Follow-up re: Unexpected outgoing connections from Firefox

1897 views
Skip to first unread message

itc...@posteo.org

unread,
Mar 1, 2017, 8:21:11 AM3/1/17
to support...@lists.mozilla.org
I’ve managed to curtail the majority of the outgoing connections by following the advice here:

https://support.mozilla.org/t5/Protect-your-privacy/How-to-stop-Firefox-from-making-automatic-connections/ta-p/1748

However, some of the changes I had to make were not listed there. For example, regarding connections to tiles.services.mozilla.com and shavar.services.mozilla.com. How do I best contact Mozilla and have the webpage amended? There’s an admin assigned to the page but I can’t find contact details for them, or a way of appending a comment to the page itself.

I’m also still getting one unexplained outgoing connection, sporadically during use, to:

firefox.settings.services.mozilla.com:443

Can anyone shed some light on its purpose?

On 24 Feb 2017, at 16:46, itc...@posteo.org wrote:

> Firefox 51.0.1 (64-bit; macOS)
>
> I’m trying to get some information on a number of connections that Firefox initiates by itself on every launch and sporadically during browsing that appear to have no relationship to any functionality that I’m knowingly making use of. That is to say, blocking these connections does not appear to adversely affect my web browsing.
>
> The following outgoing connections tend to occur immediately I launch Firefox, before I’ve undertaken any interaction myself:
>
> firefox.settings.services.mozilla.com:443
> tiles.services.mozilla.com:443
> shavar.services.mozilla.com:443
> self-repair.mozilla.org:443
>
> The following outgoing connections tend to occur sporadically after I launch Firefox:
>
> olympia.prod.mozaws.net
> aus5.mozilla.org:443
> versioncheck-bg.addons.mozilla.org:443
> self-repair.r53-2.services.mozilla.com
> versioncheck.prod.mozaws.net
>
> I’ve also noticed that Firefox attempts to contact the following address whenever I click, “More…” to view the update settings of several third-party add-ons:
>
> addons-cdn-geo.prod.mozaws.net
>
> Ultimately, I’d like to know what settings I can change to prevent these outgoing connections from occurring, where desirable. I can’t simply block these connections outright because I do occasionally need to permit them temporarily, when I knowingly activate a feature that requires them (eg. manually checking for updates to Add-Ons).
>
> Finally, in the same vein: does anyone know how to view and set the universal default update setting for add-ons? I think this may be a good start to blocking some of the connections mentioned.
> _______________________________________________
> support-firefox mailing list
> support...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/support-firefox
> To unsubscribe, send an email to support-fir...@lists.mozilla.org?subject=unsubscribe

Mayayana

unread,
Mar 1, 2017, 10:33:53 PM3/1/17
to mozilla-sup...@lists.mozilla.org
<itc...@posteo.org> wrote

>
However, some of the changes I had to make were not listed there. For
example, regarding connections to tiles.services.mozilla.com and
shavar.services.mozilla.com. How do I best contact Mozilla and have the
webpage amended? There’s an admin assigned to the page but I can’t find
contact details for them, or a way of appending a comment to the page
itself.

I’m also still getting one unexplained outgoing connection, sporadically
during use, to:

firefox.settings.services.mozilla.com:443

Can anyone shed some light on its purpose?
>

The Mozilla people simply don't bother to document
many of these. If you open omni.ja and take out
greprefs.js, you'll find the current list of prefs defaults.
But new prefs are regularly added and some go unused.
I'm currently using FF 38, which has none of the items
you listed. But in FF 51 they're there.

"browser.safebrowsing.provider.mozilla.updateURL",
"https://shavar.services.mozilla.com/downloads?client

// Services security settings
pref("services.settings.server",
"https://firefox.settings.services.mozilla.com/v1")

The first one is the URL for downloading the latest list
of possible "phishing" websites, if you enable that.
The second seems to be part of the ever-growing
Mozilla "services". Most seem to be things you probably
don't want, such as:

"browser.search.geoip.url", "https://location.services.mozilla.com....

That indicates where FF calls home to when it starts,
in order to geolocate you, report your IP address and
assign an ID to your browser.

Another dubious one is services.push.enabled, which seems
to be related to dom.webnotifications.enabled

The basic idea is that companies can send you ads, offers,
etc, via "push". FF would check in with a push server
regularly in order to get any push messages.
There's a general trend toward FF being a "web
services" program that assumes you want commercial
intrusion into your privacy.

You might want to blank out all URLs in about:config.
I always do. FF could, in theory, retrive those from
inside omni.ja. I don't have any evidence that it does.
The problem, though, is that the Mozilla people don't
see any need to let the public in on what's going on.



itc...@posteo.org

unread,
Mar 7, 2017, 9:37:07 AM3/7/17
to Firefox help community
@Mayayana: I think the issue you raise is one of unchecked and undocumented feature creep. Not every addition to FF is unwelcome; what's unwelcome is the frequent lack of information allowing users to make an informed decision regarding its use—something Mozilla appears to be guilty of here (and the FOSS community on the whole, IMO: everybody wants to code, few want to document the changes).

That aside, I may have to follow your suggestion and simply delete all URLs from the about:config, seeing as some of the services I squashed via the GUI seem to have sprung back to life.

> On 2 Mar 2017, at 03:33, Mayayana <maya...@invalid.nospam> wrote:
>
> <itc...@posteo.org> wrote
>
>>
> However, some of the changes I had to make were not listed there. For
> example, regarding connections to tiles.services.mozilla.com and
> shavar.services.mozilla.com. How do I best contact Mozilla and have the
> webpage amended? There’s an admin assigned to the page but I can’t find
> contact details for them, or a way of appending a comment to the page
> itself.
>
> I’m also still getting one unexplained outgoing connection, sporadically
> during use, to:
>
> firefox.settings.services.mozilla.com:443
>
> Can anyone shed some light on its purpose?
>>
>

Mayayana

unread,
Mar 7, 2017, 10:11:33 AM3/7/17
to mozilla-sup...@lists.mozilla.org
<itc...@posteo.org> wrote

| Not every addition to FF is unwelcome; what's
| unwelcome is the frequent lack of information
|... everybody wants to code, few want to
| document the changes

That's certainly part of it. Many of the most talented
programmers are "math people" with limited literacy.
(And frankly, limited socialization.) They code for other
coders. That's always been a problem with open source.
I've been researching prefs lately myself and I'm
surprised at both how many have no documentation at
all (even on tweak sites) and how many new ones are
constantly being generated.
But there are also other factors:

* There's pressure to make software simple and
easy-to-use. The way to do that is to remove
settings options. And most people don't read help.

* Browsers were originally designed with corporate
customers in mind. The poor design of prefs and
of Internet Explorer settings, as well as the tradition
of poor documentation, started with trying to
accomodate corporate admins who wanted to
control employee behavior. The settings were
supposed to be intelligible only to experts. The
admins who don't want you controlling the browser
are now ad purveyors and commercial websites.

* There's almost certainly pressure from backers
(Google, Yahoo) to make Firefox commerce-friendly.
No one cares if .8% of people install extensions to
control the browser. But the increase in ad-blocking,
for instance, has businesses worried.
The first problematic move I remember was when
the 3rd-party image blocking pref was removed from
the options window and the pref itself was renamed.
That was during the Google regime. It's been downhill
from there. (At the time, 3rd-party image was
synonymous with ad, and most ads come through
Google/Doubleclick.)

* There's pressure to keep up with functionality
advances and trends. The latest FF incorporates
WebAssembly, a wildly idiotic idea for incorporating
dangerous code compiling into client side pages.
But what's Mozilla to do? Nearly everyone has hopped
onto the online services bandwagon. Other browsers
will have WebAssembly. And if Mozilla don't make it
standard and difficult to block (as they've done with
script) then their browser will be seen as undependable.

Many of the questions in this group are a good
example of that. People install loads of extensions
to customize pages and then complain that Firefox
is broken when they don't get the hoped-for result.


John R. Sowden

unread,
Mar 7, 2017, 11:35:13 AM3/7/17
to support...@lists.mozilla.org
I saw your comment re: deleting all of the URLs from the about:config.  I went there and found interesting things: for starters, Chrome and Yahoo.  I have kept away from both, yet, there they are in my browser configuration file.  As I started deleting the URLs, I decided that I want to know:  (a) how do I delete them, meaning do I put "false" where the URL would go on the far fight, just delete it, or what?, and (b) is there documentation from mozilla that explains each item?

Thanks,
John


On 03/07/2017 06:36 AM, itc...@posteo.org wrote:
@Mayayana: I think the issue you raise is one of unchecked and undocumented feature creep.  Not every addition to FF is unwelcome; what's unwelcome is the frequent lack of information allowing users to make an informed decision regarding its use—something Mozilla appears to be guilty of here (and the FOSS community on the whole, IMO: everybody wants to code, few want to document the changes).

That aside, I may have to follow your suggestion and simply delete all URLs from the about:config, seeing as some of the services I squashed via the GUI seem to have sprung back to life.

On 2 Mar 2017, at 03:33, Mayayana <maya...@invalid.nospam> wrote:

<itc...@posteo.org> wrote

However, some of the changes I had to make were not listed there.  For 
example, regarding connections to tiles.services.mozilla.com and 
shavar.services.mozilla.com.  How do I best contact Mozilla and have the 
webpage amended?  There’s an admin assigned to the page but I can’t find 
contact details for them, or a way of appending a comment to the page 
itself.

I’m also still getting one unexplained outgoing connection, sporadically 
during use, to:

firefox.settings.services.mozilla.com:443

Can anyone shed some light on its purpose?
.
I always do. FF could, in theory, retrive those from
inside omni.ja. I don't have any evidence that it does.
The problem, though, is that the Mozilla people don't
see any need to let the public in on what's going on.



_______________________________________________
support-firefox mailing list

John R. Sowden

unread,
Mar 7, 2017, 11:52:31 AM3/7/17
to support...@lists.mozilla.org
Well, I think I just answered a part of one of my questions.  Replacing URLs with "false" can kill your browser.  My FF no long comes up, no errors, just not response to executing.  Now, how do I unring this bell?

John


On 03/07/2017 08:34 AM, John R. Sowden wrote:
I saw your comment re: deleting all of the URLs from the about:config.  I went there and found interesting things: for starters, Chrome and Yahoo.  I have kept away from both, yet, there they are in my browser configuration file.  As I started deleting the URLs, I decided that I want to know:  (a) how do I delete them, meaning do I put "false" where the URL would go on the far fight, just delete it, or what?, and (b) is there documentation from mozilla that explains each item?

Thanks,
John


On 03/07/2017 06:36 AM, itc...@posteo.org wrote:
@Mayayana: I think the issue you raise is one of unchecked and undocumented feature creep.  Not every addition to FF is unwelcome; what's unwelcome is the frequent lack of information allowing users to make an informed decision regarding its use—something Mozilla appears to be guilty of here (and the FOSS community on the whole, IMO: everybody wants to code, few want to document the changes).

That aside, I may have to follow your suggestion and simply delete all URLs from the about:config, seeing as some of the services I squashed via the GUI seem to have sprung back to life.

On 2 Mar 2017, at 03:33, Mayayana <maya...@invalid.nospam> wrote:

<itc...@posteo.org> wrote

However, some of the changes I had to make were not listed there.  For 
example, regarding connections to tiles.services.mozilla.com and 
shavar.services.mozilla.com.  How do I best contact Mozilla and have the 
webpage amended?  There’s an admin assigned to the page but I can’t find 
contact details for them, or a way of appending a comment to the page 
itself.

I’m also still getting one unexplained outgoing connection, sporadically 
during use, to:

firefox.settings.services.mozilla.com:443

Can anyone shed some light on its purpose?
.
I always do. FF could, in theory, retrive those from
inside omni.ja. I don't have any evidence that it does.
The problem, though, is that the Mozilla people don't
see any need to let the public in on what's going on.



_______________________________________________
support-firefox mailing list
_______________________________________________
support-firefox mailing list
support...@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-firefox
To unsubscribe, send an email to support-fir...@lists.mozilla.org?subject=unsubscribe

itc...@posteo.org

unread,
Mar 7, 2017, 12:04:42 PM3/7/17
to Firefox help community
@John: The answer to (b) is https://support.mozilla.org/t5/Protect-your-privacy/How-to-stop-Firefox-from-making-automatic-connections/ta-p/1748, more or less.  However, as you’ve probably read, not all the information you require is there.

The answer to (a) is just as unsatisfying.  On the webpage linked above, URLs are sometimes replaced with a blank string, and at other times replaced with, “ignore”.  I think prefs that ended with, “URL” or “url” tended to get blank strings, whilst the rest got, “ignore”.  For such a deterministic discipline (IT), you’d think information would be easier to come by…

As for your follow-up post: recent threads mentioned a “Safe Mode”, I’d start there.  I’ve not used it myself so can’t offer anything more.

On 7 Mar 2017, at 16:34, John R. Sowden <jso...@americansentry.net> wrote:

I saw your comment re: deleting all of the URLs from the about:config.  I went there and found interesting things: for starters, Chrome and Yahoo.  I have kept away from both, yet, there they are in my browser configuration file.  As I started deleting the URLs, I decided that I want to know:  (a) how do I delete them, meaning do I put "false" where the URL would go on the far fight, just delete it, or what?, and (b) is there documentation from mozilla that explains each item?

Thanks,
John


On 03/07/2017 06:36 AM, itc...@posteo.org wrote:
@Mayayana: I think the issue you raise is one of unchecked and undocumented feature creep.  Not every addition to FF is unwelcome; what's unwelcome is the frequent lack of information allowing users to make an informed decision regarding its use—something Mozilla appears to be guilty of here (and the FOSS community on the whole, IMO: everybody wants to code, few want to document the changes).

That aside, I may have to follow your suggestion and simply delete all URLs from the about:config, seeing as some of the services I squashed via the GUI seem to have sprung back to life.

On 2 Mar 2017, at 03:33, Mayayana <maya...@invalid.nospam> wrote:

<itc...@posteo.org> wrote

However, some of the changes I had to make were not listed there.  For 
example, regarding connections to tiles.services.mozilla.com and 
shavar.services.mozilla.com.  How do I best contact Mozilla and have the 
webpage amended?  There’s an admin assigned to the page but I can’t find 
contact details for them, or a way of appending a comment to the page 
itself.

I’m also still getting one unexplained outgoing connection, sporadically 
during use, to:

firefox.settings.services.mozilla.com:443

Can anyone shed some light on its purpose?
.
I always do. FF could, in theory, retrive those from
inside omni.ja. I don't have any evidence that it does.
The problem, though, is that the Mozilla people don't
see any need to let the public in on what's going on.



_______________________________________________
support-firefox mailing list
_______________________________________________
support-firefox mailing list
support...@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-firefox
To unsubscribe, send an email to support-fir...@lists.mozilla.org?subject=unsubscribe

Chris Ilias

unread,
Mar 7, 2017, 12:41:12 PM3/7/17
to mozilla-sup...@lists.mozilla.org
John R. Sowden wrote:
> Well, I think I just answered a part of one of my questions. Replacing
> URLs with "false" can kill your browser. My FF no long comes up, no
> errors, just not response to executing. Now, how do I unring this bell?

First, make sure that Firefox isn't currently running.
Then go to your profile folder, open the file prefs.js in a text editor,
and delete the lines pertaining to the prefs you edited which caused the
problem.

Also note: This is why there is a warning when you open about:config. ;)

--
Chris Ilias <http://ilias.ca>
Mailing list/Newsgroup moderator

John R. Sowden

unread,
Mar 7, 2017, 5:32:05 PM3/7/17
to support...@lists.mozilla.org
Thank you, it worked, and just for others on the list, my O/S is Ubuntu 16.04

John

On 03/07/2017 09:40 AM, Chris Ilias wrote:
John R. Sowden wrote:
Well, I think I just answered a part of one of my questions.  Replacing
URLs with "false" can kill your browser.  My FF no long comes up, no
errors, just not response to executing.  Now, how do I unring this bell?

David E. Ross

unread,
Mar 7, 2017, 6:33:31 PM3/7/17
to mozilla-sup...@lists.mozilla.org
On 3/7/2017 9:40 AM, Chris Ilias wrote:
> John R. Sowden wrote:
>> Well, I think I just answered a part of one of my questions. Replacing
>> URLs with "false" can kill your browser. My FF no long comes up, no
>> errors, just not response to executing. Now, how do I unring this bell?
>
> First, make sure that Firefox isn't currently running.
> Then go to your profile folder, open the file prefs.js in a text editor,
> and delete the lines pertaining to the prefs you edited which caused the
> problem.
>
> Also note: This is why there is a warning when you open about:config. ;)
>

What I did in SeaMonkey should also work with Firefox.

1. I copied the prefs.js file to a location away from my profile and
opened the copy in a plain-text editor.

2. With SeaMonkey, I browsed
<http://kb.mozillazine.org/About:config_entries> (primary reference),
<http://kb.mozillazine.org/Category:Preferences> (secondary reference),
and about:config, each in a separate tab.

3. I searched the copy of prefs.js for the string "http", ignoring any
preferences that had that string in the variable's name. Instead, I
only wanted preferences that had that string in their values.

4. For each preference that had "http" in its value, I reviewed the
description of the variable in the references cited in #2. I also
searched in about:config for that preference.

5. When I found a preference whose description in a reference indicated
I did not need the value -- especially those that had "user set" in
about:config -- I right-clicked on it and selected "Reset" from the
pull-down context menu.

--
David E. Ross
<http://www.rossde.com/>

Paraphrasing Mark Twain, who was quoting someone else:
There are three kinds of lies: lies, damned lies, and
alternative truths.

Mayayana

unread,
Mar 7, 2017, 7:07:22 PM3/7/17
to mozilla-sup...@lists.mozilla.org
"John R. Sowden" <jso...@americansentry.net> wrote

|(a) how do I delete them, meaning do I put "false" where
| the URL would go on the far fight, just delete it, or what?, and (b) is
| there documentation from mozilla that explains each item?
|

They're not boolean. They're string values.
I just make them blank.

Some are explained. Some are not. Some are
dealing with updates. If you want to allow FF
to update itself then you might want some of
those. Personally I don't want FF going anywhere
I didn't tell it to go, so I remove all URLs.



J. P. Gilliver (John)

unread,
Mar 7, 2017, 7:30:47 PM3/7/17
to mozilla-sup...@lists.mozilla.org
In message
<mailman.3573.148889948...@lists.mozilla.org>,
Mayayana <maya...@invalid.nospam> writes:
[]
>* There's pressure to make software simple and
> easy-to-use. The way to do that is to remove
> settings options. And most people don't read help.

A less drastic way is to leave the options, but make them a little
harder to find - often by putting them behind an "Advanced" button or
similar. (And perhaps to add a "restore defaults" button.)
>
>* Browsers were originally designed with corporate
> customers in mind. The poor design of prefs and
> of Internet Explorer settings, as well as the tradition
> of poor documentation, started with trying to
> accomodate corporate admins who wanted to
> control employee behavior. The settings were
> supposed to be intelligible only to experts. The

Is that true of all browsers though, or just IE? Surely most admins
would stick with Microsoft, as that's always (at least, for many years)
indeed been designed as you describe. Why would they even sanction use
of a non-Microsoft browser?

> admins who don't want you controlling the browser
> are now ad purveyors and commercial websites.
>
>* There's almost certainly pressure from backers
> (Google, Yahoo) to make Firefox commerce-friendly.

Indeed.

> No one cares if .8% of people install extensions to
> control the browser. But the increase in ad-blocking,
> for instance, has businesses worried.
> The first problematic move I remember was when
> the 3rd-party image blocking pref was removed from
> the options window and the pref itself was renamed.
> That was during the Google regime. It's been downhill
> from there. (At the time, 3rd-party image was
> synonymous with ad, and most ads come through
> Google/Doubleclick.)
>
> * There's pressure to keep up with functionality
> advances and trends. The latest FF incorporates
> WebAssembly, a wildly idiotic idea for incorporating
> dangerous code compiling into client side pages.
> But what's Mozilla to do? Nearly everyone has hopped
> onto the online services bandwagon. Other browsers
> will have WebAssembly. And if Mozilla don't make it
> standard and difficult to block (as they've done with
> script) then their browser will be seen as undependable.
>
> Many of the questions in this group are a good
> example of that. People install loads of extensions
> to customize pages and then complain that Firefox
> is broken when they don't get the hoped-for result.
>
Not sure what you mean by "to customize pages". I don't usually install
extensions because of one specific page; if there's one specific page
that gives me problems, I'll just do my best to avoid it (find
alternatives), or if I really have to use it, will use another browser.
>
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

A closed mouth gathers no foot.

Chris Ilias

unread,
Mar 8, 2017, 11:05:28 PM3/8/17
to mozilla-sup...@lists.mozilla.org
I want to correct some misinformation in your post, because I don't want
users thinking that what you're saying is correct:

* If you're having trouble finding user-documentation for the prefs in
about:config, it's because about:config is not intended for end-users.
<https://bugzilla.mozilla.org/show_bug.cgi?id=178685>

* The large majority of developers don't write end-user documentation.
There is a separate community for that. All user-doc submissions (by
developers or anyone else) have to be reviewed by user-doc reviewers
before being published. That's been the case for over a decade.
<https://support.mozilla.org/t5/Contributor-Knowledge-Base/About-the-Knowledge-Base/ta-p/19913>


* If you're wondering why particular setting was removed, start a new
thread listing them, and we'll try find the specific answer.
* Regarding third-party images, I don't know what pref you're referring
to. Are you referring to the "Load images automatically" checkbox? If so
that was removed as part of the "checkboxes that kill" project
<http://limi.net/checkboxes-that-kill>

* Firefox was not designed for corporate customers.
<http://www-archive.mozilla.org/projects/firefox/charter.html>
I don't know why you think browsers were originally designed for
corporate customers.

* I'm not sure what you mean by "commerce-friendly".

David E. Ross

unread,
Mar 9, 2017, 12:55:12 AM3/9/17
to mozilla-sup...@lists.mozilla.org
On 3/8/2017 8:05 PM, Chris Ilias wrote:
> If you're having trouble finding user-documentation for the prefs in
> about:config, it's because about:config is not intended for end-users.

Then why are users told to set preference variables in response to
requests for help in the various mozilla.support.* newsgroups?

AlexVie

unread,
Mar 9, 2017, 1:49:42 AM3/9/17
to mozilla-sup...@lists.mozilla.org
On Thursday, 09. March 2017 at 07:42 W. EST, David E. Ross wrote:

>> If you're having trouble finding user-documentation for the prefs in
>> about:config, it's because about:config is not intended for end-users.

> Then why are users told to set preference variables in response to
> requests for help in the various mozilla.support.* newsgroups?

Because it's only meant to solve specific problems. It's pretty much
like the Windows registry - lots of things *can* be done by editing
registry values or /prefs.js/ and support will sometimes tell you to do
so, but users should not play with it unless they know what they're
doing or are instructed to.

That's why about:config comes with a big red warning sign

--
'%d!' % (1337*math.pi/100)

itc...@posteo.org

unread,
Mar 9, 2017, 9:49:09 AM3/9/17
to Firefox help community
As the OP, I should indicate that I consider myself to have received about the best answer to my question that I'm going to get. I will therefore now be unsubscribing from the list.

Thanks to all those who contributed.

Mayayana

unread,
Mar 9, 2017, 9:59:03 AM3/9/17
to mozilla-sup...@lists.mozilla.org
"Chris Ilias" <nm...@ilias.ca> wrote

| I want to correct some misinformation in your post, because I don't want
| users thinking that what you're saying is correct:
|

That seems a bit unfair. Most of what you're saying is
a matter of opinion, not fact.

| * If you're having trouble finding user-documentation for the prefs in
| about:config, it's because about:config is not intended for end-users.
| <https://bugzilla.mozilla.org/show_bug.cgi?id=178685>
|

Yes. Don't you think that's a problem? Even javascript
settings are no longer in the UI. So what you're saying
amounts to saying that whether script is enabled or not
is of no concern to the end user. Nor geo-location. Nor any
of the other myriad options that are specced in about:config.
If only Mozilla developers are meant to access those
settings then why are they there?

If I couldn't disable script I wouldn't even go online
except for critical things like downloading tax forms. It's
simply not safe. And script-enabled pages are far too
"push-enabled".

| * The large majority of developers don't write end-user documentation.
| There is a separate community for that.

Yes. That's basically what I said. But the docs
"community" should be considered part of doing
the whole job. I'm a Windows developer. I write
docs. That's part of the product. If I didn't write
them, or find someone to do it, how could I release
the product in good conscience?

| * If you're wondering why particular setting was removed, start a new
| thread listing them, and we'll try find the specific answer.
| * Regarding third-party images, I don't know what pref you're referring
| to.

permissions.default.image
1-accept all images. 2-block all images. 3-no 3rd-party images.

It's the only "permissions" category pref. It used to have
another name with different settings values, though I don't
have those details at hand. When it was removed was also
when the name and values were changed, making it very
difficult for anyone but hardcore tweakers to block 3rd-party
images.

| Are you referring to the "Load images automatically" checkbox? If so
| that was removed as part of the "checkboxes that kill" project
| <http://limi.net/checkboxes-that-kill>

I think there are really two issues here. One is the
option to block 3rd-party images. (That's still available
in the UI of SeaMonkey, by the way.) The other issue
is whether to enable images at all.
Your friend Mr. Limi apparently doesn't know any blind
people. Any website should be accessible, without images,
to people using a screenreader. For them, images only
add unnecessary complexity and load time. A setting
to enable/disable images is for people like that. I very
much doubt that confusion about that setting has
caused problems for other people.

I'd say Mr. Limi is a very good example of programmer
arrogance -- the attitude that "civilians" shouldn't be
able to control things, for their own good. He even
advocates the removal of javascript control, justifying
that position because he can't book travel online without
javascript. I disable javascript 99% of the time and have
no problems. We don't all use the Web in the same way.

But this is also what I was saying above: The Mozilla
people, and all programmers, are in an awkard position.
"One button, no directions" means ease of use and people
can't screw it up. So the product will get a reputation for
dependability. (The Apple approach.) But then the people
who want more control are unhappy and flexibility is lost.
There's no perfect approach for everyone and for all
situations.

|
| * Firefox was not designed for corporate customers.
| <http://www-archive.mozilla.org/projects/firefox/charter.html>
| I don't know why you think browsers were originally designed for
| corporate customers.
|

Of course FF was not designed for corporate customers,
but the Netscape prefs come out of that. Stability
through obscurity. Corporate customers are a big slice
of the market and they won't use a browser if it prevents
them controlling employee behavior. Surely you don't
think the Netscape prefs system was designed for end
user convenience?

One of the reasons IE became so popular is because
Microsoft catered to corporate IT. The settings are
poorly documented and too confusing for most people
to use. Even if people do figure out those settings,
there's a master switch in the Registry, in the HKEY_
LOCAL_MACHINE version of the same settings, that allows
a sys admin to secretly override personal settings choices.
IE can be controlled at current-user level or at machine
level. IE can be whatever the IT people decide they want
it to be.

| * I'm not sure what you mean by "commerce-friendly".
|
Much of what happens online is now commercial --
either selling things or making money through ads.
Google is probably the #1 ad company online. If
a significant number of people block ads their business
model, and that of many ad-supported sites, is
called into question. So that's all I meant: The Web
has become commercialized to a great extent and
the major players depend on that. There are even a
growing number of people who actually believe the
Web can't survive without ads. (See the presentation
by the people who make the Brave browser.)

But people use the Web differently, and many
important things are not ad-supported or even
commercial. It seems to me that Firefox has always
been in the position of being the "peoples' browser".
But that's an awkward position to be in these days.
I'm not blaming Mozilla. Their browser needs to work
for everyone. I'm just saying that commercial pressure
is one of the factors that comes into play.


Mayayana

unread,
Mar 9, 2017, 2:23:04 PM3/9/17
to mozilla-sup...@lists.mozilla.org
"Chris Ilias" <nm...@ilias.ca> wrote

| that was removed as part of the "checkboxes that kill" project
| <http://limi.net/checkboxes-that-kill>
|

Interesting irony there. Alex Limi rails against
the option to not load images:

------------------------------------------------
"Here's how Google's front page looks like if you uncheck that box:

[sample picture of google with no images here]

That's right, you can't even see the text box you're supposed to type your
search into. Congratulations, we just broke the Internet."
------------------------------------------------

With all images blocked I see the Google text input just
fine. I also see the search button just fine. And a
screenreader for the blind can probably navigate more
easily. So images are not required at Google.
I actually have a blind friend. I've built computers
for him in the past. Last I heard he was still using IE
because Firefox has made very little accomodation for
accessibility. That is, his screenreader, Jaws, doesn't
work very well with Firefox.

But I can't see Alex Limi's picture that he claims
shows a broken Google page, so I don't know what
he's talking about. Why? Because he's loading his
webpage images from imgur.com! And I'm blocking
3rd-party images. He has his own website, yet he
can't put his images on the site? The imgur.com
privacy policy says they may set cookies and do use
all collected information for targetted advertising. So
limi.net presents a good example of why it's a good
idea to block 3rd-party images. It also presents a
good example of poor website design. No site should
need to load images from another domain. That's for
spyware web bugs.

An interesting side note: Settings Sanity will put
back javascript controls and the image option, but
it hides the option to block 3rd-party images. It's only
a checkbox to choose between permissions.default.image
values of 1 or 2 -- load or don't load all images. It
doesn't provide the option to choose a setting of 3,
to load only local images. I don't know if there's an
extension to bring back that UI setting.

I find that an increasing number of sites use 3rd-party
images. Some are web bugs. Most are ads. But many are
just poor design. For example, nyt.com might load from
something like nytimg.com. For that reason I normally
use Pale Moon with 3rd-party images blocked and when
necessary I use Firefox with all images allowed and depend
on a HOSTS file to block web bugs and spyware ads.


Mark12547

unread,
Mar 9, 2017, 5:14:15 PM3/9/17
to mozilla-sup...@lists.mozilla.org
In article <mailman.3717.1489087377.19728.support-
fir...@lists.mozilla.org>, maya...@invalid.nospam says...
> I find that an increasing number of sites use 3rd-party
> images.
>

Rather than blaming that on bad web design, I would consider it
engineering for a heavier load: separate small (text) or varying (user-
specific) content from large (images) or static content, often with
radically different caching parameters and and separating load out to
more machines, sometimes to different server farms, sometimes with
varying content on one set of servers and static material hosted by a
content delivery network.

Blocking Third-Party Images then becomes too blunt of a tool to use. An
ad blocker becomes a handy tool in such cases since it is more like a
scalpel that can block most of the ads without blocking the images
relevant to the content one is after.

I don't think there is any perfect solution, but I can understand why
Blocking Third-Party Images, which sounds fine in theory, ended up being
problematic in practice.

Mayayana

unread,
Mar 10, 2017, 10:34:47 AM3/10/17
to mozilla-sup...@lists.mozilla.org
"Mark12547" <mark...@xyzzy.invalid> wrote

| > I find that an increasing number of sites use 3rd-party
| > images.
| >
|
| Rather than blaming that on bad web design, I would consider it
| engineering for a heavier load:

That makes sense, but it rarely applies. Big companies
that have to handle load usually use something like
Akamai, which doesn't come through as a separate
domain.

In this case it seems that limi.net is actually a freebie
site hosted by Alex Limi's ISP, xs4all.nl! He's apparently
pasting together a site out of freebie services, using
imgur.com because he doesn't want to pay the
cost of a Starbucks coffee per month for real hosting.
And he's allowing google to track visitors by unnecessarily
linking to their fonts.
I pay $8.95/month for real webhosting with no ads and
no funny business, and get 70 GB traffic allotment. At
a typical size of maybe 40-70 KB for an image, that
allows well over a million visitors. More if Mr. Limi used
JPGs rather than PNGs. Are we into bad site design
territory yet? :)

| I don't think there is any perfect solution, but I can understand why
| Blocking Third-Party Images, which sounds fine in theory, ended up being
| problematic in practice.

Yes. That's a reasonable view and many people may
feel that way. But I think the functionality vs restrictions
dichotomy is a false one. So often these discussions
veer into whether a setting should be used or not, which
is a personal preference. The same thing happens with
Windows restrictions issues. People end up debating
whether anyone should run as Admin. But that's not the
real issue. Rather, the problem is that options are
deliberately obscured. Settings should be clear and
available, even though they may not need to be in the
main UI.

There's no reason we can't have security, simplicity, or
whatever else Alex Limi thinks is part of well designed
software and still have accessible, clear, documented
settings for people who want them. We're not talking
about software made by 3 students in a cellar. We're
talking about a company with a budget of over $100M/year.
There's no reason that one or two people can't be assigned
to handle clear settings and documentation. The fact that
no one is leaves us to conclude that the design is meant
to be coercive. In the case of 3rd-party images, Mozilla
designers don't want that option to be usable. You may
agree with them. But what about "geo.enabled" location
reporting defaulting to True? There's no excuse for people
not being informed about these things and having clear
options.


Chris Ilias

unread,
Mar 10, 2017, 11:12:59 AM3/10/17
to mozilla-sup...@lists.mozilla.org
David E. Ross wrote:
> On 3/8/2017 8:05 PM, Chris Ilias wrote:
>> If you're having trouble finding user-documentation for the prefs in
>> about:config, it's because about:config is not intended for end-users.
>
> Then why are users told to set preference variables in response to
> requests for help in the various mozilla.support.* newsgroups?

Mainly because forums are not part of user-documentation. :)
The key difference between user-docs and forums is that docs give the
impression that it is official Mozilla advice, whereas advice in forums
are given by community members. It's one of the many reasons why it's
important to make it clear that this is a community forum where the
people answering questions are fellow users and not speaking on behalf
of Mozilla.

Also note:
* After a lot of debate with developers, we agreed on a policy to allow
using about:config if the document is for troubleshooting.
* This policy is Firefox-specific. Even if the policy applies to forums,
it would not apply to various newsgroups; just this one...but it doesn't
apply to forums. :)

Chris Ilias

unread,
Mar 10, 2017, 11:26:34 AM3/10/17
to mozilla-sup...@lists.mozilla.org
> One of the reasons IE became so popular is because Microsoft catered to corporate IT. The settings are poorly documented and too confusing for most people to use. Even if people do figure out those settings, there's a master switch in the Registry, in the HKEY_LOCAL_MACHINE version of the same settings, that allows a sys admin to secretly override personal settings choices. IE can be controlled at current-user level or at machine level. IE can be whatever the IT people decide they want it to be.
>
> | * I'm not sure what you mean by "commerce-friendly".
> |
> Much of what happens online is now commercial -- either selling things or making money through ads. Google is probably the #1 ad company online. If a significant number of people block ads their business model, and that of many ad-supported sites, is called into question. So that's all I meant: The Web has become commercialized to a great extent and the major players depend on that. There are even a growing number of people who actually believe the Web can't survive without ads. (See the presentation by the people who make the Brave browser.)
>
> But people use the Web differently, and many important things are not ad-supported or even commercial. It seems to me that Firefox has always been in the position of being the "peoples' browser". But that's an awkward position to be in these days. I'm not blaming Mozilla. Their browser needs to work for everyone. I'm just saying that commercial pressure is one of the factors that comes into play.

I'm glad you made it clear that you're voicing opinion. My purpose here
is to correct misinformation from being spread about Mozilla and Firefox
development. If you want to argue opinions about Mozilla and Firefox
development, this isn't the place. This is a support forum. It would be
better to take that discussion to mozilla.general.

* My understanding is that you are saying that developers write the
user-docs, and they are bad at it because they are "math people". I'm
correcting that statement. Whether you like the amount of documentation
is a matter of opinion, but your statement about who writes the docs is
not a matter of opinion. It's false information, and I want to make that
clear to everyone, including yourself.

* The preference you're referring to was originally
"network.image.imageBehavior", and was in the UI as Load images "for the
originating web site only". That UI was not removed because of pressure
from Google or Yahoo, or to make Firefox more commerce-friendly. It was
removed because the preference was widely misunderstood, and *users*
were complaining about images not loading, when the sites themselves
were using other domains to host images. For example, did you notice
what a big deal it was when Amazon's web hosting service went down last
week? :) For more information on the change, see
<https://bugzilla.mozilla.org/show_bug.cgi?id=287571>. There's a list
long list of bugs in comment 14 filed by users.

* Alex Limi is not a programmer. He does user experience. Please stop
making these assumptions.

* Corporate customers have the ESR version of Firefox. That's who the
ESR version is intended for.
<https://www.mozilla.org/en-US/firefox/organizations/>.
Similarly, there is a customization kit <https://mike.kaply.com/cck2/>.

* The issue of why there are hidden preferences depends on the
preference. For many cases, it's based on the fact that Mozilla was
originally meant to be be a development project, where others would make
their own branded version. <http://ilias.ca/MozillaNetscapeRelationship>
For instance, when we removed help documentation from the code and
pointed the "Firefox Help" menu item to support.mozilla.org, that was
set by a new pref called app.support.baseURL. If another vendor wants to
offer a product based on the code (e.g. Netscape, Tor), they can easily
change the support URL.
Reply all
Reply to author
Forward
0 new messages