Firefox also sends enormous amounts of metadata about your browsing to the cloud and it's very difficult for non-savvy users to turn this off. They call it telemetry and 'safe browsing', but users overlook that every URL is checked against a database of URLs already in Google's 'safe browsing' repository. Firefox is not actually private and their business model can't allow for privacy, because they're in bed with Google.
Use something like Palemoon and configure about:config a bit more and you should be fine. But be very skeptical of Mozilla claiming FF is some privacy enhancing tool. Their plugins ecosystem is also a security nightmare...
My understanding of the Safe Browsing feature based on browsing the above is that a list of blacklisted URLs is downloaded to the client, this list is known phishing sites.
> Use something like Palemoon and configure about:config a bit more and you should be fine. But be very skeptical of Mozilla claiming FF is some privacy enhancing tool.
Keeping Firefox secure and making the right tradeoffs for collecting data to make the product better (like telemetry and crash reports) while avoiding using the data for nefarious purposes is a hard job, and I think Mozilla does it very well (disclaimer: I work there, and I see the way people treat and talk about users and their data).
> Their plugins ecosystem is also a security nightmare...
Assuming you mean extensions (aka Add-ons) - it is true that there isn't really a security model around classic Firefox extensions, which is one reason they are so powerful. The current form of Firefox extension is essentially the same as in the 1.0 days, and was intended to keep the browser slim and allow for new non-core features.
Web Extensions are intended as the replacement, they are similar to (and largely compatible with) the current Chrome extension system:
https://wiki.mozilla.org/WebExtensions
Firefox already does and will continue to support more APIs than Chrome does, to enable more powerful extensions such as Tree Style Tabs.
If a user is too non-savvy to click a couple of check boxes in Options > Security to turn off Safe Browsing, they probably need that protection. Users this non-savvy are probably already being tracked left, right, and center and an easy target for malware served by advertising networks, and Safe Browsing is the least of their worries.
It's similarly easy to turn Health Report and Telemetry off from Options > Advanced > Data Choices.
Is the claim that Firefox/Mozilla is in bed with Google sourced by the use of Google for data about safe browsing? Is there any other reason to think this now that they no longer receive revenue from Google?
Actually Mozilla ditched Google as their search revenue partner and now is partnered with select search engines depending on the market. Yahoo for the US, Yandex for Russia and Baidu for China, for example. Mozilla to my knowledge no longer relies on Google for any revenue.
Yes, this is what I was referring to when I said "they no longer receive revenue from Google." He seemed to be basing the entire claim of the two companies being in bed together on Mozilla's use of Google's safe browsing data. I was asking if there was anything else now that the monetary agreement has ceased.
The opposite was the case. Mozilla was ditched by Google. It is logically that they say it the other way around, as it does sound much better, and gives the illusion that Mozilla is in control about their fate.
They got ditched after Google enforced minimalism (Australis) on Firefox with giving Mozilla "good design advice's" that of course backfired. And as soon as Mozilla's share dropped enough, Google gave them the boot.
There was a talk[0] which included some info about this recently at !!con[1]. The safe browsing dataset is compressed and stored as a bloom filter so that the check for a safe site can be performed locally.
Figured I'd post this here since after reading your comment I made an effort to simply make my existing Firefox more private:
Install the "Privacy Settings" Firefox extension. This makes it easy to toggle the about:config options and has handy presets so you don't have to spend an hour reading articles to understand what to enable/disable.
I also tried "Policy Control" extension which is supposed to help prevent fingerprinting, but it didn't seem to work with EFF's panopticlick tool.
> The fewer things you have to secure, the easier it is to keep them secret.
Except when this approaches towards zero security. The line is so thin, and actual expertise is needed to discern this sweetspot. I've seen entire corporations use apparently bulletproof security (Think Google's data centres), but fail to use DNSSEC or background check their security guards.
Avoid weak links like this, they are bad for business.
Use something like Palemoon and configure about:config a bit more and you should be fine. But be very skeptical of Mozilla claiming FF is some privacy enhancing tool. Their plugins ecosystem is also a security nightmare...