Here is what is new and changed in Firefox 86.0
Mozilla released Firefox 86.0 Stable and Firefox 78.8 ESR to the public on February 23, 2021. The new versions of the browser are already available as direct downloads from the Mozilla website and as in-browser updates.
All development versions of Firefox are updated as well around the same time. Firefox Beta and Firefox Developer are moved to version 87, Firefox Nightly to version 88, and Firefox Android to 86.0 as it follows the stable channel's versioning.
You can check out the Firefox 85.0 release overview in case you want to take a look at it.
Executive Summary
- Firefox 86.0 introduces a new privacy feature called Total Cookie Protection.
- Firefox 85 and Firefox 78.7 fix security issues. The highest severity rating is high (second-highest after critical).
Firefox 86.0 download and update
Firefox 86.0 is available by the time this article is published. Firefox users may select Menu > Help > About Firefox to check the installed version and run a manual check for updates. Unless deactivated, updates will be pushed automatically to Firefox installations.
Manual downloads are also available. The following pages list direct downloads for supported Firefox channels.
- Firefox Stable download
- Firefox Beta download
- Nightly download
- Firefox ESR download
- Firefox for Android on Google Play
New features and improvements
Multiple picture-in-picture windows
Firefox users may open multiple picture-in-picture windows in the new release instead of just one. Each stream needs to be opened in its own tab in the browser, and the actual picture-in-picture windows may be moved around to view them all at once.
While it is not a mass-market appeal feature, it is useful for certain scenarios, such as following multiple matches on match day, or watching an event unfold through different camera perspectives.
You can check out our full review of Firefox's multi picture-in-picture feature here.
Total Cookie Protection
Total Cookie Protection is a new privacy feature designed to separate cookie data by website. Each site gets its own cookie storage and that means that access is restricted and not shared across all Internet sites.
Mozilla notes that it decided to make exceptions for non-tracking cookies that are cross-site that are needed, e.g. for sign-in purposes on sites. The organization notes:
Only when Total Cookie Protection detects that you intend to use a provider, will it give that provider permission to use a cross-site cookie specifically for the site you’re currently visiting
The new feature is enabled automatically when you enable the strict mode of Firefox's Enhanced Tracking Protection feature. Firefox users who want to try the new option may point their browser to about:preferences#privacy to set the Enhanced Tracking Protection preference to Strict on the page.
Mozilla introduced network partioning in Firefox 85, another privacy feature.
Other changes
- Print functionality offers better integration with the operating system's printer settings and a "cleaner design.
- Canadian Firefox users may now use credit card management and auto-fill automatically, as it is enabled by default. Users who don't want that can turn it off under Menu > Options > Privacy & Security > Autofill credit cards.
- Performance and stability improvements by using the GPU process for canvas drawing and WebGL drawing.
- Reader Mode works on local HTML pages.
- Various Screen Reader improvements and improved link color contrast in Reader View.
- Improved security by consolidating all video decoding in the new RDD process.
- Linux and Android users are protected against stack clash attacks thanks to implemented mitigations.
Firefox for Android
Firefox 86.0 for Android's release notes are now available. The browser supports Total Cookie Protection in strict mode just like the desktop version of the browser.
Other than that, it does include security fixes and a mitigation against the stack clash attack on Android.
Developer Changes
- DTLS 1.0 is no longer supported for for establishing WebRTC's PeerConnections. The new minimum version is DTLS 1.2.
- Improvements to the Tabs permission for extension developers (tab URL, title and favicon no longer require the tabs permission for host permissions for tabs.
- New experimental base content security policy landed behind a flag that disallows remove code execution in extensions.
- extensions.webextensions.tabhide.enabled has been removed because the tabs hiding API is enabled by default.
- Windows.name is reset to an empty string if a tab loads a page from a different domain to prevent the new tab from accessing information that previous tabs might have stored.
- Basic AVIF support is enabled. Some features, animated images and colorspace support, are still in development. (appears to have been postponed)
- Developer Tools Toolbox shows the number of errors on a page.
Known Issues
- The release notes list no known issues.
Security updates / fixes
Security updates are revealed after the official release of the web browser. You find the information published here after release.
Outlook
Firefox 87.0 will be released on March 23, 2021 according to the Firefox release schedule.
Recently Reviewed Firefox extensions
- Manage browser tabs efficiently with open source TabMerger extension
- Manage windows, and move tabs between them quickly with the Winger extension for Firefox
- Read pages in a distraction-free mode, print or save them with the Reader View extension for Firefox and Chrome
- Write notes in a new tab and save them locally with the TextNotes extension for Firefox
Recent Firefox news and tips
- Another glimpse at Firefox's upcoming Proton design refresh: the new menu
- Firefox 89's user interface will be leaner and less convoluted
- Firefox Top Sites to be renamed to Shortcuts. New Design launches in Nightly
- Mozilla Firefox gets open to display modified preferences only on about:config
- Mozilla retires Firefox Voice and Voice Fill extensions
Additional information / sources
- Firefox 86 release notes
- Add-on compatibility for Firefox 86
- Firefox 86 for Developers
- Firefox for Enterprise 86 - release notes
- Firefox Security Advisories
- Firefox Release Schedule
I am not going to update it bc he is right https://www.dedoimedo.com/computers/firefox-proton-early-review.html Who do they think they are! Give in stead people the options and f*ck off bc it is the best browser out there bc of the 3party extensions and that you can make the UI like you want. Chrome is to strict and that but most people that hate Firefox have no idea what they are missing and how to handle this beast but not with that new UI design…
Personally I accept the benefit of the upgraded security arrangements, however!
My browser is used solely for browsing and research, I watch minimal video, and whether it’s in VGA, 720 or whatever it makes no odds! We have HD channels on the TV but don’t use them as we just don’t see the need!
My biggest niggle so far with 86 is the new print interface, it doesn’t ‘interface’ with my mac Mini (High Sierra) as well as the previous interface did, and I can no longer change the print quality, it is permanently on best!
What worries me more though is updates that cause more problems than they are worth, a recent Thunderbird update wiped all my emails (6 accounts!) and 3 address books, luckily I had a backup of the address books, but some of the older emails are gone for good!
some of us don’t need these constant tweaks, but we are told they will make things run more smoothly and give us more options, question is how many of us actually benefit! How many actually make use of all the bells and whistles, and then there is the older generation and those that are not so tech savvy, they find the changes just cause confusion, and push them to just not use it!
AMD GPU(570 +5700XT on another PC) + FIREFOX = no problems.
Please stop misinforming the community or try fixing your machines.
If you have an AMD GPU, you will notice that Firefox has “hardware acceleration on” by default. This cause a lot of random crashes for me while browsing Youtube. I am using latest AMD drivers and this issue only happens in Firefox, so it’s a Firefox problem in my opinion. If you don’t have any problem, you are a lucky user, what more I can tell you? There are a lot of sites talking about this problem, for example: https://community.amd.com/t5/graphics/5700xt-bsod-crashing-with-browser-hardware-decode-75hz-bug/m-p/45473
dude… it more about efficiently rather than how it perform in your badass pc…
or compare it with chromium at least..
@Martin: AVIF support is *not* enabled in the stable release Firefox 86.
Thanks!
AMD GPU + Firefox = crash. No problem with Edge Chromium, Chrome, Vivaldi nor Opera. :[
Firefox is like a zombie, it hasn’t realized yet that its dead.
Indeed, it’s at about 3.5% market…
> Mozilla released Firefox 86.0 Stable and Firefox 78.8 ESR to the public on February 23, 2021.
For this reason, the following products that use “Firefox 78.8 ESR” as a platform have also been updated.
Tor Browser 10.0.12 (based on Mozilla Firefox 78.8.0esr) (64-bit)
https://blog.torproject.org/new-release-tor-browser-10012
Release Date
February 23 2021
For the most up-to-date information about this release, visit our website.
Release Notes
* Windows + OS X + Linux
* Update Firefox to 78.8.0esr
* Update NoScript to 11.2.2
* Update Openssl to 1.1.1j
* Update Tor to 0.4.5.6
* Bug 40026: Create survey banner on about:tor for desktop [torbutton]
* Bug 40287: Switch DDG search from POST to GET [tor-browser]
Thunderbird 78.8.0
https://www.thunderbird.net/en-US/thunderbird/78.8.0/releasenotes/
Version 78.8.0, first offered to channel users on February 23, 2021
However, the version of Waterfox Third Generation (Waterfox G3.x) for “78.8.0” has not been released yet. (It will be released in the not too distant day, I think so.)
Current latest version:
Waterfox G3.1.0
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0 Waterfox/78.7.0
https://www.waterfox.net/blog/
Waterfox G3.1.0 – Third Generation Release
February 12, 2021
Waterfox G3.1.1 has been released based on 78.8
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0 Waterfox/78.8.0
https://www.waterfox.net/blog/
Waterfox G3.1.1 – Third Generation Release
February 24, 2021
Does anyone know that website that checks for cookie isolation?
It told you if they could detect if you visited certain websites.
Wow, a great improvement to rendering, I like it. I use on my personal site some intensive css adjustments for making all my fonts look more precise and I use better image scaling than auto for all the images (and i have a lot and they big but compressed – it usually not recommended as its heavy on low end devices (but still, as a photographer – quality first) I immediately notice an instant loading of the images and fonts faster than ever. And BTW my firefox set to not keep cache at all (all in RAM). So it’s a fresh lunch. (unlike chromium-based browsers than even after you clean all history, you can find hundreds of MB of cache in Ccleaner.). of course the privacy features are great and also it useful for me the multiple PIP (two for the most i believe). BTW, if you care about these css adjustments for your own site– look for: image-rendering: high-quality; / text-rendering: geometricPrecision;.
Better Spelling Checker is really needed in Firefox with context sensitive spelling enabled for Folks with Dyslexia and Aphasia! My Attempts at spelling can oftentimes totally stump FF’s builtin spell checker and even Google’s AI. And Google’s AI has me blacklisted as some sort of suspicious bot, so numerous are my tries at spelling until I can get the correct spelling for the correct word to show up in a Google search.
So just about every time I have to use Google’s Search I have to solve a recaptcha to attempt a spelling/definition search! Folks with Dyslexia and Aphasia have it really bad on Firefox’s current spelling solution that’s also not really good for US English Spelling that’s for sure!
Boo effen hoo.
Do Firefox containers still offer any value now that newer versions of Firefox offer network partitioning and cookie protection?
I don’t understand the distinctions and hope someone can clarify.
Thanks
Containers do allow you to have multiple user accounts on the same site, so there’s that.
On Firefox Nightly, Total Cookie Protection is enabled on Standard mode as well.
You can test this by logging into Dropbox and then accessing https://privacy.net/analyzer/ with uBlock Origin disabled. On user account tests nothing should show up. Disabling the setting will cause dropbox to show up.
This is a feature that to the best of my knowledge, no Chromium based browser has, so good on Mozilla for doing this.
“This is a feature that to the best of my knowledge, no Chromium based browser has, so good on Mozilla for doing this.”
On the other hand, even Microsoft and Apple browsers already have some form of tracking protection, although I’m not sure where those are currently for this specific first-party isolation part :
https://www.cookiestatus.com/
and as Mozilla writes, “We also want to acknowledge past and ongoing work by colleagues in the Brave, Chrome, and Safari teams to develop state partitioning in their own browsers.”, which means that this may even come to Chrome soon.
So that’s not really the lone Mozilla knight fighting the biggest evil corps, that’s just the trend set by the biggest evil corps that Mozilla follows too.
@Anonymous
> So that’s not really the lone Mozilla knight fighting the biggest evil corps, that’s just the trend set by the biggest evil corps that Mozilla follows too.
Exactly, it’s literally a cross browser development. Mozilla wouldn’t do it if Google and Apple were not doing it as well. Safari already has isolation of local data since 2013 (ongoing effort):
https://webkit.org/tracking-prevention/
That is nothing new or exciting, and Mozilla didn’t invent it, either. When I was pointing that out some time ago, I got under attack by the usual suspects, so I won’t further comment on it.
Firefox is now beating Edge in speedometer testing.
Firefox 106 – Edge 84.1
I’ve not seen FF win before, let alone by that margin. Wonder if offloading to the GPU has helped a lot?
(Clean profiles, same results after 2 separate runs).
Firefox 86 is installed.
– Multiple picture-in-picture windows : I don’t use pIp at all.
– Performance and stability improvements by using the GPU process for canvas drawing and WebGL drawing : I notice the improvement, especially on a modest computer (a 100$ increase is more noticeable on low salaries). Google Maps & its Street View are definitely swifter, for instance.
– Reader Mode on local html pages : I have several, pleasant to have them easier on the eyes.
– Total Cookie Protection : basically a good thing. For those of us using ‘First Party Isolation (privacy.firstparty.isolate = true) they’ll notice in Firefox’s option a notice stating ‘You are using First Party Isolation (FPI), which overrides some of Firefox’s cookie settings.’ which was predictable but nice that Firefox acknowledges it.
Plus the security. All running fine. Firefox getting better practically version after version.
Firefox getting worse practically version after version.
Good thing I used the word “practically” :=)
@Max, @gerry, @S,
I’ve always used Firefox’s FPI (First Party Isolation) and I admit I’ve maybe exaggeratedly presumed it was an advanced feature originated by Tor and that consequently it was “the” reference that should prevail.
Your questionings made me wonder. I’m not so sure anymore, I need experts’ knowledge.
I’ve searched the Web for : Firefox “Total Cookie Protection” & “First Party Isolation”
I share here two articles/comments :
Firefox 86 Introduces Total Cookie Protection – Mozilla Security Blog
[https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/]
—
“Total Cookie Protection is an evolution of the First-Party-Isolation feature, a privacy protection that is shipped in Tor Browser. We are thankful to the Tor Project for that close collaboration.”
—————————————-
How do I enable total cookie protection? : firefox
[https://teddit.net/r/firefox/comments/lr5e92/how_do_i_enable_total_cookie_protection/]
—
“From what I understand,TCP is the same or perhaps better than FPI and also has some built-in guards to prevent site breakage. To use it, you have to enable ETP Strict mode.”
—————————————-
I’m on the road to find more in-depth explanations.
@S,
> Do you know if the new cookie protection works when Enhanced Tracking Protection is set to Custom?
Good question, arose in my mind and vanished when I was in the process of having ‘First party Isolation’ prevail on ‘Total Cookie Protection”. Should I switch from the former to the latter that i’d ask myself the question, again. My first opinion is that ‘Total Cookie Protection’ is independent of a customized ‘Enhanced Tracking Protection’, anyway as far as cookie behavior is concerned : “network.cookie.cookieBehavior” settings haven’t changed, I don’t perceive any relationship a priori with ‘Total Cookie protection’ but i’m no expert, far from.
Thanks to you three guys I’m back to doubt, always profitable :=)
FPI allowed to completely disable third party cookies, so if you did not care about 3p at all you were able to block it completely. dFPI uses same pref which was used to block 3p cookies – it’s no longer possible to block them. It will be interesting to have this feature and have network partitioning and in the same time block 3p cookie completely.
@Anonymous, exactly. I had to experience to discover what you state. As such ‘Total Cookie Protection’ is IMO a First-Party Isolation’s distant cousin.
I wish to choose Cookies’ behavior (Block 3p, or Block All with per-site session or always allowed) and yet, for cookies which are session/always allowed, have them isolated. This, as you point out, is not possible with ‘Total Cookie Protection’ and revealed by the fact that ‘Total Cookie Protection’ (Enhanced Tracking Protection = Strict) sets network.cookie.cookieBehavior to 5.
Hence, I keep First-Party Isolation.
@Tom: Thanks for the initial response. I’d be interested to hear if you uncover more about the cookie behaviour.
@Tom: Do you know if the new cookie protection works when Enhanced Tracking Protection is set to Custom? I want to prevent FF from blocking tracking contect (as uBO is far better at that), but it is unclear whether the new feature is enabled then. Any idea?
@S
In about:config the ‘network.cookie.cookieBehavior’ setting must be set to 5 for the Total cookie protection to be enabled.
Link: https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Privacy/State_Partitioning
When I set Enhanced Tracking Protection to Custom or Standard the ‘network.cookie.cookieBehavior’ setting is set to 4. So the Total cookie protection is disabled.
But I manually set the value to 5 to enabled Total cookie protection and restarted Firefox and the setting remained at 5. So it seems to be enabled.
I also have privacy.firstparty.isolate set to true.
@Sol Shine, here I cannot I cannot enable Enhanced Tracking Protection / Strict (which sets de facto network.cookie.cookieBehavior to 5) if FPI (privacy.firstparty.isolate) is true.
What you state, which is to to have FPI=true and set manually network.cookie.cookieBehavior to 5, restart Firefox, and discover that network.cookie.cookieBehavior remains set to 5 … is stunning. Does about:preferences#privacy / Enhanced Tracking Protection confirm that ‘Strict’ is applied? I doubt it.
@Tom hawack
I don’t know why it does not work for you, but I do have privacy.firstparty.isolate set to true and network.cookie.cookieBehavior set to 5, while ‘Enhanced Tracking Protection’ is set to Custom.
These settings remain after restarting Firefox, and it works for Firefox on Windows 7 and Manjaro Linux.
I do not get a confirmation in ‘about:preferences#privacy / Enhanced Tracking Protection’ that ‘Strict’ is apllied because I have it set to ‘Custom’ and not ‘Strict’. I do get the warning that I am using FPI.
@Sol Shine, if you’ve set Tracking Protection to ‘Custom’ then you’re not in the ‘Total Cookie protection’ scheme. What I don’t understand is how you can have network.cookie.cookieBehavior set to 5 and remain at 5 after FF restart given that Custom includes only :
// 0 = BLOCK : None
// 1 = BLOCK : All third-party cookies
// 2 = BLOCK : All cookies
// 3 = BLOCK : Cookies from unvisited websites
// 4 = BLOCK : Cross-site and social media trackers
Caution about this comment of mine : I’d have to test again the whole process. Point is this Firefox is deeply tweaked, with Autoconfig (including locked settings) and group Policies (including locked settings as well). What I mean is that i’m not at all doubting about your comments/experience, only that I’m split between theory and experience. When I have time I’ll undress the browser (native nudity) to check out further in-depth.
@Tom Hawack
I understand what you mean.
According to Mozilla documentation, when Tracking Protection is set to ‘Custom’, you only have values 0 to 4 for the ‘network.cookie.cookieBehavior’ setting.
So officially it can not be 5 and so should revert to a value between 0 and 4 after setting it to 5 or after restarting Firefox. But I see that it remains set to 5.
It could be that Tracking Protection is not really enabled, despite the ‘network.cookie.cookieBehavior’ remaining at a value of 5.
But maybe the ‘network.cookie.cookieBehavior’ setting has a higher priority than the ‘Tracking Protection’ UI setting, meaning Tracking Protection is always enabled if the ‘network.cookie.cookieBehavior’ setting is set to 5.
I have no easy way to test this at the moment.
@Sol Shine, when UI and about:config disagree, consider the UI.
What happens is that if you choose ‘Custom’ under about:preferences#privacy / ‘Browser Privacy’ and if network.cookie.cookieBehavior is different than 0/4 then it is implicitly considered to be the default value for ‘Custom’ which is 4 … but not reflected in about:config as long as you don’t change anything in the Preferences UI.
Best way to see how UI and about:config interact is to open two tabs :
1- about:preferences#privacy
2- chrome://global/content/config.xhtml?filter=network.cookie.cookieBehavior
You’ll see that if you change anything in the Custom/Cookies options it’ll get changed in about:config.
What is sure is that the ‘Enhanced Tracking Protection’ feature is EITHER ‘Custom’ EITHER ‘Standard’ EITHER ‘Strict’ (‘Standard’ and ‘Strict’ appears with this latest FF86) and that FPI (privacy.firstparty.isolate = true) is incompatible with ‘Standard’ and ‘Strict’.
Hint : you can check in about:config which Enhanced Tracking Protection is running :
browser.contentblocking.category
It’ll show either ‘Custom’ either ‘Standard’ either ‘Strict’ in conformity with the Options UI.
I think FPI is more valuable then ‘Total Cookie Protection’ IF you know what you’re doing (FPI is not fully elaborated), if you have good protections and mainly with uBlock Origin.
I think guest ‘Anonymous’ had the right words in his comment down below :
[Anonymous said on February 25, 2021 at 4:38 pm]
Need to say things are increasingly complex once a developer aims to satisfy newbies’ browsing protection and at the same time have the settings editable for all (and mainly for advanced users).
Read you later :=)
to enable the cookie preference 5 to show in custom, you need to flip this to true
– browser.contentblocking.reject-and-isolate-cookies.preferences.ui.enabled
source
https://searchfox.org/mozilla-central/rev/f1159268add2fd0959e9f91b474f5da74c90f305/browser/app/profile/firefox.js#1713
@Tom Hawack
Thanks for the clarification.
You said ‘You’ll see that if you change anything in the Custom/Cookies options it’ll get changed in about:config.’
When I set Tracking Protection to ‘Strict’ in the UI, then ‘network.cookie.cookieBehavior’ in about:config is set to 5, which should happen according to Mozilla documentation.
But when I then set Tracking Protection to ‘Custom’ in the UI, then ‘network.cookie.cookieBehavior’ remains set to 5.
If I then set Tracking Protection is set to ‘Standard’, then ‘network.cookie.cookieBehavior’ changes and is set to 4, which is correct.
Mozilla documentation says ‘Total cookie protection’ (Dynamic State Partitioning) is enabled when Tracking Protection is set to ‘Strict’. But they do not explicitely say it is not enabled when Tracking Protection is set to ‘Custom’ and ‘network.cookie.cookieBehavior’ is manualy set to 5 as I have done or stays 5 when you switch from ‘Strict’ to ‘Custom’ as I have seen.
So only a test can show what really happens.
What I do know is that Firefox gives a warning saying FPI overrides the Tracking Protection settings. So if you set Tracking Protection to ‘Standard”, then FPI, if enabled, will protect you against trackers.
FPI may also override ‘Total cookie protection’.
But FPI may cause more compatibity problems for websites than the new ‘Total cookie protection’ which Mozilla calls a evolution of FPI.
Link: https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/
So there is a lack of information on the interaction between the settings for FPI and ‘Total cookie protection’.
I trust FPI more than the new ‘Total cookie protection’ with it’s heuristics to allow for more compatibility with websites.
So I agree with you that FPI with uBlock Origin (or my favorite uMatrix) is the best.
For Tracking Protection, I prefer ‘Custom’ as I can set the protections to work for all windows instead of just for privacy windows and can set the block list to the larger list.
What is the use of ‘Total cookie protection’ if it is by default only used in privacy windows which most people do not use.
> “When I set Tracking Protection to ‘Strict’ in the UI, then ‘network.cookie.cookieBehavior’ in about:config is set to 5, which should happen according to Mozilla documentation.
But when I then set Tracking Protection to ‘Custom’ in the UI, then ‘network.cookie.cookieBehavior’ remains set to 5.
If I then set Tracking Protection is set to ‘Standard’, then ‘network.cookie.cookieBehavior’ changes and is set to 4, which is correct.”
Clicking on ‘Custom’ only isn’t enough. All this will do is set ‘browser.contentblocking.category’ to ‘custom’
But once you’ve chosen ‘Custom’ you have to choose which customization in the drop-down menu on the right, and that will set ‘network.cookie.cookieBehavior’ to 1/4 (0 is only accessible from about:config and means NO cookie whatever is blocked). So why does clicking on ‘Standard’ or ‘Strict’ modify ‘network.cookie.cookieBehavior’ when clicking on ‘Custom’ does not? Because ‘Custom’ requires… the user’s input customization choice.
> “So if you set Tracking Protection to ‘Standardâ€, then FPI, if enabled, will protect you against trackers.
FPI may also override ‘Total cookie protection’.”
Neither ‘Standard’ nor ‘Strict’ is possible with FPI : choose either then in about:config enable FPI (privacy.firstparty.isolate = true), return to about:preferences#privacy (or reload tab if already opened) and you’ll see the notice ‘You are using First Party Isolation (FPI), which overrides some of Firefox’s cookie settings.’
As I understand it ‘Custom’ will provide what ‘Standard’ provides given the user had checked, in the ‘Custom’ area, all three ‘Tracking content’, ‘Cryptominers’ and ‘Fingerprinters’. There is one more protection included in ‘Standard’ which concerns social tracking. If you don’t choose ‘Standard’ but rather ‘Custom’ then there is a separate about:config which handles social tracking : ‘privacy.trackingprotection.socialtracking.enabled’
Of course ‘Custom’ will allow cookie behavior management which ‘Standard’ doesn’t seem to handle.
My opinion : ‘Total Cookie Protection’ has been built for ease of use at the price of far less customization. From there on it’s a user’s choice… to choose easiness or tailored settings.
Thanks Sol.
What do you mean by predictable? I’m currently using first party isolation too, should I make the switch and set privacy.firstparty.isolate to false?
My question also.
Martin?
Interesting new cookie protection feature. At least not one of those that’s added just for the sake of adding something new, and probably something that most can keep enabled majority of the time without problems.
Speaking about browser features. I have a question: Are there any browser available that has in-built support/feature (or via addon) that allows for specific time interval capturing from a video, e.g 3 minutes from a 30min long video and from any source/website? Similar to what twitter users can do when you make a clip from a longer video from any source/website. (I do not use twitter and don’t plan on starting). Have tried to find what I am looking over several years, but so far come up empty handed so I gave up searching. I have tried FFMPEG, youtube-dl and similar, I’ve made it work a few times but only for whole file downloads. But have never been able to figure out how to only get a certain part of a video downloaded and not the whole thing, working via the command line and such is also not my cup of tea. And all of the IDM:s I have looked at does not have the ability that I am searching for. I think I am looking for something similar to the following: https://github.com/keshavbhatt/plumber But it is only for Linux, not Windows or MacOS, I currently use MacOS.
It would be nice if browers had this capture ability built-it, but so far I have not found any that do. There are some websites that allows to capture via time stamps, but they only work for some websites, not all. I would like to find a browser/browser addon/website or software to install that has this ability and that works for all websites no matter the source of the video. Any tips or tricks are welcome. Thanks.
“Total cookie protection”, cleverly misleading name when this is only about third-party tracking while first-party tracking is not even considered as tracking by Mozilla, obediently following Google and Apple policies. They could do something more than just what their masters want here and attack this problem. They won’t, and worse, they will do their best to make it look like there is no longer a problem left at all here.
And how do you expect the web to work without first partyness?
8.57, Are you going to explain logic here? Everything should be free, we shouldn’t need to have accounts or login anywhere. We demand free stuff, no more Netflix, Spotify, whatever accounts. All for free because they invade our privacy.
1.28 there is some truth in this, “pay with a subscription or with your privacy” is often a lie depending on who it comes from, you often end up paying with money while being tracked even more than before, Mozilla’s Scroll partnership with them whitelisting tracking cookies in exchange for a share of the revenue is a great example of that. But that’s not the problem I was referring to, as explained at 11.24.
10.37, “We don’t think that an ad-supported service can generate enough revenue to support a healthy overall ecosystem,” Segal said in a UK government hearing today. There won’t be a free tier of Apple Music. Never. So people will always have to pay with money for the privacy of Apple Music. There are people out there who can’t afford it. What’s wrong paying with a different way for the no money tiers Spotify or YTMusic? What’s wrong having this option for people who don’t have money? Expecting paying nothing is a problem of today’s society. No, it’s not ok to pay nothing. Some people expecting to pay nothing to the artists their enjoy their music, not with real money and not with their privacy and ads shows one thing. They want to be paid for their job obviously, but others would have to be slaves and work for free.
8:19 surveillance capitalism as savior of the poor now, and privacy activists as slavers, all that from the book of Google. Nice try. When what you are saying means in fact exactly the opposite, that there should be people rich enough to enjoy privacy, and that this predatory industry that you are defending like they’re heroes should target those who can’t pay for it, making them pay a dignity cost in privacy that they are often not even aware of. Because privacy invasions are allowed to exist in the first place, which shouldn’t be. But which can be thanks to your employer bribes and propaganda. As for the parasitic system that makes basic culture unaffordable for some (and that you are defending too), that’s another discussion.
“And how do you expect the web to work without first partyness?”
Exactly like third-party storage, first-party storage can be used for legitimate purposes (logins…) or for pure tracking (like setting identifiers even if you don’t have accounts), and the web does not need the tracking part to work. In fact, it will often not need storage at all to work, I can tell you that because I block all storage by default.
Another problem is browser companies encouraging users not to clean their first-party storage. Private browsing for example that clears storage when the browser is closed should have been pushed as a default, not as an exception. The privacy vs convenience choice was not optimized by browser companies with user interests in mind but with the tracking industry interests in mind. Even better, cookie-autodelete like solutions that clean first-party storage even during a session when leaving a site is another option that could have been pushed but was instead left to a minuscule minority of privacy enthusiasts.
It is possible to do something, and to take care of breakage smartly, this is what they are doing when they want to. The problem is when they could do something but do not want to do anything, because they do not work for their users first.
Their choice of Disconnect, how it and they define tracking, and how they designed their home built tracking prevention instead of something superior like ublock origin is an example of this philosophy of letting first-party tracking (and more generally ads and annoyances) live happily. It’s not because of breakage risk, it is a lie. This went beyond passive complicity, everything they did to actively support forms of tracking that they consider “ethical” (they’re not, they are only making the problem worse by putting tracking where none was considered acceptable before) shows that their inaction here is not by accident. Ghostery, Cliqz, Pocket, sponsored tiles, Google Analytics in Firefox but with a contract, Prio, Scroll…
I wonder how long it will take to update LibreWolf? https://librewolf-community.gitlab.io
I see the perspectives of the project just like Ungoogled Chromium, but with Mozilla Firefox.
@Lemegeton
Although I like such initiatives (other being IceWeasel) it’s like with linux distributions (which I also use, donate and like). It lasts as long as maintaner does’t get bored. It may become what Palemoon is – a complete, ongoing project with it’s own agenda, or it will die. In two days, months, years.
Wonderful, it looks like LibreWolf has experimental builds for Windows finally ! A real non-profit browser, from a team that does not make the user the product, unlike those prostitutes at Mozilla !
The prostitutes at Mozilla do all the work though, Librewolf simply copies pastes. Such a hard work…. I can be non profit if somebody else it doing all the work for me and has to pay the bills.
“The prostitutes at Mozilla do all the work though, Librewolf simply copies pastes. Such a hard work…. I can be non profit if somebody else it doing all the work for me and has to pay the bills.”
The prostitutes at Google do all the work though, Ungoogled-Chromium simply copies pastes. Such a hard work… I can be non profit if somebody else it doing all the work for me and has to pay the bills.
Yes, that’s why free software exists, that’s exactly how it’s supposed to work, software should not be funded by malware and does not have to be either, it was their choice. So go away Google shill, you are infecting the web with your defense of that surveillance society.
Exactly. For the last 2 weeks – 2 builds. So far, it is very efficient, albeit experimental. So I wonder how long it will take for the current version to be released.
I don’t know, whatever they do, the browser doesn’t seem any more viable to me. The compatibility with many websites is still bad, this cookie feature is probably a good security measure, although it means very little to me. And this thing about multiple Picture-in-Picture IMO is just bloat. These thing should be left to optional extensions. If Mozilla want it so bad, they should make it as their own extension and advertise it, but not build it into the browser and expect people to use it.
Which sites is FF not compatible with? Care to actually list a few?
https://www.bvn.tv/bvnlive/ all of https://www.npostart.nl/live, just choose any channel and there comes a popup telling that Firefox is installing software for video and sound
@Lars
For a start, basically all Microsoft online services (Skype, Teams and many more.)…
Any way to change default PiP window size?
Since the upgrade to 86, it is taking me a refresh to get sites to load about 30-50% of the time. They aren’t loading properly on first try.
Total cookie protection sounds nice. But that is something behind the scene, unnoticable for user. I had a strict setting turned on and never spotted any problems (banking, streaming websites etc). I like that multiple videos thing. Can’t see any difference in screen reader… is there any? It works just perfect now.
AO AWESOME.
Loving my Firefox. Major rust components, warp, webrender, superior all-encompassing network partitioning, stylo, and more. It just keeps getting better and better. Fission is almost ready too. So excited.
And now TOTAL COOKIE PROTECTION (dFPI) in strict mode
– https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/
Absolutely the best browser ever. EVERYTHING IS AWESOME :)
@Iron_Heart
Here you are again making negative remarks about Firefox and Mozilla that nobody asked for. I can’t say I’m surprised.
Can you imagine that people can like something DESPITE it not being perfect? Yes we are aware that Firefox is not perfect but we still like it.
Here is a tip: If you don’t have anything nice to say, don’t say anything at all.
@Anonymous
There is no law that says that all comments MUST be positive. You just have to live with criticism, I have to live with it, too. I provided a source, unless you can refute it, don’t complain.
I criticized you going off topic by linking to Micay. You clearly don’t know what you’re talking about: Total Cookie Protection CLEARLY improves privacy but you imply it doesn’t
– see https://hacks.mozilla.org/2021/02/introducing-state-partitioning/
I’d rather listen to experts and engineers and solve a problem, than you constantly bitching about everything. Get a life
@Anonymous
It’s not off-topic. I can also write a matter of fact reply to Heydrich when I think it’s applicable, who are you to say that I can’t?
I am not saying or implying that isolation of cookies is not a privacy improvement, don’t know why you have to put words in my mouth here.
And “experts”, yeah… Ask actual experts (like Micay or the Whonix project) with years of experience in the field what they think about Firefox, I am sure you would be surprised about the replies.
> And “expertsâ€, yeah… Ask actual experts
Nice use of quote marks to deride who I referred to: Firefox engineers. I linked to a blog post by a Mozilla engineer who worked on this and said I would rather trust them THAN YOU. So you’re now claiming that the Firefox engineers who built this thing, are not experts. Why do you keep bringing up Micay? Why are you now bringing up Whonix? Why do you keep going off topic?
@Anonymous
Dude, I never said that cookie isolation is a bad thing. Neither did I ever say that the people implementing them are idiots. You are making this up, my man.
All I am saying is that Firefox, as a product, isn’t great and that “modifying” it yourself is rather counterproductive. My comment was also addressed to @Heydrich (who claims that users modifying Firefox is a good thing) and not you.
@Emmet_Brickowski:
How true. As a regular user (i.e., over 10 hours online daily) of Firefox Nightly, with enhanced security and privacy options, I agree. This is an excellent browser to achieve an improved level of privacy.
Brave and ungoogled-chromium (v.88.0.4324.150-1) are good options, I use both constantly to compare against my Firefox configuration for speed, privacy and security.
@Heydrich
> with enhanced security and privacy options
> improved level of privacy
Reality:
https://old.reddit.com/r/GrapheneOS/comments/ciizae/vanadium_and_bromium_privacy/ev6m2ot/
So Total Cookie Protection is not an improved level of privacy? What does that Daniel Micay’s comment on have to do with Total Cookie Protection? Is this some sort of Firefox hate forum?
@hermintrude
> So Total Cookie Protection is not an improved level of privacy?
It improves privacy (it’s also enabled by default).
> What does that Daniel Micay’s comment on have to do with Total Cookie Protection?
What Daniel Micay is saying in his comment is that by modifying Firefox’s default settings, you are making yourself more unique, not less. Because changes of the output can be detected by websites, they can detect that you are “the guy who cared”, so to speak. He exemplifies this with WebRTC and WebGL, but there is more.
This has nothing to do with cookie isolation, or the Mozilla marketing term “Total Cookie Protection” which they use for that technique. I wrote that in refutation of @Heydrich’s comment that a “modified” Firefox actually improves privacy. The comment does not have anything to do with cookie isolation which is now enabled by default.
> Is this some sort of Firefox hate forum?
What do you mean? gHacks or Daniel Micay’s comment (or subreddit?) on Reddit. If you mean the former, then nope. gHacks is a general tech website, so various differing opinions are to be expected. Count me among the ones who are very critical of the product “Mozilla Firefox”, and I have my reasons for that. If you mean the latter, then also nope. Daniel Micay is a highly respected security expert / researcher and the main developer of GrapheneOS, one of the most secure mobile operating systems in existence:
https://en.wikipedia.org/wiki/GrapheneOS
In other words, a dev with lots of experience in the field who knows what he talking about. The plain opposite of a “hater”.
Sometimes less is more. Sometimes not speaking is golden. I didn’t ask for a biography on Micay.
I asked if THIS was some sort of Firefox hate forum. Firefox does something good like improving privacy in this case, and all I ever see is criticism and nitpicking rubbish.
Your claim that a configured Firefox cannot improve privacy is trash
– not all changes are fingerprintable.
– scripts do not check everything they could.
– most scripts can’t even detect randomness.
– privacy.resistFingerprinting has a random canvas.
– script values/methods are not universal: state tracking is.
– a default browser is already unique to sophisticated scripts, including Brave.
– you literally cannot make fingerprinting worse.
So fuck yes you can improve privacy by configuring Firefox. Cherry picking someone else’s post to make you look smart just proves the opposite. You couldn’t even be bothered to explain what you meant, just threw up a claim that it’s not private and a link. When you can’t explain things in your own words, it shows your ignorance. Using generalizations with no context also shows you ignorance.
Maybe you should stop speaking.
@hermintrude
> not all changes are fingerprintable
But many (most?) are. :D Especially the supposed “important” ones.
> scripts do not check everything they could
You can never know this, scripts could potentially check for lots of things.
> most scripts can’t even detect randomness
Yep. But you are not just fighting “most” scripts, are you? The Firefox users I know of always talk about “comprehensive solutions”.
> privacy.resistFingerprinting has a random canvas
Yep. But what is that supposed to show us here?
> script values/methods are not universal: state tracking is
Yeah, no. Big entities like Google also make use of fingerprinting e.g. for reCAPTCHA and their stuff is nearly everywhere.
> a default browser is already unique to sophisticated scripts, including Brave (…) you literally cannot make fingerprinting worse
The real values leaking on popular hardware if oftentimes not as bad as being in a small group of weird people running some script, you know. And yes, I can detect the latter.
> So fuck yes you can improve privacy by configuring Firefox
No, you are just making yourself unique, worse even than if you just let the real values leak (provided that you don’t use exotic hardware).
> [blah blah] ignorance [blah blah]
Uhm, nope. I am just listening to real experts who know that any supposed “improvement” of the fingerprinting results achieves the plain contrary because you are highly unique as a result. I also see no reason to further comment on Micay’s post because it already explains the point I am trying to make here, and no, the ost can’t be understood in an out of context manner.
I mean, I don’t care that you believe in this snake oil. Suffice to say that there is a reason why the Tor project exists as a separate project from FF. In theory, one could just route FF’s traffic through Tor, right? Wrong. In order to be anonymous, you need a common fingerprint with lots of other people, and your real values leaking would be counterproductive here. That’s why Tor by default(!) enables the fingerprinting defenses, and Tor users (provided that they do not stupidly change anything) thus have a common fingerprint. Firefox has a different default behavior and I can detect modifications to this, I can also detect at the network level that you are not using Tor. I you don’t use FF ESR, it gets even easier via feature detection (making it clear that you are not using the Tor Browser Bundle).
Reducing the attack surface is a good idea BUT ONLY when it is the default behavior (as is the case with the Tor Browser). Anything else makes you more unique, not less. Again, don’t listen to me, don’t listen to random persons with no coding experience, don’t listen to people who have no skills beyond creating random scripts. Listen to experts – I am already linking to them, you just have to pay attention.
What a complete non answer. Your claim that a configured Firefox cannot improve privacy is still trash
You are assuming advanced fingerprinting scripts as being the only thing that matters and as if they happen on every single website: the reality is they’re very rare. But it still doesn’t matter. You cannot increase entropy when you are already unique by default for these scripts. And you’re not even considering changes that can’t be fingerprinted.
Reality:
“SOME changes, not all, to default Firefox COULD alter a fingerprint. IF an advanced script checks something you changed it MIGHT make you stand out more, but it LIKELY doesn’t matter as you were PROBABLY already unique. Firefox ultimately needs to provide fingerprinting protection by default, like Tor Browser and Brave”
So fuck yes you can improve privacy by configuring Firefox. One example: changing referer behavior. Another example: disabling keywords in the urlbar. Another example: enabling privacy.resistFingerprinting which automatically confuses any naive scripts that may get to run. Another one: changing ETP to strict mode and partitioning web state (which you have now admitted improves privacy). How do those not improve privacy?
The small possibility that an advanced script successfully fingerprints you as unique, which it would do anyway if you did nothing, and can maybe be used across a large chunk of the internet to monitor you, does not undo the other 99.9999% of sites that now can’t. The huge benefit exceeds the super tiny risk.
You keep pointing at Micay, but I’m not arguing about what he said. No one said that advanced scripts still can’t fingerprint you as unique. No one said that enforcing anti-fingerprinting isn’t required for it to work best. I’m arguing about what you said and how you applied it to reality.
OP didn’t even say what he changed, and you just jumped in with an over-arching generalization that you can’t change ANYTHING in Firefox and you CANNOT improve it’s privacy from default, which is UTTER BULLSHIT.
firefox is dead, dead, dead
@binocry
Hey, it has 4% overall market share, so I pronounce it alive until it hits 0%!
* [Removed: please stay on-topic]
@Martin Brinkmann
* [Editor: Removed, please stay on topic]
> [Removed: please stay on-topic
* [Editor: Removed, please stay on-topic]
Fear not, Iron Heart. No one here expects you to ever be a cheerleader for Firefox. :-)
@justanEd
Yeah, but considering them already being nigh irrelevant and their CEO driving users away with certain, *cough* blog posts *cough*, they would clearly be in need of some cheerleaders.
Glad to see that the gHacks comment section contributes to any and all revival efforts, this is what the world has been waiting for. Go, Firefox! Yeehaw! See, I am contributing my part. :-)
@Iron Heart
But you see, this one is a gem, clearly for laughs, spiced with irony. Your comments are ussually “heavy” – like iron. Hard, on point. Just work on your style, man! ;) Have a nice day
yeah but don’t watch 1080 60fps with your awesome, flawless, amazing browser…
I watch 4k 60 fps in Firefox OK. It is as heavy on GPU as Edge, Opera and Vivaldi
I don’t. I watch 1440p and 2160p @ 60fps and problem solved. :P
no problems here doing that….