46 million people have left Firefox since 2018

[oldschool]

Google’s Plans for Chrome Extensions Won’t Really Help Security

Note: Sam Jadali, the author of the DataSpii report referenced in this blog post, is an EFF Coders’ Rights client. However, the information about DataSpii in this post is based entirely on public reports.Last week we learned about DataSpii, a report by independent researcher Sam Jadali about the...

www.eff.org

Best piece I've read on the subject. For those who understand the implications of G's changes, or who even care about them, FF appears an ever more attractive option. For all of its faults, Brave has taken a stand against the worst parts of Manifest V3 and has said it won't incorporate them.

 

[qua3k]

The article largely hinges on “extensions are still ##### even with Manifest v3 and taking away webRequest takes away power from powerful extensions such as uMatrix, NoScript, etc”.

This is a major concern. Firstly, before Manifest v3, extensions that declared the webRequest permission had permission to observe requests for all hosts. It has now changed. Developers must declare host permissions for any host they want to monitor. It means that a rogue extension can’t feasibly log my entire browsing history and send it off to a third party server. Additionally, the modification of requests has also been moved into declarativeNetRequest and will be handled by the browser instead of the extension. EFF mentions that this will cripple “powerful” extensions but fail to add that malicious extensions being granted the same permissions have a immense amounts of power over the browser which is why the shift is towards declarative APIs.

Additionally, they mention content scripts. I’m not a huge fan of content scripts either. They run in the context of pages and have direct access to the DOM. Scripted renderers weaken site isolation and Manifest v3 makes almost no changes in this area. I don’t recommend you install extensions making use of content scripts, and I look forward to seeing more declarative APIs replace this access.

The EFF is at odds with MV3/declarativeNetRequest because it restricts the powers of their trusted extensions, and that’s a good thing, because it also means that malicious extensions also don’t have that kind of power.

 

[oldschool]

EFF mentions that this will cripple “powerful” extensions but fail to add that malicious extensions being granted the same permissions have a immense amounts of power over the browser which is why the shift is towards declarative APIs.

You fail to note EFF's wish that Google actually take control of its WebStore and examine extensions, their developers and new owners of apps, which it has allowed its drive for profit and neglect their responsibility to users. If they don't want to clean up their act with WebStore they could do away with it entirely. Now there's a solution! Oh wait, that would hurt their bottom line.

 

[DJ Panda]

I've been using FF on and off for some years, its better for privacy compared to the other big names, but as others said, can be annoyingly clunky at times.

 

[F 4 E]

I dumped Firefox ages ago due to its heavy ram usage' which has always been a negative for me.

I now use new Edge, and my download speeds over Firefox have doubled.

 

[The_King]

I dumped Firefox ages ago due to its heavy ram usage' which has always been a negative for me.

I now use new Edge, and my download speeds over Firefox have doubled.

Recent tests have shown, FF uses less RAM compared to other browsers. I even ran the test myself and got similar results.

Advice Request - Firefox is the best browser for PC gamers?

Unlike game consoles, PCs are multi-purpose machines. We use them for productivity work, watching media, browsing the web, gaming, and much more. PCs are also great at managing multiple tasks at once, which is often an important advantage for PC gaming—you can quickly change playlists in a music...

malwaretips.com

 

[SeriousHoax]

I'm switching a lot between Edge and Firefox in the last couple of months. I'm quite sensitive about browsing speed but I can't really notice any speed difference between the two on PC. On Android, Chromium engine-based browsers are much much faster. Firefox has superior image and video rendering on Windows so that's one attractive non-security/privacy-related feature that makes me wanna use Firefox.
I have a soft spot for Firefox so even when I'm not using Firefox as my main browser, I open it every day and visit a couple of sites at least. Hopefully, their telemetry thinks I'm an active user who's using it daily.

 

[The_King]

I'm switching a lot between Edge and Firefox in the last couple of months. I'm quite sensitive about browsing speed but I can't really notice any speed difference between the two on PC. On Android, Chromium engine-based browsers are much much faster. Firefox has superior image and video rendering on Windows so that's one attractive non-security/privacy-related feature that makes me wanna use Firefox.
I have a soft spot for Firefox so even when I'm not using Firefox as my main browser, I open it every day and visit a couple of sites at least. Hopefully, their telemetry thinks I'm an active user who's using it daily.

At one point I had 5 or more Browsers installed on my system purely for testing purposes.
After using all of them for a few months, I narrowed it down to just 2. Firefox and Edge.

I can honestly say I have never found FF to be slow at anything compared to any browser, even rendering or playing YouTube videos has been a better
experience for me with FF than Edge or chrome.

It's really weird for me to see users saying FF is slow when in real world usage it's not and not the RAM hog many users on here say it is.
Google's Chrome browser is the one that is notorious for high RAM usage, but FF seems to be singled out has the worst offender when it is
clearly not the case.

FF on Android is a different story, they need to do a lot of work there, it is noticeably slower on that platform.

 

[Zeitas]

Became an absolute rubbish! New version is neither stable nor fast. The updater working in the background is super aggressive and eats up so much resources. The biggest problem however is that people who develop it have no vision at all what this browser should be. It used to be a simple fast browser and this was the reason why we loved it, then they started changing everything around and adding new things. It became bloated, unintuitive, slow and unstable.

 

[SeriousHoax]

At one point I had 5 or more Browsers installed on my system purely for testing purposes.
After uses all of them for a few months, I narrowed it down to just 2. Firefox and Edge.

I can honestly say I have never found FF to be slow at anything compared to any browser, even rendering or playing YouTube videos has been a better
experience for me with FF than Edge or chrome.

It's really weird for me to see users saying FF is slow when in real world usage it's not and not the RAM hog many users on here say it is.
Google's Chrome browser is the one that is notorious for high RAM usage, but FF seems to be singled out has the worst offender when it is
clearly not the case.

FF on Android is a different story, they need to do a lot of work there, it is noticeably slower on that platform.

I agree with you. But about the ram usage, Chromium browsers have become better specially Edge. For me, ram usage is not an issue as I have 16 GB, and most of the time my ram usage is below 40% when I'm browsing on any browser.
Weirdly I also have had fewer issues with YouTube on Firefox than in Edge/other Chromium browsers. Anyway, I even have a thread here on the foum about Chromium browsers worse image rending issue when hardware acceleration is enabled. I'm following these bugs and have not provided any update on the thread in a while because Chrome engineers have yet to come up with a solution. The video rendering issue is also there but it's less noticeable specially for users who have always used Chrome. I'll update the thread when I receive any new noteworthy updates.

Blurry image rendering in Chromium browsers

All Chromium browsers have a problem with image rendering. The images are blurry, less detailed and low quality compared to the crisp and sharp images on Firefox. I don't know if it happens for 100% of the users but personally I have asked 5 people with 5 different PC configuration to check this...

malwaretips.com

 

[qua3k]

You fail to note EFF's wish that Google actually take control of its WebStore and examine extensions

This is legitimately impossible to do. To manually review extensions takes days to do for human reviewers and cannot be automated. Even so, manually reviewing extensions is not a silver bullet. Humans make mistakes. Tavis shares his thoughts.

It’s entirely acknowledged that extensions are extremely powerful and curation won’t solve that problem. Site bound/declarative APIs are the way to go, so that extensions can’t exfiltrate all your session cookies on all sites, inject an mp4 of Rick Astley on every page load, or countless other things they currently have the ability to do.

 

[Nagisa]

EFF mentions that this will cripple “powerful” extensions but fail to add that malicious extensions being granted the same permissions have a immense amounts of power over the browser which is why the shift is towards declarative APIs.

There is a third option, very easy; DON't install malicious extensions.

This attack vector would have been easily solved by informing the user about the dangers of unknown browser extensions and placing a big scary warning on extension installation pop-ups.

There is no limit how far this babysitter like attitude can go.

 

[misterman2100]

Same here except the phone

When I learned that extensions could be had on the phone, I threw uBlock Origin on it and have been a happy camper. I've also been pleased with syncing.

 

[ItsReallyMe]

I like FF because the Font of it not like Chromium based Browsers!

 

[CyberTech]

Read the comments haha

 

[qua3k]

There is a third option, very easy; DON't install malicious extensions.

This is not helpful to anyone. Trusted extensions can turn malicious, have vulnerabilities, etc. This is the same attitude as “don’t click on random links!”. If your security isn’t somewhat idiot proof it isn’t very secure.

This attack vector would have been easily solved by informing the user about the dangers of unknown browser extensions and placing a big scary warning on extension installation pop-ups.

You do realize this already happens, right?