Announcement

Collapse
No announcement yet.

Firefox 29 Beta Pulls In Many Features

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • smitty3268
    replied
    Originally posted by Ferdinand View Post
    https://areweslimyet.com/

    Where? I don't see it.
    I take it back.

    I am running a ton of tabs (multiple hundreds) and the memory use generally tends to hover around the same amount.

    However, i noticed that closing a few tabs i have brought the total back down to only about +5-10%, which is probably within the margin of error.

    So i think i just happened to have a few extra busy tabs open causing most of what i saw.

    Leave a comment:


  • Spittie
    replied
    Originally posted by Luke View Post
    [...]
    Thanks for the explanation, but you don't really have to explain all of this to me - I'm pretty much a tinfoiler too

    I was merely stating that it won't help much. Anyway, after reading the full bug report, it seems that plugins are still enumerable, just not all of them. navigator.plugins will just return common plugin (flash, java and quicktime, If I'm reading it right) instead of everything.

    Leave a comment:


  • Luke
    replied
    This means plugins should still be disabled except when actually used

    Originally posted by Spittie View Post
    Note that now sites can't enumerate (ie list) every plugin installed, but they still can query for specific plugins and their version. So this would help with fingerprinting only if you have some non-common plugin installed.
    I'd expect sites like panopticlick to just get an huge list of existing plugins. In fact, they probably have one already, since they can just get it from browsers that allow fingerprinting.

    https://bugzilla.mozilla.org/show_bug.cgi?id=757726
    Thanks for the update. There are certain other considerations in masking a browser: First of all, if you use the common tactic of having a browser report it is running under Windows, be sure not to allow ANY plugins and not to use Gstreamer for HTML5 video playback unless Firefox does not report how it plays back HTML5. I do not know if Firefox will identify the backend used for HTML5 playback right now, so I let it report that it is running under Linux. Torbrowser reports itself as Windows, the useragent comes up as matching that of one in 155 browsers. Firefox on Ubuntu by default comes up with a useragent string matching one in 885, still not very unique by itself, but there's a lot more information to worry about. Plugins, fonts, and HTTP accept headers are the worst culprits.

    Fonts are greatly reduced as a fingerprintable item when Java is not installed and Flash is kept disabled until it has to be used.

    The big problem right now is HTTP_ACCEPT Headers when Javascript is enabled. That alone can report 21 bits of identifying data out of about 30 needed to ID a browser as unique when Javascript is enabled! With NoScript blocking Javascript except when deliberately enabled, a random site for which it has not been enabled only gets 5-6 bits of identifying information.

    When I have direct reason to suspect fingerprinting (need to follow a link to Google, Youtube or Facebook), I use Torbrowser. After all, Google for years used IP addresses as their main cookieless tracking system to build unwanted Google search histories. A dynamic IP address will block that, but surely Google expects that in today's world of so many mobile devices, thus their controversial 2012 privacy policy that explicitly allows collecting "device information." Torbrowser is built to make fingerprinting sufficiently difficult that no nations's courts can admit it and nobody's "security" services effectively track users by browser fingerprint.

    Currently Torbrowser with javascript ON is coming up as one in 10,446, barely more unique that regular Firefox with Javascript OFF (one in 9,702).

    Leave a comment:


  • Spittie
    replied
    Originally posted by Luke View Post
    Preventing websites from being able to enumerate plugins denies malicious "browser fingerprinters" a key piece of information used to track you even after you toss your cookies and your Flash cookies. I've taken to keeping all plugins disabled and turning them on only to actually use them to limit fingerprintablity. I will test this against Panoptickick when Firefox 29 has been out long enough to prevent the useragent from coming up as rare.
    Note that now sites can't enumerate (ie list) every plugin installed, but they still can query for specific plugins and their version. So this would help with fingerprinting only if you have some non-common plugin installed.
    I'd expect sites like panopticlick to just get an huge list of existing plugins. In fact, they probably have one already, since they can just get it from browsers that allow fingerprinting.

    RESOLVED (cpeterson) in Core Graveyard - Plug-ins. Last updated 2022-05-16.

    Leave a comment:


  • Luke
    replied
    Blocking plugin enumeration is major plus

    Preventing websites from being able to enumerate plugins denies malicious "browser fingerprinters" a key piece of information used to track you even after you toss your cookies and your Flash cookies. I've taken to keeping all plugins disabled and turning them on only to actually use them to limit fingerprintablity. I will test this against Panoptickick when Firefox 29 has been out long enough to prevent the useragent from coming up as rare.

    Leave a comment:


  • Ericg
    replied
    Originally posted by JX8p View Post
    It's the fact that it breaks nearly every theme and customisation available, and many of them won't be getting the necessary rewrite.
    I know it doesn't break EVERY customisation available, because I used it the Australis Nightly with addons. But in regards to the theme... and? Anytime ANY piece of software that allows themes makes ANY changes it has the possibility to break existing themes. That's been known since forever, and Firefox is no different.

    If the theme is unmaintained then you had to know that eventually it would stop working, well now's that time.
    If the theme IS maintained then shame on the developer of that theme for not making an Australis version. This wasn't a big 'shock' change, this has been known about MONTHS and has been able to be played around with since last year. Hell, they even made special versions of the nightlies available last year that were current-nightly + australis so that those who were interested, and developers, could start playing around with it and figuring it out.

    Leave a comment:


  • Daktyl198
    replied
    Originally posted by JX8p View Post
    I don't believe people are upset about Australis for the new skin - after all, you can just change that, anyway, thanks to Classic Theme Restorer.

    It's the fact that it breaks nearly every theme and customisation available, and many of them won't be getting the necessary rewrite.
    Except that it does break ANY themes (it even makes most of them look better), and 99% of addons will work just fine (addons which targeted the add-on bar will be automatically placed next to the menu button).

    So no, people are just mad about the change. Many people don't like change.

    Leave a comment:


  • JX8p
    replied
    I don't believe people are upset about Australis for the new skin - after all, you can just change that, anyway, thanks to Classic Theme Restorer.

    It's the fact that it breaks nearly every theme and customisation available, and many of them won't be getting the necessary rewrite.

    Leave a comment:


  • randomizer
    replied
    I don't mind the look of it at first glance, except for the fact that the global menu is now where my bookmarks menu button has been since Firefox 2.0, and it's one of the things I can't move. It could do with less padding too.

    Leave a comment:


  • 89c51
    replied
    gst 1.0 comes in FF30 right?

    Leave a comment:

Working...
X