On mobile (Android) it's different. You cannot continue past the warning in Firefox Daylight (or Chrome, of course).
about:config is also walled off in every mobile Firefox build except Nightly - and even then, the "safe browsing" keys toggle back every time the app restarts.
Android WebView listens to the safe browsing list too, so you can have native apps open up with blood-red warning screens which is very uncomfortable on mobile.
Don't think I've ever seen a GSB warning page that _wasn't_ a false-positive. Google also still links out to https://www.stopbadware.org/ on some of their GSB webpages, even though the site has been dead for ages.
It has the feel of a system staffed _exclusively_ by robots. This isn't necessarily a bad thing (Google does an overall good job) but it has its blind spots for sure.
Self-hosters getting sucker punched offline for a day or two isn't the worst (it happened to me just the other week). I get it, overall it's probably worth the collateral. I also get that mobile should _probably_ be protected more aggressively. But if you are on Android, I don't think there's any way to meaningfully disable it unless you are root.
The one thing I miss from Chrome is the `thisisunsafe` feature to ignore whatever misconfiguration the webpage you're trying to access uses.
Recently, one of the dev servers that I tried to access misconfigured HSTS, which made it really difficult for Firefox to access the web UI. I fired up chromium, simply typed the magic word, and accessed it no problem.
Of course, ideally, there'd be no misconfigurations, but sometimes, I just need to access whatever dev server and I don't want to waste time on learning how to disable that particular security feature in Firefox temporarily.
I do agree, and I'm more careful now. Always keep a backup, at the very least. I now symlink ~/bin/firefox to nightly because some apps seem to have it hardcoded to open "firefox" rather than what's set as default.
That is a fine idea. We can make Firefox as safe as they want at startup. Just keep it as a default option -- something power users can turn off and do not make this a hardcoded choice "because those users turning it off may not know what are they doing". Inform, not restrict. My 2c.
I've actually stopped using Firefox because it re-enables plugins that I've disabled (maybe it's more accurate to say it allows 3rd-party software updates to re-enable them).
It's also checked against a remote one unless you either disable the feature entirely or set "browser.safebrowsing.appRepURL" in about:config to an empty string.
Man, I'm getting tired of repeating these basic security issues:
Stop storing your wallet online. And if not that, stop letting flash/java autoload/run. Both Chrome and Firefox have "click-to-enable". Not only is it more secure, it also prevents auto-video-playing, background audio you can't find and shit like this from happening.
Is this update why I got the 'Refresh or safe mode' dialog? I foolishly clicked and now I'm trying to restore stuff from the 'Old Firefox data' directory. This was not nice, I started thinking I was getting hacked. Esp. when it asked me for the master password five times in a row. Man is this browser rough.
I have webrender testing enabled and three days ago I opened Firefox Nightly and the UI was completely wrecked due some unexpected WebRender bug that was fixed after updating. So I’m glad they’re testing it on expert users first :)
EDIT: Nope, I’m not one of the default-on “safe” configurations.
I used to be a big fun of Firefox, but biggest turn of the event was when they disabled about:config on Firefox for Android -- for justification provided was in line of because people make bad choices with it, etc., and only alternative that was offered was to use beta.
Mostly I wanted this feature was to enable TRR on it -- but since they don't expose GUI for it, that's not feasible. This and the fact they made it off limit because some people do stupid thing made Firefox a lot less attractive for me.
It's sad if they haven't disabled about:config, I would still be using Firefox today...
I find it sad and depressing that a buggy browser plug-in has managed to rise to a status of "OS breaker". You can't be a successful smartphone upstart without Adobe blessing these days (unless you're Apple)
Even github.com brings up "plugins are missing" bar in Firefox. Github? WTF? By the way how do I disable plug-ins in FF like I had them turned off in Safari? It keeps bugging me with that annoying bar.
One built into the browser that can only be disabled by going to a hidden configuration page that pops up a big warning not to change anything.
I'm really glad it can be turned off, but I also wish it wasn't there. I have trouble wholeheartedly recommending Firefox to others, because the default experience (without about:config tweaks) feels messy.
reply