FWIW, Firefox 57 is currently looking like a net loss in terms of security and privacy. A significant number of the extensions people have previously used for blocking or restricting potentially intrusive or dangerous behaviours seem to have been lost, in some cases without equivalent WebExtension alternatives being available.
If you're arguing that 57 is now more secure and better for privacy, perhaps you know something that people like me don't, and if so, maybe it's worth highlighting whatever built-in functionality can now replace those protections more in the documentation/marketing?
> FWIW, Firefox 57 is currently looking like a net loss in terms of security and privacy. A significant number of the extensions people have previously used for blocking or restricting potentially intrusive or dangerous behaviours seem to have been lost, in some cases without equivalent WebExtension alternatives being available.
First, I'd like to put things in context. When you write "Firefox 57 is currently looking like a net loss in terms of security and privacy", I suppose that this might (arguably) be true for you and a few other power users, but for the ~100% of users who do not use these power add-ons, their life will only be improved by the change.
Plus, I actually think that all the add-ons in the domain either have been ported or have an equivalent that has been ported. Certainly all the ones I use have been. Am I missing something that people actually use for their protection?
> If you're arguing that 57 is now more secure and better for privacy, perhaps you know something that people like me don't, and if so, maybe it's worth highlighting whatever built-in functionality can now replace those protections more in the documentation/marketing?
There is only so much message that marketing can propagate in a single campaign. I expect that we'll have another marketing campaign in a few months detailing what we've been doing for security and privacy. Especially since we'll have exciting stuff to showcase :)
Let me give you a few keywords of stuff we've been doing to improve security: a gazillion fixes, better static analysis, replacing some critical components with Rust, introducing the first formally proved implementation of cryptography components in a browser, sandbox improvements, etc.
On privacy, I'll admit haven't really paid attention, but the new add-ons you install don't have access to your private data without your consent, I remember that we've been working working with Tor Browser to reduce fingerprinting, etc.
I find it interesting that your instinctive view of privacy seems to be about restricting add-ons. That's certainly a useful thing to do, as we can see from some of the recent sell-outs that have meant once-trusted extensions silently became privacy loopholes. Even so, personally I'm more worried about the privacy implications of tracking and other covert behaviours by web sites/apps, and that's where the extensions you could run with Firefox really came into their own.
Someone has helpfully made a spreadsheet showing many old extensions and possible 57-compatible replacements, with notes on where things are a full replacement, there is limited functionality, there are known privacy issues, etc. I can't immediately find it again, so apologies for the lack of link, but have been references posted in some of the major online forums today, so perhaps you'll come across it. One of the things that was striking was that a lot of the extensions relating to blocking content or selectively toggling behaviours like running JS seem to have broken and not to have full replacements. I know that NoScript was a big one (though I've seen reports this evening that a 57-friendly version has just been released in that particular case). Quite a few ad-blockers and similar tools also seemed to have been affected, along with extensions like Greasemonkey that allow running customised JS and some analogous stylesheet customisers, and a few aimed at controlling the use of cookies and other data storage mechanisms.
For completeness, let me also say that the internal security improvements are all welcome, as is the continued separation of search from address bar and general lack of trying to spy on everything happening in the browser that seems to be ever-increasing in certain other quarters.
> Even so, personally I'm more worried about the privacy implications of tracking and other covert behaviours by web sites/apps, and that's where the extensions you could run with Firefox really came into their own.
This definitely makes sense. I know that we have new APIs that make some of it much easier to implement, but I imagine that they still have some limitations (I haven't checked). My hope is that APIs will be progressively extended to remove these limitations.
Regardless, I believe that we're better off with a sane API that add-on developers can trust, that we're going to maintain and extend, rather than with all-powerful stuff that breaks randomly :)
Firegestures had 270k users, according to AMO. A quarter of a MILLION people.
You broke mouse gestures entirely on MacOS and Linux, and didn't allow them to work well on Windows (DOM needs to load before gestures can be used because you force script injection, don't work on internal pages, don't work on top of browser chrome, etc).
Playing the devil's advocate: the top two most popular extensions (as listed on [1]) are Adblock Plus at ~14 million, and uBlock Origin at ~4.2 million users. That means Firegestures has about 2% of the top extension, and about 1.5% if you combine the two (assuming not many people use both ad blockers at the same time, especially since they use the same lists). That's just the people with those extensions. And it appears that that's active daily users (as opposed to people have downloaded it at some point in a Firefox that is no longer being used).
I do agree that Mozilla has handled the transition terribly; they should have made the API available first before removing everything. That way they would at least have the excuse of it being the add-on authors not cooperating. The way they've done it, before actually making the things possible, just makes it look like they're arrogant.
FWIW, Firefox 57 is currently looking like a net loss in terms of security and privacy. A significant number of the extensions people have previously used for blocking or restricting potentially intrusive or dangerous behaviours seem to have been lost, in some cases without equivalent WebExtension alternatives being available.
If you're arguing that 57 is now more secure and better for privacy, perhaps you know something that people like me don't, and if so, maybe it's worth highlighting whatever built-in functionality can now replace those protections more in the documentation/marketing?