Mozilla enabled ads in Firefox and they're active in Fedora

Bruno Wolff III bruno at
Mon Nov 17 13:41:22 UTC 2014

On Mon, Nov 17, 2014 at 12:05:35 +0200,
  Nikos Roussos <comzeradd at> wrote:
>No. We are talking about the tiles. I didn't see anyone suggesting we
>remove Google search. It's like the tiles feature crossed a line, which
>is far from truth.

Firefox is really not set up with privacy as a high priority. 
Some bad things it does from a privacy perspective are:

If you type a name in the url bar and send, if the name dosn't match a 
domain google is contacted. (And it is google even if you have some 
other search engine set.)

OSCP is used to check for certificate revocations. For some threat models 
this cure is worse than the disease. There should be an easy way to 
disable this.

There is not a way to disable fetching all offsite references that aren't 
whitelisted. There is a hard way to do this for images, but there does 
not appear to be a way to do this for other object types.

The initial initial page is not set to about:blank, so that some site will 
be contacted (I think it is a Fedora page now.) before you have a chance 
to set it to about:blank in firefox. (It is possible to change this outside 
of Firefox, but it is hard.)

When firefox has a version update mozilla is contacted to present you 
with the release notes for the new version. It is possible to disable 
this, but it isn't really obvious how. (Even if you have done it before.)

Javascript is not easy to disable without installing a third party plugin, 
and the way that plugin works still leaves some exposure to javascript 
related issues.

There is a safe browsing feature that also will phone home.

If you look at the about:config menu you will see lots of URLs and it 
isn't clear when these URLs are used in many cases.

The referer header is sent by default. It isn't obvious how to disable that.

It isn't obvious how to disable remotes sites storing data locally. This 
feature can be used like cookies and should be easily controllable.

More information about the devel mailing list