On FF however I found no damn simple way to do basic things like:
- install extensions via CLI/wrappers (for instance homeManager), there are some hack but they are not reliable and Mozilla seems to try avoiding supporting such a thing;
- configure preferences, like about:config, outside firefox;
- customize ff themes in a simple manner.
Modern browsers seems to mimic the most closed commercial OSes I know of instead of mimic classic FOSS model and that's a big problem.
Today I can easily automate my entire desktop, but browsers and they demand more and more settings and third parties tools/extensions to be "at least less unsafe" for us users (from firejail/capsicum to cookies deleters, adblockers etc.
That's a horrific mess.
It's a pain, but I can see the compromise. If it makes the average Firefox user more vulnerable, there's definitely a case to protect them, even at the expense of its more capable users.
In general, blocking userspace from installing extensions and otherwise running malicious code stops FF from being exploited. Blocking all of these options blocks the OS from bad behaviour, especially where the user may expect a new computer/phone to have the default behaviour.
The vendors of phones and personal computers seem to have an interest in interfering with users' internet access; perhaps it is a good decision that Firefox does not let them.
So no, actual Mozilla strategy does NOT work to stop malware's on Windows nor commercial OEMs customization, as a matter of fact made only life of pro users and admin harder and open the door for less safe setup (for instance extensions added via homeManager may not get updated by FF).
This doesn't change that a sanctioned API invites abuse far more readily than reverse-engineering, especially when spyware is less frequently updated than Firefox itself. That there isn't a sanctioned API, and that the de facto API can and does change every version, is an advantage for Firefox against potential attackers.
If this is something you are sorely lacking, Firefox has also been straightforward to modify and compile, in my experience. You can always share a patch and enjoy these features as part of a smaller community, without compromising the userbase as a whole.
End users are adult, not child, and developers are others adults with ZERO right on their software's user.
If people want safer systems better learn to avoid commercial software, nothing else can help them.
Perhaps a more fine-grained permission model is needed for cross-application changes, but I can't think of anybody actively working on it in an OS.
install ThemeA, ThemeB
and have the AddonName downloaded with GNUPG signature check from an official Mozilla repo is by far more save that demand using interactive GUIs. Simply ask at startup to accept "potentially dangerous" extensions if you specify a local .xpi file it the same.
What you describe is the classic Windows approach that have proved enough to be ineffective and only useful for commercial practice. Mozilla is formally a foundation and Firefox is formally a FOSS project...
which is a perfectly reasonable and legitimate user request that, the browser not talk to the internet before the user agrees it may.
Back when I was trying to manage the configuration of my machines by having a git repository in my home directory or using stow, I got a little upset when I found that firefox stored its configuration in a profile directory with a random prefix. Why would it make it random? It's got to be the only program to do such a thing. I cannot imagine it's for anything other than to annoy people trying to manage its configuration with tools different from their own.
I've since found a way to make the profile directory not have a random prefix, but it still requires doing the change through Firefox's GUI profile manager.
https://bugzilla.mozilla.org/show_bug.cgi?id=56002 has the long discussion about it, but briefly: the profile directory name randomization was introduced to prevent web sites from being able to place data they control in known locations on your hard drive (via the browser cache) and then use that as a stepping-stone in a privilege escalation.
Basically they restrict browser capabilities to see entire filesystem to the minimum extent possible so an webappp can't download from you your personal ssh settings, plain-text saved passwords in home, secret porn collection etc.
For addons and other options you can use policies.json file, see https://github.com/mozilla/policy-templates/blob/master/READ...
// DO NOT EDIT THIS FILE.
and an optional user.js separate preference I do not know how reliable...
prefs.js is the storage for the current non-default pref values. At runtime, default pref values are loaded, then prefs.js, then user.js.
You _can_ edit prefs.js and the effect will be the same as if you changed the pref in about:config, as long as you do it while Firefox is not running against that profile. If you do it while Firefox is running, your changes will be overwritten at shutdown when Firefox writes out then-current in-memory pref values.
This is a great example of why I'm generally skeptical of these scattershot approaches to making users more secure by changing default settings in mainstream browsers. Security and privacy features always entail tradeoffs and should be designed and implemented holistically for best results.
This is why I, a privacy-conscious individual, don't follow any of these guides in my Firefox. If you follow the discussion on Bugzilla, the weekly team meeting notes, and occasionally ask respectful questions on Mozilla IRC, you come to a similar conclusion to me in that the Firefox development community is doing the right thing in not enabling this by default.
As much as I loved the browser in the past, nobody should consider running it today, without being informed of the implications. The ffprofile.com site is something I have been waiting for, but stuff like this should not be necessary and IMO Mozilla Corp. has won. Nobody celebrates a new version of FF anymore.
Also useful resources:
This used to be impossible, and essentially made my employer banish Firefox in most cases.
I see this defense quite a lot on the internet, and I think it's misplaced. Even without your comment, I would have downvoted you, not because I though you were in earnest, but because your sarcastic comment doesn't add anything to the conversation.
The difference is that I believe that my comment has a very small positive value, while I believe that the comment I responded to has a small to moderate negative value.
We need to regain control of our systems and data before being all slave (without even the need of a strong power) of few corporations...
>The malware scan sends an unique identifier for each downloaded file to Google.
AFAIK that's not how safebrowsing works. it checks the hash against a local database, and it only sends the hash to google if there's a match.
I understand though why Mozilla seems to be having such a hard time converging on a UX for Container Tabs that makes everyone happy and it may be impossible to ever surface 100% of the power of profiles to the average user. But -ProfileManager is so long in the tooth and so clearly predates modern niceties that it would be great for better UI/UX out of the box today.
Combine that experience with the current Containers sandboxing feature and that would be a dream.
There are extension providing pretty much the same experience, like Panorama view . I agree that it's very convenient to separate tabs into separate topics, and only view the ones that are relevant at any time.
Besides the classic work/home/sysadmin profiles, I also have a profile for browsing websites like /r/MensRights or christian websites: People have been fired for way less, so with such an incentive, Firefox tabs are way below expectations in terms of design.
Most browsers already have highly separated threads/processes for different tabs for performance reasons alone, but also cross-tab security issues. In most cases the technical difference between two tabs in the same window and two tabs in different windows is minimal. Technical differences in profiles such as different data folder on the hard drive is even already a part of Firefox's container tabs.
There is definitely an experiential difference, but a lot of the same signifiers (different themes / different "title" bars / etc) can be brought in and applied to multiple tabs in the same window, switching with tabs themselves. Or perhaps new UX signifiers might be developed that work better in a mixed tab space. It was encouraging that Mozilla was experimenting in that space, at least, even if what they built they weren't entirely happy with user studies of it. Again, the fundamental issue should be solvable with enough applied UX. We likely haven't discovered the solution for that yet (especially not one usable by novice users), but its still something interesting to continue to research and something that I hope is continued to be researched.
(PS If you are worried about getting fired over your dirty laundry, I'm not sure airing it in cleartext on HN is exactly the right idea either.)
After that when you click a link to that site from a different container, it will prompt you and ask if you want to use the other container or continue with the one you were just using. It will remember your choice.
One moment of inattention, and you're surfing the whole web for hours in your Facebook container.
Which users are you referring to, the ones who read HN and use firefox with containers? Most non-technical people would think you told them a conspiracy theory if you said Facebook can track their browsing outside the site, let alone be aware of that possibility enough to install firefox then install and configure containers. People who know about these risks and are installing extensions like containers are already conscious of their exposure on the web and are doing their due diligence not to leave much-identifying information out there, to begin with.
The sad truth is we write, and comment, and endlessly debate security best practices here that only get used by people reading this forum or small, highly technical and specific corners of Reddit.
In migrating the primary container tab UI into an extension, Mozilla seems committed to at least providing the functionality as a long term extension API. So I don't expect the feature to be scrapped at this point; maybe just to remain rather anemic "out of the box" for the time being as Mozilla iterates on its extension. That has me curious if there's a good power user-focused extension already to meet my profile needs (or how hard it would be to build one), but so far that's only been an idle curiosity.
Container tabs also were terrible if you needed a persistent login. My school proxy for journal subscriptions has like half a dozen redirects with different URL names, I either had to not use containers here or add an exception for every step in the login process that it would break because of the container system. I hated constantly running into problems with containers breaking websites and making browsing so cumbersome that I stopped using them entirely.
Like some of the esoteric Adblocker configurations favored here, they are good in principle, but in practice break 50% of websites on the internet without spending serious time crafting exceptions for every issue you run into on every new site you find.
Profilemaker pairs perfectly with this.
Profiles should be easy to use, like any other application: When you logout of one profile and into another, everything changes.
Unfortunately look's like it's defunct, a bunch of 1-star reviews being left recently. Perhaps worth removing it from the tool if the author is here?
I'd recommend to read these notes of Firefox config:
It might be difficult to read, but there a little bit more information and links which aim to protect privacy.
Really love how transparent this is + description of each field.
It's sad that someone would ever need to know half of these to browse the Internet safely.
I don't know who decided it was a good idea to have it single row without doing basic UX research.