
Is Firefox better than Chrome? It comes down to privacy - donohoe
https://www.washingtonpost.com/technology/2019/06/21/google-chrome-has-become-surveillance-software-its-time-switch/
======
user17843
The article has it wrong with Safari. While ITP (Intelligent Tracking
Protection) started in 2017 indeed, Safari has been blocking all third party
(and thus all tracking) cookies since almost forever. Safari started to block
all third party cookies in 2003 with the release of Safari version 1. [1]

Not only that, Safari also started to partition web cache in 2013, and it's
still the only browser with such partitioning. [2] Without it, tracking doesnt
even need cookies.

"If you only block cookies, you still have all the other storage and stateful
things to worry about." \- Safari ITP engineer John Wilander [3]

Also the spin of the article is slightly dishonest, simply turning off third-
party cookies in Chrome achieves to negate most of the explicit criticism in
the article. The author probably had the conclusion of the article in mind
(setting up good Firefox against evil Chrome) before looking for supporting
arguments.

It's a bit ironic. While mainstream media starts to discover the existence of
third-party cookies, which had been a known issue for around 20 years, Big
Tech tracking has already moved to first-party tracking, fingerpringing and
cache tracking.

For example, Facebook switched to first-party cookie tracking in 2018. [4]

Everyone who wants to understand the dynamic needs to look into the
relationship between Apple and ad tech, with Apple's recent counter-move being
the addition of ITP 2.2. [5]

Since the release of ITP 2.1, even first-party cookies now are limited to 7
days, and all first-party cookies that are even potentially tracking cookies
get deleted after already 1 day. [6]

Firefox doesn't play much of a role in this fight. In fact, Firefox never did
anything pro-actively to make ad-tech sweat. The decision by Mozilla to block
all third-party cookies in 2013 [7] was reverted in fear of Ad-Tech.

Mozilla is better at marketing than with the technology, and still hasn't
enabled tracking-protection except for new users.

[1]
[https://twitter.com/brendaneich/status/982631777574338561](https://twitter.com/brendaneich/status/982631777574338561)

[2]
[https://twitter.com/johnwilander/status/1126191449161158657](https://twitter.com/johnwilander/status/1126191449161158657)

[3]
[https://twitter.com/johnwilander/status/1126208457214836736](https://twitter.com/johnwilander/status/1126208457214836736)

[4] [https://www.adweek.com/programmatic/the-facebook-pixel-
will-...](https://www.adweek.com/programmatic/the-facebook-pixel-will-add-a-
first-party-cookie-option/)

[5] [https://webkit.org/blog/8828/intelligent-tracking-
prevention...](https://webkit.org/blog/8828/intelligent-tracking-
prevention-2-2/)

[6] [https://webkit.org/blog/8613/intelligent-tracking-
prevention...](https://webkit.org/blog/8613/intelligent-tracking-
prevention-2-1/)

[7] [https://blog.mozilla.org/netpolicy/2013/02/25/firefox-
gettin...](https://blog.mozilla.org/netpolicy/2013/02/25/firefox-getting-
smarter-about-third-party-cookies/)

~~~
Yoric
I'm one of the many devs who worked at one point or another on Mozilla's
third-party tracking protection. We had prototypes working in ~2012, if my
memory serves. Unfortunately, these prototypes broke the web badly. The web
was simply not ready for such protection.

Now, Apple, with their iOS monopoly, managed to strong-arm the web into a
position in which third-party tracking protection was finally possible. Kudos
to them, now we can finally release this technology. We're doing it slowly,
because by opposition to Apple, we cannot afford to break the web.

Why did Apple do this, though? If you recall, Apple's stance on privacy is
quite recent. The tech world has a short memory, but I remember Apple being
caught red-handed slurping data from user's iPhones not so long ago. Also,
unless things have changed (honestly, I haven't followed), Apple tracks users
through their native apps, because you're pretty much obligated to go through
Apple's SDKs for many things, and they require a tracking ID, which brings
revenue to Apple.

So, yeah, Apple's actions have had some good impact on web-tracking, and
that's great. But don't forget that they do this for strategic reasons: 1/
because they want to encourage devs to use another tracking mechanism that the
competition cannot emulate; 2/ to immediately hurt the competition.

Now, you are right about the double-keyed caches – although using this to
track users is quite more complicated, less precise and less reliable than
first-/third-party cookies, it's something we need to address. We're working
on it at this very moment.

Finally, yeah, first-party cookies... hard to counter. We're also working on
it (is anyone else doing so?), but that will be a tough fight.

~~~
jxdxbx
> Why did Apple do this, though? If you recall, Apple's stance on privacy is
> quite recent. The tech world has a short memory, but I remember Apple being
> caught red-handed slurping data from user's iPhones not so long ago. Also,
> unless things have changed (honestly, I haven't followed), Apple tracks
> users through their native apps, because you're pretty much obligated to go
> through Apple's SDKs for many things, and they require a tracking ID, which
> brings revenue to Apple.

This is incredibly misleading. Apple has been mostly criticized for allowing
_apps_ to collect excessive user data--for example, apps could access contacts
at first without permission. It has been slowly shutting down these methods,
as the realization has sunk in the the more open environment of Macs and PCs
is just not appropriate for mobile phones. For example, apps in iOS 13 cannot
access bluetooth or Wifi information by default, since it was being used to
infer location.

Apple does of course collect some user data, e.g. for Siri or app analytics.
But it's all painstakingly disclosed and its practices around differential
privacy, deletion, and so on are quite good.

The tracking ID was Apple throwing a bone to ad industry and app makers, when
it shut down far more precise ways of tracking users.

~~~
Yoric
> This is incredibly misleading. Apple has been mostly criticized for allowing
> apps to collect excessive user data--for example, apps could access contacts
> at first without permission. It has been slowly shutting down these methods,
> as the realization has sunk in the the more open environment of Macs and PCs
> is just not appropriate for mobile phones. For example, apps in iOS 13
> cannot access bluetooth or Wifi information by default, since it was being
> used to infer location.

Yep, the tech world has a short memory :) I distinctly remember Apple caught
red-handed slurping GPS data from their users.

> The tracking ID was Apple throwing a bone to ad industry and app makers,
> when it shut down far more precise ways of tracking users.

Unless I'm mistaken, it's still much more precise than any form of web
tracking.

~~~
jeromegv
You keep repeating that "Apple was caught red-handed" but what exactly are you
referring to? What are your sources on that?

~~~
Yoric
I'm referring to this: [https://www.wired.com/2011/04/apple-iphone-
tracking/](https://www.wired.com/2011/04/apple-iphone-tracking/)

~~~
vlovich123
Which is literally when they began to take privacy _very_ seriously. Keep in
mind that's 8 years ago & the first iPhone was released 12 years ago. I
wouldn't characterize that as "recent".

~~~
Yoric
Well, people still distrust Microsoft for stuff they did during the 90s :)

But yeah, I'll grant you that it's not recent.

------
Zak
Android is barely mentioned in the article, but Firefox for Android offers
significantly more compelling advantages over Chrome on Android than desktop.
For some users, the ability to run extensions is a big win.

~~~
StevePerkins
My problem with Firefox on Android is extreme latency on initial page load.

I select a URL, and literally sit there for 5 to 10 full seconds before the
page even starts to load (it does render quickly once it starts).

I load the same page on the same device with Brave, or Chrome, and there's
near-zero latency. It just starts loading right away.

I'd love to switch over, as Firefox is my daily driver on the desktop and it's
where all of my passwords are synced. But on Android it just hasn't been
usable for me yet.

~~~
Zak
That has not been my experience, or I would probably not be satisfied with
Firefox on Android. I just checked and saw no difference between Firefox and
Chrome starting to load a page.

~~~
bubblethink
I have the same problem as OP, which makes me think that this is not common,
and yet it affects some people. If it were common, the app wouldn't exist
because it is just entirely unusable.

~~~
amelius
I have the same problem with Firefox on Ubuntu.

First page load takes 10-30 seconds, and after that Firefox is fast and
snappy.

However, my computer at work doesn't have this problem (and runs the same
version of Ubuntu, i.e. 18.04.1)

Perhaps I should investigate this better, for instance by looking at system
load, memory, and perhaps by monitoring system calls using strace.

~~~
AsyncAwait
I used to have this problem and I remember it being DNS related. It was a
while ago and I don't quite remember what I did to resolve it, but it had
something to do with disabling IPv6 dns resolution while not using IPv6 in
about:config and possibly something else as well.

~~~
dzamo_norton
Yes I think you're on the right track. It must be some lurking network
misconfiguration. Firefox itself is not broken in this way in my experience
(which is not short).

------
WalterSear
I've been trying to switch over to Firefox for the last few weeks. The
experience hasn't been great, but most of the issues I'm willing to live with.
However, even after disabling all extensions, it still pegs my cpus and
freezes my machine, several times a day.

I'm planning on moving back to chrome this weekend. No amount of privacy can
make up for the disruption.

~~~
xeonoex
I see this kinda of post on every post about Firefox here and it's so weird
because I use Firefox on every device and have never had any issues. Even on
sites like youtube.

~~~
onyva
It’ll be interesting to find out how it works these fake news piece about
Firefox that’s always there. I switched to Firefox few years back and if
there’s something very noticeable about it currently (other than slickness)
it’s how performant it has become, even with 10s of tabs open.

------
onyva
Finally the narrative is changing from features to privacy. It’s a fantastic
modern and fast browser but it’s really Mozilla as an organization and their
commitment to users that’s making Firefox the most important browser out
there, if not the only one, users can trust.

------
vkaku
I think it's reasonable to start bringing Servo into limelight, and start
removing all Chromium based code eventually, given the amount of control
Google has over Blink.

I for one, would like things like Opera/Electron to start moving us over,
because of the fears that Chromium may no more be safe from eventual
interference.

~~~
SlowRobotAhead
That’s what I don’t understand about all the “switch to brave” comments.

Everyone does that and Firefox still goes away. And you’re left with Google
still running the show.

------
stirfrykitty
I really at a loss why decent browsers for "techies" cannot be better. I
really like uzbl-tabbed even though it's fairly primitive and the code is
getting older.

All I need in a browser is the ability to browse (tabbed) while blocking ads.
Browsers anymore have become walled gardens what with their add-on web stores,
garbage like Pocket, sync, etc. I don't want any of that. Browsers could all
be more like the old-school Konqueror, in the sense that one could import ad
block lists at will without resorting to visiting store. No telemetry. No
built in search for a certain search engine.

~~~
catacombs
> All I need in a browser is the ability to browse (tabbed) while blocking
> ads.

You can do this in Firefox, with several great ad-blocking extensions, such as
uBlock Origin or Adnsaueum.

> Browsers anymore have become walled gardens what with their add-on web
> stores, garbage like Pocket, sync, etc. I don't want any of that. Browsers
> could all be more like the old-school Konqueror, in the sense that one could
> import ad block lists at will without resorting to visiting store.

Firefox allows you to remove what you don't need, especially Pocket. Sync is
optional.

> No telemetry. No built in search for a certain search engine.

There are specific Firefox configurations that disable telemetry:
[https://github.com/CrisBRM/user.js/blob/master/user.js](https://github.com/CrisBRM/user.js/blob/master/user.js)

~~~
lozenge
The issue is that stuff just keeps being added. There's always something new
to disable. Mozilla talk the talk on community input but then bypass it for
Pocket or TV show tie-ins.

~~~
dzamo_norton
I guess some good soul could maintain and host a "Firefox Lite" config file
that disables all these unwanted extras so that the work is done once.

------
ngrilly
After having read this article, I read a bit more about third-party cookie
blocking, and I was reminded that cookies are not the only way to track
internet users: localStorage, and cache tracking with HTTP ETag, also enable
tracking.

This led me to Safari which partitions cookies, cache and HTML 5 storage for
all third-party domains. As far as I know, Firefox (and Chrome of course)
don’t to that.

It’s easy to check with the browser developer tools open:

\- Empty your cache.

\- Visit a website that uses a given font hosted on fonts.google.com.

\- You should see the HTTP request for the font in the network tab.

\- Then visit another website that uses the same font on fonts.google.com.

\- In Safari, you should see another HTTP request, because the cache is not
shared.

\- In Chrome and Firefox, you’ll see the font is retrieved from the cache.

Kudos to Apple for their work on the privacy features of Safari! I’d be happy
to see Firefox put the same emphasis on this :-)

------
futureastronaut
It also has a working location bar that doesn't forget my history from a day
ago. And a functional history that indexes on more than component prefixes
(thanks Chrome).

~~~
ndesaulniers
Yeah, I feel like when I type `h` in chrome's url bar, I always want hacker
news. In Firefox it's always the first result for me, but I feel like with
chrome it never is. Does anyone else observe this or am I holding it wrong?

~~~
StavrosK
It's always worked for me when I typed "n", but I haven't used Chrome in
years.

~~~
apeace
It seems to me like if you visit a URL about three times, then any time you
type a fragment of that URL it assumes that's what you want.

This happens to me at work all the time. When I'm working I'll visit
localhost:8080/feature/abc over and over, as I'm working on feature ABC. But a
month later when I start working on feature XYZ and typing
localhost:8080/feature/xyz, it does not pick up on the pattern. Typing "l",
"localhost", or even "localhost:8080/feature/" will always autocomplete to
ABC, no matter how many times I visit XYZ.

------
boybd
That's true, it comes down to privacy. Firefox sent the full URL history of
some users to a third party, an advertising company:
[https://blog.mozilla.org/press-uk/2017/10/06/testing-
cliqz-i...](https://blog.mozilla.org/press-uk/2017/10/06/testing-cliqz-in-
firefox/)

Take this into account if you're considering moving to Firefox to get more
"privacy".

~~~
Yoric
Not a big fan of that choice, but isn't Cliqz is a privacy-oriented search
engine, rather than an advertising company?

------
sciurus
I'm glad the author recognizes the danger of trackers and the value of Firefox
blocking them. Unfortunately, the rest of the Washington Post hasn't gotten
the message. When I try to read the article just get a message that I have to
disable tracking protection first.

[https://pasteboard.co/Ikt16xy.png](https://pasteboard.co/Ikt16xy.png)

[https://www.washingtonpost.com/steps-for-disabling-
firefoxs-...](https://www.washingtonpost.com/steps-for-disabling-firefoxs-
native-
adblocker/2018/05/21/fb95bf4e-5d37-11e8-b2b8-08a538d9dbd6_story.html?utm_term=.b9a04242a46f)

~~~
razster
I just use the adblocker to block those warnings. Problem solved.

~~~
amelius
Yes, and it would be great if Firefox blocked those messages altogether.
Persuading a user to disable safety features is _not_ ok.

------
czottmann
I am very fond of Firefox and use it on macOS & Android as my daily driver but
the one thing where it doesn't hold a candle to Safari and Chrome is its
Applescript support which is simply abysmal.

Example: with Safari and Chrome I can use Applescript to query the browser for
a list of open tabs, and switch to a particular one. In Firefox there is no
way to do that.

------
modzu
a shameless plug:

the reason i couldn't make the switch was the poor bookmarking/topsites. so i
finally got around to making a speed dial extension that replicates the
awesomeness of opera's.

every other speed dial extension i could find was shady -- defeating the
purpose of going to ff in the first place :o

hope others find it useful :)

[https://addons.mozilla.org/en-US/firefox/addon/yet-
another-s...](https://addons.mozilla.org/en-US/firefox/addon/yet-another-
speed-dial/)

it's new so feedback is welcome. released under GPLv3.

------
OrgNet
the article title is: Goodbye, Chrome: Google’s web browser has become spy
software

------
ForHackernews
An exception to Betteridge's Law of Headlines?

~~~
charliesharding
I suspect the downvotes are for those who think it really can be answered with
a simple no. Or perhaps because it doesn't end in a question mark..

On topic though I recently tried switching to FF and was surprised at how much
slower pages were loading. Has anyone else experienced this? Is this just a
matter of caching?

~~~
rossdavidh
I've actually had the opposite experience recently, but it was a page I
developed myself using FF as my primary browser, and when I switched to Chrome
discovered it was very slow (>10s vs. <1s in FF). I expect it depends mostly
on what the developer is targeting. As Chrome approaches monoculture status
similar to IE in the 90's, devs are more and more paying attention only to it.

------
rasengan
I was shocked when I reviewed the Firefox repo. Firefox has a ton of telemetry
code.

Edit: to the downvoters - why would you downvote a true statement. Have you
read the code?

~~~
everdrive
People unfortunately equivocate the idea of telemetry, and will compare the
idea of a web browser sending version information with a web browser
collecting actual web traffic. Both may be bad, but they're certainly
different kinds of bad.

Do we have a thorough and detailed list of what information is possible in the
default Firefox telemetry?

~~~
kbrosnan
The list is at [https://hg.mozilla.org/releases/mozilla-
release/file/tip/too...](https://hg.mozilla.org/releases/mozilla-
release/file/tip/toolkit/components/telemetry/Histograms.json) looking at the
blame view will usually lead to the bug that introduced the probe. Short of
the file being refactored, which case you need to look at the file before the
refactoring happened. That will describe the reason and the data review that
occurred before adding the probe. There is also the probe dictionary at
[https://telemetry.mozilla.org/probe-
dictionary/?optout=true&...](https://telemetry.mozilla.org/probe-
dictionary/?optout=true&channel=release) which is a bit easier to read.

------
jtreminio
Firefox has weird font rendering issues (tested on Fedora 30). Fonts that look
perfect on Chrome look like they bleed on Firefox.

Firefox's containers is also a poor man's version of Chrome profiles. I want
completely separate _everything_. Firefox's Profiles is similar, but then you
get warnings about Firefox already running when you click a link in a non-
Firefox program.

These things are deal breakers for me.

~~~
secabeen
> Firefox's containers is also a poor man's version of Chrome profiles. I want
> completely separate _everything_. Firefox's Profiles is similar, but then
> you get warnings about Firefox already running when you click a link in a
> non-Firefox program.

Containers is solving a different problem than you have. If you have multiple
profiles running, how do you want it to know which in profile to load the
link? You could set your link helper in your OS to run Firefox with the
--profile option, to pre-set it, if that's what you want.

~~~
jtreminio
Chrome opens non-Chrome clicked links in last active window, no matter the
profile.

This is the expected behavior.

------
catacombs
> After the sign-in shift, Johns Hopkins associate professor Matthew Green
> made waves in the computer science world when he blogged he was done with
> Chrome. “I lost faith,” he told me. “It only takes a few tiny changes to
> make it very privacy unfriendly.”

I read this and literally thought, "who?"

~~~
leevlad
He's fairly active and popular on Twitter, and is opinionated about
cryptography, blockchain, etc.

[https://twitter.com/matthew_d_green](https://twitter.com/matthew_d_green)

~~~
techntoke
Did he ever say why he lost faith? Cause at least Chromium has hardware
acceleration for video decoding on Linux. The story about ablock extensions
being blocked was completely false.

~~~
goatsi
>The story about ablock extensions being blocked was completely false.

What about it was false? Developers made it clear that the changes would
neuter many ad blocking extensions, and Google actually backtracked due to the
outrage (to a position that still prevents effective ad blocking).

~~~
techntoke
No, they didn't make it clear that it would do anything to ad-blocking
extensions, only in their current for would they have to make changes which
are actually supposed to speed up adblocking. Poor developers had to make some
changes because Chromium wanted to improve things. They didn't backtrack due
to the outrage either. They are still moving forward with the improvements and
Firefox crowd is still lying about what is actually going on. Guess they are
looking for new users to exploit with their 0days.

------
rileyt
Isn't Chrome just as private as Safari or Firefox with the right extensions to
block tracking and other common issues?

I understand that most people won't know which extensions to install or how to
install them, but for tech savvy people, isn't Chrome with Privacy Badger and
HTTPS Only just as private as Firefox, with a much better overall browsing
experience?

~~~
sfotm
Not if you're trying to block Google as well, but for all other parties it
probably is.

~~~
rileyt
This is even more in the weeds, but if you turn off sync, google services,
page preloading and use a non-google default search engine, what's left for
them to track?

~~~
vitorgrs
Just run chromium then lol

------
beenBoutIT
It comes down to ignoring Firefox's inferior UI/UX and blindly buying into
Firefox marketing.

Seeing as how the internet is actually a shitload of poorly organized data
it's unclear what advantage Mozilla gains by not being in the 'data collection
business'.

"Firefox isn’t perfect — it still defaults searches to Google and permits some
other tracking. But it doesn’t share browsing data with Mozilla, which isn’t
in the data-collection business."

Needlessly relearning things to avoid collecting them doesn't make any part of
browsing faster or more efficient.

~~~
jxdxbx
Firefox is a much better designed app than Chrome, which never looks or acts
like normal apps. It has even intercepted cmd-q now which is super annoying.
Which browser works better or is faster, I have no idea, though I've never run
into problems with Firefox.

~~~
babuskov
> It has even intercepted cmd-q now which is super annoying.

I can understand reasoning behind that. I had to install a Firefox extension
that disables cmd-q on macOS because I had closed the whole browser many times
by accident (while trying to quickly hit cmd-w). You can still use cmd-q but
you have to press it twice in a very short time. Maybe Chrome could do the
same.

~~~
TechieKid
Firefox uses Ctrl+Shift+Q to quit the entire browser now on Windows and Linux
based platforms, presumably because of that reason. You might not need that
Firefox extension anymore.

------
robertAngst
This strong push for 'privacy' is going to have a strong pushback.

There may be some users here who need privacy, or some users who think privacy
is necessary to keep whistleblowers safe.

The majority of users want fantastic service.

Privacy is niche, and not needed for everyone. We already have solutions, and
have users pay for a dummy accounts.

~~~
jxdxbx
Fantastic service does not require giving up your privacy. There are privacy-
protecting ways to do personalization, gather data for machine learning, and
so on. Even advertising business models do not require that people give up
their privacy.

~~~
robertAngst
I don't want an expensive privacy service. I want free/low cost.

I have no reason for privacy, its like buying a Mini Van when you are single.

EDIT: HN is bad at discussing ideas. I suggest not downvoting people for
dissent.

~~~
AnIdiotOnTheNet
HN is Reddit: SV WebDev edition these days. Why is there even a downvote
button? Look at this thread: lots of perfectly normal comments are greyed out
because they say something involving Firefox not being perfect software. It's
ridiculous. What possible purpose does a downvote button serve except to
encourage this kind of behavior?

