• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Firefox convenience

ronaldlees

Aspiring Daemon

Thanks: 189
Messages: 557

#1
Just when I thought they couldn't think up any more features for us ...

"When you take a shot, Firefox posts your screenshot to your online Screenshots library and copies the link to your clipboard. The screenshot is kept for two weeks"
- From: the Firefox people at: screenshots.firefox.com

I think you need a Firefox account for this to happen, but am not sure. And - it's doing its own screenshot (and not activating your scrot) But, am I the only one who sees some possible downsides to this? Exploits? Your cellphone puts all your pics up on their servers (or can) - but those shots usually don't have passwords included in them. I imagine I could think of some other unpleasant possibilities for this sort of thing.

Note: Firefox is a trademark of the Mozilla Foundation
 

Trihexagonal

Aspiring Daemon

Thanks: 314
Messages: 738

#2
I opened the Customize window and dragged the little screenshot icon off my toolbar at the top.

If I want a screenshot I don't need my browser to take it either.

Now Privacy Badger, a www/firefox privacy extension, wants to update and is asking for new permission to store unlimited amounts of clinent-side data as a contingency.
 

ronaldlees

Aspiring Daemon

Thanks: 189
Messages: 557

#3
I'm not familiar with Privacy Badger. What kind of data would they be storing? Cache? Very interesting.

As far as the screenshots "feature" goes - I decided to get rid of the icon by using the configuration:

Code:
extensions.screenshots.disabled = true
Seems to work. A little miffed it's an opt-out. Haven't tried to tick it programmatically tho ...
 

getopt

Well-Known Member

Thanks: 294
Messages: 494

#4
they don't want your p0rN.
It's all about data collection, metadata, user behavior.

For more of this "dys-feature" see https://support.mozilla.org/en-US/kb/firefox-screenshots

I'm [not ;)]wondering why they do not use their programming power to make Firefox a more secure browser. Instead they grow their code base for so called new features adding new attack surface. Everybody knows that screenshots are one of the power-features for surveillance- attacks. Looks like Mozilla offers "convenience" to attackers, as they might get screenshots more conveniently.

Maybe we should care about from where Mozilla gets it's financial support and if it is bound to deliver certain "base capabilities". As it is still an Open Source project, such "features" cannot be added hidden. It has to be added in a way users are cheering a new feature. There are enough useful idiots around who welcome this and they take effect to "silence" critical users just by outnumbering them.

Has Mozilla-Firefox ever been forked for a more secure product?

Edit: And there is still the full supported www/firefox-esr which has version 52.4.1 and offers at least some protecting delay for new annoyances.

Also see: https://forums.freebsd.org/threads/62878/ on Torbrowser and FreeBSD.
 

ekingston

Active Member

Thanks: 39
Messages: 144

#6
...

Has Mozilla-Firefox ever been forked for a more secure product?
Not that I know of but I'm starting to think about improving my ability to read code enough to make a "WarmFox" fork that takes the Firefox code-base and strips out the "sends data to Mozilla or other 3rd party" parts (1st party is you, 2nd party is the website you are browsing). I will probably never do this but I sometimes dream.

The other thing I want to do is base all cookies (and other stored data) based on the url displayed on the address bar. Mean if you go to one website which grabs ads from Google (which sets cookies) and then you go to another website which also grabs ads from Google, the 2nd call to Google will not send back the cookies it got from the first call. I have no clue how to actually do this, but I think it would go a long way to making by browsing experience more like I expect it to be.
 

ronaldlees

Aspiring Daemon

Thanks: 189
Messages: 557

#8
Privacy Badger is from the Electronic Frontier Foundation, the same people who make the HTTPS Everywhere extension.
Organizations like that have an ostensibly good purpose, but no organization in the world has 100 percent of their people on-board with their mission. I hasten to add that I don't know of any problem with any of their projects.

I still think they should have created a better name than panopticlick for their fingerprint checker. I get the panopticon reference OK (if intended), and it's creative alright - but white hats shouldn't wear gray just to sound cute. Probably, they should just call it fingerprint checker. They obviously could (if they *really* wanted to) - become a repository of browser fingerprints. But, I've trusted them not to do that. Any other big web presence could collect fingerprints, and panopticlick's volume doesn't seem to be that high anyway.

I'm sure it's all good.
 

ronaldlees

Aspiring Daemon

Thanks: 189
Messages: 557

#9
Has Mozilla-Firefox ever been forked for a more secure product?
I remember when I looked at the first snapshot of Mozilla's Servo browser. IIRC, it's now touted as having some "more secure" browser component technology. Debug Servo could pour out an extremely detailed audit debug stream of every little thing the browser was doing as it ran. It was fantastic - as I'd never seen such a good/rich (std) debug output in a browser. But, it was eye opening too.

Going to a site like this one, I could observe expected stuff. But going to a busier site, one that suggested probably a lot of advertising involvement, really gave me an indication of how much of a browser's time/resources can be spent with ads, when that browser is accessing an ad-friendly site. This is not a Servo thing really, it's an ad-site javascript thing. Anyway, it literally seemed like the ad processing was all the browser was doing. The ad-related debug stream seemed so huge as to blot out the kind of stuff I was expecting to see (like the downloading of some JPEG image) - with a veritable deluge related to opening this advertising slot or that one, and processing it, and other ad-related things. On really ad-friendly sites, it was tough to differentiate any of the "regular stuff".

Because I'm not a regular ad/commerce site developer, I had an image in my head of the browser-website interaction that (in general) was false. I had envisioned that the "regular stuff" was the main ingredient, with a sprinkling of ad processing. Based on my (limited) time with the debug output of Servo, it's sorta the other way around, esp on ad-heavy sites. Note that Servo is not the fault here - it was just processing the javascript from the site, which was advertising heavy because it was an ad-heavy site.

Browser makers (including Mozilla) don't themselves add a lot of functionality to promote ads. But, that's where the money is, so they probably find themselves "leaning the ad way" with new "features" because the end users don't give them a dime, directly. But - they don't fight ads either, as it's the hand that feeds. So, this new browser you're talking about would have defensive features that deflect ads and the associated processing overhead. With all the billionaires in the world, it seems like one could kick-start such a thing. Or ... maybe it could be a kick-starter style of project. It could be forked, so wouldn't need to be started "from scratch"

Servo is a product and/or trademark of the Mozilla Foundation
 

ronaldlees

Aspiring Daemon

Thanks: 189
Messages: 557

#11
That's where the NoScript and uBlock Origin extensions come into play when I use www/firefox.
So, a forked browser could have that built in. Here's another idea: built in unbound functionality. Why not? As well as built-in ad white/black listing, etc. But, alas - it's not cheap to do a browser, or even a fork.

I should mention that the first post doesn't mean to imply that I know whether or not a screenshot can be triggered by other than the user. It seems like an exploit target tho ...
 

Trihexagonal

Aspiring Daemon

Thanks: 314
Messages: 738

#12
I should mention that the first post doesn't mean to imply that I know whether or not a screenshot can be triggered by other than the user. It seems like an exploit target tho ...
I'd say it's a lot less likely to happen with JavaScript disabled. :)

I am a firm believer in not surfing with JavaScript enabled globally and never install Flash or Java on my machines.
 

poorandunlucky

Well-Known Member

Thanks: 25
Messages: 359

#13
What exactly do you want to protect?

Are you such an asshole that some people would want to give themselves the trouble to steal your firefox screenshots?

Do you really have nothing better to do than pretend to have such an interesting life, or be such an interesting or important person that your online privacy concerns you?

Get real, man... nobody cares. Not even you.

Would you like directions to the nearest bridge ?
 

Phishfry

Daemon

Thanks: 581
Messages: 2,055

#14
What an odd response. All users here care about our privacy. That is why we use evasive browser maneuvers.

The last thing we want is this bubblegum bullshit baked into a browser.
 

poorandunlucky

Well-Known Member

Thanks: 25
Messages: 359

#15
I find it funny that so-called, and self-styled "gurus" would complain about the addition of a social media feature to an XML renderer and HTTP1.1 handler that's now 200+ MB in source alone, and hogs about 200 MB of RAM per open tab...

I think you have more important things to deal with in regards to Firefox than the screenshot feature, if you want to deal with it alone.

Whatever happened to "If you don't like it, take it out of the source code." mentality, or spirit?

Where is it written that you could benefit from a browser for free? How do you think these free software things make money? By selling your data in big...

I just think it's ludicrous that someone would complain about a 1. free, and 2. open source software, that, even though it's the most convenient thing around, is 3. already so bloated that the addition of 4. animated GIFs templates in an integrated e-mail client wouldn't even change its absolutely ridiculous footprint!
 

sidetone

Aspiring Daemon

Thanks: 220
Messages: 779

#17
As much of my data from being hoovered up as possible.
It is unethical. Not now, but in the future it will be a threat to democracy. Companies will use such data to manipulate masses in a more efficient way. Facebook does it. Russia's government has used hacked information to do such.

Basic information that you think can't be used against you, actually can. It makes little difference if your conscience is clean. Many companies are here to sell to the highest bidder, not protect their users.

Who wants their information sold to an enemy of human rights or democracy? To a company that can't keep their credit card profiles safe? Who wants to get targeted simply for having an opinion that opposes a bad actor?
 

poorandunlucky

Well-Known Member

Thanks: 25
Messages: 359

#18
For or against me?

Why would strangers wish me any harm?

Why wouldn't i want tailor-made products? Why wouldn't i want to know of opportunities i may benefit from the most?

Why are 'saurs so paranoid?

You people just wish somebody cared....
 

ShelLuser

Daemon

Thanks: 806
Messages: 2,014

#19
If you think others are overdoing it when they want to protect their own privacy then you really don't have a clue as to what is going on in the real world.

It's not so much an issue of having something to hide or not, it's what the other party is going to do with all the data. It could be pretty harmless right now, but that is by no means a guarantee for the future. And it never hurts to be careful.

If you don't understand such simple concepts then this is a fruitless discussion up front.

Many Americans were having no problems getting registered and followed under the Obama administration. Then a new president came who had new ideas for using the required information and all of a sudden many Americans weren't so happy anymore. And that's just one out of many examples.

(edit)

For the record, I'm hardly paranoid but I too use ad blockers, a "stop social" plugin which blocks all known social media sites, I have Google analytics permanently in my browsers blacklist and on my FreeBSD desktop heavily utilize the NoScript plugin.

That last critter has helped me plenty of times when a known website was overrun by hackers. All of a sudden their javascript code popped up and I knew something was up. I wasn't suffering because... their stuff didn't execute in the first place.

That too is an issue of not blindly trusting anything you visit, not even known websites.
 

lebarondemerde

Aspiring Daemon

Thanks: 372
Messages: 983

#20
For the record, I'm hardly paranoid but I too use ad blockers, a "stop social" plugin which blocks all known social media sites, I have Google analytics permanently in my browsers blacklist and on my FreeBSD desktop heavily utilize the NoScript plugin.
You just forgot to say all that crap slow down all the browsing experience. A reasonable amount of wasted resources...

And, people making a lot of money on you and you earning nothing but just being used.
 

Trihexagonal

Aspiring Daemon

Thanks: 314
Messages: 738

#21
For the record, I'm hardly paranoid but I too use ad blockers, a "stop social" plugin which blocks all known social media sites, I have Google analytics permanently in my browsers blacklist and on my FreeBSD desktop heavily utilize the NoScript plugin.
I'm already on record as believing a little paranoia can be a good thing, but I do not think wanting to protect your data and taking steps to prevent it being harvested qualifies you as being paranoid.

However, if you've taken the time to educate yourself on browser exploits like XSS, JavaScript exploits, not to mention what run of the mill data collection websites, your ISP and other interested party can glean from your machine and it doesn't concern you, it should.
 

poorandunlucky

Well-Known Member

Thanks: 25
Messages: 359

#22
If you think others are overdoing it when they want to protect their own privacy then you really don't have a clue as to what is going on in the real world.

It's not so much an issue of having something to hide or not, it's what the other party is going to do with all the data. It could be pretty harmless right now, but that is by no means a guarantee for the future. And it never hurts to be careful.

If you don't understand such simple concepts then this is a fruitless discussion up front.

Many Americans were having no problems getting registered and followed under the Obama administration. Then a new president came who had new ideas for using the required information and all of a sudden many Americans weren't so happy anymore. And that's just one out of many examples.

(edit)

For the record, I'm hardly paranoid but I too use ad blockers, a "stop social" plugin which blocks all known social media sites, I have Google analytics permanently in my browsers blacklist and on my FreeBSD desktop heavily utilize the NoScript plugin.

That last critter has helped me plenty of times when a known website was overrun by hackers. All of a sudden their javascript code popped up and I knew something was up. I wasn't suffering because... their stuff didn't execute in the first place.

That too is an issue of not blindly trusting anything you visit, not even known websites.
That's very sensible and all, but my point is: What data?

What is there on your computer that could be of any use to anyone on this planet other than yourself, and maybe your significant other?

What would Russian terrorists do with your family photos, when they have millions of other people's family photos, too? Do you stand out enough from the crowd to attract these people's attention, and possible misdeeds? Is your data even meaningful in any sort of way in the first place?

What if I looked through your garbage for a month, and parked a van in front of your place with a laser at your windows, and a high-res camera wherever I can get a field of view...

What then?

Do you think anyone's going to give themselves the trouble to do that? Do you think it's worth it?

A good strategy in defense is to sit on the opposite end of the table, and in all likelihood, the solution you're going to come-up with is that no defense is the best defense, because you have nothing to defend, and defenses would only make people believe there might be something behind those doors, and so the best way to not have your doors knocked down is to install french doors (glass doors).

...

What about the backyard neighbors who could see the barbecue you took pictures of? Couldn't they have taken pictures of it, too? Or what about the girl you met on your holiday? Was she a spy trying to get your informashuns?

If you're unable to see how you're meaningless your stuff is among the 7,500,000,000 other people who have the same data you do on the internet, and how you flooding the internet with your meaningless information helps protect others, then this conversation is pointless.
 

poorandunlucky

Well-Known Member

Thanks: 25
Messages: 359

#24
Browser fingerprinting and tracking everything you do on the internet.
And what would I do with that data? Tell you what model of car probably suits you the most, saving you shopping time, and possibly disappointment? Keep you informed about what's important to you, and what interests you?

You assume people want to harm, or exploit you. What if they wanted to help you? What then?

Against even the remote possibility that someone wants to help you... is it worth "protecting your data" then? Assess the possibilities that someone would or even could use your information against you, against the possibility that sharing your information could be towards your benefit? Considering the effort, the mindset it puts you in, the constant fear, constantly being in a defensive stance, ...

Is it worth it?

Are you someone worth harming?

If you think you're worth harming, then you're going to protect yourself, and if you're worth harming, and I'm a vigilante, I'm going to be on to you... I'm going to perceive your defenses as a good clue that you have something to hide... and if you don't have anything to hide, then you're a decoy. You're statistically, and effectively, protecting the people who do have something to hide by offering them a crowd to blend into.

All my Facebook posts are public, there's my address, phone number, ... You can come to my place right now from my profile on here and it won't even take you 90 seconds to find out exactly where I live, and my phone number.

I have nothing to hide, and I don't have much going on in my life, either... If you want to hang out with me, you also know where I live, if you want to chat, you also have my number to exchange messages, and my Kik... If someone wants to be my friend, they also have many opportunities and avenues to choose from...

I have more chances to make a friend this way, than in keeping everything private... and a genuine friend, at that! No first impressions, everything's there... No masks, no lies, I'm not armed, I've done nothing wrong, I've got nothing to hide, and I'm ready and willing to face my life, myself, other people, and destiny.

Come at me(, bro).