User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:92.0) Gecko/20100101 Firefox/92.0

Hello Dear Mozilla / Dear Firefox management & DevTeam,

using this rss app to stay up to date with various open source related blogs & sites., what cought the user’s eye was this headline:

“Firefox Lost Almost 50 million Users: Here’s Why It is Concerning”

“Mozilla’s Firefox is losing users big time since 2018, why are users moving away from it? Is this something to be worried about?”

by Ankush Das, August 4, 2021 src: https://news.itsfoss.com/firefox-decline/

Actual results:

Ankush Das published an article, claiming that the beloved Firefox (used to be Netscape) the beacon of the free wild wild web was constantly using users because it was not listening to their requirements.

src: https://news.itsfoss.com/firefox-decline/

some (possible) explanations:

“Chrome browser automatically translated my Greek articles!

“People normally choose to use Chrome due to it’s speed and simplicity.

“Mozilla Firefox ( and duckduckgo search engine) are used very widely. That’s my preferred combination too. Chrome is fully featured no doubt but its popularity is also due to its marketing. Many people fall for this gimmick.

src: www.quora.com

another explanation:

The amount of Mobile Devices (SmartPhones, Tablets) has exploded in contrast to the amount of “traditional” PCs and Laptops. (2021: ~60% SmartPhones, 40% Desktop, ~3% Tablet)

Google’s Chrome is THE DEFAULT mobile browser on Android (unless tech savy and privacy concerned users install Firefox Mobile)

so: Mozilla, maybe u should start building privacy respecting, fast, great designed SmartPhones with a great camera 🙂 and Firefox Mobile the default browser 🙂

in software, simplicity is defintely key

no matter the gui or the code: it is okay and good and great that Mozilla-Firefox is following the UNIX philosophy of “keep it simple”: keeping a software simple means: the code is better to maintain, it compiles faster, bugs are found faster, testing is faster, the end result will be a better software with security, reliably and speed.

The Unix philosophy – simple and beautiful (so it “just works”)

problem: of course users got needs. like: do not break userspace.

Just as Windows user’s should really complain about the massive changes (and not in a good way) of the GUI called the Windows Desktop from Windows 7 to Windows 10 (absolute catastrophe).

It is just like changing the appearance of a screw-driver… it is still a screw-driver… but when it looks and handles completely different, users might not recognize it as a screw-driver anymore.

So users will have to spend massive amounts of time already-known-GUIs, which is a complete waste and disrespect of the user’s time aka a massive M$ caused in-efficiency in computing.

There is another interesting GNU-LINUX principle coming from Linus Torvalds: do not break userspace.

So Mozilla should really really take the user’s needs into consideration.

of course the most important need is still:

a fast & safe (!!!) renderer of html, css and evil evil JavaScript of massive exploitation (imho js should be reduced to very very basic functionalities… because it is pretty frightening that a js-script put into a hacked website like yahoo.com could scan ever user’s network for outdated vulnerable hardware and actually start attacking it, which will compromise the whole network and will probably used for DDoSing other sites).

what about this: keep a list of features and requests and ideas that users commited and “let em vote” on importance (like a star or a heart symbol to click on).

at the end of the month sit together and discuss how and when the top 3 features could be implemented. (with or without complete rewrite 🙂

what about security?

holy crap hope this is fixed by now?

auto translated from: https://www.playground.ru/misc/news/staryj_bag_firefox_obnaruzhennyj_eschyo_9_let_nazad_pozvolyaet_vorovat_paroli-291267

March 20, 2018:

An old Firefox bug discovered 9 years ago allows you to steal passwords

The popular Firefox browser has been using an outdated password saving scheme for 9 years, which can be cracked using modern graphics adapters in less than a minute.

Firefox and Thunderbird allow users to set a master password for added security. As it turned out, this function used the SHA1 cryptographic hashing algorithm for a long period of time, the encryption mechanism of which is easy to crack.

The vulnerability was discovered by Wladimir Palant, author of the AdBlock Plus extension for blocking ads in browsers. The most interesting thing is that the flaw is already a long-standing one, it was first reported 9 years ago (!). However, during this time, Firefox developers have not fixed the error.

“I looked into the source code and found the sftkdb_passwordToKey () function, which converts the [website’s] password to an encryption key by applying SHA-1 hashing to a string consisting of the actual master password and random characters,” Vladimir Palant wrote in his blog.”

The problem is that the SHA-1 loop counter is one, meaning the function is applied once. Usually, the cycle counter is 10k or more, for example, in LastPass it is equal to 100k. This allows hackers and intruders to easily decrypt the master password and gain access to all stored user passwords. According to Palant, the GTX 1080 graphics card is capable of calculating 8.5 million SHA1 hashes in one second.

At the moment, the problem remains relevant, as well as the topic that the developer raised again on the official Mozilla forum on the detected bugs. Representatives of the company assured that they will soon release a new tool for the master password in the browser called Lockbox. In the meantime, users should come up with a longer password. Just in case.

could not find an update to this topic… https://www.reddit.com/r/firefox/comments/etkt3m/is_firefoxs_master_password_encryption_still_weak/

Linus: Do not break UserSpace

not even for security fixes?

“So from a user standpoint, the hardening was just a big nasty annoyance, and probably made their workflow _break_, without actually helping their case at all, because they never really saw the original bug as a problem to begin with.”

Torvalds’ post explained his view that “… the number one rule of kernel development is that ‘we don’t break users’.”

“Because without users, your program is pointless, and all the development work you’ve done over decades is pointless.”

“Because in the end, those users really do matter. Without those users, your system may be ‘secure’, but all your security work was still just masturbation. You didn’t do anything useful at all in the end.”

src: theregister.com

Torvalds post explained his attitude to security, namely that “security problems are just bugs” rather than opportunities to change the way the kernel behaves.

“The important part about ‘just bugs’ is that you need to understand that the patches you then introduce for things like hardening are primarly [sic] for DEBUGGING.”

“I’m not at all interested in killing processes. The only process I’m interested in is the _development_ process, where we find bugs and fix them.”

src: www.theregister.com

related links:

https://news.slashdot.org/story/21/09/12/181257/ask-slashdot-why-is-firefox-losing-users

https://www.fastcompany.com/90174010/bye-chrome-why-im-switching-to-firefox-and-you-should-too

possible alternatives?

The Browser from Norway / Iceland 🙂

https://vivaldi.com/download/

wiki page about vivaldi

best regards

a concerned long-term-firefox-user (LTU)

admin