Hacker News new | past | comments | ask | show | jobs | submit login
uBlock Origin Maintainer on Chrome vs. Firefox WebExtensions (discourse.mozilla.org)
776 points by nachtigall on Aug 9, 2017 | hide | past | favorite | 324 comments

After being a Chrome user for several years, I've switched back to Firefox for the past two years or so and I'm really, really happy with it.

Latest version does multi-processing, e10s is finally here (though it might still get disabled by usage of certain add-ons, I remember I had to force it to stay enabled).

On performance, in the past it felt sluggish, but now Firefox is fast and for my usage patterns it uses less memory than Chrome.

And one thing I really love is the Awesome Bar, which is a pain point every single time I open Chrome. I have a lot of websites I need to return to and in Chrome I end up searching on Google far more than I should. I guess that's the biggest difference between Firefox and Chrome, as Mozilla does not feel obligated to shareholders to extract ads clicks from you (although I hope that whatever they do keeps them afloat).

Also, tab management. I installed "Tab Center" from the Test Pilot and it's awesome. The experiment is now over unfortunately and the code itself for Tab Center isn't compatible with WebExtensions, but there's work going on to port it and that highlights that Firefox's WebExtensions will be more flexible than Chrome, if they aren't already.

But in the end I actually care more about trusting my browser and its maker to protect my interests. I actually trust Google more than I trust other companies, but something feels very wrong for a company to have so much leverage on me. Which is why, as long as I have a choice, I'll always prefer Firefox over Chrome, or Safari, or Edge.

To me, the best feature of Firefox compared to Chromium (both out of the box, no extensions. not sure if there are extensions that could help) is the address bar. Firefox does a fuzzy search into your browsing history and if you visit the same sites often, the suggestions are quite good.

Contrast this with Chrome, where the idea behind address bar user experience seems to be maximizing the number of Google searches done.

But the one that really keeps me on Firefox is Vimperator. It's the best keyboard oriented browser UI in mainstream browsers. The extensions available for Chrome are nowhere near as good (last time I tried).

The worst part of Firefox is the terribly long startup time. It can take up to 10 seconds after a reboot and takes quite a long time even with warm caches. Chromium startup is near instantaneous.

> The worst part of Firefox is the terribly long startup time. It can take up to 10 seconds after a reboot and takes quite a long time even with warm caches.

If you're the type with a lot of tabs open, that should improve a lot in the next few releases.


> If you're the type with a lot of tabs open

I'm not and I don't store/restore tabs on close, so that's not the case here. It's just Firefox + Vimperator + uBlock origin with about:blank as home page.

I'm on Linux/X11 if that matters.

This is probably a good place to plug the fact that Vimperator is going to die with FF57 [1].

If anyone wants to help with making an alternative, look through that thread. I'm particularly invested in Tridactyl [2] but other people are working on others.

[1] https://github.com/vimperator/vimperator-labs/issues/705

[2] https://github.com/cmcaine/tridactyl

Not strictly feature-equivalent, but there's already a working (I use it everyday) port of Vimium for Firefox: https://addons.mozilla.org/en-US/firefox/addon/vimium-ff/

I've been using VimFX all along, which is actively maintained and already compatible with multiprocess.

It's a web browser, not an actual text editor. 99% of the time, you're just wanting familiar keyboard commands for navigation. It feels like Vimperator does so many impractical things almost tongue-in-cheek, just to show how cool it is that they're theoretically possible.

VimFx is not compatible with multiprocess, it will stop working soon.

See https://github.com/akhodakivskiy/VimFx/issues/860 :

    - You can use the current VimFx for the rest of 2017.
    - Then, Vimium is your best bet: philc/vimium#2425
    - VimFx is free software, so if somebody feels like converting it to a WebExtension they're totally free to do so! (But you're probably going to spend your time more wisely on Vimium.)
    - I hope to create a new add-on with the best parts from VimFx some day.
    - Firefox will become a better browser! It’s sad but worth the sacrifice.
Vimium-FF does works right now: https://addons.mozilla.org/en-US/firefox/addon/vimium-ff/

VimFx is perfectly compatible with multiprocess, as stated in the issue you linked:


The issue is that VimFx is not feasible to convert into a WebExtension.

Ugh, that sucks, I just switched to VimFx because I thought it was ff57+ compatible. Now I'm not sure where I got that idea.

I haven't used vimium-ff, but it hasn't been updated in 3 months and the comments on mozilla are not encouraging.

Well, "soon" is tomorrow August 11: "PSA: Legacy extensions disabled by default on Nightly": https://mail.mozilla.org/pipermail/dev-addons/2017-August/00...

I disagree, respectfully.

I like that there's always more stuff to learn about Vimperator. It's fun. There's a nice thread on GitHub where people are talking about their favourite features:


That's odd, from SSD a cold firefox start takes a few seconds on my debian testing (using firefox 54 from apt). Maybe you're using a slow HDD?

Nope. It's a lightning fast m.2 SSD. And warm caches don't help either.

Are Vimperator + uBlock origin the only active add-ons? The Ubuntu Modifications one is known to cause slowdowns, for example.

What happens if you try to completely reset the Firefox profile, and bring back the plugins you want?

Happens without any extensions. I'm on Arch Linux, not Ubuntu.

I don't care enough to debug it further. Firefox is stable enough these days that restarting it isn't even a daily occurence. I have enough patience to wait that 10+ seconds, it's just a minor annoyance.

> If you're the type with a lot of tabs open

Then pray for Tree Style Tabs to be implemented by default in Firefox.

I hope not. I believe that it is better for Firefox to be as light and bloat-free by default while users are free to install whatever addon provides any extra features that they need.

Tree Style Tab could be an opt-in functionality of vanilla Firefox, that wouldn't be an issue for new users.

Although I firmly believed that tabs on the side make more sense for any kind of users. Nesting tabs require a bit more practice though and that could be an opt-in option.

As far as I can tell, it doesn't look like this - one of my favorite plugins - will survive v57.

Thanks. I'd seen that thread months ago; it seems that the situation has improved a bit since then.

As I was searching around, I also came across this:


...which looks to have similar functionality, and is already WE compatible.

Especially when we know we have browsed a site before but forgot the URL and remember only some portions of the title.

Firefox address bar is just more productive in simple things like re-opening frequent/historical sites.

In my experience, whenever Firefox takes more than a couple of seconds to start up, I know my Internet connection is acting up. It appears to be doing some sort of blocking network lookup on the startup path, and opens the intial window only after it succeeds or times out.

One thing that helps with Chrome's address bar is typing in a slash when searching for a site in your history. Suppose I visited this URL:


Chrome might or might not suggest it when I start typing "logn...". But if I type "/logn" it's there immediately. They're tokenizing URLs in a stupid way, apparently.

> But the one that really keeps me on Firefox is Vimperator. It's the best keyboard oriented browser UI in mainstream browsers. The extensions available for Chrome are nowhere near as good (last time I tried).

Did you ever use vimium on chrome? It's part of what keeps me on Chrome, I remember I had a quick glance at Vimperator a fair while ago, but switched back to chrome as it was what I was used to. I keep wondering about trying again.

Can you talk about the trade-offs between them?

This is supposedly a lot better with Firefox 55, released this week :)

Only for restoring lots of tabs.

And by god is it fast now. I have in excess of 200 tabs open in various groups (RIP Tab groups), and didn't remember that my Firefox had updated. I open Firefox, see it startup instantly and my first reaction was that Firefox somehow forgot all the tabs that I had loaded and had just started a new window. Imagine my surprise when everything was just as I wanted!

Yeah, I have a strong hunch that a ten-second startup time is due to restoring lots of tabs.

You mention tab management. One of the main reasons I like Firefox is due to one, exemplary addon: Tab Mix Plus. It's the kind of tinker-y addon that lets you do almost anything that is typical for Firefox.

With ad-blocking especially, I just can't trust Google to be fully supportive. I mean, who are we kidding? It's literally their business model.

One thing I've been finding lately with firefox is that the Netflix website is abysmally slow. It lags on loading, goes unresponsive a lot etc etc.

I've always watched twitch in Chrome (second browser, other screen, works fine) because firefox used to be bad. It's likely that I will start doing the same with Netflix.

Make some noise to Netflix then to make sure their Website works with Firefox.

If you can watch Netflix with Firefox, sounds like you're on Windows or macOS.

The best browsers for Netflix are IE or Safari. Chrome and Firefox support up to 720p only.

You can watch Netflix with Firefox on Linux, but the first time you do, it has to download a plugin, and you have to reload the window.

Not many people seem to be aware of this, but Firefox Mobile is just as great! You can run full extensions, just like on desktop.

I use Firefox Mobile as well but to be fair extension-support is flakey. A lot of times I install an extension that doesn't work and nothing indicates whether it does or doesn't. Also the extensions store doesn't indicate whether and extension is mobile friendly or not.

Oh man plugin support on mobile, this is a game changer for me. If only Firefox supported 2fa with an authenticator app I would have no hesitation using Firefox as my main browser.

I'm using Firefox on desktop, but Mobile scrolling is just awful even on a flagship smartphone. Just also tried nightly: the same.

> Latest version does multi-processing, e10s is finally here (though it might still get disabled by usage of certain add-ons, I remember I had to force it to stay enabled).

Are multi-processing and e10s separate things?

How do you forcefully enable it? 5/7 of my addins are listed as Legacy so I am still in single process mode, I am dying to try multi-process!

EDIT: See here: https://www.ghacks.net/2016/07/22/multi-process-firefox/

EDIT 2: Doesn't seem to work, for me anyways. It appears to be enabled in about:config but I only see one process running in task manager.

EDIT 3: I lied, it does work, 8 processes running now.

ALSO: Does anyone know if tree-style tabs will be made compatible, or if there is something comparable that is?

Tree Style Tab is the biggest difference for me, if you haven't used it before you are probably slow to browse the web :)

I like a lot the "tabs outliner" extension for Chrome. It's especially useful when you work with many tabs open at the same time, and want to preserve sessions, etc. Unfortunately there is now alternative to that in Firefox. Session Manager comes close, but is painful to use. So I'm still looking forward to such extension for Firefox, because honestly I prefer FF to Chrome for most of the things.

Honestly nothing beats Tree Style Tab, have you tried it?

I've tried it. Three times, I guess, since the early versions of it. All three times I found it useless even though I usually have 30+ tabs opened.

Honestly, this kind of statement is nothing but a superstition that you usually hear from people that think that it's impossible to be productive using different approaches.

For me nothings beats Vimium's "T" or Session Buddy + Keepin' Tabs extensions pair.

That is odd, you should try to use for longer periods of time. I personally use it with hundreds of tabs open and I haven't found anything else that can compare.

> Honestly, this kind of statement is nothing but a superstition that you usually hear from people that think that it's impossible to be productive using different approaches.

Maybe, but I'm pretty sure I'm more productive than you. We should compare each other browsing reddit some day.

>That is odd, you should try to use for longer periods of time. I personally use it with hundreds of tabs open and I haven't found anything else that can compare.

I'm using fork when eating pasta. Still, my chinese friends tell me that nothing beats sticks and I should just try to use them for longer periods of time.

See what I did here?

Your assumtion is baseless. You don't know for how logh I've been using it, nor do you know about the results (aside from the fact that I don't use it anymore).

>Maybe, but I'm pretty sure I'm more productive than you. We should compare each other browsing reddit some day.

I'm sorry, but "browsing reddit" and "productive" are on opposite sides of scale for me.

You are entitled to your opinion, no matter how childish it may be.

chopsticks > forks

Tab Outliner does all of that and more as far as I can tell. I'm certainly happy using it.

Perhaps the biggest reason I use Firefox is for Tree Style Tabs. I've tried to find something equivalent in Chrome.

I installed Tab Outliner briefly, and honestly, I couldn't figure out what the heck it was trying to do. Maybe my mental capacity is too limited, but as far as I could tell it didn't get me one iota closer to my goal. What I've settled on, for the times when I need to use Chrome, is an external helper app called Sidewise.

So Tab Outliner needs to do a LOT more to make its operation more discoverable if it wants more users.

It's certainly not obvious, I'd agree with that. It's a kind of a hybrid of tabs, sessions and bookmarks as far as I use it.

> On performance, in the past it felt sluggish, but now Firefox is fast and for my usage patterns it uses less memory than Chrome.

/me remembers how fast FF was compared to IE 'back in the days'.

Well, bear in mind that websites was way simpler to render for a browser back then.

Also keep in mind that Mozilla is researching better rendering methods through the Quantum project. The potential boost will be huge -- CSS styling and compositing will be faster, JS code that interacts with the DOM will be faster, etc.

I'm very excited about Quantum CSS and Quantum DOM landing.

+1. The perfs on Firefox have improved so much. And the new test pilots are awesome. I freaking love tab containers.

> It baffles me that some people thinks Firefox is becoming a “Chrome clone”, it’s just not the case, it’s just plain silly to make such statement.

That's probably the single most reassuring statement about Firefox that I've heard in some time, coming from a serious dev who makes a popular cross-platform addon for both Firefox and Chrome.

I think as an extension developer he is particularly sensitive to the tech behind Firefox, which makes him understand some of Mozilla's decisions. For example, the move from legacy add-ons to WebExtensions is surely one less maintenance burden for Mozilla.

As a user who doesn't think about such issues, it terribly looks like it's becoming a Chrome clone. I think it's Mozilla's responsibility to have a clearer communication if that's not the case.

Also, the move to WebExtensions is a move to a more secure extension model. Traditional XUL extensions were comparable to the extension developer compiling their own code into the browser. Yikes.

WebExtensions should be better sandboxed and have better permissions management.

You can't get those security benefits if you allow older XUL extensions to stick around. You have to sunset XUL extension at some point.

And, similarly, you can't go to any sort of multiprocess architecture (or multithread) model if extensions can mutate more or less anything at any point, and that's not just about security, that's also about what plenty of users have been asking for for years—performance.

> Also, the move to WebExtensions is a move to a more secure extension model. Traditional XUL extensions were comparable to the extension developer compiling their own code into the browser. Yikes.

Not if you previously moved to the Jetpack, err addon-sdk with cfx, err jpm tool. Now there's yet-another API to move to. At least this one will make it easier to develop portable extensions (but still not straight-forward).

To be perfectly honest I'm not at all interested in "better permissions" for plugins when it comes with the removal of flexibility that you get for free. If I've got plugin-installing malware on my system, I've got worse problems than a rogue plugin.

Give me more useful over more secure any day of the week.

But the flexibility did not come for free! Whenever they changed internal interfaces, they'd either have to create a clone, call it interface2 or break all extensions using them. That's for internal interfaces.

The new model also means actual public support for a well-defined API. It's so much better for developers.

Besides, it also enables some big performance and security wins.

As someone worried about security; I hope that is not the majority opinion.

It's not entirely unreasonable. We use software because it's useful. If you make it so secure that it is no longer useful, what have you got left?

In the case of Firefox extensions, I'm aware of the risks of the old model, but the fact is that the only observable difference it has made to me so far is that when I accidentally hit back on a page with an unsubmitted form the other day I lost about 20 minutes' worth of work, because the extension I used to use that would have saved everything automatically no longer works. This is not progress.

Lazarus: Form Recovery hasn't been maintained in years. But I don't think there's anything about it that can't be done with web extensions. There's already one that has the base functionality: https://addons.mozilla.org/en-US/firefox/addon/textarea-cach...

If you hit Backspace in error, you can disable the “Go Back” action associated with the backspace key using about:config like so:

browser.backspace_action = 2

Read [1] for more instructions.

If you explicitly used the mouse to click the Back button, I am sorry for the time you lost.

1. http://kb.mozillazine.org/Browser.backspace_action

Allow me to introduce the Thinkpad X61 keyboard:


That's a dedicated "go back" button between up arrow and right ctrl.

My webmail is unusable without Lazarus. I've taken to composing in emacs and pasting the result into forms.

With the appropriate extension this can be made seemless. Hit a hotkey get an emacs buffer with the current contents of input box. Write some stuff and save and quit. Input box now contains contents of emacs buffer. Annoyingly this requires a service that sits in the background in chrome because security wont let chrome launch such a process. In chrome you can use text-aid-too. Pentadactyl/vimperator can do it with firefox and others.

I don't see any control keys at all in that picture! This has to be a joke.

There are more languages than English in the world. Keyboard has 2 control keys, as it should.

browser.backspace_action = 2

Thank you, that's very useful!

My earlier mistake was clicking to focus on my Firefox window but not quite on the form text area I was aiming for, and then trying to delete the last word I had typed. Your tip would have saved me on that occasion.

The idea that the XUL extension model is necessary for a browser to be useful is obviously false. The majority of Web users use browsers that do not have a XUL extension model.

(And, of course, I don't believe your desired functionality is incompatible with Web Extensions anyhow.)

With respect, that doesn't really matter.

I used to have a useful feature that worked.

Now I don't.

That was the practical result of the change we're talking about for this user, regardless of any theoretical benefits elsewhere or any theoretical ability to provide equivalent functionality within the new architecture.

Other people are welcome to use other browsers, but I was using Firefox, and a big reason I was still using Firefox despite various other changes I didn't particularly want was the range of useful extensions I could choose from.

> I used to have a useful feature that worked.

> Now I don't.

Well, imagine for a moment that you're whoever is in charge of firefox development at mozilla:

- You want to take advantage of modern hardware such as multiple cores, GPU's etc.

- You want to get rid of XUL which is an evolutionary dead end.

- You have an existing extension model which basically allows extensions to more or less freely poke about in the internals of the browser

- You want to improve security for users, both against malicious sites and (to a lesser extent, I suppose, but still) malicious browser extensions.

Now, what would YOU do if the constraint is that you can never ever break existing extensions?

I guess you would lose some of your remaining market share to chrome and wonder how much smaller your revenue is going to be when the yahoo deal expires?

> I guess you would lose some of your remaining market share to chrome

So, you're saying that:

- some people kept using Firefox because it had more powerful extensions than Google Chrome.

- these people are upset because mozilla is breaking the old extensions in favor of a less powerful alternative (still better than Chrome's, that the main point of the OP)

- then people are going to move to Google Chrome which still is the worst browser for extensions

Who reasons this way ? There are legitimate reasons for being upset (my favorite addon disapeared and that makes me sad / I need to rewrite all my addons, depending if you're a user or an addon dev), but I don't think anyone will shoot himself in the foot and use a worse (addon-wise at least) alternative just because mozilla's people are mean !

Most users aren't developers they aren't judging the relative power of extension systems they just are liable to notice useful extensions going away.

Firefox on Linux seems to me to be slower and crappier save for interesting extensions.

Enough so that I've just decided to ditch Firefox even before interesting extensions go south.

The idea is for extensions to have the flexibility they have had. I don't think anyone would object to WebExtensions if it didn't cripple or make existing extensions impossible to exist in the future.

Also, this interest is not about the majority of the users. This is about the users who know about Firefox extensions and use a bunch of them everyday! I know my life has certainly become more productive and less stressful with several extensions than without. In my experience, Firefox extensions have also historically been of better quality and reliability compared to Chrome extensions. For now, I have just two examples for my case - switching proxy servers and saving/restoring browser sessions. I use Firefox extensions that work beautifully, and just as one would expect (they're Foxy Proxy and Session Manager), but similar extensions in Chrome don't work and I always end up fighting more with the browser and the extensions to have a better experience. To this day, I can't trust Chrome to restore a crashed session on the first (re)launch. So I use Chrome more as a one-off browser once in a while and try to avoid having long running sessions (my browser sessions on Firefox can span several days, weeks or sometimes even months).

My opinion is that technically savvy people must use their knowledge and influence to guide others to use things that make life easier and better. I have been following this myself by encouraging people to use Firefox and by showing them some great extensions to have.

> I don't think anyone would object to WebExtensions if it didn't cripple or make existing extensions impossible to exist in the future.

Actually there have been some complaints about API churn; rewriting is no fun. But I agree with the rest of your post.

The majority of Web users use browsers that do not have a XUL extension model

And the majority of these users may have no idea what an extension is either. That doesn't mean all browsers should be dumbed down to cater to the lowest-common-denominator who will manage to infect themselves regardless of how featureless and "secure" browsers become.

> The idea that the XUL extension model is necessary for a browser to be useful is obviously false. The majority of Web users use browsers that do not have a XUL extension model.

I explicitly preferred Firefox over every other browser I ever tried because its extensions were more powerful and more abundant, and it appears likely that this was due to XUL providing deep access to extensions. You can't just say that others didn't have a feature if that feature was a key differentiator!

Usability will always beat security. This is why usability is one of the 2 most important concerns in security.

Security is like Safety: if it is put on a holy pedestal then everything else suffers.

I always say "Safety Third."

I'd like better permissions, but not at the cost of a more flexible, customisable browser than chrome. There should be reasons to use firefox above and beyond muscle memory.

This would help all the individuals who have inadvertently installed malware addons which do not have pwned systems as soon as there are any, if there are ever any.

Sadly, it is.

It isn't just malware installing plugins, it is the plugins increasing the attack surface for people trying to use the browser to install malware.

But as a user, you're probably just going to want to know if there is an extension that does what you need. Are you worried about the underlying APIs if you're not a developer?

I don't care for myself, but the author of one of my favorite extensions has stated that he's not porting to a webextension because he doesn't want to rewrite (again) and because (at the time he looked, at least) the APIs didn't really support it. I don't care about the API directly, but I absolutely care when they're insufficient.

The API is expanding pretty quickly and FF developers are taking input from addon devs. https://wiki.mozilla.org/WebExtensions#Firefox_57 There are even some people who have "office hours" available to give advice for porting old plugins to the new APIs. https://blog.mozilla.org/addons/2017/03/09/office-hours-supp... They really don't want the APIs to be insufficient either.

I care about the direction of the project.

> For example, the move from legacy add-ons to WebExtensions is surely one less maintenance burden for Mozilla.

On the other hand it is an annoyance for many extension developers and users of those extensions. Half of the extensions i use (like DownThemAll, FireFTP and MAFF) are not WebExtensions compatible and there aren't any alternatives.

What do you think of Opera becoming Chrome?

I don't know. I haven't used Opera since the 1990s.

I fully expect most people will share my view.

Man I remember when Opera was THE one to use

most people will say "What's Opera?"

Kill da wabbit, kill da wabbit!

I think I preferred it, but what killed Opera for me was being bought by a Chinese company + seeing what that company did to Opera Max (which I thought was a "killer app" before the acquisition).

> seeing what that company did to Opera Max (which I thought was a "killer app" before the acquisition)

What did they do?

It never did - Opera was killed just after Kestrel, and a new Chrome clone was slapped with the logo and name. There is no Opera, and hasn't been for some time.

Opera was killed just after 9.6? I thought it survived till Wahoo.

Ah, sorry, my bad, got the codenames mixed up. Presto, i.e. 12.15.

Presto was the layout engine (and called that for as long as it existed as a properly disentangled module). Desktop 12 was codenamed Wahoo.

does not matter, happily 'stuck' using 12.x series :D

I found this disturbing:

"Chromium-based browsers are being “infested” by Instart Logic tech which works around blockers and worst, around browser privacy settings (they may start “infecting” Firefox eventually, but that is not happening now)."

From his linked post:

"Instart Logic will detect when the developer console opens, and cleanup everything then to hide what it does"

Is this implemented via a CDN-delivered script? Why would Chromium-based browsers be more susceptible?

It is indeed disturbing. Why should a web page be able to detect if dev tools has been opened? Isn't this a browser security issue?

It's pretty insane how much your browser knows about you:


There's another one I can't find, but it writes out things like "user moved mouse to x,y. User has been idle for 10 seconds, page lost focus, page gained focus" .. kinda creepy how much is available to the Javascript engine.

This is pretty normal for a UI programming framework. The creepy thing for me is when that stuff is reported back to the origin over a websocket.

You must be talking about clickclickclick.click

And thanks for the new novelty website bookmark :D

Reminds me of “Achievement Unlocked”:


Elephant Games are incredible and their creator is also imcredible. I highly recommend checking out his other games if you haven't already. http://www.jmtb02.com/

Operating system, browser, CPU, local IP, connection speed. That's all I was shown, probably thanks to uMatrix blocking 3rd party scripts.

>Browser Plugins

>No plugins detected.

Interesting. I have 6 installed on Firefox.

Firefox no longer reports installed plugins to websites. It causes some interesting behavior on websites that check to see if you have flash before letting you play games (sorry, you need to have flash installed). I had a user script for a while that 'fixed' the navigator.$whatever to show having flash installed so I could play some game; now I just use Shumway and it seems to work.

If you think this stuff is creepy well...okay?

I mean, it's not like every desktop application you've ever used in your life couldn't do the same or more?

The difference is that you run only trusted native applications with the ability to check their source code, while you are visiting untrusted sites which often have obfuscated javascript.

I think that it would be a better comparison between a pdf file and the web: pdfs files can't do the same or more.

PDFs can run JavaScript too. Open this PDF in Chrome: https://raw.githubusercontent.com/osnr/horrifying-pdf-experi...

And I would argue it is harder for the average user to view the JavaScript inside PDFs: on the web just right click and choose Inspect Element right in the browser; for a PDF you'll have to use specialized tools to decode the myriad encoding schemes inside a PDF. The average JavaScript developer doesn't know how to extract JavaScript from a PDF.

While it works on Chromium it does not seem to work in xpdf, pdf.js nor any other pdf viewer that I tried. It seems that JS, flash, etc inside pdfs are proprietary, useless, and potentially dangerous adobe-only extensions that nobody else implements and nobody uses. It's just that Chromium happened to have a JS engine so they decided to let JS inside pdfs to be executed with a very constrained API (which can't do anything malicious probably - unless a bug is found in its JS engine).

My point still stands: I do not expect a pdf document to be able to do anything like the djsumdog's link and neither do most people. If a pdf document was able to do anything like that I would consider that viewer as broken.

> The average JavaScript developer doesn't know how to extract JavaScript from a PDF.

They could learn with a few google searches.

> you run only trusted native applications with the ability to check their source code

Is the "you" in this scenario Richard Stallman?

I would suspect it's sniffing for the window-size suddenly changing in certain ways, perhaps along with watching for the normal dev-tools keyboard shortcuts via keydown listeners. I can't actually remember off the top of my head if Chrome suppresses the event in that case, but it wouldn't be surprising if it didn't.

The easy check for this would be to see whether opening the devtools in detached mode via the menus makes it notice.

Note that this would actually be quite a pain to hide from the page, just because it's something the page needs to know to display some stuff and make rendering calculations. If it was hidden from the page, we'd suddenly be complaining about debugging floating footers which are hiding under the devtools.

This is what happens when I trigged DevTools while logging key events:

document.addEventListener('keydown', ({ keyCode }) => console.log(keyCode))




You can see each key.

But there's different ways of opening dev tools. You can use the mouse to right click as well. In fact, when using keyboard shortcuts in the better these days, I have a habit of hitting alt+D first to get to the address bar first (Outlook likes to hijack browser shortcuts like Ctrl+n), in which case the website shouldn't know I'm pressing anything at all.

I think OP's point is you can listen for a bunch of signals: If you see the right keydown events, or if you see a contextmenu followed by a rapid change to innerWidth, they probably opened dev tools, and you should delete your evil cookies.

The person who figured this out probably opened them via menu and had dev tools in another window, so the evil folks couldn't detect the resize.

This actually made me try switching to Firefox again. There's some minor things missing, but for the most part all the features I want are there.

Firefox is maybe 80% of the way there. Just like in the IE Anitrust days, firefox suffers from sites that do not design with it in mind.

Still better than Google Creep. Change to a search engine that protects privacy too.

If you think "not designed with Firefox in mind" breaks things, try using uMatrix for a while.

If people would focus on content in HTML and CSS for layout and newfad devs weren't shoving 50 jscripts a page down our throat this wouldn't be happening as bad. I plan to make all my future sites librejs compatible, and forgoe js altogether whenever possible.

History keeps repeating.

Flash? Now you have heavily javascripted "website".

Table layout? Now you have bootstrap and friends.

Progressive enhancement? Fuck that, we don't have time.

And 5 years from now people will rediscover those and accessibility. Then 5 years later another kind of hell will have appeared to replace this.

The only big change for the current wave is that everything is obfuscated so it's harder for a newcomer to learn by checking how people coded things.

How this could be done if your backend it's a REST API?

You can still render server-side, an with a REST endpoint it should be easy to do so.

I've been using uMatrix for over three years and very very few websites don't work with it.

By far the most annoying 'feature' (more of a consequence of the internet) is the way that you can't whitelist HTTPS sub-domains. (Makes AWS Console a pain.)

Does AWS Console have much that needs blocking? Seems a reasonable place to simply turn off uMatrix. You could also simply use a second browser with uBlock Origin for a limited number of sites - I tend to do that for a lot of checkout /payment options where the repeated reloads of whitelisting in uMatrix could be troublesome.

Can you recommend a search engine? I'm trying DuckDuckGo, but it's just not as good.

> I'm trying DuckDuckGo, but it's just not as good.

It took me a while of using DDG before I realized how much I had equated "good" with "looks like Google".

What finally hit me, hard, was that I switched the DDG theme to a color scheme designed to look like Google search results, and all of a sudden the results "felt better". Markedly better.

So, I started regularly comparing results, every time I found something that I felt I didn't get the results I expected for. I would search, and then search again with !g. And almost every time I ran into something that I didn't like the DDG results for, the Google results weren't actually any better. (The rare times they were, I reported that, and often it got fixed.)

!sp will give you the google results without the google tracking as it's a proxy of google results.

I use "!s" in DDG to get to Startpage [1] search results. One letter shorter to access the same - no need to type "!sp" when one can just type "!s" instead. :)

This does not work for replacing "!spi" (image search on Startpage) though. Using "!si" does a search on a non-existent subdomain sportsillustrated.cnn.com.

[1]: https://www.startpage.com

awesome, DDG rocks

just tried !spi and it works as image search :D

My problem is not the looks, whenever I use !g I'm annoyed how bad it looks. It IS the results. Often when something doesn't have a ton of relevant results, DDG gives the wrong results while !g has what I'm looking for.

In my experience ddg is less contextual. For instance when searching for something that is trending, Google will often give the most expected results even if the search keywords are incredibly vague, while ddg will give more standard results respecting the keywords.

That’s the very reason I switched to ddg, but it bites me back everytime I try to catch up on stuff everybody already knows for days, and need to fallback to !g.

Are you allow google to store cookies? Maybe its because of personalized search google does?

Oh, I'm pretty sure that's why. Unless encrypted.google.com doesn't use that information? Anyway, I'd love to have some way to personalize my DDG results and tell them what to boost. Alas.

Either "we doesn't gather your personal data" or personalization. These choices are mutually exclusive.

how'd you report to DDG? tried reporting that !gi does not utilizes encrypted.google.com (which I think it should), seems like no dice

I used the "Feedback" mechanism, and typically got a human response by email.

I always hit DDG first then if the results aren't great just append the Google bang (!g) in the DDG search field to get an unbubbled goog search.

The DDG bang system is one of its best features in my mind. https://duckduckgo.com/bang

How often do you end up at Google though; a few years back I tried DDG for a couple of months but ended up basically always doing !g and so went back to Google.

Might be time for another go?

It depends on what I'm searching for. If its an error code or something a bit esoteric around tech then google usually has better results, but for everyday topics the results are pretty decent, and they feel like they have improved over the years.

I probably do less searching than I used to, but the bang system really helps me search other sites much more effectively. The more common bangs I use are !w for wikipedia, !so for stackoverflow, !imdb, !gh, !tpb, !bm for bing maps, !bi bing images.

!sp for startpage is really nice to use if you want to have the Google results without the tracking. Edit: looks like this was already mentioned below. Whoops.

I don't have any figures to back this up, but I feel like I use !g about half of the time (it may be 70 or 20% as well since I have no data). I'm not free from Google then, but this reduced my dependency by about 50%, which is still good to take !

For anything tech-related or everyday information DDG provides more reliable results than google because it's less infected by sales and SEO-spammers.

For local businesses and really rare topics Google is better.

I was in the same situation. Switched over again a few months back. I almost always only need to use !g for rare results (and even there it doesn't always help). On the other hand bangs like !mdn (mozilla developer network) and !w (wikipedia) make things much easier.

I use Firefox "awesomebar" keywords so "w" for Wikipedia, etc. (I think Chrome has this too), so I don't gain anything really with DDG's keywords on most searches.

I use !s. Redirects it to Startpage instead. Google results, but it acts as a proxy.

On the homepage, https://www.startpage.com/, at the bottom it lists the security part a bit more.

I basically only use Google for movie listings, calculations, and restaurant hours now. The rare times I switch to Google for other searches DDG fails on, Google is no better.

I follow a three step model: 1. DDG 2. If that doesn't help, then use !s to search Startpage. 3. If that doesn't help, then use !g to search Google.

Other than the relevance and quality of search results, there are differences in features across these sites, like date range search, for example. Image search also seems to have more flexibility on Google. I haven't checked recently if reverse image search even exists on DDG or Startpage.

https://www.startpage.com gives you Google results but proxied.

Same for me. I fired up Firefox for the first time in years and it works great. The hardest part to get used to is their super-weird hamburger menu layout.

This menu is changing for Firefox 57. It will have a more "normal" menu soon. You can see it today by installing Nightly Firefox.

What Ankit The mobile menu? The mobile menu is a mess if you have extensions installed, because add-on developers don't put their stuff in the tools/page submenu, and there's no way to rearrange it.

Pressing Alt brings up the conventional menu bar, at least on Linux.

Plus you can go hamburger menu, customize, (some drop down menu at the bottom), show menu bar. First thing I do when I install FF on a new computer.

I recommend the Nightly channel. It feels much snappier, more performant and cleaner than the stable version.


> The purpose of Instart Logic technology is to disguise 3rd-party requests as 1st-party requests, thus bypassing content blockers, and even the ability of browsers to block 3rd-party cookies (because they are stored as 1st-party cookies):


How exactly does this work? The link mentions that it detects when Dev tools are opened and changes something?

>How exactly does this work?

Which part? The making 3rd party cookies into 1st party cookies is likely just a caching proxy. They mention the speed benefits here, and not the cloaking benefit, but.. https://www.instartlogic.com/solutions/appspeed/runtime-opti...

Wow, the 'id' getter strategy is devious and effective on Chrome.


And he has a list of sites that use WebRTC to get around blocking. Didn't Firefox or someone say they'd reconsider auto-enabling WebRTC if this practise became widespread?

> Why would Chromium-based browsers be more susceptible?

From the linked discussion: "they may start “infecting” Firefox eventually, but that is not happening now"

So it sound like the developers of Instant Logic are simply choosing to target the most popular browser at the moment.

I still don't actually understand what "Instart Logic" is, can anyone explain it?

That doesn't seem related to the topic unless I'm missing it. Also it has nothing to do with browsers or Chrome vs Firefox


"Web publishers make simple DNS changes to flow the network domains that carry their HTML through the Instart Logic system. This allows our system to inject a small piece of JavaScript that can detect the presence of ad blockers. When an ad blocker is detected, the JavaScript-based virtualization layer Nanovisor, together with our intelligent cloud-based, machine learning platform, encrypts and delivers all the elements of the page using the customer’s existing delivery services.

As a result, each resource on the page, and any signals and actions such as measurement beacons or user clicks, will have its URL encrypted and obscured. This renders ad blockers ineffective, as they can no longer search for patterns which would indicate a resource is related to advertising.

The result is simply the experience that the web publisher intended on delivering to the end user with no changes to the ad delivery or measurement systems; end users have no need to be aware the technology is even being used."

Buzzword Bingo.

That's actually some pretty cool technology! I don't like what it's being used for, but I like that it exists.

This is basically how viruses get around antivirus. I think the virus/antivirus arms race has been more or less won by viruses, so it looks like this is the end state of the adblock wars.

Ahh see, I didn't even know it was a company.

It's referenced in the OP:

    Chromium-based browsers are being “infested” by Instart Logic tech
    which works around blockers and worst, around browser privacy
    settings (they may start “infecting” Firefox eventually, but that
    is not happening now).
And there is a link to further elaboration: https://github.com/gorhill/uBO-Extra/wiki/Sites-on-which-uBO...

Okay, so they have cookies on a subdomain of the main site's domain. But that in itself is not a problem, since it does not enable them to track me across websites. So I don't have a problem with that, unless they use other tricks. Are they using browser profiling or something similar to correlate across websites?

> Instart Logic tech which works around blockers

Hadn't heard about this, but this is why I still keep long blacklist in my /etc/hosts file even though I use uBlock Origin also.

Out of habit I get mine from http://winhelp2002.mvps.org/hosts.htm. Not sure it's the best one, but I started using it years ago when I was still using Windows and have just stuck with it.

I'm pretty sure there might be a bug for this in the Chromium bug tracker that is hidden from the common folk, just like they hide their bug where websites can detect if you're in private mode(!):


Any more reading on the Instart Logic tech detecting dev tools and hiding itself? I can't find much online.

Typically it seems to poll window height/width vars in js. https://github.com/sindresorhus/devtools-detect

Another variant: https://stackoverflow.com/questions/7798748/find-out-whether...

Sorry I meant I was looking for more like documentation on the product rather than implementation. Thanks though.

To add to the list:

* You can run the uBlock Origin on Firefox for Android: https://addons.mozilla.org/EN-US/android/addon/ublock-origin...

Afaik there's no ad-blocking extension for Chrome for Android which I find pretty telling. I'm using Firefox on Android and the ad-blocking (less traffic, less blink-blink animations and less CPU consumption) make mobile browsing a night-day difference

There's no extensions on Android Chrome, and the reason is simple: if they enable extensions, people will mostly install ad blockers and that's bad for business at Google

Google is in the process of allowing some adblocking in Android Chrome.


Huh. These actually sound like good arguments to switch to Firefox, arguments I've never heard before until now.

One thing I learned several years ago when I decided to jump on the bandwagon and try Chrome was that Chrome was unable to safely block javascript the way NoScript does because the plugin framework doesn't allow a plugin to block Javascript before it's loaded.

So all the noscript equivalent for Chrome could offer was to block Javascript after it had loaded. Which seemed unreal and pointless.

So I stayed on Firefox. Because I've been convinced for many years now that Javascript plays a major role in malware delivery through the browser.

And along with email the browser is the major delivery platform for malware.

NoScript block all three: javascript, java and flash.

Javascript can be used to deliver/encode/decode exploit payload. Usually the exploit itself is java or flash.

At least, that's what I noticed for the zero day RCE that made it up to the first page of Google.

Chrome can block JavaScript before it's loaded, its what uBlock Origin does and others as well (using the WebRequest API available to Chrome extensions)

I found uMatrix to be an adequate substitute once figured out (http://adamantine.me/index.php/2015/11/18/umatrix-desperatel...)

It's important to know that NoScript does far more than block JavaScript; just look up its ABE component, for example.

For technical users, uMatrix' interface is an amazing achievement in, effectively, managing application firewall rules. It's breathtakingly efficient in both communicating active settings to the user and in configuring new rules. I wish my actual firewalls used that interface.

chrome has a setting to block scripts and it lets you add exceptions for sites

it's also easy to access: http://cdn2.ubergizmo.com/wp-content/uploads/2012/11/site-in...

i wish firefox came with something similar

The advantage of Firefox's NoScript plugin is that it can be selective.

Say you randomly visit a site and want to temporarily allow the javascript it uses to do its thing, but you don't want to allow any other javascript on the page such as facebook's and google's. The built-in chrome javascript blocker doesn't let you pick and choose temporary permissions at that moment.

I didn't know the firefox version could do that, it's something I've wanted for sometime.

I moved to firefox once 57 was released on nightly. Firefox is finally usable (in terms of speed) again and I can use it for day to day tasks.

I think I qualify as a poweruser by some standards, I tend to have 100's of tabs open and I've never left Firefox for speed reasons or others because it has held up extremely well over the years. My machine has a lot of RAM so maybe that's one reason things have been quick, and the main drive is an SSD. Is there anything specific about the 57 release that makes you feel caused the speed bottle-neck to disappear?

57 is lightning fast. Like, almost uncomfortably so on my machine.

Broay this is because quantum is much further along in nightly than on the other channels. Specifically, they're more aggressive with multithreaded settings, multiprocess is enabled, and the quantum css component is turned on, too.

Is also helps that we compare to chrome. On Linux chrome doesn't even do GPU rendering. So the HN crowd probably has a disproportionately bad experience with it

> 57 is lightning fast. Like, almost uncomfortably so on my machine.

I thought you were overstating it but I just tried it out and you're right, it's crazy fast.

> 57 is lightning fast. Like, almost uncomfortably so on my machine

As others have said here, I just installed Firefox Nightly after reading this, and you're 100% correct. I think it might even be faster than Chromium for me.

Wait, what? I know that hw accelerated video decoding is generally not available on linux chrome, but I'm pretty sure that lots of other things are. From my chrome://gpu

    Canvas: Hardware accelerated
    CheckerImaging: Disabled
    Flash: Hardware accelerated
    Flash Stage3D: Hardware accelerated
    Flash Stage3D Baseline profile: Hardware accelerated
    Compositing: Hardware accelerated
    Multiple Raster Threads: Enabled
    Native GpuMemoryBuffers: Software only. Hardware acceleration disabled
    Rasterization: Software only. Hardware acceleration disabled
    Video Decode: Software only, hardware acceleration unavailable
    Video Encode: Software only, hardware acceleration unavailable
    WebGL: Hardware accelerated
    WebGL2: Hardware accelerated
But this is with an integrated GPU, so maybe things are different for discrete cards.

Firefox has always been unbearably slow on Linux for me. It's the main reason I swapped to Chrome in the first place. I tried switching back to Firefox about 6 months ago, same problem of extremely slow and laggy UI. Interesting to hear 57 is faster now, it may be worth trying again.

Do you have any extensions installed?

Have you tried using a fresh profile, just to narrow the possible variables?

If you've checked both of those things, and you can characterize the slowness in the context of specific operations (e.g. what "laggy" means, precisely), then I'd recommend filing a bug and working with the developers to track down the problem. Because that is not normal.

Also, current Firefox has `about:performance`, where you can diagnose what addons and tabs can be slowing down the browser. It's quite neat.

I just refreshed my profile and performance improved immensely.

Go to about:config and set layers.acceleration.force-enabled to true. Made a dramatic difference for me in Linux using a Intel iGPU.

You can check the acceleration status in about:support, look at HW_COMPOSITING and OPENGL_COMPOSITING.

Firefox 57 should be a much, much improved experience. e10s with multiple processes started rolling out to users in Firefox 54 and tons of small performance issues have been fixed in 55-57.

On Linux, manually enabling GPU acceleration as user ac29 describes below can a big difference. Unfortunately, a lot of Linux GPU drivers have issues that prevent acceleration from being enabled by default for some users.

Same here, it's why I switched to Vivaldi. I had to restart Firefox every day or so and it still lagged. I've read the other recent post on here that shows 100+ tabs has almost no startup burden in FF57 compared to previous builds. I should try it again.

Here's an in-depth article on Firefox 57 and all the big changes:


This article is good but the annoying div that covers your mobile browser when you are in landscape, is not!

OMG. Why do they do that?

has cnet always been this bad? I mean you need JS to read the thing

and the whole article is on a floating div?

For those who don't notice the speed, multiprocess may be disabled due to certain addons. Go to about:support to check if it enabled. The addon compatibility checker addon can tell you which are the offending addons. For me 1password was the big blocker, but they recently released a beta that works with the new API. Sorry for the lack of links, I'm on mobile.

Oh interesting. Firefox still seems slow and a bit of a memory hog compared to Chrome on my machine. Sure enough I checked and three add-ons are marked as legacy (and presumably disabled the multiprocess stuff): uBlock Origin, Websocket Disabler, and NoScript.

At least uBlock Origin is compatible with multi-processes. I'm using it right now.

Firefox 55 marks classic extensions as legacy, this has nothing to do with multi-process comparability.

Yep, not legacy, but "not compatible with multiprocess" is what it should show for offending addons.

Well, how can one determine which addons are multi-process compatible?

I may have to try Firefox again once 57 is in portage. A few months back I switched to Vivaldi, begrudgingly. I really liked Firefox, but the speed issues were becoming unbearable.

Vivaldi has been a lot faster and mostly an alright experience, and I've watched many of the issues I've found for it get addresses in recent builds. Still there are many things I miss about Firefox, not to mention supporting that community and the browser I've used for well over a decade (including back when it was Phoenix, the original Mozilla and the old Netscape 6 that proceeded them).

How has the nightly been for you in terms of stability? Been thinking of switching to it from beta. The memory issues on MacOS are killing me, and I believe there are fixes in nightly now.

IME, desktop nightly hasn't ever outright crashed (less lucky with mobile nightly). Sometimes I notice minor rendering glitches on various sites, but I also have Servo's CSS engine enabled which might be doing it (it's not yet the default).

Well, it used to crash a lot at some point : when e10s was first activated by default in Nightly (in 2013 IIRC) it crashed several times a day. I stopped using nightly for a year afterwards.

Yeh it doesn't crash for me, it just chews up memory until it's unusable. SO far so go though. We'll see how it last through the night.

Slightly OT: is that what a 'Discourse' page looks like? It's pretty awful: it will automatically update the URL as you scroll past each post in any direction, while breaking the Back button, so good luck getting back to the original post, since neither clicking on Back nor reloading the page will get you there. Basic UX failure.

What browser are you using? Because when I scroll on that page and the URL changes, it doesn't affect my Back stack (this is in Safari).

Using Firefox for Android.

I can't not notice the irony that this is happening with FF on the mozilla.org Web site.

That's the behavior I see using Firefox.

It looks like a feature to me : this way when you copy the address it links directly to the right comment. Of course this comes at the expense of a working back button.

The page is using Location.replace[0] to update the URL and replaces the current history entry without affecting back/forward behavior on pretty much any browser.

The one downside is that the URL may no longer point to the comment you were originally linked to.

[0] https://developer.mozilla.org/en-US/docs/Web/API/Location/re...

Keep in mind that it's not within Google's incentives to facilitate ad-blocking and prevention of tracking. After all, that's where the lion's share of their revenue comes from. However, Mozilla is free to actively support such efforts.

If that was that clear cut, they would ship tracking protection enabled by default, not just in Private Browsing mode.

The default configuration of Safari is actually protecting you better than Firefox's and most users don't have an ad blocker installed.

Good point. Mozilla made most of their money from Google, and other advertisers, iirc. "More free" might've been prudent.

You make a good observation about Safari too. Apple doesn't make much money from advertising--they still sell hardware. They can provide privacy to users at little expense to their core business.

> Mozilla made most of their money from Google, and other advertisers, iirc.

The much bigger problem is webpage owners which lose almost all incentive to support Firefox, if it blocks their ads. You'd have broken webpages all over the place.

Just like in IE/Edge, the "Do not track" setting used to be enabled by default, then it became disabled by default, and for good reason. The argument is, if it is enabled by default, sites will not bothered to support it since it was not something that the user turned on explicitly and was aware of.

Tracking Protection isn't Do Not Track. Tracking Protection in Firefox blocks web trackers


In my experience tracking protection breaks a lot of websites so I am not surprised it's not enabled by default

I agree. Not just that, I would add that Google's incentive is often to encourage usage of these services despite being a detriment to the user. To this day, Android still does not have Night Mode built in probably because so people would simply use the device more instead of going to sleep.

Opt out adblocking should be the number 1 differentiator as it has the biggest impact on browsing including performance, security and eye sore. It is borderline negligence that moz://a is not pushing it while Google and co are lubing up users with their Acceptable Ads nonsense.

Firefox is coming back, finally- I think their market share is at the bottom and we'll see a big uptake over the next couple of years.

Here's hoping! We need a privacy oriented browser that's kickass for dev work as well.

Pay attention to this project and volunteer if you wish - https://voice.mozilla.org/ - it may be a big thing for Mozilla

Market share has nothing to do with features/functionality. Google has the ability to promote their products to the big audience.

Market share has already been on the rise again since Firefox 48, which was the release that shipped the separation of the UI and content in two processes.

People here probably didn't notice right away, since you pretty much had to have no extensions installed for a long time for it to be enabled, but casual users seem to have noticed...

Bold statement!

uBlock Origin on Firefox would be more powerful than uBlock Origin on Chrome, but does it mean that uBlock Origin webextension on Firefox will be as powerful as uBlock Origin "legacy" Firefox extension ?

This is a post of gorhill from the last months Firefox - Google Analytics fiasco:

> Legacy uBlock Origin can block the network request to GA.

> However webext-hybrid uBO as per Network pane in dev tools does not block it. Same for pure webext Ghostery, the network request to GA was not blocked, again as per Network pane in dev tools.

> What is concerning is that both uBO webext-hybrid and Ghostery report the network request to GA as being blocked, while it is really not as per Network pane in dev tools. It's as if the order to block/redirect the network request was silently ignored by the webRequest API, and this causes webext-based blockers to incorrectly and misleadingly report to users what is really happening internally, GA was not really blocked on about:addons, but there is no way for the webext blockers to know this and report properly to users.


The issue you linked is specific to the `about:` pseudo-protocol. uBO's WebExtensions version works as intended on the web.

I know that, thanks. I posted it as a real life example of where webextensions are still not as powerful as the so called legacy extensions and wonder if that specific case still applies, is it fixed, planning to be fixed, or are there other specific examples where webextensions fall short.

Yeah, that specific case wasn't fixed; it appears that Mozilla doesn't intend to let addons run on `about:`. However, they did make `about:` respect DNT by disabling GA.

WebExtensions currently fall short when it comes to any addon that modifies the UI significantly (tree-style tabs etc), though it's been mentioned in some other comments here that they're talking to addon devs to extend the API where possible.

> However, they did make `about:` respect DNT by disabling GA.

The irony is that since most people have DNT disabled having it enabled would make it easier for you to be tracked.

> it appears that Mozilla doesn't intend to let addons run on `about:`.

Why is that?

Applications are open for YC Winter 2024

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact