And it does the right thing and disables the feature when enabling the resist fingerprinting option.
I did a small survey and only very few websites have developed a second dark theme: https://zimbatm.com/DarkMode
filter: invert(95%) hue-rotate(190deg)
I feel it better for my eyes because the text which i'm looking at is actually dark and not bright.
Most people with dark themes have high brightness levels on their screens. I think this can be bad on the long term. Especially that many screen elements are not as dark as their code, which makes them ultra bright
On at least two cheap laptops I have used recently, the display driver steps down the overall display brightness when large regions of the screen are dark.
Windows 10 on an HP Stream 11, Intel integrated graphics and Intel display driver.
I can turn down the manual brightness to its minimal setting.
When large windows with white backgrounds are on screen, the backlight brightness increases. Decreases again when the windows are off screen or closed.
This does not change the manual brightness setting.
I have yet to find a tweak to disable this.
And it is true that, inevitably, whatever you're doing, sooner or later some white background or picture will appear on screen and blast your eyes with light. I cannot stand this, so I don't use dark themes on my PC.
Printed paper glowing white would indeed be very annoying.
Passive displays, such as old non-backlit LCD or e-ink, can be white and not annoying. Most people don't want to stare into a light source more than necessary.
Using proper brightness helps, and dark mode can help even more.
The amount of light coming to your retina stays the same..
Just lower the brightness until it matches the amount of light reflected by a sheet of paper placed next to the screen.
If you can't read the paper, turn the lights on. Being in a dark room dilates your pupils which makes them even more sensible to bright light...
I agree that it is about matching the brightness of the monitor with the background.
I will say my personal "Dev" computer uses dark modes though, I find at night with multiple monitors it's just too bright.
Calibrating my monitors took them from having piercing bluish whites to more softer pinkish whites and reduced daytime eye strain significantly.
I then use Redshift at night with the undocumented "preserve" switch to combine my icc profile with the Redshift changes.
This really depends on the display technology and for more modern monitors, the opposite is true.
Made a quick demo showing the difference: https://output.jsbin.com/hujebimavu/1
I don't really see any difference between 180 and 190 though.
Edit: This is my dog: https://i.imgur.com/1ECupVA.png
This Google search frontend has been around long enough to claim it helped save considerable amount of energy on that principle:
What they report about LEDs and CCFL isn't entirely correct, however. It may become in the future.
Technicalities aside, what once could be regarded as an environmental measure, today is a much more practical battery saving strategy.
How significant? Turn the screen black, and show the remaining battery time estimate. Turn it white, do the same. I'm curious.
Switching to white I got 5:40 and 4:50 showing pretty much the same behavior.
It's an HP pavilion 15-p005ng with a Pentium N3530. Terrible machine btw. Linux freezes in irregular intervals, almost immediately with OpenGL stuff...
Migraines aren't an uncommon problem.
I think that is a fairly objective reason driving the preference.
Any good software designed for reading should have good support for both.
That there are plenty of deceptively labeled LCDs does not mean there are no actual LED displays.
At last years Android Dev Summit, Google provided some interesting stats on how much power dark mode saves.
Or, in about:config, set the hidden ui.systemUsesDarkTheme to 0 for light, 1 for dark, and 2 for no preference
its open source :)
I wish there were 4 modes:
- Standard/light mode
- Dark mode (website has facilities to test for this and style accordingly)
- Dark mode with fake or unknown values advertised to the website
- Dark mode with a user-custom filter applied (like below) that the website cannot test for (it sees untransformed computed styles)
> filter: invert(95%) hue-rotate(190deg)
ISTR (late 1990's?) reading about fingerprinting attacks that didn't require script or even CSS. Subtle changes in font size and attributes (bold, italic) may affect the order in which page elements are requested by the browser.
Even if you wanted to, there's simply no reliable way to isolate data about client rendering from any other data exchanged with the server. Even if you did a heroic rearchitecture of the DOM and rendering system, there are still static IP addresses and cookies.
I have even also made an add-on for Firefox that you can use to toggle that dark mode directly in your browser (not only at OS level): https://addons.mozilla.org/firefox/addon/dark-mode-website-s...
Add YouTube to this list, it's got a pretty good dark theme that can be easily enabled now.
> To turn on WebRender, go to about:config, enable the gfx.webrender.all pref, and restart the browser.
Before Firefox 67, if you choose to hide these notifications by default, there's no way to change this later for individual sites without (a) knowing the site needs this information, and (b) going to Firefox's preferences menu to add an exception.
Now, a small icon will appear next to the lock icon when Firefox automatically denies a permissions request. You can click that icon and grant the request. This means that permissions are now easily configurable without those spammy popups appearing on so many websites!
I liked this feature so much I actually backported it to Firefox 66, and I can say it's an amazing quality improvement.
If this setting exists and I'm missing it, someone please tell me.
I'm assuming this setting still works, but I kind of doubt there are too many people who install and test it these days. I don't think I've encountered a site that requires flash in years.
Oh! Didn't expect that! Does this mean YubiKeys will now be working in GMail on Firefox?
Together with all the other stuff, this starts to look like a really important and major release of Firefox.
As a side note... the way Google handles U2F is somewhat out of spec. For example, you haven't been able to register a u2f device with Firefox on google. I wonder if that's been worked around with this release? That would be great!
Otherwise, u2f has worked perfect with sites like GitLab and GitHub for example.
Somewhat? As I understand it, it doesn’t even pretend to be fully specified. Chrome shipped it without going through the normal intent to ship process.
I still have this set to Value: "false" in Firefox 66.0.5 and it's working fine for Google Accounts.
Edit: I'm pretty sure I registered by Nitrokeys with Google back in 2017 using Chrome, so I'm just referring to signing in with them.
tl;dr (as I understand it): existing Android phones using NFC/Bluetooth U2F devices only speak the old U2F protocol, not WebAuthn, so if Google switched to WebAuthn registration, then you wouldn't be able to log into your account on Android, and they want to wait until all those Android devices die off. (Apparently it's in the part of Android that needs vendor updates, not in Google Play Services, so this reduces to the previously unsolved problem of Android OS updates on old devices.)
I'm not going to use firefox sync, so it seems like there will be a painful migration ahead.
Docs on the profile manager are at https://support.mozilla.org/en-US/kb/profile-manager-create-...
...or, as a super weird hack, you can set the envvar SNAP_NAME=firefox to get the old behavior (see https://github.com/mozilla/nixpkgs-mozilla/issues/163 for context)
I consider myself a power user in many things, but never have I felt the need to run different versions of my browser simultaneously.
1. People do genuinely seem to find it useful (it's been a feature in Developer Edition for years), so that's cool, but also...
2. Sharing a profile between different versions of Firefox can cause data loss, and profile-per-install makes it harder to accidentally make that mistake.
So it's win-win. As for why people find it useful, I've mainly seen two camps:
- People who want to keep their work and personal browsing separate.
- Developers who want to maintain a pristine / default browser environment for testing, and a customized one for development.
I've also, on occasion, seen normal people with separate browsers for specific tasks (only using Facebook in Opera, only banking in Firefox, etc.) Now those can all be different foxen! :-)
But as stevekemp said, the average user is losing their profile when simply upgrading from one version to the next. And it seems that the fix to this is to go back into the Profile Manager and set you old profile as the new default. Wouldn't this inadvertently cause data loss for the average user? (Ex: My parents do not even know Profile Manager is, much less that Profiles exist)
If anything, I see this as a bad thing - especially for those who do not use FF Sync. Am I interpreting this correctly? We're talking about regular FF here, not Developer Edition, correct?
> People who want to keep their work and personal browsing separate.
I thought that's what Multi-Account Containers was supposed to help with.
Not quite. In the normal case, users will never see any difference as a result of this change. Most users will experience it, semantically, as "profile per channel," separating normal Firefox from Firefox Nightly, etc. And if you only use stable Firefox, you only have one profile.
That means that upgrading from Firefox n to Firefox n+1 is totally fine and it will continue to use the same profile. But installing Beta or Nightly will now default to using a separate profile, instead of trying to use the same local data as normal Firefox.
I suspect Steve's issue is because he's unpacking his new version of Firefox to a different location on disk, so we're treating it like a separate install, rather than an upgrade of an already installed Firefox.
> Sharing a profile between different versions of Firefox [...]
I was thinking different version numbers of the same Firefox installation (stable channel).
Profile-per-channel makes it much more clear, and makes sense.
That's a bug and is not supposed to happen.
Will this ever be possible?
Check out https://support.mozilla.org/en-US/kb/profile-manager-create-... for docs on the profile manager. Once you've set up the profiles you want, you can launch a specific profile by passing "-P profileNameHere" or "--profile /path/to/profile" to Firefox.
You may also need to pass "--new-instance" or "--no-remote" to force Firefox to launch a new window if another copy of the same Firefox version is already open.
This was indeed a fucking terrible way of doing this: "Hey, we've just hidden all your profile data from you and to get it back you need to sign up to our web service!"
Some more information about the profiles involved here would be really useful. Are you willing to file a bug at https://bugzilla.mozilla.org/ ? If you do and give me the link to it, I'll get people who know the right questions to ask involved...
I take a backup of ~/.mozilla and just download the new binaries to /opt/firefox. (Well I download and update a symlink.)
I'm not entirely certain, but if you want to source dive, nsXREDirProvider::GetInstallHash is a good place to start: https://searchfox.org/mozilla-central/rev/6c9f60f8cc064a1005...
While this might be handy when visiting your favorite paid porn site, isn't this counter-intuitive? When I am in private mode, I expect nothing to be saved.
What data does the password use retain? IIRC password store retains the "time first used, time last used" and displays that visibly.
In short what's the use-case or user story that fits this feature?
Say you want to order an engagement ring for your girlfriend but don't want WEDDING RINGS R US showing up when you type "r" in the address bar
If I have to manually open the correct container first, though, that's a hassle. It's why I use containers sparingly, but hot damn do I have the "facebook container" extension installed (a site I look at maybe once a week) because automatic silos are fantastic.
Lets compare it to downloads. That's another feature that leaves quite a bit of "compromising" info but users might still want to use it. I am thankful that Firefox does still allow downloads in private mode and did not just disable it. Sure, I could copy all the links into a non private session, but that would be annoying.
Similarly, imagining a situation were saving passwords from private windows might come in handy doesn't seem like a hard stretch to me. It also pretty obviously leaves a trace, just like a download, and thus shouldn't create much user confusion.
Chrome's session and tab management on both desktop and mobile are abysmal. Whilst I've nuked it from desktop, I cannot remove it from Android. And, sadly, Firefox performance there still lags badly.
I browse almost exclusively in incognity on Chrome/Android.
If you use Private Mode all the time then can't you just set the browser to act as if it were in private mode but with more fine-settings choice, that way you could have had password saving all along.
So, I'm still not really seeing the benefit.
That said, presumably the password db could have salted-hashes in in-place of domains/URLs for "privacy mode passwords" and then they'd be very hard to casually discover; that might be closer to user expectations.
You might argue that if you really want private browsing, don't use bookmarks, but I feel that's a weak argument.
Does this mean that adblocking (and other safety-related) extensions will suddenly stop working on private windows, unless the user knows it has to go to the settings and enable them again?
† Stylish is a … special case . But see also hypothes.is or any other extension that relies on a "user-created content store".
But anyway, the reason probably is that some extensions are abusive of personal data and you don't want them sniffing stuff in private browsing (with out your persmission).
Looks like it, although if you don't know how to configure your extensions, then why even use them in the first place?
Chrome has been doing this for a while now. You have to check the 'Allow in incognito' button for the extension to work in private mode.
Because uBlock Origins et al. are incredibly useful for your average internet user who know fuck all about configuring extensions but benefit far more from it? What is this unnecessary elitism?
Sane defaults are really important for people who don't know anything about the internet, much less privacy or security (see any number of examples of ad networks delivering malware). Adblocking not working in private mode isn't a sane default. The vast majority of people have no idea what any of this means or how to do any of this. Doesn't mean they're any less deserving of protection.
That's fair. I apologize for sounding elitist. I guess you could say I am a bit biased here because although sane defaults are ultimately worth shipping, there exists the tinkerer types who love nothing more than configuring and customizing their addons.
> Adblocking not working in private mode isn't a sane default
Perhaps you are right about AD-blocking addons. You typically want them in normal browsing mode and private mode, but it's the mountain of other addons which spy on users that users have to worry about. I don't have to worry because I inspect the code of addons before installing (more elitism in practice). I have spotted a few in the wild that covertly send your browsing history and other details to a remote server (Yes, I reported them).
Google Chrome has defaulted to disabling extensions in incognito mode as long as I can remember:
> Allow in incognito [ ]
> Warning: Google Chrome cannot prevent extensions from recording your browsing history. To disable this extension in incognito mode, unselect this option.
I'm curious to see how aggressive this is. If it's good enough to render my tab suspender extension obsolete, that'd be fantastic.
It's in the config parameter's name: browser.tabs.unloadOnLowMemory. Boolean, works only on Windows for now.
I'm using the Auto Tab Discard extension for now, but having a native way to handle this for Linux users would be great.
It's the ONLY extension that i keep there.
Great to see it's built-in Firefox.
This version of Firefox is obviously because of me :P
In other words: Probably not Firefox's fault. The Firefox devs probably started adding support for accelerating more stuff via the GPU via OpenGL calls and if your driver has issues with any of those calls (e.g. bad application auto-detection) it can cause things to crash or have undefined behavior.
Not much the Firefox devs can do about it but report the bug anyway. At the very least they might be able to figure a workaround.
If I understand it correctly, that's one of the perks of WebRender: by using the GPU more like a game engine would, we're relying on code paths that tend to be better tested / more reliable.
A few switches of relevance: layers.acceleration, webgl.disabled, media.hardware-video-decoding.enabled, gfx.webrender.force-disabled
Where are people playing AV1 videos?
YouTube released an AV1 playlist long ago, and haven't added a single video since release: https://www.youtube.com/playlist?list=PLyqf6gJt7KuHBmeVzZteZ...
Besides that, I've only seen a few in the wild.
Anecdotally, I get a lot more captcha's when it's turned on. I regularly log in to sites and get prompts telling me I need to enter email confirmation codes. I signed up for a service recently that auto locked my account immediately on signup because of "abuse detection".
To be clear, I take those as positive signs. My rough metric is that if privacy invasive sites are mad at me, I'm probably doing something right. So that's certainly not hard proof that it's effective, but it's at least circumstantial evidence that websites that I know fingerprint me get irritated when I turn it on.
If these fingerprint protection tools are effective, my main fear is that websites will simply say "Disable your fingerprint protection if you want to proceed", much like many sites currently do with ad blockers. Or if they don't spell it out in plain English, they'll make you jump through so many hoops that you'll switch it off just to end the suffering.
Trying to interact with any major website using the TOR browser has been a complete nightmare. If you aren't blocked outright, you face CAPTCHAs at every turn.
I really want to stop using Chrome, but unfortunately Firefox just doesn't work as well.
I think you had in mind a specific aspect of Firefox that you wished would be improved, but you forgot to explain what that feature was. What is the missing feature that leads you to use Chrome?
Two days ago when I began to develop a web site backend, a strange thing happened. Visiting "mydomainname.com" in Firefox v66 gave me back error message saying site not found, but visiting "mydomainname.com/index.html" (or index.php) would be fine, the content of that page was returned.
After one hour struggle, I used another browser (and my phone) to open "mydomainname.com", and it worked fine! It returned the index.html page. So it's not the issue of the default file setup.
Did I miss something obvious? I felt stupid. I am now using Chrome but I would like to come back to Firefox. Thanks for any help.
Thanks. no it's not in a private browsing window.
I also asked other people to visit the site(mydomainname.com) from their computers and phones, all worked fine.
The hour long struggle left me with painful memories. :) I never had issue like this previously in Firefox or other browsers. On that day, Chrome and IE worked without problem on my computer (Win 7 32bit), so the computer should not be the culprit.
That leaves Firefox v66 standing. I don't know why.
I kinda liked that feature, hopefully they replace it with another cloud provider for when you need to take a screenshot for sharing
Does anyone know whether they included this feature, and if so how to enable it?
Every site that mentions letterboxing claims this is the setting to use to enable it.
However, unless I misunderstand, it does not seem to enable it.
Does this mean Webrender in Stable can now be force-enabled for non-Nvidia graphics cards on Windows 10?
The language is a little unclear. AFAIK Webrender is available to anyone using Nightly by force enabling it.
Though we shouldn't be attempting to switch it on without a GPU, if you could file a bug that would be great.
• Tab Center Reborn – https://addons.mozilla.org/fr/firefox/addon/tabcenter-reborn...
• Tree Style Tab – https://addons.mozilla.org/en-US/firefox/addon/tree-style-ta...
• Tree Tabs – https://addons.mozilla.org/en-US/firefox/addon/tree-tabs/
This is great news!
Didn't they already do that? I remember receiving a spinner whenever I changed between tabs very often since they introduced that multi-process thing.
>More power to you with every update
*Except when we decide to remotely execute code on your computer using Studies/Normandy/whatever
It seems to be something different than discarded tabs.
Unfortunately that hasn't been my experience in recent months. A noticeable number of random sites I come across, sometimes including quite important ones, Just Don't Work in Firefox.
Is there a quick way to send a link to such sites/pages, if someone at Mozilla is interested in investigating why?
I think it's important to note that this behaviour isn't necessarily due to anything wrong with Firefox. It could simply be because Firefox is better at blocking unwanted content than certain other browsers and that feature is working as intended, but the kinds of sites that rely on hostile content also tend to break if those scripts are forcibly blocked by the browser.