of tracking and marketing.

    3. Oengus Silver badge

      Re: inviting US users of the Firefox desktop browser with Firefox Accounts

      exactly what I came here to say... As soon as a "service" wants me to create an account so I can use it, where I don't believe one is necessary, I avoid it. I use Firefox currently but don't have a Firefox account because I don't give a damn about sharing stuff between devices.

      1. No Yb

        Re: inviting US users of the Firefox desktop browser with Firefox Accounts

        Quite disappointed when they stopped doing firefox sync with no registration required. Enter about 14 letters to match those shown by your main browser, and then they'd link with no account information required. Supposedly encrypted on the server, too.

        Now it's "login to Firefox to sync, so we know where you are."

        1. Loyal Commenter Silver badge

          Re: inviting US users of the Firefox desktop browser with Firefox Accounts

          Presumably, they dropped that because it's not really that secure, and FF sync can sync things like saved passwords, which you definitely wouldn't want someone to get hold of because they happen to have compromised the machine you're using and screen-grabbed the address bar of your browser. Or taken a picture over your shoulder, or whatever.

          1. eldakka Silver badge

            Re: inviting US users of the Firefox desktop browser with Firefox Accounts

            happen to have compromised the machine you're using and screen-grabbed the address bar of your browser. Or taken a picture over your shoulder, or whatever.

            if they're doing that, they can probably get your firefox account credentials anyway...

        2. eldakka Silver badge

          Re: inviting US users of the Firefox desktop browser with Firefox Accounts

          You can set up your own sync server.

          There are (rough/unsupported) instructions on the mozilla website for how to do it.

          edit: here it is: https://github.com/mozilla-services/syncserver

          and: Run your own Firefox Accounts Server

          1. Havin_it
            Boffin

            Re: inviting US users of the Firefox desktop browser with Firefox Accounts

            In fact you have to run (build, configure and keep updated to maintain client compatibility) your own sync server (python), accounts server and content server (both nodeJS). With, last I looked, public docs that are an afterthought and you're doing very well indeed if you don't have to throw yourself on the mercy of the services-dev mailing list before long. Then there's the client configuration ... [twitch, dribble]

            I gave it a red hot crack and it did work for a while but honestly, life's too short especially if you're not conversant in python, node (and mailing-lists). I thought I cared, but given my data is all encrypted client-side I really don't care enough to justify that much ongoing grief.

      2. Purple-Stater

        Re: inviting US users of the Firefox desktop browser with Firefox Accounts

        Since they're planning on charging for the use of their VPN, how do you propose that they regulate this without having people create an account of some sort?

        If you don't want to use it, you don't need an account. It's hardly an imposition.

  9. Jimmy2Cows Silver badge

    Patting itself on the back for blocking more than one trillion web tracking requests

    Which Mozilla can only know by tracking its users...

    At least Firefox let's users disable telemetry (so long as it disables all, not just some).

    1. DiViDeD Silver badge

      Re: Patting itself on the back for blocking more than one trillion web tracking requests

      At least Firefox let's users disable telemetry

      AAAAAAARGHH!11!

      The Apostrophe Protection Society isn't even cold in its grave yet, and already its influence is waning!

  10. FrogsAndChips Silver badge
    Linux

    Mozilla is inviting US users [...] to try FPN

    Darn, I'm gonna need a VPN to be able to try Mozilla's VPN...

    1. The Oncoming Scorn Silver badge
      Coat

      Re: Mozilla is inviting US users [...] to try FPN

      GALAHAD: He says they've already got one!

      ARTHUR: Are you sure he's got one?

      FRENCH GUARD: Oh, yes. It's very nice-a. (I told him we already got one.).

  11. Harry Stottle

    Is Joepie91 fer real??

    Regular Regitards will be familiar with the substance of this response but I include the detail for the benefit of any newbies wanting a quick guide to achieving reasonable privacy online.

    That GitHub post almost looks like a schill.

    No, VPN is not THE solution to privacy but it's a major component. Especially if you randomise your choice of server.

    No, You can't trust VPN providers without performing some serious due diligence.

    Generally speaking, in the world of security, nothing less than a formal security "reduction" (proof) is considered convincing, but in the case of my own preferred supplier (PIA - see this review) proof of the pudding comes by way of their survival of at least two State based attacks - one in Russia, where their servers were seized and no user details were retrieved; and one in the USA where the court determined that they were unable to comply with demands for user data. That's at least as convincing as a formal security proof and, arguably, more so!

    No, VPN alone will not prevent tracking,

    You need to throw about half a dozen other weapons at that problem, including switching on the Do Not Track options, DNS over Https, ad blocking via Ublock Origin (my preference) or Adblock Plus, script controls with Umatrix or Noscript (or similar), Sandboxed browsing with automatic deletion of web traces (eg Sandboxie, though I'm a bit nervous about their new owners) and Canvas fingerprint blocking. On the subject of which, my private experiments recently tipped me back into Firefox (along with other improvements in V70) and away for SRWare Iron when, after testing various Canvas fingerprint blockers using Panopticlick to confirm their effects, I discovered that NONE of those available for Chrome engines actually did much good. Yes they change or mask your fingerprint but they don't do the only thing which works, which is to randomise it. Only Canvas Blocker in Firefox passed that test.

    But the issue that angers me most, especially when the source is another technically literate contributor like the author of that github post, is their wilful ignorance of the threat posed by the combination of the Surveillance State and Surveillance Capitalism.

    His 2nd "legitimate" use of VPN is:

    "You want to hide your IP from a very specific set of non-government-sanctioned adversaries - for example, circumventing a ban in a chatroom or preventing anti-piracy scareletters."

    which implies that he's perfectly content with "government sanctioned adversaries". Most of us who visit these pages, however, recognise that government adversaries are, by far, the biggest threat. (I only recently bleated on a similar issue in a recent Reg discussion) and they are easily my own major reason for using the above countermeasures (and a few others).

    And the point that is most often glossed over by such pillocks is that the single biggest advantage to be gained by widespread adoption of things like VPN and secure private email (I strongly recommend Protonmail) is "Herd Protection". There are millions of legitimate reasons to oppose and campaign against the forces of internal repression (occasionally called "governments") and that makes all of us prepared to voice such opposition potential targets for their digital surveillance. The more of us who use masking and privacy protocols, the more protection we supply to each other, not just ourselves.

    1. Anonymous Coward
      Anonymous Coward

      Re: Is Joepie91 fer real??

      I don't think mozilla gives a fuck about my privacy, they implement vpn, because "privacy" is becoming an issue discussed more and more in media, and therefore, mainstream users start to ask questions. It's like the current fad, therefore, "must include", particularly if your competitors make it available already (opera). Never mind how much real protection it gives you, it's VEE! PEE! EN!!! WE!!! PROTECT!!! YOU!!! CLICK!!!! HERE!!!

    2. Long John Silver
      Pirate

      Re: Is Joepie91 fer real??

      That is a very clear exposition leaving nothing to quarrel over. I raise some connected general points.

      There likely is no such thing as absolutely assured online anonymity and/or privacy. Also, bear in mind that people doing dodgy dealings (e.g. illicit drugs) using generally pretty secure tools like Tor/Whonix are usually reported caught by traditional investigative techniques rather than computer wizardry. A vulnerability in security occurs at points where the digital world intersects the physical world e.g. drugs must be paid for (even Bitcoin is not wholly anonymous) and delivered (trust a postal service or trust meeting a stranger in a dark alley). People active in discussion fora may become traceable elsewhere through fingerprinting their vocabulary, spelling, grammar, punctuation, sentence construction, linguistic idiosyncrasies, and topics of interest to them. Linkage to physical identity results from painstaking observation of activity by trained human investigators rather than automated processes and encryption cracking derring-do.

      Investigation of that nature is resource intensive, not least of which is human operatives, and its use must be well-targeted and have prospect of success. Thus, very serious crime, espionage, terrorism, and suchlike enter the spotlight. Somebody using BitTorrent to download the latest Hollywood offering to culture or via Sci-Hub 'stealing' from Elsevier that which actually is communal shared property has nothing to fear from the likes of GCHQ and the NSA. Attacks upon so-called 'pirates', that is on individuals rather than black market providers of 'content', are sponsored by copyright rentier industries using private sector companies; these are easily deflected.

      Thus, online security is a balance between resources invested by individuals/organisations and those invested by legitimate security/crime investigative agencies. It becomes a matter of horses for courses. Simple file sharing, assuming not state secrets or highly criminal 'content', can be undertaken without fear of consequence by using easily obtained tools of which VPN is one. Even should a disreputable VPN provider keep detailed logs and submit to civil action demands for revealing user activities the best that copyright rentiers could achieve would be sending out speculative invoices; even within context of USA jurisdiction it's highly likely evidence of wrongdoing and causation of damage would not suffice for civil litigation.

      The report giving rise to comments begs the question of why anyone with even rudimentary nous would opt to pay for Mozilla's within-browser VPN service. Even should it provide a 'secure' channel for all activities on a device it is unnecessary for browsing and with Mozilla being under US jurisdiction potentially a risk. Simple browsing of harmless intent is far more convincingly protected by Tor. Also, although not suited to Torrenting Tor is acceptable for ordinary file download but probably not streaming. Tor is easily installed on mobile devices (e.g. 'app' for Android). The greater the number of people using Tor the more quickly it will become established as a confidential (but not top secret) parallel WWW.

    3. Doctor Syntax Silver badge

      Re: Is Joepie91 fer real??

      which implies that he's perfectly content with "government sanctioned adversaries"

      I understood it to mean simply that he expected random VPN provider to fold if leaned on by such adversaries.

  12. Mike Rodgers

    And the !@#$%^&* tabs are on the top again...

    1. arctic_haze

      I got used to download a new version of CustomCSSforFx after FF upgrades.

      BTW, use tabs_below_navigation_toolbar_fx65_v2.css if you do not want borderless tabs.

    2. eldakka Silver badge

      Tree Style Tab addon for Firefox, one of the best addons ever (outside privacy addons like uMatrix/NoScript/uBlock).

  13. chucklepie

    Why pay $3.99 a month for a browser based VPN with limited servers, when for less you can get a full VPN with lots of servers that works on any data?

    1. Anonymous Coward
      Anonymous Coward

      Because you're technically illiterate and don't mind paying for convenience.

  14. developer_xxl

    facebook container

    it'd be nice to have a open bunch of bookmarks in a container

  15. headrush

    Is it just me or has the term VPN been coopted to be equivalent to proxy server? I always understood a VPN to be the mechanism whereby you could connect securely over the public Internet to another server /device that you controlled. Using one to browse the net via a third parties server is not a good description of a a private network.

    Lawn, NO!

    1. Baldrickk Silver badge

      If you're doing it to avoid having traffic visible on a public hotspot then, fine.

      If it's to access geofenced resources? Well, it does that too, while allowing the above.

      Yes, it's often simplified for the layperson, who usually just want one thing that works.

    2. bombastic bob Silver badge
      Boffin

      well, VPN (in theory) is your connection to their server, which then becomes your intarwebs gateway... or proxy... or whatever.

      but yeah, its like a proxy server, except proxy connections generally aren't encrypted. So you _could_ call this a "VPN Proxy" I guess.

      1. Anonymous Coward
        Anonymous Coward

        Proxies are also generally used for specific types of traffic whereas a VPN is a tunnel through which you push basically anything (except non-routable protocols).

    3. hayzoos

      Have an upvote

      Most discussion of VPN currently identifies hiding your IP. I agree a proxy is what is needed for that. For some odd reason people think of VPN as secure encrypted proxy whether they know it or not. VPN's capability of blocking tracking is minimal at best.

      But a VPN traditionally provided the service of a leased line over the much cheaper public net. It mattered not if both ends were controlled by the same entity. Another traditional term used for VPN was an encrypted tunnel. Use cases of VPN were never limited to just a secure interconnection. The focus on proxying using a VPN is relatively new though,

      I use a VPN to obscure my data from my ISP when home, and when travelling from public WiFi operators and users.

      I do not expect any tracking protection except from my ISP. I am more concerned about traffic blocking. Ironically, some servers I am trying to reach block access from VPN for security reasons.

      I am looking into establishing my own VPN server with a hosting service strictly for my own use.

  16. amanfromMars 1 Silver badge

    Whenever things are quite contrary, would you have it proven true for/to all? *

    He pointed to a widely cited GitHub post that argues the legitimate uses for VPNs are very limited.

    That is an argument ridiculously false. To believe it and not realise the exact opposite has one rendered as a puppet to the few proving it a useful tool for all.

    * And that is not a trick question asked of the likes of any Global Operating Device/SCADA Operating System. It is an opening which offers you access to abilities and facilities you may constantly fear and imagine are just so good as to be not at all real and certainly surreal. :-)

    Climb aboard that vessel and there's no going back to where you be from, for now in the futures there, is everything completely different too, just as it be revealed to you all here too.

    It is quite outstanding news, which it is most odd that mainstream media organisations are not vying to direct and server/produce and present. Such renders them as more the simple follower rather than any leading light in the genre to be revered and regaled. I wonder if that is a result of too much or too little intelligence right at the top of such infrastructures/business empires.

    Here's a little something which always hits the sweet spot ...... "The World Is a Business, Mr. Beale"

    It is an interesting notion to exercise.

  17. JDX Gold badge

    "With the holidays around the corner, the FPN couldn’t come at a more convenient time"

    Indeed, lots of people bored at home this time of year.

  18. Claverhouse Silver badge
    Mushroom

    The Relentless Informer

    In response to Mozilla's post about FPN, Tavis Ormandy, a noted security researcher at Google, expressed skepticism on Twitter about the value of VPNs outside of hostile network scenarios. He pointed to a widely cited GitHub post that argues the legitimate uses for VPNs are very limited.

    The GitHub post is from 2015.

    But in the end, my poor little Google fool, whatever you aver: a VPN will mean a filthy organisation like Google cannot track me like the Stasi quite so easily. And anything that breaks Google benefits us all.

    And yes I willingly use some Google products. That in no way entitles the firm to track me. or anyone else.

    1. Kiwi Silver badge

      Re: The Relentless Informer

      And yes I willingly use some Google products. That in no way entitles the firm to track me. or anyone else.

      Well.. If their TCs say "by using our product you agree to let us track you wherever/whenever/however etc we wish".... :)

      But.. Since they've had their people illegally photograph me on my property whilst going about my business (I think - can't be sure it's me of course :) ) then I'm more than happy to use their services without complying with their terms. If they kick up a fuss, they may find they have a lot of photo-editing to do (or just remove all of NZ from street and sat views)

  19. Kiwi Silver badge
    Holmes

    Here's one reason..

    Tavis Ormandy, a noted security researcher at Google, expressed skepticism on Twitter about the value of VPNs outside of hostile network scenarios.

    Just reading stuff.co.nz (in incognito mode) on Chromium which I'm giving a whirl atm (as a 2nd browser, Waterfox still being my preferred desktop one).

    An annoying ad showed up, so I opened up my PiHole admin page and looked through the query records to make sure I never see the annoying advert again.

    Whilst there, I had a happy-joy moment seeing all the google entries in red text.

    This is the one and only legitimate reason I am interested in for VPNs, Mr Ormandy. It keeps thieving scum like you and your organisation from getting your grubby mits on my data, whether home or abroad.

    Not at all surprised someone from google tries to claim there's little value or legitimate use for VPNs, as they seem to make it harder for you to steal other peoples information.

    It's pretty obvious reasoning actually. We want to protect ourselves from the likes of you.

    (Ok, I also like that I can feel a little more secure about my banking and email data on someone else's network, but mainly it's for privacy)

  20. Grinning Bandicoot

    Confused

    If the promise is no records kept, how are the powers going to keep track of the usage if their not looking? Does this no tracking but timing mean in the extreme that all hours with Firefox count or a second sign in contained within the initial sign in - the possibilities for confusion presented by this release seem to fall in some set of infinities.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020