Firefox may have stored personal Twitter data in its cache
The message states:
Important information for Firefox users
We recently learned that the way Mozilla Firefox stores cached data from Twitter may have resulted in non-public information being inadvertently stored in the browser's cache. For example, if you downloaded your data using Firefox, the browser may have retained a copy of the download for a period of time. We have made changes to prevent this from happening again.
According to Twitter's notification, personal information such as downloaded data from Twitter or direct message, could have been cached by Firefox. While that is not a problem on a device with a single-user, information could have leaked on devices that are used by multiple users, e.g. on public Internet workstations.
Update: Mozilla published a technical analysis of the issue here.
Other users or administrators could find the data if they browsed the cache of the browser. Firefox's default caching period is set to 7 days but it is possible to change the retention in the browser's settings.
Twitter notes that it has made changes so that the data is no longer stored in Firefox's cache. Other browsers, non-Firefox-based browsers, are not affected by the issue according to Twitter. Other Firefox-based browsers may be affected by the issue on the other hand.
It is unclear if Firefox's caching may cause the same issue on other services. Betanews colleague Brian Faglioli asked Mozilla about this on Twitter and received a reply stating that the organization was looking into this.
It is a good practice to clear caches and other data after using public machines to access content on the Internet or work locally on a device. Some public workstations are configured to erase caches automatically when users sign-out. Firefox users may use the shortcut Ctrl-Shift-Del to clear the history of the browser.
> Betanews colleague Brian Faglioli asked Mozilla about this on Twitter and received a reply stating that the organization was looking into this.
This confirms that it is a Firefox bug, in fact. Good thing I am not using Firefox, “the browser which protects your privacy”. When will people learn?
@Iron Heart: +1
Woooooow, the cache is working as intended in Firefox? And we don’t like it?
WHOAAAAAAA, it must be a bug!
PS: For those too thick to get the sarcasm. The cache in Chrome is not working according to standards, whilst it is working fine in Firefox.
This is chrome with everything. I’ve ran into issues with CSS and other features trying to make personal websites over the years â€” reading up the bug reports they were basically closed as “we like it better this way”, even though every other browser handled them differently.
Like, Chrome devs just really do what they want with little regards to standards of any kind, push alternate features, and then shrug when people tell them “that’s not how it’s supposed to work”. They know they own the web. They really don’t want to give it up.
Not sure what you are complaining about exactly. Firefox has like, what… 5% market share (desktop and mobile combined)? Mozilla should be eternally grateful to Twitter for even supporting them at all at this point, after all they are pouring resources into making their website run on a niche product. That’s reality, my dude.
And in this particular case, Chromium protected people’s data better than Firefox did, objectively. The fact that Mozilla is “looking into this” is them accepting their blunder and hopefully fixing it in the interest of the minority still using FF.
Twitter ensured that the website runs correctly with the browser the vast majority of people use, they did their due diligence at this point. They found that a niche browser handles cache differently, have hinted at the issue, and the niche browser will fix the issue on their end. That is what will happen, and nothing else.
If you seriously have to ask what is wrong with chrome NOT ABIDING TO WEB STANDARDS then you simply won’t get it anyways.
Chromium is the browser everyone tests against. Like, only 5% of the overall Internet population still use Firefox (desktop and mobile combined). Be grateful that Twitter still even bothers. Quick reality check.
So they do not have to ABIDE TO STANDARDS?
Your moral compass is broken. You probably think politicians don’t have to abide to laws either.
“Standards”… Well, you know, it’s not like any browser follows the standards of the W3C to the letter, as far as I’m aware. The problem is not limited to Chromium. Chromium is the de facto standard by virtue of having 80% market share, all web developers test against Chromium. When a 5% market share browser like Firefox does it differently, then the likelihood of breakage increases of course.
And your politicians / law comparison does not hold much water. If anything, the standards of the W3C are recommendations / specifications more than anything, there is no legal obligation whatsoever to implement them exactly as the W3C describes them. And as I’ve said, no browser implements them 100% correctly, and therefore developers have to test against different browsers still. And behold, they tested against the 80% market share browser(s) primarily, not against the 5% market share browser. Color me surprised.
Mozilla are the most fraudulent and biggest con men in the browser industry. They just love to lie about how they care about the privacy of their users when everything around them is falling apart due to their own doing. And worst of all their existence is sponsored by Google and they pay for that sponsorship with their users’ private data that they love to lie how much they protect it.
Do you comprehend what a web standard is? Firefox behaves acvording to IANA, W3C, etc.
Why can’t chrome?
Chrome= google and who is complaining about FireFox and privacy… come on. Everyone that wants priv and uses Chrome as a standard browser and talks IT does not now what they are talking about. Plain & simple
Chrome isn’t Chromium isn’t Ungoogled Chromium.
Learn the differences and then return to me. Ungoogled Chromium is far more private than Firefox out of the box, Chrome is not.
your headline and article sounds like it was Firefox’ fault. But it was an incident from Twitter, see also: https://twitter.com/mike_conley/status/1245797292453609478 and https://twitter.com/EnglishMossop/status/1245802000958107648.
So it was clearly Twitter’s fault.
Please make this clear (and change the headline!). Thank you.
@Tom: if it was a Twitter fault, how come it was restricted to Firefox?
Did you read the tweets? Basically “the way Firefox stores cached data, which is by caching it normally unless we tell it otherwise, which [Twitter] did not do”. Chrome doesn’t follow standards and they didn’t “test” this on Firefox
Just click the links and read? It was explained. Many bugs affect only some and not all browsers. It doesn’t mean that it’s a browser bug at all. Especially since no browser implements all standards in the same way, there are hundreds of differences as everyone knows who is involved in web development. And seriously, the “bug” here is that the browser cache works. This is a really clear case of a web developer’s fault. I know what I’m talking about, I am a web developer since more than 20 years.
@Tom: in other words, Mozilla did not know that Twitter was doing this? As a web developed, do you think that is credible?
If Mozilla did not know, does that not put a serious question mark against their expertise and their capabilities? I mean, it is not as if Twitter is some dim app used by a handful of people.
And if Mozilla did know, why did they not take it up with Twitter? The fact that Twitter had to make this public knowledge makes me wonder about Mozilla’s skills.
correction @Tom: web developer. Sorry.
@Klaas Vaak: It this really so difficult for you to understand? Twitter did a mistake. Such things happen in reality. But it’s not Mozilla’s fault and Twitter announced it as it would be Mozilla’s fault – with success, you seem to believe it. Your question “Mozilla did not know that Twitter was doing this?” does not make sense at all. It’s not Mozilla’s job to know the code and errors of every website in the world. oO Really, keep serious. I don’t know which languages you speak, I am from Germany, so have a German reading recommendation: https://www.golem.de/news/twitter-security-nur-fuer-chrome-nutzer-danke-fuer-nichts-2004-147702.html If you don’t speak German maybe you can use a translation tool. Maybe it helps to understand the issue.
By the way: Even Twitter (!) clarified in a tweet later that it was NOT Mozilla’s but their fault (https://twitter.com/TwitterSupport/status/1245816197796507654).
In the same way that if I drive a BMW 750 at 300 km/h into a brick wall, it is not BMW’s fault.
Twitter users BTFO. LOL.
I’m sure the usual suspects will flame Firefox, but whatever.
Don’t use any social media, then you won’t be data mined.
@notanon: Twitter or Firefox and/or Firefox BTFO?
Objectively, we are talking about a Firefox bug here. That’s not a reason for flaming, but it sure is a point of valid criticism.
Even Twitter acknowleged: This is a Twitter-Bug, Firefox did nothing wrong.
I honestly don’t understand how anyone can be so “Fanboy” to insist, it must be “objectively” a Firefox-bug against all facts.
There are good reasons, that there are standards what a browsers should and should not do.
One standard says: If something is not save to cache, send a ‘no-store’. That simple.
Twitter did not.
In this case it is up to the browser to cache or not to cache. Chrome and Chrome-based, decided to not cache (because ‘Content-Disposition’ was sent), Firefox decided to cache.
But it is obvious the problem is: Twitter did not sent the correct header as specified.
Chromium is the de facto standard among web browsers, by virtue of having 80%+ market share. When a 5% market share browser like Firefox does things differently, then breakage / unpredictable behavior is to be expected. Of course Twitter prioritizes the browser nearly everyone uses in their testing, not the niche browser.
And as far as “standards” go, afaik no browser implements specifications 100% correctly, if that’s even possible, this problem is not limited to Chromium. There is also no legal obligation to adhere to the specification the W3C sets. In the real world, there are numerous differences between the different engines that require separate testing for each engine, and guess which engine is being prioritized here…
> Chromium is the de facto standard among web browsers
So your idea of the web is: Just do whatever Google dictates?
And guess what: Definitely does not justify not testing basic security features on a platform, millions of users are using.
> And as far as â€œstandardsâ€ go, afaik no browser implements specifications 100% correctly, if thatâ€™s even possible, this problem is not limited to Chromium.
You are still missing the point.
Both Chromium and Firefox implemented the specification correctly. But the specification says: Its up to the browser what to do if no cache information is explicitly specified.
I guess you are not a developer.
But as a developer I can say: It is common and basic knowledge, that you just don’t rely on undocumented, unspecified behavior that might change at any time. You just don’t. Especially if the correct solution is as easy as adding ‘no-cache’.
Both Twitter and Mozilla clearly stated: It is Twitters fault. So may I ask, what’s your mission?
> Chromium is the de facto standard among web browsers, by virtue of having 80%+ market share.
Still does not justify not testing basic security for millions of users.
Even more interesting: Your idea of the web is, just do what Google dictates?
> And as far as â€œstandardsâ€ go, afaik no browser implements specifications 100% correctly, if thatâ€™s even possible, this problem is not limited to Chromium.
You still don’t get it.
Both Chromium and Firefox made no mistake implementing the specification. But the specification says, it’s up to the browser what to do if no cache information specified.
And like every developer knows: You just don’t rely on unspecified, undocumented behavior, that might change at any time.
=> Adding ‘no-cache’ is the only correct solution.
Both Twitter and Mozilla stated, this is a Twitter-Bug. So may I ask, what’s your mission?
> So your idea of the web is: Just do whatever Google dictates?
No, please do not put words in my mouth. My idea is that the market has spoken, no matter who is the market leader. Chromium is what most people, obviously, want to use. That’s the situation if you remove all moralizing on your part. Software markets tend to develop into monopolies because they are oftentimes reliant on third party support, and it is inefficient to test against a 5% market share browser if your prior testing has already covered 95% of the browser market, especially with a company the size of Twitter. Developers, like any other human being, have no time to waste. Why do you think the desktop OS market is a de facto monopoly, and the mobile OS market is a duopoly bordering on monopoly? Because having a single platform to develop for is efficient.
And as you well know, my dear developer, Chromium isn’t “owned” by Google. It is open source software, anyone can contribute and fork the codebase if necessary. Google is just Chromium’s biggest contributor going by the number of commits, but other notable contributors are e.g. Microsoft, Opera, Samsung, Intel etc. Google owns Chrome as a major offshoot of Chromium, you certainly understand Chromium /= Chrome.
Please reduce the hyperbole a bit, objectively a Chromium monopoly (which we basically already have) is not too bad, since we are talking about an open source project here. That’s like saying Linux dominating the desktop market would be bad. Nobody would say this. Why? Because anyone can take the code and modify it to suit the needs of a specific subgroup of users, this is the case with Chromium as well. Nobody needs Firefox, it is just an open source project competing with another open source project. Nothing is lost if it fades away for good.
> Definitely does not justify not testing basic security features on a platform, millions of users are using.
It does. What is more likely: People switching to another browser once they see this message, or people deleting their Twitter account. Take a guess.
> It is common and basic knowledge, that you just donâ€™t rely on undocumented, unspecified behavior that might change at any time. You just donâ€™t.
This is long-standing behavior of Chromium, your assertion that it might “change at any time” notwithstanding. But yeah, many websites rely on even undocumented behavior, the harm of such a strategy is lessened by the fact that you will have covered 80% of the market anyway, or put bluntly, who cares if Firefox does it differently?
> Both Twitter and Mozilla stated, this is a Twitter-Bug.
The Twitter “bug” consisted of them targeting the browser 80% of the people have chosen to use. The 5% niche browser user base then started an uproar because their fading product behaves differently, and Twitter was forced to consider it in their testing process again. Fixed that for you.
> So may I ask, whatâ€™s your mission?
Why does everyone need to be on a “mission”? If I had to define a mission for myself, it would be to be realistic instead of a dreamer with utopia in my head.
Offtopic: Could someone please explain why above comment is only visible to me, if I use mobile user agent???
> No, please do not put words in my mouth.
It was a question. And this question still remains; please explain:
How does your opinion “every implementation that differs from chromium is a (potential) error” (or did I misunderstand something) not directly result in “Just do whatever Google dictates”.
> And as you well know, my dear developer, Chromium isnâ€™t â€œownedâ€ by Google. It is open source software, anyone can contribute and fork the codebase if necessary.
Doesn’t change the fact, you won’t add a single line to chromium (upstream) without Googles consent.
> Thatâ€™s like saying Linux dominating the desktop market would be bad.
Don’t dare to compare Linux to Chromium – just because of “Open Source”. Unlike Chromium, Linux development isn’t controlled by one company.
> Because anyone can take the code and modify it to suit the needs of a specific subgroup of users, this is the case with Chromium as well.
Till you actually modify something. And someone else notices: This Modification breaks XXX, because a bad developer based XXX on some undocumented behavior. Do you notice anything?
> But yeah, many websites rely on even undocumented behavior
Yes, I know, web development can be really, really bad.
> How does your opinion â€œevery implementation that differs from chromium is a (potential) errorâ€ (or did I misunderstand something) not directly result in â€œJust do whatever Google dictatesâ€.
I am just saying that most people prefer to use Chromium-based browsers. That’s why it is the primary testing target for web developers. If you implement things differently, having a market share of a mere 5%, breakage is to be expected. I am not moralizing here, try to use logic for once.
And again, Google is not in sole control of Chromium, they are in sole control of Chrome, which is an offshoot of Chromium.
> Doesnâ€™t change the fact, you wonâ€™t add a single line to chromium (upstream) without Googles consent.
Do you know what the “fork” button on GitHub is for? I’ll tell you: You fork the Chromium repository, and YOU are now in charge of the new repository. You can still pull changes from Chromium upstream just fine. There are many browsers using the Chromium codebase, among others MS Edge, Opera, Vivaldi, Brave. Google has no control over these browsers, nor can they decide which patches get accepted in their respective repos. These projects, on top of having a their own custom patches included permanently, also regularly contribute back to Chromium upstream. And yes, Google relies on others contributing, they are not stemming this alone.
It is true that there is currently no “hard fork” of Chromium, because no browser vendor had had a reason yet to hard-fork it. But there are definitely big contributors like Microsoft or Samsung which could hard-fork Chromium and take it into a different direction, if they wanted to.
The behavior you display here is the same I see with many Firefox fanboys here, they are desperate because their browser is not really worth using anymore, if you think about it. It is, sadly, a worse wannabe Chrome at this point. Powerful add-ons? Gutted. Customization? Gutted. Good privacy settings? Pathetically reduced. The only reason given to use Firefox these days is the “Google bad” meme (conveniently ignoring that Google funds Mozilla). But this gets reduced to ashes as well once you consider that Chromium is open source and is used as the base of many browsers.
> Donâ€™t dare to compare Linux to Chromium â€“ just because of â€œOpen Sourceâ€. Unlike Chromium, Linux development isnâ€™t controlled by one company.
Thanks for the laugh. Nice try to fool unsuspecting readers right there. For those who don’t know: Linux development depends on a small set of companies, within the Linux space there is basically an oligopoly. If the main teams behind Debian, Ubuntu, and Arch would shut down tomorrow, there wouldn’t be much movement in the Linux distro space anymore, since most distributions heavily rely on those teams doing their thing. Without them, they would shut down as well. And the Linux kernel development itself is happening much in the same manner Chromium is developed in, few big contributors essentially controlling it:
In this graph, if you reduce it to the “volunteers” section, the Linux kernel would be in a pathetic state in no time. And yes, this structure is extremely similar to how Chromium is developed, as I’ve already pointed out. Linux is fairly centralized as well, considering that most distributions stand on the shoulders of a few “giants”.
> Yes, I know, web development can be really, really bad.
Relying on long standing but undocumented features is not equivalent with bad output, despite you desperately trying to paint it this way. Is Twitter “bad quality”?
> Thatâ€™s why it is the primary testing target for web developers.
Interesting, you put it that way.
And yes, being “primary (!) testing target” is ok, if you have huge market share. But what you actually wrote: And again, Google is not in sole control of Chromium
They are. If you don’t believe me, try to contribute to chromium. First thing they will ask you? Sign CLA directly to Google.
What should you do next?
=> “Ensure the new entry is reviewed by a reviewer who works for Google.”
Yes, that’s what I call “full controll”.
> Do you know what the â€œforkâ€ button on GitHub is for?
I know and I am wondering why you are ignoring the part of my comment dealing with forks. (Hint: Starts with “Till you actually modify something.”).
I honestly don’t understand why you think I could think Chromium is incredible and utterly bad. Spoiler: I’m using Chromium-based browsers sometimes, too.
I’m just saying: The Chromium project is fully controlled by Google. And if you think everything, that not behaves exactly like Chromium (and yes, this includes any Hard-Fork of Chromium / Blink yet to come) – that’s just saying: Don’t give a change to anyone Google competitors.
> on a small set of companies, within the Linux space there is basically an oligopoly. If the main teams behind Debian, Ubuntu, and Arch would shut down tomorrow
Funny, that two of 3 distributions are purely community-based (Debian, Arch).
> Relying on long standing but undocumented features is not equivalent with bad output
“Features” – and that’s where you are wrong. This is no features, this is a implementation detail. And just work that way: If you don’t document an implementation detail, you may change it any time.
Guess, you are no developer, so might be hard for you to understand. Especially if you are just thinking of this small Caching-Implementation in a utterly complex software world.
You probably think “hey, it’s actually quite easy” and I understand. I too had to learn (the hard way), that it is necessary to control complexity by defining and documenting clear interfaces.
> Customization? Gutted.
If you’d see me using my firefox, you probably would ask me: “What’s this browser” ;).
> It is, sadly, a worse wannabe Chrome at this point.
Just saying, there is always technological progress.
And even though you won’t believe me for sure: but if you ask me, currently technological progress is strongly siding with Firefox.
While Chromium is till fully relying on C++ – a programming language from 1985 (the early days of modern computer science) with all these mistakes people made, when everything was quite new, Mozilla invested in the future. In particular: Rust.
By design: High performance especially with multi-threading beyond what is possible with C++ (which wasn’t even build with multi-threading in mind; will gain even more importance in future) and high security (lots of security issues we still see (Bufferoverflow, Heapoverflow, use after free, …) are impossible by default).
But only time will tell, how the browser marked will develop.
Third paragraph refers to:
> And again, Google is not in sole control of Chromium, they are in sole control of Chrome, which is an offshoot of Chromium.
> They are. If you donâ€™t believe me, try to contribute to chromium. First thing they will ask you? Sign CLA directly to Google. Yes, thatâ€™s what I call â€œfull controllâ€.
You are referring to Chromium upstream repo. This upstream repo was cloned a great many times and the other Chromium-based browsers maintain their own patch sets, while still pulling changes from upstream all the time. If your change isn’t accepted at Chromium upstream, others like Brave or Vivaldi might still accept it and add it to their own custom patch set. The beauty of open source. Google has no control over what code is being included in any Chromium derivative aside from Chrome. Deal with it.
For example, where can I find the Brave Shields code in Chromium upstream? Nowhere, but it still comes with Brave.
> Iâ€™m just saying: The Chromium project is fully controlled by Google. And if you think everything, that not behaves exactly like Chromium (and yes, this includes any Hard-Fork of Chromium / Blink yet to come) â€“ thatâ€™s just saying: Donâ€™t give a change to anyone Google competitors.
The thing is, if it ever becomes necessary to hard fork Chromium, then this means some change Google implemented before that was so nefarious and so hard to remove / circumvent that a costly project like a Chromium hard fork became necessary in the first place. Any such change would probably earn them my dislike as well, but that’s not the point. If a majority of people would still use Google’s version of Chromium, despite a hard fork existing, then I would have to accept that as the market situation, even though I would personally disapprove of it. What I personally like or believe in, and what the market actually does, doesn’t have to be aligned at all. You seem to confuse one with the other.
> Funny, that two of 3 distributions are purely community-based (Debian, Arch).
Yes, I believe that… not.
My point was not that Canonical is commercial while the teams behind Debian and Arch are not; my point was that most of the heavy lifting is done by these small teams, making Linux fairly centralized as well. The other distributions for the most part couldn’t stem this kind of development on their own and rely on the work of those entities. Not to mention that an oligopoly of mostly commercial companies is behind the very Linux kernel itself. You can tell the “Linux decentralized” fairy tale to people who would be likely to believe it.
> Guess, you are no developer,
I don’t remember gHacks having turned into Linkedin at some point. It’s not like we can display certificates and work experience here, we just have to believe in each other’s words here. I can’t check your qualifications here either, even if they do exist. What I am saying is, this is just not a place where anything like this can be seriously discussed.
> If youâ€™d see me using my firefox, you probably would ask me: â€œWhatâ€™s this browserâ€ ;).
Oh I know, userChrome.css, lol. Do you have enough time to waste to rewrite the CSS code every single time a new Firefox version hits? Or do you just use the Firefox ESR version to reduce the rewriting to once per year? In any case, userChrome.css is on the chopping block already, Chrome does not have it, so the Mozilla developers think Firefox shouldn’t have it, either. Have fun without it. And please do show me how you actually replicate e.g. Tab Mix Plus functionality with userChrome.css… I am waiting.
> And even though you wonâ€™t believe me for sure: but if you ask me, currently technological progress is strongly siding with Firefox.
And? If no miracle happens, i.e. if Mozilla doesn’t manage to invent features that make people return to Firefox, within the next 2 – 3 years, it will just fade away. Only 5% of the total Internet population still care about it as we speak, today. Unless they come up with something truly revolutionary, I think a turnaround is unlikely at this point.
And then, you mentioned Rust. Well, Brave rewrote its Brave Shields from C++ to Rust, claiming it to 70x faster than before. You know what, it was not perceptible. The human senses only reach so far, at some point you can’t tell the difference anymore and cease to care. That’s just reality. It’s certainly nice when extremely high performance is a necessary requirement, or as a proof of concept, but the general public won’t care unless there is a perceptible difference.
Mozilla also claimed the myriad of changes within its Quantum project would in summary surpass Chrome’s performance, and it didn’t happen. I’ll believe it when I see it. Maybe it did surpass it and it was just not perceptible, lol. So yeah, maybe the Rust language, which was not even under the top 20 most popular programming languages last time I checked, will be Mozilla’s most enduring legacy.
> If your change isnâ€™t accepted at Chromium upstream, others like Brave or Vivaldi might still accept it and add it to their own custom patch set. The beauty of open source.
You are saying: For example Brave or Vivaldi should modify Chromium-behavior (for example with my patch). And you are saying, anything that does not behave exactly like Chromium is bad.
Sorry, I honestly don’t understand how this two statements fit together.
And not to speak of our general disagreement, how to deal with 10th of Millions users – just saying, 5% market share => 5% of testing time would sound fair to me.
Well, I don’t see articles about blunders with Chromium-based browsers leaking the data of their users. Sure, Google wants to make Chrome decide what’s good for you by choosing not to download some things or not block all ads, but that can easily be circumvented by using a Chromium fork and there are dozens, if not hundreds oft them.
@SlimboyFat @Klaas Vaak
> Well, I donâ€™t see articles about blunders with Chromium-based browsers leaking the data of their users.
Like already wrote below; a simple Example:
I explain, you may eat the a cookie. It is a Chocolate cookie. Nobody expect you likes choco-cookies. So you are the only one who eats a cookie.
Suddenly I noticed, I was wrong. It is in fact forbidden to eat cookies.
And now you admit: Whole mess is your fault, because you are the only one who ate a cookie. Explicitly not my fault, because I gave wrong instructions. Your fault, since I don’t see reports from anyone else eating cookies.
Sorry, this argumentation is nonsense.
I completely disagree with the headline of this article as well as Twitter’s phrasing of their message. It’s pretty obvious that it had to do with the way Twitter programmed their site, and not a Firefox bug/”issue”.
@ShintoPlasm: so Twitter targeted Firefox users only, not users of any other browser? Doesn’t make sense.
I totally agree with the headline. You just have to use a modicum of common sense, I know it’s not something that’s abundant on the internet. If it were twitter’s bug why is it only ff that is affected?
> If it were twitterâ€™s bug why is it only ff that is affected?
Ok – Example. I tell you: You may eat the cookie (or you may not eat the cookie).
ShintoPlasm didn’t eat the cookie. You ate the cookie.
Then I notice: Oh, anyway: Wasn’t OK to eat the cookie.
Problem obvious isn’t me (because I made false instructions) but YOU because you are the only one affected (only one who ate the cookie).
Obviously not. And something quite similar happened:
Twitter-Bug: Twitter did not sent ‘no-cache’ – like one should if something should not be cached.
Specified behavior if you don’t sent ‘no-cache’: It is up to the browser whether to cache or not to cache.
Both Firefox (Cache) and Chrome (Not Cache) did nothing wrong.
Issue obviously is, that Twitter sent the wrong header.
The comment section is turning into 4chan. Why are these resident trolls not being banned for good?
Martin Brinkmann should ban you first. Let’s see how you like free speech being impaired once it hits YOU. Nothing more to add.
Interesting how the biggest troll instantly jumps me. Dog whistle..
Mere disagreement = trolling, these days. Don’t care what you say. At least I am upholding free speech, how about you?
This is a European website, free speech doesn’t cover your constant insults,
as opposed to the U.S. idea of “free” speech.
I see myself out. See you in the next Firefox article. Spouting YOUR hate.
1. Please explain what you mean by “insults”.
2. Please explain how excoriation of an app amounts to “insults”.
Exactly. I didn’t insult anyone here, and in general, if I do lose my countenance (hey, it happens to all of us), it’s because others have totally lost theirs before. I do not aim at insulting people, provided they do show me the same kind of respect.
Also, did you notice how @S.Warg implicitly admitted that “Europe” (whichever of the myriad of countries he actually means) is less democratic than the US? Nice detail, lol.
@Iron Heart: I agree that anyone can lose his countenance. In fact, reading the comments fired at you sometimes, I wonder how you manage to keep your calm when I would have fired my verbal missiles back.
As for the free speech bit, no, I had not picked up that subtle detail. And you know what? He hadn’t either ;-) Anyway, thanks for pointing that out.
Your posts here have become obsessed and obsessive-compulsive. You have some serious issues.
As much as I agree with you about the questionable things of Firefox, you’re behaving outrageous and abusing Martin’s good will regarding censorship.
I am furiously against censorship, but in this case you must be censored for the greater good. The world is not revolving around you.
You have no right to keep on abusing and ruining a decent website.
@ Martin: please block this person. Otherwise ghacks net will become a place like Palemoons forums and people will leave ghacks net.
My post is of course @Iron Heart
What I say can be easily verified, research it yourself if you don’t believe me. Apart from that, I think how I go about it is largely my business, much as it is my business how often I repeat myself if I feel that it’s necessary.
If you don’t like my comments, may I suggest that you skip them and proceed to read the others? That would be the easier solution as compared to reading them in an “obsessive-compulsive manner”, and then complaining about me and demanding, well, censorship. Which is not upon you to decide anyway.
Martin Brinkmann doesn’t ban people based on mere disagreement, as I have pointed out many times before. He needs an actual reason to block someone, maybe some kind of incitement of violence or blatant racism, political extremism or something, categories in which my posts about a browser(!) definitely do not belong. Short of that he does not censor stuff and I think that is highly honorable and well-reasoned behavior on his part, this guarantees a maximum, but still reasonable, freedom of opinion for ALL involved parties, not just me.
And last but not least, I do think that my posts are necessary. Why? Because they provide some balance here, which is urgently needed, seeing how people are quick to defend Mozilla and bash everything else out there, be it reasonable criticism or not. These people are the majority here, and they will terrorize those who hold a minority opinion (read: those who do not buy into their narrative). As long as these people are here, I won’t leave voluntarily, or blatantly said, if they are allowed to spread their opinion, the opinion balancing theirs out must be allowed, as well. Anything else would be hypocrisy. Do I say that you belong to these people? Nope, you might disagree with my posts for other reasons, and if that’s the case, feel free to skip them for good.
“If you donâ€™t like my comments, may I suggest that you skip them and proceed to read the others? ”
THAT is impossilbe when you post so many long winded comments, many of which are off topic.
I notice that you, Klaak Vaak, and other anti FF fanatics never comment on articles about Chrome and Brave and their predilection for slurping user data. As soon as Martin posts an article about FF, in you jump with your comments.
It would be excellent if other posters could make comments without being attacked for using FF.
MARTIN PLEASE NOTE !!
1. Why should I criticise a browser I am happy with? Incidentally, not that is any of your business, but I do not use Chrome. I am not an anti-FF fanatic, I just got disappointed twice by the browser for 2 different sets of reasons, and when I see something to criticise I do. When I see something to criticise about Chrome I do; I stopped using it years ago because of its non-existent privacy.
2. If you are unable to avoid the long-winded comments, may I suggest you try to destroy them with decent arguments? In the absence of those I can only conclude that you cannot, that you feel frustrated by the facts you are presented with, and therefore you now take Martin for a fool by trying to abuse his attitude towards free speech. Censorship is only propagated by those cannot stand reality.
I don’t know about IH, but as far as I am concerned I will continue commenting as before. I do have some good news for you though: you have a choice of 2 options, it’s called Take it or Leave it.
@ Iron Heart / KlaasVaak
I started to read your comments but I …… Yawn ZZZZZZZZZZ
@ Gary D: yep, a typical reaction of someone who is unable to formulate counter-arguments. Sleep well.
“Anti-Firefox fanatics”, I doubt that @Klaas Vaak is one, and I am neither. Based on verifiable facts, I criticize that Mozilla claims to protect privacy while doing the exact opposite. As does @Klaas Vaak, if you care to actually read and understand his comment.
As for Brave stealing user data, citation needed. A study recently found Brave to be the most private browser out of the box, out of all the ones tested. Yes, it’s also more private than Firefox out of the box. So if Brave “steals user data”, I don’t know what Firefox does in this case then?
If Google Chrome (Chrome /= Chromium) should do something user-hostile, I will argue against such behavior as well of course. However, there are two reasons why comments of mine criticizing Chrome do not appear as often:
1) Google does not pretend that Chrome is in any shape or form a pro-privacy browser. Contrary to Mozilla, they do not advertise themselves as the good guys while doing the opposite. The way Mozilla markets Firefox warrants a discussion of its privacy level, especially since people still have illusions regarding this aspect of Firefox.
2) It is widely known that Chrome disrespects user privacy, that is not exactly news. Why should gHacks publish articles about new anti-privacy stuff when you never had, nor were ever promised, any privacy in Chrome? Referring back to (1), Chrome was never advertised as privacy-respecting for this very reason.
> It would be excellent if other posters could make comments without being attacked for using FF. MARTIN PLEASE NOTE !!
The world is no guaranteed safe haven free from any sort of disagreement, but anyway. I usually post my own comment separate from other comments, anyone is free to ignore what I write (and with some people I would even prefer being ignored), but I always get attacked with useless ad hominem “arguments” for whatever reason.
And as I’ve said, appealing to @Martin Brinkmann won’t prove very effective. I doubt that he will censor opinions based on mere disagreement, he most likely won’t sink to this level just because Gary D & Co. demand it.
:Sebas: is it? I thought it was addressed to yourself.
Yes, Iron Heart has serious issues. He’s a fanatic with delusions of grandeur, but his opinions on Firefox or Brave are irrelevant for me and, i suspect, many others here who just don’t bother to feed him anymore. Just ignore him, like most already do.
Ironically, you are doing the very thing @S.Warg falsely accuses me of doing: Insulting people. I mean, this…
> Iron Heart has serious issues. Heâ€™s a fanatic with delusions of grandeur
…is clearly insulting, you are saying that I am not quite right in the head. Your post deserves more attention from wannabe censors than anything I have written so far, but I believe that it will be totally fine. Why? Because of the hypocrisy of the people accusing me of trolling (read: who are mad at the fact that I disagree with their narrative, which is why they really want to censor me).
Er no we don’t ignore, his/her comments are well researched and appreciated, not as if the few remaining original Firefox ‘community’ aren’t fully aware of MozCo’s sins AND history.
@Sebas: at the risk of getting accused of being IH’s lapdog (which I don’t care about anyway), can you please explain why you call IH “obsessive” and “obsessive-compulsive”?
From what I have seen in his comments he defends Brave when he feels half-truths or lies are spewed about the app. I don’t use the app for various reasons but don’t mind someone defending it vigorously, like I don’t mind someone defending Firefox vigorously, despite the fact that I dropped it because of its increasingly nefarious activities to incorporate telemetry which the users then has to block in the “about:config” settings.
I don’t have stats at hand but I’d wager that those vigorously defending Firefox are more numerous than those vigorously defending Brave; the latter group may well consist of 1.
So, please explain too why you feel censorship is good when someone does not conform to your standards.
@klaas vaak Falsifying my post and then expect me to answer. Won’t happen. Learn to read properly.
@Sebas: asking for an explanation of your own, Sebas’s, comments is falsifying them? Well now, that is a truly new description of falsification. May I suggest you consult a dictionary because you need it desperately?
In any case, thanks for confirming that you completely unable to formulate sensible counter-arguments against IH’s comments nor against mine; why, you cannot even provide sensible arguments to back up your own claims.
There is a word for your kind of behaviour but I shan’t get into that so as not to stoop to the kind of forum pollution you engage in.
@ Klaas Vaak (Klaas Often) a.k.a. Klaas Veel Te Vaak (Klaas Much Too Often)
Doorzichtig verdraaien van mijn post net zolang tot die in jouw straatje past.
Lezen is een kunst, interpreteren is een kunst en het formulieren van een goed en integer antwoord, zonder verdraaien en een Argumentum ad hominem te gebruiken, is ook een kunst. Je bent voor alle drie gezakt.
For English readers: Klaas Vaak is twisting my post in order for him to be able to spit out disingenuous reactions to it.
Eventually Klaas Vaak is trying to get me to polluting ghacks net too, but it won’t happen.
I apologize to Martin and all the good people here and promise it will be the last time regarding KMTO. End of discussion.
@Sebas, a.k.a. “99”: you obviously have not consulted the dictionary yet. Asking for an explanation is not the same as falsifying. “Interpretating” a request like that, THAT IS falsification. Sorry baby, back to the drawing board.
@Sebas, a.k.a. â€œ99â€
Stop bullshitting around with my nickname!
No you are fully FOR censorship, as are MozCo and their like.
I guess the 7 users out of 100 are ‘saving the web’, the other 93 sick of the nonsense.
@Edge just passed Fx.
Many 4chan users love gHacks.
This comment section is far better than echo chambers such as Reddit and Hacker News.
browser.cache.* set to false. Done.
Never used Twitter. Never want to.
Who actually wants to be a twit?
@Kincaid: well put, +1.
Do some research before you publish stuff like that.
It’s completely Twitters fault for being really bad web developers. FF has nothing to do with it really, they just coded they crap with non-standard Chrome stuff and FF – adhering to web standards – did not follow the Chrome hacks.
I mean twitter is garbage, but so is moxilla and firefox. They deserve each other, and their users.
Chromium Master Race
And a big old “Roman Salute” to our Chromium Masters…..+1
When are we going to see the standard Mozilla oops, sorry, we screwed up and honest to god we really really won’t do it again line…..again.
@Stan: careful now, criticising Firefox and Mozilla is not appreciated by some, so you may well get accused of all sorts.
This is exactly why Off By One is my browser.
Hey guys, this seems to be quite a common theme here with Firefox. Can I just point out that it’s open source – feel free to correct the code you don’t like and submit bug reports.
Chromium is the same – the only difference is it takes a day to compile unlike Firefox which is around an hour.
I’ll keep an eye out for your submissions. Thanks.
Sites copy-pasting the same story without anyone bothering to do the extra job of explaining where the problem comes from.
First Twitter says it so that it looks like it’s Firefox’s fault, then some say no it’s Twitter and Chrome who are not standard, then according to a Mozilla employee “The spec is ambiguous on caching in this case. Blink and WebKit do not cache while Gecko does.” (https://old.reddit.com/r/firefox/comments/fts58a/so_whats_this_all_about/fm9smpq/) so that it may be nobody’s fault except maybe a standard that shouldn’t be ambiguous on sensitive matters, sounds curious, and there they talk about some header causing the ambiguity, but nobody can tell which header, which is kind of central to understand the problem. Not interested enough to go on searching.
It is a good idea to obliterate the caches on occasion, regardless of browser.
Find them under appdata/local/ or ~/.cache
I use Firefox on all my devices and this is a beat up against Firefox. I agree that platforms like Twitter and Facebook and the many others are a threat to users privacy. I don’t care what browser you support.
It is expected that the shills will always try to bring down Mozilla. Move on.
Nice article Martin.
Like always your reporting is cutting edge!
Does anybody know or the version update number to 74.0.1 from today did take care of this Twitter data in its cache problem?
No it didn’t,it was just some security fixes.You just clear it yourself & regularly like everyday.
I have Firefox history and offline website data deleted
I have configurated that all data (Like cookies, search history, etc..) is automatically deleted when I close a tab and again when the browser is closed.
But I will try to figure or I really have everything purged when the browser is closing.
Ok neither Firefox nor other browsers did anything wrong or against standards here, purely Twitter’s fault:
“caching is complicated and each browser behaves somewhat differently; with the particular way that Twitter had their site set up, Chrome, Safari, and Edge donâ€™t cache this data but Firefox will. Itâ€™s not that weâ€™re right and theyâ€™re wrong. Itâ€™s just a normal difference in browser behavior. There is a standard way to ensure that data isnâ€™t cached, but until recently Twitter didnâ€™t use it, so they were just dependent on non-standard behavior on some browsers.”
Twitter is sorry – https://privacy.twitter.com/en/blog/2020/data-cache-firefox
Twitter wants you to know that they are sorry and please don’t let this interfere with their Data Collection on you. Trust them and continue to use their services.
Social networks are intrinsically non private just as water is intrinsically wet, and yet folks actually expect privacy! Social networks use the busybody business model for their major revenue stream and as such privacy is only a dream and the only true way to protect one’s privacy on any social network is to avoid any and all social networks.
So even if your private info is not leaked into some cache via improper software methods vetting/checking the ad folks will still get what they want at the price that you pay for some “free” social network that’s only really there to harvest that personal info and sell that for revenue producing purposes. That metrics collecting includes all of your habits and likes and dislikes and other habits that can be analyzed to produce a personality profile as thoroughly complete as needed.
FakeBo0k n’ Tweeterbird = where narcissist’s
are ‘livin the dream’
Twitter’s statement is one of the greasiest PR exercises I’ve seen in a while. Twitter writes:
“We recently learned that the way Mozilla Firefox stores cached data from Twitter may have resulted in non-public information being inadvertently stored in the browser’s cache.”
This should be translated as:
“We recently learned that we didnâ€™t properly understand how Firefox caches data and this resulted in private information being inadvertently stored in the browser’s cache.”
(I love how they can’t even say “private”. Everything to deflect and obscure the reality of the situation!).
I may not like the direction firefox has headed or the management of a once fine browser and more importantly COMMUNITY but Chrome is absolutely no better. There was a stage where Internet Explorer had the largest marketshare also and it was not any better at all.
Twitter has admitted fault in all of this so why its being debated so fiercely is beyond me.
Ungoogle Chrome is like using a fork of Firefox so you are essentially making a statement that you do not trust Chrome in of itself so anyone attempting to take some sort of moral highground is just making a fool of themselves.
Chrome or ungoogled chrome isn’t for everybody. For me its about the absolutely terrible community, worthless and poorly curated extension/addon site and horrendous tab management options.
Firefox was the browser to have because it was originally designed as somewhat of canvas for people to utilize the powerful extension system to allow virtually anything and anyone to build the browser of their liking.
Chrome will never have such a platform nor will it ever have the community that Mozilla once had.