I was browsing r/privacy today and I came across this guy going on about how Mozilla was just pretending to be privacy focused. Here's his comment. Now I don't really know what to think of this, and frankly, I'm getting really exhausted of hearing about how all the things I'm using aren't actually trustworthy. So can so someone put my mind to rest? Does this guy's claims have any truth to them? Thanks.

Here is what just happened to me:
Firefox installed two addons - fxmonitor@mozilla.org.xpi and telemetry-coverage-bug1487578@mozilla.org into my browser silently, even though I've explicitly turned all the telemetry off.
This have happened before, and Mozilla apologized for it, however it seems that they learned nothing and are willing to do so again.
There goes the last scrap of my trust into Firefox. I suggest you check your browsers too.

Hi, I've started developing syntax highlighting, but I'm unable to connect to Tildes on localhost. It's running, I can connect to Prometheus, but not to Tildes. I use Ubuntu.

I know there are few people here who already contributed to Tildes, how do you connect to Tildes?

• Firefox shows Secure Connection Failed, even after adding exception in about:config for domains localhost, *, 127.0.0.1, both with and without port, I even tried adding https:// before them.
• Qutebrowser displays nothing
• Chromium displays ERR_CONNECTION_RESET (not something like insecure connection)
• Chrome displays ERR_CONNECTION_RESET (not something like insecure connection)
• Curl displays OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:4443
• wget displays Unable to establish SSL connection.
• lynx displays Unable to connect to remote host.

Could someone tell me how to config Firefox / install certificate for Tildes on localhost / move Tildes to http?

Thank you

Edit: I tried setting firefox security exception in a different way and this happened.

I mainly use my keyboard to navigate around in Firefox so decided to edit UserChrome.css to create a custom, ultra-minimalist "one line" UI for myself and also maximize my screen real-estate by removing the window Titlebar and Tab Bar (using Tree Tabs sidebar extension instead). I also dislike how cluttered the Firefox interface is with unneeded options scattered everywhere, and how much redundancy there is with many options showing up in multiple places for no good reason, so I removed most of that as well. Here is the results:

Main UI (Navigation and "Hamburger" toolbar buttons removed)
Tree Tabs sidebar & More Tools both open
"Find in page" moved to the top, with Menu bar also toggled on
New Tab Page (my Bookmark Toolbar auto-unhides itself only on this page)
My Home Page, set to the FF Library "popout" page (chrome://browser/content/places/places.xul)

Context Menus (with lots of redundant and unused options removed):
Address bar dropdown
Page context menu
Image context menu
Link context menu

If anyone is interested in trying it out themselves, here is the UserChrome.css (which needs to go in the /chrome directory of your Firefox profile).

And if enough people are interested in learning Firefox UserChrome.css customization using the Browser Toolbox with remote debugging, I can always write up a tutorial at some point. There are some decent resources already available over at userchrome.org and reddit.com/r/FirefoxCSS/ too.

I posted about it three days ago but in these last three days I really worked my ass off to include lots of functionalities and feel like the community is missing a lot of topics...
So, sorry, I won't spam this for the next days every three days but I felt like it deserved to be "bumped" in the activity feed at least once now that the default is just 24h.

As of today, the features are:

• management to choose which links top open in a new tab
• button to quickly jump to new comments in a topic
• button to quickly get back to the top of the page in topics (no, there isn't one to go to the bottom)
• live preview of the reply/topic box
• load external CSS to customize the UI
• add label to users

I'll just link to the original topic so you can have some context if you want, otherwise these are just the links to download it:

• Original Topic: https://tildes.net/~tildes/1oa/browser_extension_tildes_extended
• Chrome: chrome.google.com
• Firefox: addons.mozilla.org
• Source: Github (feel free to do modification and open pull requests if you'd like!)

I need feedback to know what else you'd like to see implemented or what have bugs or could be done in a different/better way!

So it all begun as a [something]monkey script but I decided to give it a try to web extensions after several years of not touching it.

If you don't care about the yada yada, skip right at the bottom now.

Why

So the whole thing revolve around a simple concept: I'd like tildes to remain as lightweight as possible with a simple and clean interface and not too many user settings.
We don't know the full structure of the code yet but, by experience, frontend and backend require quite an effort to be kept in balance so that one or either don't becomes a mess.

From this idea, the next step has been quite obvious. Users that would like a more advanced frontend experience could just download an extension (probably an app for mobile once it becomes possible).

What

Right now the extension does some simple things. It is basically just a porting of the script I made some time ago so you'll get non-tildes link in a new tab and a button to jump to new comments in a topic you already visited.
The extension don't retain any user data. it doesn't care who you are or what you browse. If you're unsure you can check the source code (below).

Future Goals

The immediate priority is to create a "settings" page so you can customize how the features should behave. As an example, about the links in new tab, letting you decide which kind of links should behave like this: all / comment's / text submission's / etc etc. I'm still thinking which are reasonable use-case

After that, I want to try and implement a user's labelling system and that is the reason for the app already requesting access to storage data on the browser. I've yet to figure it out but the gist of it is that I'll store something like username:tag duplet in your browser localstorage and on load of a page, check for usernames match and add the label you choose.

Additional Notes

I know the code is dirty. As I said, I didn't touch extensions since... I think more than 6 years ago. Maybe more.
On top of that, I went for jquery and am more of a modern framework JS developer with a strong preference and background as backend developer, so... you know.
I still think I'll stick to jquery because the syntax is quite clear and I want even non-technical people to be able to understand what's going on in the code if they want to double check.

If you want to contribute you're more than welcome but keep in mind that most basic things are still missing. To mention just a couple:

• settings page
• proper isolation of content scripts
• guidelines or at least a sample to use to implement new features

if you have any resource that you used to build something similar (web extension or the like) please share them as I've a goddamn long commute every day and have time to read :)

Links

• Firefox: https://addons.mozilla.org/en-GB/firefox/addon/tildes-extended/
• Chrome: https://chrome.google.com/webstore/detail/tildes-extended/dinimcigfnjcblajimodbacmbknmicgl/related
• Source: https://github.com/theCrius/tildes-extended

It should work on any fork of Chrome as well.
I can't assure the same for future development.

Current features:

• Link in new tabs management
• Button to jump to new comments in topics
• Add custom CSS from external URL
• Markdown Preview
• Add User's labels

Firefox recently introduced DNS over HTTPS (DoH) and Trusted Recursive Resolver (TRR) in nightly builds for Firefox 62.

DoH and TRR are intended to help mitigate these potential privacy and security concerns:

1. Untrustworthy DNS resolvers tracking your requests, or tampering with responses from DNS servers.
2. On-path routers tracking or tampering in the same way.
3. DNS servers tracking your DNS requests.

DNS over HTTPs (DoH) encrypts DNS requests and responses, protecting against on-path eavesdropping, tracking, and response tampering.

Trusted Recursive Resolver (TRR) allows Firefox to use a DNS resolver that's different from your machines network settings. You can use any recursive resolver that is compatible with DoH, but it should be a trusted resolver (one that won't sell users’ data or trick users with spoofed DNS). Mozilla is partnering with Cloudflare (but not using the 1.1.1.1 address) as the initial default TRR, however it's possible to use another 3rd party TRR or run your own.

Cloudflare is providing a recursive resolution service with a pro-user privacy policy. They have committed to throwing away all personally identifiable data after 24 hours, and to never pass that data along to third-parties. And there will be regular audits to ensure that data is being cleared as expected.

Additionally, Cloudflare will be doing QNAME minimization where the DNS resolver no longer sends the full original QNAME (foo.bar.baz.example.com) to the upstream name server. Instead it will only include the label for the zone it's trying to resolve.

For example, let's assume the DNS resolver is trying to find foo.bar.baz.example.com, and already knows that ns1.nic.example.com is authoritative for .example.com, but does not know a more specific authoritative name server.

1. It will send the query for just baz.example.com to ns1.nic.example.com which returns the authoritative name server for baz.example.com.
2. The resolver then sends a query for bar.baz.example.com to the nameserver for baz.example.com, and gets a response with the authoritative nameserver for bar.baz.example.com
3. Finally the resolver sends the query for foo.bar.baz.example.com to bar.baz.example.com's nameserver.
   In doing this the full queried name (foo.bar.baz.example.com) is not exposed to intermediate name servers (bar.baz.example.com, baz.example.com, example.com, or even the .com root nameservers)

Collectively DNS over HTTPs (DoH), Trusted Recursive Resolver (TRR), and QNAME Minimization are a step in the right direction, this does not fix DNS related data leaks entirely:

After you do the DNS lookup to find the IP address, you still need to connect to the web server at that address. To do this, you send an initial request. This request includes a server name indication, which says which site on the server you want to connect to. And this request is unencrypted.
That means that your ISP can still figure out which sites you’re visiting, because it’s right there in the server name indication. Plus, the routers that pass that initial request from your browser to the web server can see that info too.

So How do I enable it?
DoH and TRR can be enabled in Firefox 62 or newer by going to about:config:

• Set network.trr.mode to 2
  • Here's the possible network.trr.mode settings:
    • 0 - Off (default): Use standard native resolving only (don't use TRR at all)
    • 1 - Race: Native vs. TRR. Do them both in parallel and go with the one that returns a result first.
    • 2 - First: Use TRR first, and only if the name resolve fails use the native resolver as a fallback.
    • 3 - Only: Only use TRR. Never use the native (after the initial setup).
    • 4 - Shadow: Runs the TRR resolves in parallel with the native for timing and measurements but uses only the native resolver results.
    • 5 - Off by choice: This is the same as 0 but marks it as done by choice and not done by default.
• Set network.trr.uri to your DoH Server:
  • Cloudflare’s is https://mozilla.cloudflare-dns.com/dns-query
    (but you can use any DoH compliant endpoint)
• The DNS Tab on about:networking will show which names were resolved using TRR via DoH.

Links:
A cartoon intro to DNS over HTTPS
Improving DNS Privacy in Firefox
DNS Query Name Minimization to Improve Privacy
TRR Preferences

I'm not affiliated with Mozilla or Firefox, I just thought ~ would find this interesting.