
Latest Firefox rolls out Enhanced Tracking Protection 2.0 - LinuxBender
https://blog.mozilla.org/blog/2020/08/04/latest-firefox-rolls-out-enhanced-tracking-protection-2-0-blocking-redirect-trackers-by-default/
======
typon
My friend who works in an adtech company:

"Protip: Use Firefox instead of Chrome. We get very little data from Firefox
users"

~~~
formerly_proven
Even less data if you use uBlock Origin and possibly uMatrix (which is very
high maintenance, but also reveals the utter insanity of the web).

Without an adblocker the internet is such a slow heap of trash that I'd never
go back to not using one. This is also one of the main reasons I use my iPhone
so little, since it doesn't really have any way to adblock.

~~~
nitrogen
The only downside is that product managers who rely on third-party analytics
to decide what platforms are relevant will never see Firefox+uBlock users as
relevant. I've had to argue this at multiple companies; fortunately at some
places multiple developers used uBlock so it wasn't as hard as making the case
alone.

~~~
godelski
> fortunately at some places multiple developers used uBlock so it wasn't as
> hard as making the case alone.

Is adblocking not common? Every tech literate person I know uses an ad
blocker. I'd say about 30-40% of millennials I know use them, most using ADB
or uBlock Origin.

Every time I see someone using a browser with ads I forget what a nightmare
the internet is.

~~~
kelnos
Anecdotal, but I've pushed close friends who are reasonably technical to
install an ad blocker. Without my urging, they wouldn't have had one at all.
When I come across someone who doesn't adblock, it surprises me, but it really
shouldn't, as it seems most people don't have an ad blocker.

~~~
fauigerzigerk
I still don't use an ad blocker. I know all the arguments for ad blocking and
I agree with many of them. I know what difference it makes in terms of
performance and annoyance.

But I just can't bring myself to indiscriminately block all ads, knowing how
important they are as a funding source for the websites I use.

There's only one thing that destroys privacy even more thoroughly than ad
targeting: payment.

~~~
gpanders
> There's only one thing that destroys privacy even more thoroughly than ad
> targeting: payment.

I disagree with this. Maybe you can elaborate?

If I am paying for a service then there is no incentive to mine my personal
data for revenue. It's a mutually beneficial transaction. And there are plenty
of ways to hide your personal information (even your name) when paying for
something (e.g. using a service like privacy.com).

~~~
derivagral
My understanding is that the mentality is "they paid us, we have their data,
we're keeping it for future leads, we could get a new line of revenue by
turning that into a product."

------
mancerayder
I'm happy to see stuff like this.

I'd be even happier if the tricks to get video to play were somehow canceled.

I have adblocker and video blockers, but somehow, news sites have a video that
plays. If I scroll off the page, the video pops out into the lower right hand
of the page and resumes playing, even if the big version of the video at the
top of the page was stopped /paused (which it is by default), and it needs to
be stopped again. On mobile (Android) this is a double nightmare, even in
Firefox, because the little video has a tiny little X, and somehow my finger
doesn't ever hit X the first time. I can plug in a USB-A connector in the
right way faster than I can press that little X.

Is there an explanation for this, and am I the only one?

~~~
tome
Isn't the small video in the corner a feature actually implemented in Firefox
itself (picture-in-picture) and nothing to do with the web page? If so then
that seems doubly bad!

~~~
calmworm
Firefox doesn't force it. The feature is that you have the option to pull the
embedded video into a non static location within your browser window.

So you could allow the video to play in view while you scroll through the
remainder of the page.

------
UI_at_80x24
I've been a user since they first split from Netscape. Very happy to see
continued efforts in this project. Congrats folks! I'm glad you exist.

Related: I don't know if this applies to other platforms, but the newest
version of FireFox on FreeBSD (79.0,1) generates errors on every website you
visit stating insufficient security. (including google & mozilla.org) This is
somehow related to not having a virus scanner installed or something.

This is the about:config setting to disable that:

network.http.spdy.enabled.http2=false

~~~
drewg123
I'm running the same version of Firefox on FreeBSD (firefox-79.0,1) and I
don't see this (with http2=true). I'm running 13-current (r363668) and using
the 12-stable quarterly packages (FreeBSD:12:amd64/quarterly)

~~~
UI_at_80x24
I'm running 12.1-RELEASE-p5 [quarterly], so that's interesting. We should be
overlapping somewhat.

I inclined to believe that it's just my luck. You need somebody to find edge-
case bugs? I'm your stooge.

~~~
drewg123
I hear that. The latest update to kde / plasma5 changed something enough that
it took me 4 logins before I got a task manager. Dealing with these these
super disruptive / breaking kde changes only a few times a year are why I run
the stable packages rather than the -current packages. I think I'm just going
to give up and switch to lxde

~~~
UI_at_80x24
Not to be too much of an old-fart, but I gave up on kde after they moved away
from 3.5. I've tried every major release since 4 came out and I keep not
liking it.

I do really enjoy some of the apps, but I'm fully in the i3 camp for several
years now.

~~~
yjftsjthsd-h
Did you ever try
[https://www.trinitydesktop.org/](https://www.trinitydesktop.org/) ?

------
svnpenn
> Latest Firefox rolls out Enhanced Tracking Protection 2.0; blocking redirect
> trackers by default

Isnt that what is used with Google Search? For example if you go here:

[https://www.google.com/search?q=sunday](https://www.google.com/search?q=sunday)

the first result appears to be:

[https://en.wikipedia.org/wiki/Sunday](https://en.wikipedia.org/wiki/Sunday)

but its really:

[https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&c...](https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwiE45DBuoTrAhUJP60KHb-
LAgcQFjAAegQIAhAB&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FSunday&usg=AOvVaw3AEEL2UuDK8DJPu1wtWera)

~~~
input_sh
More details here[0], but in short, they'll "block them" by deleting cookies
and site data of redirect trackers every 24h, preventing long term profile
building, while not breaking the redirects.

There's also a "Google search link fix" recommended extension that fixes those
URLs (replaces
[https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&c...](https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwiE45DBuoTrAhUJP60KHb-
LAgcQFjAAegQIAhAB&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FSunday&usg=AOvVaw3AEEL2UuDK8DJPu1wtWera)
to
[https://en.wikipedia.org/wiki/Sunday](https://en.wikipedia.org/wiki/Sunday)
in your example). Also available for Chrome and Opera.

[0] [https://developer.mozilla.org/en-
US/docs/Mozilla/Firefox/Pri...](https://developer.mozilla.org/en-
US/docs/Mozilla/Firefox/Privacy/Redirect_Tracking_Protection)

~~~
mataug
Deleting redirect cookies is a wonderful step forward in improving privacy.

I'm now concerned that companies would attempt to circumvent this by profiling
users via fingerprinting through canvas, screen resolution, user agent and
other means.

I wonder how such profiling can be minimized / eliminated ?

~~~
floatingatoll
As of January [1], it looks like Firefox enabled fingerprinting protection by
default. Expert users may have overridden settings in various ways that could
prevent those protections from being active. To verify, at Preferences >
Privacy > Tracking Protection (about:preferences#privacy), make sure you've
selected an option that includes Fingerprinting protection.

[1] [https://blog.mozilla.org/firefox/how-to-block-
fingerprinting...](https://blog.mozilla.org/firefox/how-to-block-
fingerprinting-with-firefox/)

~~~
draebek
Note that _I think_ this blocking is done not by detecting a site doing it,
but instead by using block lists: Firefox has a list of sites where third-
party resources, including JS that would do canvas fingerprinting, will be
blocked.

As I understand it, this is different from the various "resistFingerprinting"
("RFP") settings in about:config, which will work on every site (and are
notorious for breaking things). Ditto CanvasBlocker, which AFAIK runs on every
site.

I got this info from one of the links in the informative post you cited:
[https://blog.mozilla.org/security/2020/01/07/firefox-72-fing...](https://blog.mozilla.org/security/2020/01/07/firefox-72-fingerprinting/)

~~~
floatingatoll
Yeah, I definitely wouldn’t enable resistFingerprinting for anyone I’m
responsible for providing tech support to! If y’all want to experiment with
it, go ahead, but be prepared to be angry at your browser and/or websites as
things mysteriously break without explanation.

------
tdhz77
I keep encouraging people to use Firefox over the others. My efforts keep
failing. Mozilla’s focus on privacy is important and should be to others.
People have been burned in the past and are willing to give up privacy for
something that just works. The irony.

~~~
mitchdoogle
Do people think Firefox doesn't work? I've noticed zero difference between
using Firefox and Chrome and I've used both daily for five years or so.

~~~
Widow
Google has an incredible walled garden of apps and things that 'just' work
together seamlessly. I remember switching from FF to Chrome years ago as
Chrome was measurably faster. The staying power was using Google's entire
suite of apps with Chrome. Things like copying and pasting without formatting
or searching for strings all contribute to stickiness.

~~~
infinityplus1
I have to frequently open Google Meet in Chrome because other users can't see
my screen while screen sharing using Firefox.

~~~
kiwijamo
Interestingly, when we had lockdown in my country I tried using Google Meets
in Chrome and it just shat itself. Switched to Firefox and Meets worked so
much better in Firefox. Very strange...

------
vikbytes
This is fantastic. I never liked the cookies sticking around forever, and
managing them manually was a massive pain if you wanted to keep some of them.

Not to mention Firefox is usually brought to its knees when trying to delete
large segments of History/Cookies at once.

~~~
ainar-g
> This is fantastic. I never liked the cookies sticking around forever, and
> managing them manually was a massive pain if you wanted to keep some of
> them.

You might like the CookieAutoDelete plugin[1]. It's a recommended plugin which
allows you to set a list of domains and domain patterns which retain their
cookies while others are deleted. I've been using it for a couple of months
now, and I love it.

[1] [https://addons.mozilla.org/en-GB/firefox/addon/cookie-
autode...](https://addons.mozilla.org/en-GB/firefox/addon/cookie-autodelete/)

~~~
gruez
CookieAutoDelete has some fatal flaws. It doesn't delete indexeddb, for
instance. Also, if you're a tab hoarder it simply doesn't work for the common
sites you visit. Temporary containers[1] is a much better option, as it uses
firefox's container tabs to provide much tighter isolation.

[1] [https://addons.mozilla.org/en-US/firefox/addon/temporary-
con...](https://addons.mozilla.org/en-US/firefox/addon/temporary-containers/)

~~~
benhurmarcel
I recommend Forget Me Not as an alternative.

[https://github.com/Lusito/forget-me-not/](https://github.com/Lusito/forget-
me-not/)

------
gruez
Can we talk about how google isn't affected by any sort of mainstream tracking
protection? They're not going to be affected by this, because you visit google
domains (directly or indirectly) multiple times daily. They're also not
affected by blacklists, because they own recaptcha, and that's explicitly
whitelisted in in popular blocking lists.

------
colordrops
Off topic, but every time I see an article like this I load up Firefox and try
it out to see how it has progressed. I inevitably stop using it, and this time
I decided to introspect and see why. It turns out that it's mouse wheel
scrolling doesn't feel as snappy as other browsers, and for some reason it
bothers me a lot. I'm going to try changing the scroll wheel settings and see
if I can stick with it.

~~~
weaksauce
that's funny because in chrome i hate the scrolling because it doesn't have
the middle mouse click autoscroll feature and all the "solutions" to fix that
are janky webextensions.

~~~
fireattack
Chrome has autoscroll here, on Windows.

What platform do you use?

~~~
weaksauce
mac os... they may have added it since i stopped using it. but i like firefox
more for it not being google

------
tgb
I'm trying to get myself to finally switch to Firefox thanks to this post. But
I'm having problems with ctrl +/\- changing of font sizes. In Chrome, that
setting affects one domain only. Here I'm getting confused because I open a
new tab and the font is tiny or huge, even sometimes on sites I've never
visited before. Ctrl 0 fixes it but then I seem to reset sites that I do want
enlarged (like HN). What's the logic here? I haven't figured out the steps to
reproduce this, it seems random.

~~~
irontinkerer
I've had the same experience! Well sort of, I think it's related to the
experimental zoom I enabled. Trying to track down how to reproduce so I can
open a bug, but it's sporadic for me. Other than that, I'm pretty happy with
the browser

~~~
tgb
I've possibly figured it out. If you scroll quickly and while the inertia
carries the scrolling onwards hit ctrl+w to close the tab, it'll resize the
next tab that gains focus. Presumably that's because ctrl is held down and
it's scrolling, even though the scrolling is only from inertia. Obviously
scrolling shouldn't carry over to the new tab, so it does look like a bug.
Moreover, it also resizes the website of the tab you just closed.

Guess I need to submit a bug report.

Edit: apparently Bugzilla requires passwords longer than 10 characters - wow!
At least the that's the error I got (password too short) when I tried to sign
up. Seems excessive.

------
atombender
I'm a fan of ETP, except it breaks a lot of sites that use embeds.

For example, sites that use Twitter or Instagram [1] embeds won't show the
embeds. And there's no way, as far as I can tell, to whitelist those.

The only solution is to whitelist the sites that have embeds, but that ends up
enabling all the tracking and stuff you don't want.

[1]
[https://bugzilla.mozilla.org/show_bug.cgi?id=1446243](https://bugzilla.mozilla.org/show_bug.cgi?id=1446243)

~~~
duhi88
Pretty sure that embeds enable all the tracking stuff you don't want, too.

~~~
ffpip
Yes.

Embeds aren't broken, they just appear text only.

When you block twitter embeds , you can't like the tweet without opening the
tweet in a separate tab.

You can't do both. Either have the like functionality, or block it.

------
yelloworangefog
I'm really happy to be using Firefox again. I had abandoned it in favor of
Chrome around 2014 because of how sluggish it had been getting. They really
got it together with the quantum update though in my opinion. It still gets
outperformed by Chrome (especially in the javascript department), but it's not
a big enough difference to be a deal breaker for me, and I like feeling like
I'm doing my small part to help combat Chrome's growing monopoly.

------
onyva
The only browser we can trust today. Glad to see they’re making privacy online
a priority, on top of an already amazing browser I use regularly and
exclusively both on Linux and iOS.

~~~
subhro
Honest question, what's wrong with Safari, that you can not trust it?

~~~
andrewshadura
It's not open source, how can you trust it?

~~~
subhro
I thought Webkit, the core engine is open source. Or, are you saying Webkit !=
Safari?

~~~
jasonlotito
Safari can use Webkit, but Webkit isn't Safari. Basically, if Webkit = Safari,
then anything using Webkit would also be equally safe.

------
tarkin2
I understand: cookies are deleted every 24 hours unless you’ve visited the
site before in the last 45 days.

Does this mean if I visit a site twice the cookie stays but otherwise it’s
gone in 24 hours?

~~~
ysavir
I think it means that 3rd party cookies will be deleted in 24 hours unless you
visited the site of origin in the last 45 days.

So if you get a 3rd party cookie from www.marketingsite.com, but never visited
that site, it will be deleted in 24 hours. But if you get a 3rd party cookie
from facebook, and you're a semi-active facebook user, the cookie will be
kept.

~~~
tarkin2
I don't think it's only third party cookies. But all cookies if you've only
visited the site once once in 24 hours.

The article mentions you get redirected to a website before going to your
destination, so the third-party cookie is no longer 'third' but 'first' since
you (unbeknownst to you) visited the site.

~~~
ysavir
Looks like we're both not entirely correct (and probably both skipped the
security blog posts!).

In the security blog post, they explicitly say "An origin will be cleared if
it [...] is classified as a tracker in our Tracking Protection list" and
"[has] No origin with the same base domain (eTLD+1) has a user-interaction
permission".

So it's not a catch-all for any and all redirect trackers, just those Mozilla
knows about, and whitelists trackers that are first-party in spirit. I do wish
they didn't frame it as "we're blocking redirect trackers" but instead as "we
extended our tracking blacklist to include known redirect trackers, unless we
have a good reason to think you allow them".

------
shock
Unfortunately, even with Enhanced Tracking Protection 2.0 you can still be
tracked by using ETags. There are extensions for Firefox that block ETag
tracking, but I haven't reviewed a specific extension sufficiently to
recommend one.

~~~
ffpip
Remove Etags with the CleanURL addons. Just turn off everything else it does,
if you only want to remove ETag.

Clean URL cleans many links. No utm_source, no amazon trackers, no
google/yandex changing links just right before you click it. It has adblock
built in, so turn it off if you already have an adblocker.

You can also do it with [https://addons.mozilla.org/en-
US/firefox/addon/netflix-party...](https://addons.mozilla.org/en-
US/firefox/addon/netflix-party-for-firefox/)

~~~
mderazon
Wow first time I read about etag tracking. The creativity of adtech companies
is really impressive

~~~
ffpip
Yeah. Almost every site uses it now.

Check whether you can be tracked here -
[https://hinternesch.com/page1](https://hinternesch.com/page1)

Visit the site. Then clear cookies and history (don't touch cache) . Then
return and you will get the same ID, provided you are not using any extension
that removes the E-Tags.

I learnt about the possibilities of Etags from here - [https://privacy-
formula.com/reader/no-cookies-no-problem-usi...](https://privacy-
formula.com/reader/no-cookies-no-problem-using-etags-for-user-tracking/)

------
btrask
[https://support.mozilla.org/en-US/kb/how-do-you-use-
leanplum...](https://support.mozilla.org/en-US/kb/how-do-you-use-leanplum-
firefox)

> What data is collected and sent to the Leanplum backend?

> Leanplum tracks events such as when a user loads bookmarks, opens a new tab,
> opens a Pocket trending story, clears data, saves a password and login,
> takes a screenshot, downloads media, interacts with a search URL or signs in
> to a Firefox Account.

------
SamuelAdams
Honestly the best thing you can do is use Firefox and set the browser settings
to "Never remember history". This deletes everything in the cache, cookies,
etc every time your browser closes. Drawbacks - you have to log back in to
every site every time you relaunch the browser. But then these cookies and
tracking methods do not follow you around.

------
xref
Hopefully this will make affiliate-link based sites like Wirecutter change
their ways. I dont mind them earning affiliate money but I can’t even click a
link at Wirecutter anymore since their bounce redirect to Amazon or wherever
is totally blocked by my DNS settings originally via AdGuard now via
nextdns.io

~~~
untog
Can you add an exception for the site? It seems like a slightly inconsistent
position that you don't mind them earning affiliate money yet you're actively
blocking them from doing so.

~~~
clairity
it seems the objection is to unearned affiliate revenue (for any purchases at
amazon for some period just for visiting wirecutter), not earned affiliate
revenue (by clicking on a product you intend to buy), which is consistent and
fair.

~~~
shostack
What you described sounds like cookie stuffing and is almost certainly
prohibited by Amazon and any competently run affiliate network/program.

~~~
clairity
yup, that's it. i couldn't recall the name for the practice, so thanks for
that!

------
Razengan
I love Firefox as an alternative to Chrome but I hate how it goes of its way
to be as cumbersome as possible.

Witness this example of the most terrible UI ever; how frustratingly
convoluted it is to delete specific cookies:

1: Open Preferences

2: Search "cookies"

3: See a bunch of cluttered stuff

4: Scroll all the way down to "Cookies and Site Data"

5: Click "Clear Data"

6: Oops, that's not it. Cancel and try "Manage Data"

7: Search "google" for example (to avoid their crappy tactic of signing you
into Search when you sign into YouTube or Gmail, but that's another story)

8: Click "Remove All Shown"

9: Click "Save Changes"

10: Get hit with a modal alert in your face showing you the list of changes to
confirm.

11: Click "Remove"

[https://i.imgur.com/QrE4EH3.gif](https://i.imgur.com/QrE4EH3.gif)

~~~
corford
It isn't great but imho it's better than Chrome which confuses me each time
and feels super limited:

1\. Open settings

2\. Privacy and security

3\. Scroll down to find the tiny "See all cookies and site data"

4\. Use the search box for the site you want

5\. Then you only have the option of removing everything from that site??
There's a little X icon to the right of each cookie but clicking it does
nothing

Unless there's a better way I haven't seen (I use chrome infrequently)

------
jchook
Surprisingly extensive article from Brave[1] from Aug 2018 -- two years ago!
About redirect tracking, it says this:

> Brave’s policy of disallowing any third party state by default makes it
> already more privacy-preserving than ITP 2.0 in regards to third party
> redirection-based tracking. Brave users however may benefit from an ITP-like
> protection from first-party trackers, although their number is small.

Apparently Safari had ITP, a similar type of redirect tracking mitigation, for
some time.

1\. [https://brave.com/redirection-based-
tracking/](https://brave.com/redirection-based-tracking/)

------
DangerousPie
Nice. Firefox has making some great improvements recently.

------
stiray
Add those add-ons:

[https://addons.mozilla.org/en-US/firefox/addon/canvas-
finger...](https://addons.mozilla.org/en-US/firefox/addon/canvas-fingerprint-
defender)

[https://addons.mozilla.org/en-US/firefox/addon/webgl-
fingerp...](https://addons.mozilla.org/en-US/firefox/addon/webgl-fingerprint-
defender)

[https://addons.mozilla.org/en-US/firefox/addon/font-
fingerpr...](https://addons.mozilla.org/en-US/firefox/addon/font-fingerprint-
defender)

[https://addons.mozilla.org/en-US/firefox/addon/audioctx-
fing...](https://addons.mozilla.org/en-US/firefox/addon/audioctx-fingerprint-
defender)

I would really love to have more addins like this, doing one thing and doing
it good. They will kill fingerprinting and as a proof, I was downvoted the
next moment i posted the links.

~~~
simonebrunozzi
Not sure that's the reason why you were downvoted.

Perhaps (I am trying to guess) it would have been more helpful to explain why
these four add-ons, individually, are so necessary. Or perhaps a more expanded
comment on why you picked these, and what effect they provide.

------
joveian
Another option is to always delete cookies and site data when you close
Firefox and set exceptions for the few sites you care about. If you are like
me and only start Firefox once or twice a day this prevents too much annoyance
while limiting cookie based tracking.

Also, Mozilla should really think about what is wrong with the statement
"Since we enabled ETP by default, we’ve blocked 3.4 trillion tracking
cookies." I imagine most people who care about tracking would like to not be
tracked by anyone, not just anyone other than Mozilla.

------
BuckRogers
From reading the comments, it sounds like the only real choice is the Tor
Browser if you want to be anonymous, or just accept all of it and use your
device's native browser for best performance.

What I'd be interested to know is if all of this anti-tracking technology
matters if you just isolate domains by using containers. My guess is that
Google and company have so many tracking domains that containers have no
impact on that, at least 3rd party. But it seems like part of a real solution.

------
eklavya
I wish Apple realised that more competition in browsers on iOS is better for
the user and they shouldn’t be greedy about it. How wonderful would it be to
have proper Firefox in iOS.

~~~
parsimo2010
I use Firefox on iOS. It has some tracking protection. Probably not the full-
fat version of desktop Firefox, but I find it to be more tolerable than Safari
on iOS.

------
gentleman11
Epic games seems to be using captchas for ue4 accounts that break for Firefox
users who are using tracking protection. Not a complaint against Firefox, just
very annoyed by game dev in general for privacy reasons.

\- more or less forced to use windows for development / to access marketplace
content \- have to modify engine source code to disable analytics \- have to
use Chrome to access their sites and dashboards

I really miss my old Linux setup

------
symlinkk
What if cookies were opt in? E.g. blocked by default everywhere unless you
decide to allow them, same as access to the webcam for example.

~~~
xook
Side benefit: It helps a ton with testing changes instead of clearing
everything and starting over!

------
alleyshack
I want to switch to Firefox, but of all things, its tab management is keeping
me away. On my last try, I gave up after five minutes because I couldn't see
all my open tabs at once (had to scroll). Does anyone know of an extension or
setting I can use to force Chrome-like tab behavior, where all tabs are shown
at once regardless of how small they become?

~~~
ric2b
I use tree style tabs, which is amazing for tab hoarders like me:
[https://addons.mozilla.org/en-US/firefox/addon/tree-style-
ta...](https://addons.mozilla.org/en-US/firefox/addon/tree-style-tab/)

~~~
alleyshack
Do you still have to navigate? Like, click or scroll or whatever, to get
between tabs? I'm looking for a UI that shows me all my tabs, all at once, no
clicks/scrolling/navigation required.

------
acd
Mozilla are the Good Girls and Good Guys of the Internet! They do the right
thing. Its also quite easy to see who are the bad actors.

------
perryizgr8
I think Firefox's first order of business should be to focus on making it as
good as Chrome first, then focus on other things. I can do all the blocking I
want on Chrome with extensions. I cannot make Firefox fast, or work well with
the touchpad with any extension.

------
hi41
I think we should buy either windows or apple based computers instead of
chromebooks because the former allows us to install Firefox while the latter
does not allow that. I tried Firefox recently and I really liked it.

------
k_sze
I don't quite understand. The latest version of FF is 79.0, released on July
28. This article is dated Aug 4. So is Mozilla going to remotely activate ETP
2.0 for users of FF 79 without requiring an update?

------
nightski
I'm on the latest Firefox and it's allowing a Set-Cookie with the Secure flag
over http (for localhost). This seems wrong to me, but maybe it's allowed for
localhost specifically? Anyone else experience this?

~~~
bugmen0t
Yes. localhost is considered a Secure Context via
[https://w3c.github.io/webappsec-secure-
contexts/#potentially...](https://w3c.github.io/webappsec-secure-
contexts/#potentially-trustworthy-origin) \- This is intentional to testing
APIs which require a Secure Context easier to use during development. E.g.,
ServiceWorkers.

------
rootusrootus
Will this be enough to trigger the Google captcha punishment on every site I
go to? I already run into that more than I'd like.

------
markosaric
Nice improvements! Firefox keeps delivering! But Chrome browser market share
is now up on 71% while Firefox is down to 7.3% :(

~~~
aembleton
How is that market share determined? Is it by looking at data from tracking?

Those tracking numbers will reduce, the more that Firefox cracks down on it.

User agents hitting server logs are probably more accurate now.

~~~
bishalb
Maybe via user agent headers.

------
MilaM
Does this mean that data from actively visited sites (first-party) will be
automatically deleted 45 days after the last visit?

------
treefry
Recently Amazon starts to ask for OTP every time I open its website. Is it due
to the new tracking protection feature?

------
shock
If you can tolerate it, I recommend using Temporary Containers as a
supercharged version of Enhanced Tracking Protection.

------
nabaraz
If only I can get Chromecast working on Firefox. I would never touch Chrome
ever again.

~~~
rmorey
I mean, you would still be touching chrome, as Chromecast devices are well,
running Chrome... but your point is taken

------
dzink
What stops trackers from using local storage on redirects instead?

------
wadkar
This sounds very similar to Safari blocking/deleting cookies?

------
DavideNL
So which version of Firefox will have this feature?

~~~
floatingatoll
The post says that it's being rolled out gradually on Release channel, so as
long as you haven't blocked automatic updates in various ways, you'll get it
soon (assuming that the rollout continues without any significant issues being
uncovered that halt it).

Presumably if you want to run ahead of that, there's ways to get it early via
Beta or Nightly channels, but I don't know what those are.

------
daffy
Qutebrowser with a Firefox backend would be nice.

~~~
The-Compiler
Still waiting for Servo or
[https://mozilla.github.io/geckoview/](https://mozilla.github.io/geckoview/)
to be usable as a library on desktop platforms. Unfortunately, that hasn't
happened so far...

------
apotatopot
meanwhile I typed a draft of an email with links in it and 2 seconds after
saving it got an email from Mozilla saying "stop sending yourself links via
email!". I'm not OK with that.

------
Ijumfs
It all seems pretty pointless when every tracker tracks you by IP address and
the only real way to defeat this is to use Tor, which BTW is blocked on an
ever-growing list of sites.

~~~
M2Ys4U
IP is a much coarser level of tracking, for most people.

GCNAT, roaming (WiFi <-> mobile), shared networks (NAT/IPv6 Privacy
Addresses). All of these things mean you can't be sure you're tracking the
_same_ person, unlike with cookies.

------
octernion
i switched to firefox after using chrome for close to a decade and it's been a
breath of fresh air -- very excited and congrats on the launch!

------
kgraves
Why should I trust Firefox with this "enhanced tracking protection 2.0", when
Mozilla gets their funding from Google just to be the default search engine?

------
dependenttypes
I never understood this feature. Why not use an addon instead? Ublock origin
for example is much better compared to the firefox tracking protection.

~~~
ocdtrekkie
Because the default should be to block tracking. We just shouldn't allow it.
Imagine someone telling you a popup blocker (something even IE8 had standard)
should be acquire separately.

~~~
kgwxd
I agree with parent though, Firefox should just ship with uBlock Origin
installed. I think putting privacy features in the hands of a third-party
prevents some poor choices being made due to several conflicts of interest
browser vendors have.

~~~
jonnytran
Luckily, Mozilla is a non-profit organization. Their interests do not conflict
with protecting their users.

But it makes you wonder, if other browser vendors' interests do conflict with
ad blocking, why would they ship with uBlock Origin? They would want to
control what most people do by controlling the defaults. The vast majority of
users never change the default settings.

~~~
quadrangle
Mozilla is a non-profit that _owns_ a for-profit corporation which makes
Firefox. And their funding largely comes from Google paying them to keep
Google as the default search.

There's not a mission-level conflict-of-interest, but there's a practical one.
Until they can somehow be funded directly by users, Firefox will have this
tension of "don't piss off Google or other referral partners, even if that
means going against the users' interests". They won't serve the users well by
losing all their funding and then dying.

This situation is why Firefox and Mozilla aren't just everything they could be
in terms of completely aligned with users.

------
bzb3
I'm waiting for it to get so good that it becomes effective at removing the
ads Mozilla added to the new tab page.

~~~
compscistd
Firefox > Preferences > Home > New Windows and Tabs (very first option!) >
Homepage and New Windows, New Tabs > Blank Page

I like that Firefox Home is the default option because you as the user are
offered something. If you don't like it, you say no, go to the settings page,
and are never offered it again. If you do like it or don't mind it, you keep
it. Win-win.

If Firefox Home wasn't on by default, those that might have preferred it
wouldn't know what they're missing. It seems difficult to think someone would
actually prefer ads but if there's some engagement, then that speaks for
itself.

~~~
LeifCarrotson
The default option should be "show options", letting you choose with _one
click_ between Blank, Mozilla Ads, Your Recent/Favorite Pages, and a custom
URL or set of URLs.

There are 6 levels to your process above. Imagine being tech-illiterate and
asked to navigate that - or, maybe easier, imagine trying to dictate that
process to someone you know who is tech-illiterate over the phone. Even if you
know exactly what to do, it might go something like this:

> _" You saw an ad you don't like on a new tab of The Internet? OK, what you
> need to do to fix that is set the New Tab preference to Blank. Click the
> Firefox menu - no, it doesn't have the familiar File/Edit/Help menu bar, it
> uses a hamburger menu - the stack of three horizontal lines - in the top
> right. Something about a library? No, that's supposed to be a bookshelf
> icon, it has vertical lines, you want the horizontal lines to its right. The
> menu went away? Make sure to single-click the menu, not double-click. Look
> in that menu for something named Settings ... not Customize, no, that's kind
> of like settings but different, oh yeah, it was called Preferences. In
> Preferences, look for the Home section ... shouldn't have to scroll, it's in
> the menu to the left ... yeah, that's a menu, it's just separated by
> whitespace instead of a line. On the Home preferences screen, there's a
> drop-down box for New Tabs, click that dropdown and set it to Blank. Great,
> you're all set. Talk to you later. Bye!"_ Ring - _" Hey again - it didn't
> work? You closed and reopened Firefox and the ads were still there? Oh,
> right, that gives you a new window, not a new tab. Let's go back through the
> menus one more time, it was just above the New Tabs dropdown, yeah, we were
> just there. Click the three horizontal lines for the Firefox menu...."_

It's disingenuous to say that those who prefer the ads might not know what
they're missing, even more disingenuous to say "you're offered something". No,
with ad tech, the user is the product being offered to the advertisers, and I
expect that more people don't know how to turn it off or that turning it off
is a thing you can do than that like being advertised to.

~~~
ziddoap
>There are 6 levels to your process above

Hit options -> Click dropdown of "new tab" field and select "Blank page". 2
steps.

If the parent post is being disingenuous with their point, yours is as equally
disingenuous by being an incredibly over-complicated deconstruction of hitting
options and reading 2 fields down.

If they have to be walked through finding the options menu (half your
paragraph is about opening the options menu, really?), they are going to have
difficulties with every browser and every option -- including understanding
what a "custom URL or set of URLs" is.

>"Oh a URL? That's the address thing you see at the top. Oh but it's not shown
completely in some browsers. And, if you want multiple URLs you have to use
the pipe operator symbol. Oh, the pipe operator? Look above your enter key.
No, not the one on the number pad, the other one near the backspace." Etc..

~~~
compscistd
My mistake, I was on a Mac and I intuitively look for app settings in the main
menu bar, which is what I was describing. I should have looked up the process
on other platforms to determine if it was just as intuitive

