Well I saw this coming before I even heard the term Firefox Quantum.
Firefox, has written a long suicide note, a couple of months ago that they will no longer support Legacy Add-ons. At this point in time I see no move by existing developers to upgrade their Legacy add-ons. Some/many people may look in another direction for their browser.
Virtually all of my add-ons bar one, are Legacy add-ons. My only saving grace is that I have the ESR version of FF on this XP system and that will support them for longer.
You will be good on firefox palemoon, all your legacy add-ons continued there.
Palemoon, a browser with somewhat more privacy in mind.
polonus
I had a problem with Malware Script Detector v.1.1 add-on, no longer running on firefox.
I run it now as a seperate user script running under Tampermonkey, well under Google chrome.
So you can have an extension running, you only have to run and dance through several more hoops.
There will be a big upgrade to NoScript 10 from NoScript 5 for firefox Quantum,
only NoScript will loose certain functions because Webextensions in Firefox won’t support these yet.
Interesting to learn what NoScript lost on the firefox with webextensions?
A little better news than there would be no NoScript in Firefox Quantum.
I will be very interested to see what other Add-ons make it to Firefox Quantum as the greatest majority of add-ons are Legacy. I believe the reason why many people are using firefox are the add-ons, lose those and firefox will have lost a lot of users.
The same thing happened when they transitioned to signed add-ons only they kept having to push the date back as there were woefully few signed add-ons as the deadline got closer.
Why Maone, when he ported it to a webextension version, did not make it available to Google Chrome the same time?
That would have ended the discussion and also would have meant the end of firefox, that I still expect to happen soon.
Firefox will go the way of the flock browser. The new NoScript only extends it’s death struggle. (In Holland only 6% of the overall userbase on fx now :o ).
When it said Legacy Add-ons would no longer be supported after 56.0, along comes FF 57 Quantum and over 80% of my add-ons no longer work. That Mozilla decision was a long suicide note, akin to when unsigned add-ons wouldn’t work (some time ago). That however, was small beer compared to the effort to completely rewrite their Add-on.
I can’t see the add-on developers being prepared to put in the required work (for nothing).
Add to that I’m less than impressed with 57.0 Quantum on my win10 system, I don’t like the layout and it is no where close to being as configurable as previous FF versions. Its meant to be quicker, I can’t tell if it is or not, it simply isn’t noticeable.
I haven’t even checked its resource use as I have 8GB of fast RAM and a relatively quick CPU on an SSD drive.
And with Quantum this is the list of issues you have to fix in the settings to make it a tad more secure:
Below you find a list of settings, to get the best privacy settings as possible.
N.B. we have to go under the browser hood, and that means you change this settings so at your own risk.
In the address bar give in: about:config and then directly push the Return button.
Read the warning first and then proceed.
This list is a first starter and telemetry does not come included, but one feels more comfy this way.
[b]Privacy Settings Firefox.[/b]
privacy.firstparty.isolate = true
A result of the Tor Uplift effort, this preference isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains.
privacy.resistFingerprinting = true (personally I would not use this, it resolves to a smaller version of FF)
A result of the Tor Uplift effort, this preference makes Firefox more resistant to browser fingerprinting.
privacy.trackingprotection.enabled = true
This is Mozilla’s new built in tracking protection. It uses Disconnect.me filter list, which is redundant if you are already using uBlock Origin 3rd party filters, therefore you should set it to false if you are using the add-on functionalities.
browser.cache.offline.enable = false
Disables offline cache.
browser.safebrowsing.malware.enabled = false
Disable Google Safe Browsing malware checks. Security risk, but privacy improvement.
browser.safebrowsing.phishing.enabled = false
Disable Google Safe Browsing and phishing protection. Security risk, but privacy improvement.
browser.send_pings = false
The attribute would be useful for letting websites track visitors’ clicks.
browser.sessionstore.max_tabs_undo = 0
Even with Firefox set to not remember history, your closed tabs are stored temporarily at Menu → History → Recently Closed Tabs.
browser.urlbar.speculativeConnect.enabled = false
Disable preloading of autocomplete URLs. Firefox preloads URLs that autocomplete when a user types into the address bar, which is a concern if URLs are suggested that the user does not want to connect to.
dom.battery.enabled = false
Website owners can track the battery status of your device.
dom.event.clipboardevents.enabled = false
Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
geo.enabled = false
Disables geolocation.
media.navigator.enabled = false
Websites can track the microphone and camera status of your device.
network.cookie.cookieBehavior = 1
Disable cookies
0 = Accept all cookies by default
1 = Only accept from the originating site (block third party cookies)
2 = Block all cookies by default
network.cookie.lifetimePolicy = 2
cookies are deleted at the end of the session
0 = Accept cookies normally
1 = Prompt for each cookie
2 = Accept for current session only
3 = Accept for N days
network.http.referer.trimmingPolicy = 2
Send only the scheme, host, and port in the Referer header
0 = Send the full URL in the Referer header
1 = Send the URL without its query string in the Referer header
2 = Send only the scheme, host, and port in the Referer header
network.http.referer.XOriginPolicy = 2
Only send Referer header when the full hostnames match. (Note: if you notice significant breakage, you might try 1 combined with an XOriginTrimmingPolicy tweak below.)
0 = Send Referer in all cases
1 = Send Referer to same eTLD sites
2 = Send Referer only when the full hostnames match
network.http.referer.XOriginTrimmingPolicy = 2
When sending Referer across origins, only send scheme, host, and port in the Referer header of cross-origin requests.
0 = Send full url in Referer
1 = Send url without query string in Referer
2 = Only send scheme, host, and port in Referer
webgl.disabled = true
WebGL is a potential security risk. (source anonymous poster at security dot nl)
This whole issue is a bloody nightmare, Mozilla not content with having shot themselves in the foot are now looking down the barrel to see if the gun is still loaded.
Users shouldn’t have to jump through hoops like this to protect their privacy/security.
Completely and utterly agree with you there.
The end-user interwebs infrastructure should be safe by default for all- server side and client side alike.
The problem is we do not live in an ideal world, and that shows from all sides, server side and client side,
what we discuss here in this thread is where the seams of the fabric come apart and insecurity shows most.
But we here the avast support community do what we can, educationally, voluntarily and on a support basis.
The road we have to go is long, but it always starts with a first step.
Who never starts out on that road will have to suffer the consequences thereoff, and others will soon play tricks on them.
I’m finding what add-ons that are available for Quantum are a shadow of there former selves. I have 8 so far, but the one I really want security wise is RequestPolicy (RP). There is requestblock add-on but that isn’t a patch on RP and is only temp permissions, but I have found it to be a pain in the backside (currently disabled) as sites aren’t displaying correctly even if you give temporary permission to ‘all this page’.
NoScript for Quantum is also awkward to use compared to the previous incarnation.
My concern would be if you make the change to FF prefs for legacy add-ons, how that would impact on any quantum add-ons that you do have. I would have thought it would be all or nothing (quantum add-ons or legacy no mix) or there could be possible conflict.
I do not think you will meet problems there, as that advice came from Github redactors. Github is the best known developers environment, where I often look for all my coding ideas and check-ups. If they say so, they certainly know it from the developer incrowd, the horses’ mouth, so to speak. Believe me.
If you feel unhappy with the new NoScript then uMatrix is a good alternative to learn to toggle. Specially crafted as an alternative for Google Chrome when Maone did not know how to bring his add-on to that browser because of the limited access in the lower realms, what limitations it shares now unfortunately with Firefox Quantum.
Whilst it may not directly cause an issue, I have found something that may not have been considered.
I have firefox on three systems and they are synced and FF 57.0 is only on my win10 but will end up on my win7 system when I get around to updating FF on that. I have already seen some crossovers to my XP System with Firefox 52.4.0 ESR.
I saw that having installed requestblock on the win10 FF 57.0 and subsequently disabled it because of the hassles, I then found it (also disabled) on winXP Firefox 52.4.0 ESR. So I had to uninstall it, which removed it from both synced systems.
I also see that my usual gTranslate (Legacy add-on) wasn’t Quantum ready, so I had also the Quantum To Google Translate 2.2 add-on, not a patch on the legacy add-on. This is what I’m finding the alternative quantum add-on if it exists isn’t as good (read flexible/configurable, etc.) as the legacy add-on.
When you add (excuse the pun) FF 57.0 in itself is nowhere as flexible/configurable, I’m not enjoying this experience at all.
Do not forget to rename the browser as FireFixed after you solved all these issues with the newer versions of firefox.
Remember the average n00b won’t care anyway, he/she/it will just look at it being fast and looking “licked”.
Average people will get the browser they deserve, an all tracking and profiling one with limited access.
