There are a lot of fun things posted on r/firefox every month, but if you don’t visit often, you might miss some things.
This is the second post of a (hopefully) monthly post where I attempt to distill the best (in my opinion) of that forum over the last month. I’m interested in your feedback, so please let me know what you think.
🎉 Firefox Rolls Out Total Cookie Protection by Default on Desktop
While Total Cookie Protection has been available as an option in Firefox since Firefox 86, it reached unversal release in Firefox 101. Last month, I wrote about testing to enable this by default - it looks like the testing went well, because it is now enabled by default in the release version of Firefox for everyone.
For people catching up, this is how Mozilla describes Total Cookie Protection:
Total Cookie Protection works by creating a separate “cookie jar” for each website you visit. Instead of allowing trackers to link up your behavior on multiple sites, they just get to see behavior on individual sites. Any time a website, or third-party content embedded in a website, deposits a cookie in your browser, that cookie is confined to the cookie jar assigned to only that website. No other websites can reach into the cookie jars that don’t belong to them and find out what the other websites’ cookies know about you — giving you freedom from invasive ads and reducing the amount of information companies gather about you.
It is great to see a large, mainstream browser making pro-privacy moves like this - this kind of stuff exemplifies why Mozilla is a force for good in the tech landscape. Apple has also been making positive moves in this area.
Under the hood, Total Cookie Protection sets
network.cookie.cookieBehavior to 5, which rejects (known) trackers and partitions third-party storage.
wisniewskit dropped by to explain how this feature differs from First Party Isolation (FPI) - basically, new web APIs to request stoage permissions, along with some heuristics that work automatically while sites migrate to the new API. The feature was previously known as dFPI.
People had a lot of questions.
Some asked whether the feature was enabled for Android. The answer depends on which version of Firefox you are using. While Total Cookie Protection is currently available in Firefox Focus, it is not yet live in Firefox for Android. Mozilla plans to release it on Firefox for Android over the next few months. If you are willing to test it before it is released by default, it can be enabled on beta and nightly versions of Firefox (as they have access to
That depends on your use case. regoli points out that containers are invaluable for use in a work environment where they need several different logins. 35013620993582095956 uses containers to get different sets of recommendations on (logged-out) YouTube for various topics - music, tech videos, entertainment, etc.
If you run into issues with the feature (like not being able to login to sites), please report an issue so that developers can investigate and fix it for the general userbase.
Firefox Translations: Local Translations Without Cloud Services
Firefox Translations has been a long time coming, ever since Mozilla joined forces with the University of Edinburgh, Charles University, University of Sheffield and the University of Tartu on Project Bergamot, but Mozilla has released local machine translation tools as a Firefox add-on, and on a website.
Evgeny Pavlov wrote about how the project trained efficient neural network models to help bring translations to home computers. The engine runs locally via WebAssembly, and Mozilla is encouraging testing and welcomes people to fill out a survey to help guide collaborators to know which direction to take the product.
The supported languages are: Spanish, Estonian, English, German, Czech, Bulgarian, Portuguese and Italian. Languages in development include: Russian, Persian (Farsi), Icelandic, Norwegian Nynorsk and Norwegian Bokmål.
K-9 Mail Becomes Thunderbird for Android
While not really about Firefox, the topic of K-9 Mail becoming Firefox for Android was popular on r/firefox this month. While the submission title stated that Mozilla had bought K-9, Thunderbird Product Manager ryanleesipes came along and explained that no money was exchanged for the trademark transfer.
I have previously played with K-9 Mail but had to give up on it due to not being able to use OAuth 2.0 to add Google accounts. Thankfully, as of K-9 Mail v6.100, this now works perfectly for me. Personally, I am excited by this, since it means renewed investment into a fully featured, free and open source email client with the Thunderbird name attached. Hopefully there are some UI improvements, because that has been a stumbling block for my own usage of K-9 in the past.
There were plenty of discussions of add-ons in the last month.
- thismoon shared a PSA for people running the Universal Bypass extension to switch to FastForward. FastForward helps people skip intermediary pages before being directed to a final page.
- juraj_m pointed out a collection of suspicious add-ons that seem to only exist to direct people to sketchy download sites. ElijahPepe did some further analysis and recommended that people report the add-ons. The extensions have since been removed.
✊ Take Back the Web 🌐
Corin Faife at The Verge wrote about Firefox and Chrome squaring off over ad-blocker extensions. The article describes how Google is removing an extension feature, Web Request, that is currently used by ad blockers in both Firefox and Chromium-based browsers in the upcoming Manifest V3 (MV3) standard. Mozilla plans to continue to support this feature to enable “advanced privacy and content blocking features”.
r/firefox is very much in favor of Mozilla’s approach, and people posted kudos and memes congratulating Firefox for continuing to work with sophisticated ad blockers.
🙌 Uplifting Posts
- A post remembering and honoring Marina Zhurakhinskaya received 244 net votes. Marina was the founder of Outreachy - an internship program for people subject to systemic bias and impacted by underrepresentation. Mozilla has participated in the Outreachy program since January 2013. Marina died of breast cancer on June 11, 2022. Her family has asked for donations to Dana Farber’s Metastatic Breast Cancer Research Fund or Outreachy.
- z2Q7lYjcxK asked whether anyone else missed the IRL podcast, helping resurface it to people who hadn’t listened to it previously.
- ChaoticNeutralCzech posted a PSA on how to open the OS native print dialog by default - set
- Former Firefox developer dblohm7 posted a great overview of how to think about Firefox for Android’s overall security. He also provided some insight into the design of Fission for Android.
- In an answer to a question about a slow Linux distribution update for Firefox, Linux-Is-Best linked to their GPL3 installer for Firefox. Firefox-automatic-install-for-Linux downloads Firefox directly from Mozilla, installs it complete with .desktop files (to make it easier to launch), and uses the Mozilla updater to get the fastest updates. Release, Beta, Developer Edition, ESR, and Nightly are all supported. This is a very nice tool if you prefer getting Firefox from the upstream developer.
🐛 Bugs and Issues
- mockedarche posted about Firefox reportedly using 109GB of RAM on an M1 Mac. They went ahead and filed a bug. As of this writing, Firefox developers are unsure of what is going on. Hopefully other people seeing this issue can provide some additional memory dumps to help locate what may be happening.
- NostalgiaSchmaltz posted that Turkish site AA was slower to load in Firefox than Chrome. I went ahead and filed a bug to investigate.
- yo_99 rediscovered that Firefox on Linux doesn’t use the XDG Base Directory spec. whlthingofcandybeans pointed out that Snap and Flatpak are also not XDG compliant.
- sparrowofsong posted about a bug where Firefox would crash while dragging a window on Linux. The bug has since been fixed and released to Nightly 🎉.
- A request I made back in 2019 has been fixed - touchpad gestures for back and forward on Linux is now in Nightly. The feature will work in Wayland and in X11 when using the
MOZ_USE_XINPUT2=1environment variable 🎉.
- Linux users can celebrate that VA-API hardware video decode is working again without needing to disable the RDD process sandbox. Darkspirit1337 gave a nice walkthrough of how to get it going for testing.
- VA-API was also enabled by default in Nightly for people running with Mesa drivers. This is great news for getting this into the mainline release and enabled for all Firefox users on Linux. Nvidia is not supported, and Darkspirit1337 suggested that people submit feedback asking Nvidia to support VA-API via Mesa.
Feel free to give me feedback on this post on reddit.