Hacker News new | past | comments | ask | show | jobs | submit login
Firefox 67.0 Released (mozilla.org)
528 points by Spydar007 29 days ago | hide | past | web | favorite | 255 comments

Firefox 67 also the first browser that ships with `prefers-color-scheme` (aka dark mode) after Safari.


And it does the right thing and disables the feature when enabling the resist fingerprinting option.

I did a small survey and only very few websites have developed a second dark theme: https://zimbatm.com/DarkMode

BTW, cheap-ass dark mode can be made by:

  filter: invert(95%) hue-rotate(190deg)
on <body> and perhaps fiddling with some backgrounds, to avoid transparency.

As someone who codes dark mode first thanks for the lazy “OMG, my eyes...” mode ;-)

I used to code with black themes for a long time but not anymore: Why not simply lower your screen brightness ?

I feel it better for my eyes because the text which i'm looking at is actually dark and not bright.

Most people with dark themes have high brightness levels on their screens. I think this can be bad on the long term. Especially that many screen elements are not as dark as their code, which makes them ultra bright

> Why not simply lower your screen brightness ?

On at least two cheap laptops I have used recently, the display driver steps down the overall display brightness when large regions of the screen are dark.

Windows 10 on an HP Stream 11, Intel integrated graphics and Intel display driver.

I can turn down the manual brightness to its minimal setting.

When large windows with white backgrounds are on screen, the backlight brightness increases. Decreases again when the windows are off screen or closed.

This does not change the manual brightness setting.

I have yet to find a tweak to disable this.

At least some Dell XPS 13 have this. IIRC it's feature of the LCD panel itself.

It can be turned off in the BIOS (a change I made about 15 minutes after getting my XPS13, which I otherwise love).

If I remember correctly, this can be toggled off in Power Options.

Do people also get annoyed at printed paper being white? Do they wish books had black pages? If not, as you say, it is only a matter of adjusting the screen for the proper brightness, depending on ambient light.

And it is true that, inevitably, whatever you're doing, sooner or later some white background or picture will appear on screen and blast your eyes with light. I cannot stand this, so I don't use dark themes on my PC.

A white screen with high brightness can't be compared to white paper. If you have a bright lamp behind the white paper, you can begin to compare the problem. A white screen is fine for young people without any eye problems, when you get older and start having problems with the eyes, you might need to cut down on blue light to prolong the usage of your eyes depending on what problems you get. I have to use filters to remove blue light to not make my eyes worse.

That’s why I love redshift, I shove everything way over into the red and turn the gamma right down, I also killed the overhead lights in my office so it’s a comfortable quiet cave to work in.

> Do people also get annoyed at printed paper being white?

Printed paper glowing white would indeed be very annoying.

Passive displays, such as old non-backlit LCD or e-ink, can be white and not annoying. Most people don't want to stare into a light source more than necessary.

Using proper brightness helps, and dark mode can help even more.

What's the difference between a screen emitting X light as a primary light source and a sheet of paper emitting the same exact amount of light, as a secondary light source ?

The amount of light coming to your retina stays the same..

Just lower the brightness until it matches the amount of light reflected by a sheet of paper placed next to the screen.

If you can't read the paper, turn the lights on. Being in a dark room dilates your pupils which makes them even more sensible to bright light...

When reading in bright sunlight, the white paper can be excessively bright, and yes, I've wished for a dark page.

I agree that it is about matching the brightness of the monitor with the background.

I mostly use light mode, usually I can't get it bright enough during the day!

I will say my personal "Dev" computer uses dark modes though, I find at night with multiple monitors it's just too bright.

I've also read that it takes more power (battery) to render black than it does white. Combined with the need for more brightness it doesn't seem like a good solution.

Calibrating my monitors took them from having piercing bluish whites to more softer pinkish whites and reduced daytime eye strain significantly.

I then use Redshift at night with the undocumented "preserve" switch to combine my icc profile with the Redshift changes.

> I've also read that it takes more power (battery) to render black than it does white

This really depends on the display technology and for more modern monitors, the opposite is true.

Very few monitors use OLED, and most phones don't either although it is becoming more common there.

I mean that when I build out an application / site, I build the Dark Mode first then convert the dark mode into the light mode. (Most of my users choose to use dark mode over light mode if the option is given to them)

I set my monitor’s colour thingy to ‘paper’ and the yellowish tint makes any light theme more comfortable than a dark one.

Have you used the Dark Reader addon? It's not amazing in firefox (has major performance issues on some sites) but I can't live without it.

Have you tried simply using Stylus with a custom style? I've been pretty happy with the setup. No performance issues.

Stylus is great when Darkreader breaks on certain sites. But when it works there are no substitutes e.g. navigating HN using the light setting in Darkreader offers a degree of customisation to create a scheme and reduce eye fatigue, without too much effort. Whereas, it can be hit and miss when trying various themes/stylesheets etc.

a lightweight alternative to dark reader is this one:



I'm curious, why 190deg and not 180deg ?

Stylistic choice? Didn't find any information why exactly 190deg, so assuming the author just liked it that way.

Made a quick demo showing the difference: https://output.jsbin.com/hujebimavu/1

I don't really see any difference between 180 and 190 though.

Thanks for the demo. I barely see a difference too.

Subjective choice, you can fine tune based on website.

This has amusing effects on avatar images / pictures of faces. I wasn't quite mentally prepared for what I looked like with non-inverted colors but light shadows and dark highlights.

Edit: This is my dog: https://i.imgur.com/1ECupVA.png

while the invert operation is not truly invertible you can still partially fix this by applying another invert and hue-rotate on images.

Interestingly this works only if you have background color explicitly set. Otherwise you still get light background.

Yes, that's the "fiddling with backgrounds" part. :) This is mostly useful if you have prototype app and want a quick and dirty dark mode.


Ahem, HN. I bet most of your dedicated users (albeit who also use FF or Safari) would benefit from this.

Dark mode, for the first time ever, has legitimate, objective reasons to want, now that we have pure LED displays: a black LED pixel consumes no energy.

That was also the case with CRT displays. If a pixel is to stay black, no electron must be emitted to light up its phosphor.

This Google search frontend has been around long enough to claim it helped save considerable amount of energy on that principle:


What they report about LEDs and CCFL isn't entirely correct, however. It may become in the future.

Technicalities aside, what once could be regarded as an environmental measure, today is a much more practical battery saving strategy.

CRTs consume so much power that the beam current is negligible. The comparison is with backlit LCD screens, which have to have the backlight on regardless of how many black pixels you have.

Actually traditional tft displays need to apply a current to turn a pixel black, so if you don't use adaptive brightness that would dim the backlight if the display is mostly black, you actually consume more power with a black theme. I have a low power Pentium notebook with 15" led backlit screen and the difference between a terminal with black or white background is significant.

> I have a low power Pentium notebook with 15" led backlit screen and the difference between a terminal with black or white background is significant.

How significant? Turn the screen black, and show the remaining battery time estimate. Turn it white, do the same. I'm curious.

Battery at 74%. Sitting at black screen for about a minute, the highest estimate I got was 4:50, lowest 4:05. It was mostly showing numbers close to either of these, almost never something in between.

Switching to white I got 5:40 and 4:50 showing pretty much the same behavior.

It's an HP pavilion 15-p005ng with a Pentium N3530. Terrible machine btw. Linux freezes in irregular intervals, almost immediately with OpenGL stuff...

Surely it isn't extrapolating from current instantaneous power consumption?

I'm pretty sure that's how it works. The drivers report total battery capacity, current battery capacity, and current power draw, so the meters just do the math.

Not the case for LCDs with variable brightness backlight regions.

I remember my high school electrical engineering teacher challenging me to make a project out of comparing ways to save power with CRTs and LCDs. All black vs. all white screen had no measurable difference on my multimeter. I couldn't answer it at the time. I was convinced that it should save power.

I regularly get migraines, where "bright" lights are searingly painful to look at. When the symptoms aren't too bad, dark themes on a text editor are okay, but light themes are not.

Migraines aren't an uncommon problem.

I think that is a fairly objective reason driving the preference.

I dislike sites with dark background. Maybe it is a problem with my poor quality LCD screen, but I switch to reading mode on such sites (so that the background becomes white) because they are hard to read.

I'm pretty much the exact opposite. I typically use my computer/phone in a low light environment (monitor and phone are almost always on lowest brightness settings), and a white background hurts my eyes. I use a dark background wherever possible, especially when reading ebooks/longer articles on my phone.

Any good software designed for reading should have good support for both.


Don't most dark themes actually use dark grey rather than black? The material design dark theme guidelines [0] were posted recently and recommend dark grey as the primary surface colour.

[0] https://material.io/design/color/dark-theme.html#

You must mean OLED. And no, there are almost no desktop OLED monitors in the wild.

"LED display" term is commonly used for LCD displays where backlight is also actively controlled to increase dynamic range.

Backlight control for dynamic range is common, but not necessary for being an “LED display.” It just means the backlight uses LEDs instead of CCFLs like they used to.

Thus the distinction "pure LED" in my previous post.

That there are plenty of deceptively labeled LCDs does not mean there are no actual LED displays.

There is nothing deceptive about LED backlit LCDs, they are an important upgrade over CFL backlit LCDs.

I've seen a fair few TVs with LED backlit screens, advertised as LED displays. Which what I think was meant by "deceptively labeled"

It's a display and it "has LED". Given a clean slate language reboot for today's technology we would probably reserve the term "LED display" to "LED per subpixel" models and call LED LCDs "LED backlit", but the term got into widespread use when the backlit kind was the only one available so that's where we are now.

LCD displays where backlight is actively controlled probably still draw more power when displaying black than white

They are not uncommon on laptops, and quite common on phones. And, I have a couple on my desk at the office.

> a black LED pixel consumes no energy

At last years Android Dev Summit, Google provided some interesting stats on how much power dark mode saves.

[1] https://www.theverge.com/2018/11/8/18076502/google-dark-mode...

[2] https://youtu.be/N_6sPd0Jd3g

Is there a way to test a specific color scheme from the web inspector instead of having to change the system appearance?

I'd expect controls for this to improve in the future (e.g., https://bugzil.la/1547818), but for now you can use this add-on to force a dark scheme: https://addons.mozilla.org/firefox/addon/dark-mode-website-s...

Or, in about:config, set the hidden ui.systemUsesDarkTheme to 0 for light, 1 for dark, and 2 for no preference

Psst: Night Eye is a browser extension that has really, deeply impressed me by managing to give almost every website and web app a good-enough 'night mode,' surpassing all the quick-hack filter() solutions and more common extensions like Darken. https://nighteye.app/

reviews for that look harsh. its limited to 5 sites?? another alternative is (shameless plug) this one:


its open source :)

I am using Dark Reader extension. It is available for both Firefox and Chrome. Has advanced settings, like grayscale, contrast, etc.

It's frustrating to me that browsers lend themselves so willingly to being fingerprinted, and it's up to the user to stay aware of and keep ahead of these new avenues.

I wish there were 4 modes:

- Standard/light mode

- Dark mode (website has facilities to test for this and style accordingly)

- Dark mode with fake or unknown values advertised to the website

- Dark mode with a user-custom filter applied (like below) that the website cannot test for (it sees untransformed computed styles)

> filter: invert(95%) hue-rotate(190deg)

It's frustrating that we've come to a point where websites can track users by knowing how they set up their browser to render pages. Such information should have no way nor reason to ever be transmitted back from the client to the server in the first place.

One of the original, and continuing, uses of browser scripting is to tweak the layout based on client rendering quirks.

ISTR (late 1990's?) reading about fingerprinting attacks that didn't require script or even CSS. Subtle changes in font size and attributes (bold, italic) may affect the order in which page elements are requested by the browser.

Even if you wanted to, there's simply no reliable way to isolate data about client rendering from any other data exchanged with the server. Even if you did a heroic rearchitecture of the DOM and rendering system, there are still static IP addresses and cookies.

I contend that while everything about the client cannot be hidden from the server, the number of things that can be identified is increasing.

Yeah, prefers-color-scheme is a really nice thing!

I have even also made an add-on for Firefox that you can use to toggle that dark mode directly in your browser (not only at OS level): https://addons.mozilla.org/firefox/addon/dark-mode-website-s...

I put one together for TFB [1] a little while ago and used the prefers-color-scheme media feature in anticipation of it being supported more broadly. I'm super happy to see that added to Firefox.

[1] https://www.techempower.com/benchmarks/

> I did a small survey and only very few websites have developed a second dark theme: https://zimbatm.com/DarkMode

Add YouTube to this list, it's got a pretty good dark theme that can be easily enabled now.

They have a dark mode but it’s activated with a toggle in the interface, and not with the prefers-color-scheme media query.

If you look here, it does show "manual toggle" sites too: https://zimbatm.com/DarkMode#websites

I'll be interested to see all the clever ways this will be used to fingerprint users and browsers.

Interestingly that page doesn't support prefers-color-scheme itself ;)

The new Microsoft Edge has prefers-color-scheme as well.

But Chrome itself doesn't, interestingly?

Looks likely to ship with Chrome 76, which I believe is the current dev channel: https://www.chromestatus.com/features/5109758977638400

Chrome has it in their dev build (Chrome Canary).


Congrats to Mozilla on shipping WebRender[1]! Just Nvidia on Windows for now, but I'm looking forward to the restrictions being relaxed - the perf improvements have been significant on my end.

1: https://hacks.mozilla.org/2017/10/the-whole-web-at-maximum-f...

You can enable it manually with the following:

> To turn on WebRender, go to about:config, enable the gfx.webrender.all pref, and restart the browser.

if you enable it & restart on another platform will it work ? how would you confirm it's working ?

It should. To confirm it's working, visit about:support and look for "WebRender" in the "Compositing" field.

related hackernews discussion


Firefox 67 should be the first version to fix permissions request spam: where tons of websites request your location (common enough that it's become a meme) or for permission to send you notifications.

Before Firefox 67, if you choose to hide these notifications by default, there's no way to change this later for individual sites without (a) knowing the site needs this information, and (b) going to Firefox's preferences menu to add an exception.

Now, a small icon will appear next to the lock icon when Firefox automatically denies a permissions request. You can click that icon and grant the request. This means that permissions are now easily configurable without those spammy popups appearing on so many websites!

I liked this feature so much I actually backported it to Firefox 66, and I can say it's an amazing quality improvement.

Additional information: I've found that it requires the following key in about:config to be set to true.

A good site for testing this (requires javascript): https://www.bennish.net/web-notifications.html

I'd like a way to manually enable a plug-in for a specific site. I have sites that won't request flash that require it, and it's a pain to turn flash to allow all to view the site and then turn it back off.

If this setting exists and I'm missing it, someone please tell me.

Can't you right click on the site, click "View Page Info", go to permissions, and give the site the permission to run Adobe Flash?

I'm assuming this setting still works, but I kind of doubt there are too many people who install and test it these days. I don't think I've encountered a site that requires flash in years.

> "Enable FIDO U2F API, and permit registrations for Google Accounts"

Oh! Didn't expect that! Does this mean YubiKeys will now be working in GMail on Firefox?

Together with all the other stuff, this starts to look like a really important and major release of Firefox.

Yep, though technically one could enable this before now by tweaking the about:config security.webauth.u2f setting. (Which is something I've been having to do for a while now).

As a side note... the way Google handles U2F is somewhat out of spec. For example, you haven't been able to register a u2f device with Firefox on google. I wonder if that's been worked around with this release? That would be great!

Otherwise, u2f has worked perfect with sites like GitLab and GitHub for example.

> the way Google handles U2F is somewhat out of spec.

Somewhat? As I understand it, it doesn’t even pretend to be fully specified. Chrome shipped it without going through the normal intent to ship process.

> about:config security.webauth.u2f

I still have this set to Value: "false" in Firefox 66.0.5 and it's working fine for Google Accounts.

Edit: I'm pretty sure I registered by Nitrokeys with Google back in 2017 using Chrome, so I'm just referring to signing in with them.

You could always sign in with any key, you just could only register keys via Chrome.

I seem to recall U2F sign-in always failing with Firefox for a long time. I remember having to switch to Chrome for U2F and frankly ended up using a different 2FA method for a couple of years because of that.

Yes, that's what they worked around in this release and you can now register a U2F device with Firefox for Google Accounts. See their announcement blog post https://blog.mozilla.org/security/2019/04/04/shipping-fido-u... and the mozilla.dev.platform Intent-to-Ship post: https://groups.google.com/forum/#!msg/mozilla.dev.platform/q...

tl;dr (as I understand it): existing Android phones using NFC/Bluetooth U2F devices only speak the old U2F protocol, not WebAuthn, so if Google switched to WebAuthn registration, then you wouldn't be able to log into your account on Android, and they want to wait until all those Android devices die off. (Apparently it's in the part of Android that needs vendor updates, not in Google Play Services, so this reduces to the previously unsolved problem of Android OS updates on old devices.)

This is an anti-feature. Firefox enabled a deprecated standard because Google couldn't be bothered to move to the current standard. Classic catering to the big players.

They held off for a very long time, and I'm glad they did that. I'm also glad they switched, because the alternative is that either you don't use the most effective security option available or you stop using Firefox, both of which seem like even bigger long-term problems.

A case of “Too big to fail”? Stop using Google wasn’t even mentioned as an alternative!

The goal of a web browser is to browse the web, not to browse most of the web. Principled objection to a site doing something nonstandard is great when the goal is to get the site to fix it, so the browser's users can visit that site. Once it became clear Google wasn't going to fix it, refusing to ship support (that was already implemented!) only has the effect of hurting Firefox's users (slash telling some fraction of Firefox users to stop being Firefox users anymore) and not improving the web or maintaining internal engineering standards.

I can't find the source, but I believe they didn't upgrade to the newer standard due to some combination of existing keys and ChromeOS.

More Android than ChromeOS, but the source is https://groups.google.com/forum/#!msg/mozilla.dev.platform/q...

They helped write the new standard and it's been a standard for years now. There is really no excuse.

Well, they don't need an excuse. They are Google. :-/

I have a U2F Nitrokey and noticed it's been working in Firefox 66.0.5 for the last few weeks. I thought it was just an announcement I missed. I can confirm it works signing into a Google Account.

When I upgraded from 66.0.5 it created a new profile, rather than keeping my existing passwords/histories/extensions.

I'm not going to use firefox sync, so it seems like there will be a painful migration ahead.

We're defaulting to profile-per-install to make it easier to run different versions side-by-side, but you can still manually specify your original profile.

Docs on the profile manager are at https://support.mozilla.org/en-US/kb/profile-manager-create-...

...or, as a super weird hack, you can set the envvar SNAP_NAME=firefox to get the old behavior (see https://github.com/mozilla/nixpkgs-mozilla/issues/163 for context)

Just curious, how large is the benefit of this? Does the average user run multiple versions of Firefox side-by-side?

I consider myself a power user in many things, but never have I felt the need to run different versions of my browser simultaneously.

There are two sides to that coin:

1. People do genuinely seem to find it useful (it's been a feature in Developer Edition for years), so that's cool, but also...

2. Sharing a profile between different versions of Firefox can cause data loss, and profile-per-install makes it harder to accidentally make that mistake.

So it's win-win. As for why people find it useful, I've mainly seen two camps:

- People who want to keep their work and personal browsing separate.

- Developers who want to maintain a pristine / default browser environment for testing, and a customized one for development.

I've also, on occasion, seen normal people with separate browsers for specific tasks (only using Facebook in Opera, only banking in Firefox, etc.) Now those can all be different foxen! :-)

I see the use case for developers who want to test multiple versions.

But as stevekemp said, the average user is losing their profile when simply upgrading from one version to the next. And it seems that the fix to this is to go back into the Profile Manager and set you old profile as the new default. Wouldn't this inadvertently cause data loss for the average user? (Ex: My parents do not even know Profile Manager is, much less that Profiles exist)

If anything, I see this as a bad thing - especially for those who do not use FF Sync. Am I interpreting this correctly? We're talking about regular FF here, not Developer Edition, correct?


> People who want to keep their work and personal browsing separate.

I thought that's what Multi-Account Containers was supposed to help with.

> Am I interpreting this correctly?

Not quite. In the normal case, users will never see any difference as a result of this change. Most users will experience it, semantically, as "profile per channel," separating normal Firefox from Firefox Nightly, etc. And if you only use stable Firefox, you only have one profile.

That means that upgrading from Firefox n to Firefox n+1 is totally fine and it will continue to use the same profile. But installing Beta or Nightly will now default to using a separate profile, instead of trying to use the same local data as normal Firefox.

I suspect Steve's issue is because he's unpacking his new version of Firefox to a different location on disk, so we're treating it like a separate install, rather than an upgrade of an already installed Firefox.

Ah I see now. When you said

> Sharing a profile between different versions of Firefox [...]

I was thinking different version numbers of the same Firefox installation (stable channel).

Profile-per-channel makes it much more clear, and makes sense.

> But as stevekemp said, the average user is losing their profile when simply upgrading from one version to the next.

That's a bug and is not supposed to happen.

As I understand it, this only affects running different official builds side by side. But what about running two different instances of a single build side by side with different profiles? The use-case I'm thinking of is something akin to Site Specific Browsers (SSBs), where each site has its own dock icon etc.

Will this ever be possible?

That actually is possible, but you have to manually create the shortcuts.

Check out https://support.mozilla.org/en-US/kb/profile-manager-create-... for docs on the profile manager. Once you've set up the profiles you want, you can launch a specific profile by passing "-P profileNameHere" or "--profile /path/to/profile" to Firefox.

You may also need to pass "--new-instance" or "--no-remote" to force Firefox to launch a new window if another copy of the same Firefox version is already open.

Additional use case: I sometimes give prerelease versions a try to report bugs, without intending to use it as my default browser (especially if bugs are blockers). It's nice to be able to get back to my regular install in that case.

Go to "about:profiles" and make your old profile ("default" by default) the default profile again, then restart Firefox.

This was indeed a fucking terrible way of doing this: "Hey, we've just hidden all your profile data from you and to get it back you need to sign up to our web service!"

That's really odd. Had you used that profile with a post-67 nightly at some point or something?

Some more information about the profiles involved here would be really useful. Are you willing to file a bug at https://bugzilla.mozilla.org/ ? If you do and give me the link to it, I'll get people who know the right questions to ask involved...

No, I always upgrade to the latest release when I spot it, but I don't try nightlies or anything other than releases.

I take a backup of ~/.mozilla and just download the new binaries to /opt/firefox. (Well I download and update a symlink.)

We might be resolving symlinks to their physical paths, making each download look like a new install. If so, the nixpkgs issue I mentioned above is probably more relevant than expected.

I'm not entirely certain, but if you want to source dive, nsXREDirProvider::GetInstallHash is a good place to start: https://searchfox.org/mozilla-central/rev/6c9f60f8cc064a1005...

It looks like that may be related to FF now creating a separate profile for every installation. That was apparently targeted for FF65 originally, then bumped to FF67:


> Save passwords in private browsing mode

While this might be handy when visiting your favorite paid porn site, isn't this counter-intuitive? When I am in private mode, I expect nothing to be saved.

In both private and not-private windows, the browser asks the user whether to save each password. Nothing is saved unless you explicitly click the Save button.

Ok, but I think the parent is wondering in what situation you'd want to store in the browser details of a site you'd visited, but still use private mode to "hide" that you'd visited?

What data does the password use retain? IIRC password store retains the "time first used, time last used" and displays that visibly.

In short what's the use-case or user story that fits this feature?

If I want to browse a site without it cluttering up my auto complete history.

Say you want to order an engagement ring for your girlfriend but don't want WEDDING RINGS R US showing up when you type "r" in the address bar

it could still be an issue if your disk get inspected (or worse replicated).

If your girlfriend is replicating your harddrive to determine what ring you're buying, maybe it's better if she finds out and you call off the wedding instead of going through with it.

I sometimes use private browsing to temporarily access a site with a secondary account, without logging it if my main account.

Multi-Account Containers is good for that.

Containers are overkill when you just want to do this as a one-off.

This extension [0] allows creating on-the-fly new containers, and delete them when you close the tab.

[0] https://addons.mozilla.org/en-US/android/addon/containers-on...

But, you wouldn't need to save a password if it was a one-off, either?

That's true, although I could picture a scenario where you want to log into a service only occasionally, so you want the password saved but don't necessarily want to keep a container for it. For instance, my wife and I have separate brokerage accounts, and I log into both simultaneously once a month.

That heavily depends on how much of a hassle the container system is, really. If specific sites automatically get opened in a specific container (a la facebook) then I'm certainly going to take advantage of password saving. Anything to have to not type and/or click fewer things to actually do what I want to do, instead of getting to what I wanted to do.

If I have to manually open the correct container first, though, that's a hassle. It's why I use containers sparingly, but hot damn do I have the "facebook container" extension installed (a site I look at maybe once a week) because automatic silos are fantastic.

> What data does the password use retain? IIRC password store retains the "time first used, time last used" and displays that visibly.

Lets compare it to downloads. That's another feature that leaves quite a bit of "compromising" info but users might still want to use it. I am thankful that Firefox does still allow downloads in private mode and did not just disable it. Sure, I could copy all the links into a non private session, but that would be annoying.

Similarly, imagining a situation were saving passwords from private windows might come in handy doesn't seem like a hard stretch to me. It also pretty obviously leaves a trace, just like a download, and thus shouldn't create much user confusion.

Some browse in private mode all the time and many times I have wished it asked me to save passwords so I don't have to type them repeatedly. Bookmarks work in private mode, why not passwords?

Not adding every damned site to my hstory is actually a feature.

Chrome's session and tab management on both desktop and mobile are abysmal. Whilst I've nuked it from desktop, I cannot remove it from Android. And, sadly, Firefox performance there still lags badly.

I browse almost exclusively in incognity on Chrome/Android.

If you password-protect your passwords, aren't they unavailable to anyone else? I use a password manager and that is what it does..

I'm assuming the threat is considered to be someone with local physical access to one's computer. Once you've entered your master password then an "attacker" only has to click the burger menu, then "logins" then they can enter a string from a website login URL, maybe "porn" and it would show the website's full domain, the username used, when the site was first and most-recently visited, and how many visits were made over time -- if it keeps bookmarks with all the info -- if you were using privacy mode to hide your tracks then it's not working there.

If you use Private Mode all the time then can't you just set the browser to act as if it were in private mode but with more fine-settings choice, that way you could have had password saving all along.

So, I'm still not really seeing the benefit.

That said, presumably the password db could have salted-hashes in in-place of domains/URLs for "privacy mode passwords" and then they'd be very hard to casually discover; that might be closer to user expectations.

In addition to using private mode for visiting sites that I don't want saved in my history, I also use it as a poor mans sandbox for visiting sensitive sites (like my bank), to avoid potential cross-site-scripting attacks while visiting those sites. For this use-case, saving passwords is very useful. In fact, my biggest complaint with private mode in Firefox is that my preferred password manager plugin (bitwarden) doesn't work in private mode.

Why not use Firefox multi account containers[1] for this use case? Having one banking container or even one per bank would have the same effect, without the annoyances of private mode?

[1] https://addons.mozilla.org/en-US/firefox/addon/multi-account...

I tried it out, but it was much more structured than I'd like. I don't really want to have pre-defined a bunch of containers for each site that I want compartmentalized. I really like the ephemeral nature of private browsing where a single click gives me a fresh new container that I can use for whatever I want. Plus, when giving recommendations to family members, private browsing is more user-facing feature, and easier for them to use.

As an alternative, there is the “containers on the go” add-on, which will let you easily (optionally) open new tabs in ephemeral containers.

When the plugins stop working in FF, multi account containers stop working as well.

Give the Privacy Badger extension a try.

Are the passwords from private and non-private browsing mixed, or are they isolated from each other?

And are the private ones stored in a way that can't be easily viewed, unlike the non-private ones?

Sounds like we need a guest mode where nothing saves but add-ons work and a privacy mode where things are privacy driven and only certain add-ons work.

Yeah - I still think it's crazy that when using (mobile) Chrome, if you poke around in bookmarks, it will remember what folder you were in. So there's some hint of where you've been if someone else would then go to use Chrome bookmarks.

You might argue that if you really want private browsing, don't use bookmarks, but I feel that's a weak argument.

> Change to extensions in Private Windows: Any new extensions you add to the browser won’t work in Private Windows unless you allow this in the settings.

Does this mean that adblocking (and other safety-related) extensions will suddenly stop working on private windows, unless the user knows it has to go to the settings and enable them again?

No. The extensions that are already installed will still work in private windows. It’s only newly installed extensions that are disabled in private windows by default

That still doesn't solve a problem of a user installing the browser for the first time, installing adblock, then going to a porn site in private mode and getting a faceful of malware-ridden ads. Who thought this is a good idea?

It's not perfect, but there are prominent prompts about this when you install an add-on for the first time and when you open a private window. Screenshots at https://imgur.com/a/d4ZnAHI

If you flip the setting, that doesn't solve a problem of a user installing the browser for the first time, installing an extension like Stylish †, going to a porn site in private mode and getting their private browsing history leaked to the extension operator together with their regular history. Who thought that is a good idea? :)

† Stylish is a … special case [0]. But see also hypothes.is or any other extension that relies on a "user-created content store".

[0] https://robertheaton.com/2018/07/02/stylish-browser-extensio...

No one thought that was a good idea. The good idea is to prevent add-on authors from stealing private browsing history.

I believe this is also an attempt to block fingerprinting.

They are always following chrome's tail.

But anyway, the reason probably is that some extensions are abusive of personal data and you don't want them sniffing stuff in private browsing (with out your persmission).

> Does this mean that adblocking (and other safety-related) extensions will suddenly stop working on private windows, unless the user knows it has to go to the settings and enable them again?

Looks like it, although if you don't know how to configure your extensions, then why even use them in the first place?

Chrome has been doing this for a while now. You have to check the 'Allow in incognito' button for the extension to work in private mode.

> Looks like it, although if you don't know how to configure your extensions, then why even use them in the first place?

Because uBlock Origins et al. are incredibly useful for your average internet user who know fuck all about configuring extensions but benefit far more from it? What is this unnecessary elitism?

Sane defaults are really important for people who don't know anything about the internet, much less privacy or security (see any number of examples of ad networks delivering malware). Adblocking not working in private mode isn't a sane default. The vast majority of people have no idea what any of this means or how to do any of this. Doesn't mean they're any less deserving of protection.

> Sane defaults are really important for people who don't know anything about the internet

That's fair. I apologize for sounding elitist. I guess you could say I am a bit biased here because although sane defaults are ultimately worth shipping, there exists the tinkerer types who love nothing more than configuring and customizing their addons.

> Adblocking not working in private mode isn't a sane default

Perhaps you are right about AD-blocking addons. You typically want them in normal browsing mode and private mode, but it's the mountain of other addons which spy on users that users have to worry about. I don't have to worry because I inspect the code of addons before installing (more elitism in practice). I have spotted a few in the wild that covertly send your browsing history and other details to a remote server (Yes, I reported them).

They are being protected. Protected from malicious plugins sniffing their private browser activity.

Previously installed extensions before this update will not be disabled automatically, only new ones

I'm interested in the rationale behind this default. What about extensions make them a possibly bad fit for incognito mode?

The fact that they can still hoover up your browsing data the same way as in normal mode.

Google Chrome has defaulted to disabling extensions in incognito mode as long as I can remember:

> Allow in incognito [ ]

> Warning: Google Chrome cannot prevent extensions from recording your browsing history. To disable this extension in incognito mode, unselect this option.

It probably has something to do with (some) extensions not being very privacy friendly. Some extensions spy on the user in return for the utility the extension provides (remember the Stylish addon fiasco recently?). I'm not certain of the reasoning behind the decision. Also: it's possible to enumerate/detect what addons are installed in a browser with javascript (and thus fingerprint the user), although I think that bug was patched in Firefox and Chrome.

What addons are installed is one criteria of bowser fingerprinting.

That means that one of the most obscure performance regression bugs I've ever found in Firefox is also fixed: property lookups on numbers being slower for values recognized and optimized as integers by the JavaScript engine than for regular doubles.


> "Suspending unused tabs"

I'm curious to see how aggressive this is. If it's good enough to render my tab suspender extension obsolete, that'd be fantastic.

> Firefox will now detect if your computer’s memory is running low, which we define as lower than 400MB, and suspend unused tabs that you haven’t used or looked at in a while.


This really needs to be an OS-level toolkit thing, like on iOS. It's nutty to have applications inspecting system memory use to figure out if they should take pressure off. Ideally I'd be able to suspend entire desktop sessions and all the applications in them, then open a new, clean one, then go back to the old one later. Task-based (work, vacation planning, book research, et c.) GUI session suspend/resume is my #1 most-wished-for feature for a desktop OS but it needs that basic app-suspension support, integrated by the app makers themselves, to work.

This. In the meantime, I'll settle for a real session save/resume in MacOS. I have to reboot often and "restoring" is a mess.

> I'm curious to see how aggressive this is.

It's in the config parameter's name: browser.tabs.unloadOnLowMemory. Boolean, works only on Windows for now.

Any idea when Linux will be supported?

I'm using the Auto Tab Discard extension for now, but having a native way to handle this for Linux users would be great.

Ah man. Hope this makes it to Linux and especially OSX soon!

On Linux, I use cgroups to restrict memory usage of certain applications to prevent them from crashing the whole system.

On Chrome, i use the Great Suspender which does the trick.

It's the ONLY extension that i keep there.

Great to see it's built-in Firefox.

Somewhat eerie.. I recently installed a tab suspender because a tab crashed or lagged out so I killed its process

This version of Firefox is obviously because of me :P

Running Firefox under Qubes has become increasingly frustrating, as tabs crash whenever (apparently?) they try to use WebGL, or anything that depends on access to a GPU. More and more, Firefox seems to depend on GPU access (or something?) and fails hard when it's not there.

To be fair, that sounds like a bug in the graphics driver or OpenGL ICD/libraries. GPUs are a bit special in that they have the power to hose your entire running OS (force a reboot due to a hard hang) no matter what OS you're running. It's just the nature of GPUs and how their drivers work... With direct access to memory and allowing user space applications access to their hardware features.

In other words: Probably not Firefox's fault. The Firefox devs probably started adding support for accelerating more stuff via the GPU via OpenGL calls and if your driver has issues with any of those calls (e.g. bad application auto-detection) it can cause things to crash or have undefined behavior.

Not much the Firefox devs can do about it but report the bug anyway. At the very least they might be able to figure a workaround.

> if your driver has issues with any of those calls (e.g. bad application auto-detection) it can cause things to crash or have undefined behavior.

If I understand it correctly, that's one of the perks of WebRender: by using the GPU more like a game engine would, we're relying on code paths that tend to be better tested / more reliable.

Isn’t it possible to disable gpu in about:config?

about:config certainly has lots of settings to turn off, but I manifestly have not found enough of them, if indeed any number is enough.

You can cross-check about:config with the about:support Graphics section.

A few switches of relevance: layers.acceleration, webgl.disabled, media.hardware-video-decoding.enabled, gfx.webrender.force-disabled

Aha! gfx.webrender.force-disabled was false. Now to ser how much difference it makes.

Yeah I had to disable gpu acceleration on Firefox in parallels. Otherwise it rendered black boxes for elements with certain styles.

That sounds like a Parallels / driver problem, not a Firefox problem.

I would love, love, love to see black boxes instead of crashes.

> We have seen great growth in the use of AV1 even in just a few months, with our latest figures showing that 11.8% of video playback in Firefox

Where are people playing AV1 videos?

YouTube released an AV1 playlist long ago, and haven't added a single video since release: https://www.youtube.com/playlist?list=PLyqf6gJt7KuHBmeVzZteZ...

Besides that, I've only seen a few in the wild.

Youtube has more AV1 videos than that playlist. My fav Youtuber has AV1 videos in 720p and it's not a huge channel.

How do I tell if a given video playing in my browser is AV1 or something else?

Right click the video and choose Stats for Nerds. If Codecs shows something starting with "av01", it's AV1 (confusingly, av1c is H.264). It seems to be chosen for nearly every video for 480p or below, and a few for higher resolutions.

Do you still need to opt in on YouTube for this?

It does seem YouTube has AV1 videos, at least for lower resolutions (720p and lower)

I've even found some in 5k, although they don't play back hardly at all. Performance not there yet.

That should be markedly better in Firefox 67, since we've just now switched to dav1d, a much more efficient decoder by the VideoLAN folks. Prior to that, we were using the reference implementation from libaom.

I'm on FF nightly, dav1d enabled.

This is a huge enhancement, thank you!

I can't find much info on the fingerprint protection. Has anyone tested it thoroughly? Do we know if it's effective against current fingerprinting methods? Can we actually rely on it, or will it simply be a matter of days/weeks before websites adapt to defeat this protection?

I don't think it's sufficient yet to stop someone determined, but I do think it's a step in the right direction, particularly when combined with a VPN. I'm looking forward to the letterboxing improvements.

Anecdotally, I get a lot more captcha's when it's turned on. I regularly log in to sites and get prompts telling me I need to enter email confirmation codes. I signed up for a service recently that auto locked my account immediately on signup because of "abuse detection".

To be clear, I take those as positive signs. My rough metric is that if privacy invasive sites are mad at me, I'm probably doing something right. So that's certainly not hard proof that it's effective, but it's at least circumstantial evidence that websites that I know fingerprint me get irritated when I turn it on.

I agree, those are good signs.

If these fingerprint protection tools are effective, my main fear is that websites will simply say "Disable your fingerprint protection if you want to proceed", much like many sites currently do with ad blockers. Or if they don't spell it out in plain English, they'll make you jump through so many hoops that you'll switch it off just to end the suffering.

Trying to interact with any major website using the TOR browser has been a complete nightmare. If you aren't blocked outright, you face CAPTCHAs at every turn.

The fingerprint protection this new setting refers to is simply a blacklist of a couple of known JS fingerprinters. Those are not relevant for the majority of users, because fingerprinting with these kind of scripts is only used by a very small number of obscure sites.

My favourite side-effect of fingerprinting protection is that local timezone is hidden, so that web consoles at work run in the one true timezone.

if anyone from mozilla is reading hn, the link on the pop-up box 'Get the Lockbox app' go to 'apple appstore' even if I click on the Google Play icon.

Thanks for the heads up! We'll get that fixed.

Still no improvement on macOS. Don't know why don't they make it a priority as I have to use Chrome (Safari is missing some stuff that I need).

Ha, it's becoming my routine now whenever Firefox is announced on HN to search for "mac" in the comments. Waiting for that day when someone finally says something different.

I really want to stop using Chrome, but unfortunately Firefox just doesn't work as well.

I'm the same but using Vivaldi while I wait...

What do you mean “no improvement on macOS”? Most of the new features listed in these release notes could be considered improvements, and I assume that the macOS version of Firefox 67 has all those features, the same as on other platforms.

I think you had in mind a specific aspect of Firefox that you wished would be improved, but you forgot to explain what that feature was. What is the missing feature that leads you to use Chrome?

I think its obvious he's talking about the fact that Firefox is unusable on MacOS (on scaled resolutions). And it seems Mozilla has no ability to fix this for a large portion of their potential clientele.

Apologize if this is not the right place to ask for help.

Two days ago when I began to develop a web site backend, a strange thing happened. Visiting "mydomainname.com" in Firefox v66 gave me back error message saying site not found, but visiting "mydomainname.com/index.html" (or index.php) would be fine, the content of that page was returned.

After one hour struggle, I used another browser (and my phone) to open "mydomainname.com", and it worked fine! It returned the index.html page. So it's not the issue of the default file setup.

Did I miss something obvious? I felt stupid. I am now using Chrome but I would like to come back to Firefox. Thanks for any help.

Does the error happen in a Private Browsing window? Maybe Firefox cached some "site not found" result it shouldn't have? This sounds more like a server configuration issue than a Firefox bug.

__Edit: I installed the lastest Firefox v67, the problem is gone. It works great.__

Thanks. no it's not in a private browsing window.

I also asked other people to visit the site(mydomainname.com) from their computers and phones, all worked fine.

The hour long struggle left me with painful memories. :) I never had issue like this previously in Firefox or other browsers. On that day, Chrome and IE worked without problem on my computer (Win 7 32bit), so the computer should not be the culprit.

That leaves Firefox v66 standing. I don't know why.

> Users will no longer be able to upload and share screenshots through the Firefox Screenshots server.

I kinda liked that feature, hopefully they replace it with another cloud provider for when you need to take a screenshot for sharing

Firefox 67.0 does run faster and consume less RAM compared to previous versions.

Under about:preferences#general, I can't disable checking for updates? Is there a way to do this under about:config?

Its a known issue (for 13 years)


This feature has changed from the last version I was using (62.02). The option "Never check for updates" is now missing.

Regardless, its currently not possible via the GUI as youve discovered. Im not happy about the situation but it is being actively worked on as of today.

I tried to see if letterboxing was enabled, but it didn't seem to make a difference.¹

Does anyone know whether they included this feature, and if so how to enable it?

1: https://browserleaks.com/javascript still detects my window size down to the pixel.

`privacy.resistFingerprinting.letterboxing` is currently a separate setting since it's still rough around the edges. Not sure if it works on Release, I have it set on Nightly.

Set the "privacy.resistFingerprinting" pref to "true"

I had that setting set to true since before the update.

Every site that mentions letterboxing claims this is the setting to use to enable it.

However, unless I misunderstand, it does not seem to enable it.

>WebRender is gradually enabled by default on Windows 10 desktops with NVIDIA graphics cards

Does this mean Webrender in Stable can now be force-enabled for non-Nvidia graphics cards on Windows 10? The language is a little unclear. AFAIK Webrender is available to anyone using Nightly by force enabling it.

It would be better if they offered a way to really turn it off. Firefox has got very crashy in environments that have no access to a GPU.

Currently it will only be enabled on Windows machines with Nvidia GPUs. So this shouldn't be an issue for environments with no access to a GPU.

gfx.webrender.force-disabled=true should do the trick.

Though we shouldn't be attempting to switch it on without a GPU, if you could file a bug that would be great.

Thank you, thank you, thank you.

Could you set set gfx.webrender.enabled to false?

Already did. It is not enough.

It would be super awesome if Firefox can implement writable streams:


Have you ever wanted to reset a HTML element’s style, as if it no styling had been applied? That’s what the `revert` CSS keyword does and you can now use it in Firefox 67. https://developer.mozilla.org/en-US/docs/Web/CSS/revert

I use Firefox's password manager, and their new LockWise extension gives a fresh breath to password management. Nice work!

https://webauthn.io Fingerprint reader works with Microsoft Edge but it doesn't work with Firefox.

Does this release include javascript MDS mitigations ?

Yes, though they were only necessary on OS X.

Is there a reason why I should switch to Firefox if I already trust Google to act in good faith?

Only Firefox supports extensions that provide an alternative interface to the tab bar. Alternative interfaces such as vertical tabs or tree tabs are very useful if you have many tabs open in a single window. Examples of these extensions:

• Tab Center Reborn – https://addons.mozilla.org/fr/firefox/addon/tabcenter-reborn...

• Tree Style Tab – https://addons.mozilla.org/en-US/firefox/addon/tree-style-ta...

• Tree Tabs – https://addons.mozilla.org/en-US/firefox/addon/tree-tabs/

> New streamlined worker debugging in the JavaScript Debugger with the new Threads panel.

This is great news!

Does anyone know how to turn off "Extract Canvas Data" by default?

It includes the Facebook container, but not the Google container?

Where is that mentioned?

>Suspending unused tabs

Didn't they already do that? I remember receiving a spinner whenever I changed between tabs very often since they introduced that multi-process thing.

>More power to you with every update

*Except when we decide to remotely execute code on your computer using Studies/Normandy/whatever

> Didn't they already do that? I remember receiving a spinner whenever I changed between tabs very often since they introduced that multi-process thing.


It seems to be something different than discarded tabs.

The spinner is not for discarded tabs. That's when the main window is trying to connect to a different back-end process than the one you were using for the previous tab.

Is RSS still too hard for Firefox?

I've tried to switch to Firefox, but I keep running into rendering engine issues with certain sites. It's like it's 2005 again.

Which sites? They actively pursue compatibility issues but it's pretty rare to see non-Google sites which only work in Chrome.

it's pretty rare to see non-Google sites which only work in Chrome.

Unfortunately that hasn't been my experience in recent months. A noticeable number of random sites I come across, sometimes including quite important ones, Just Don't Work in Firefox.

Is there a quick way to send a link to such sites/pages, if someone at Mozilla is interested in investigating why?

I think it's important to note that this behaviour isn't necessarily due to anything wrong with Firefox. It could simply be because Firefox is better at blocking unwanted content than certain other browsers and that feature is working as intended, but the kinds of sites that rely on hostile content also tend to break if those scripts are forcibly blocked by the browser.


coda.io goes out of their way to only work in Chrome for some strange reason

Which sites?

Can't say I've had this problem...

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact