# Firefox with blank page make internet connections



## hruodr (Jan 16, 2019)

Why?! If I do not ask for anything in the internet, why does firefox do it?!

Does someone have an explanation?

With tcpdump I get:

18:35:22.874747 IP fbsd.fritz.box.39844 > ec2-52-24-186-236.us-west-2.compute.amazonaws.com.https: Flags [P.], seq 1248:1438, ack 3628, win 1036, options [nop,nop,TS val 5755914 ecr 1388776901], length 190

or

18:27:53.878871 IP fbsd.fritz.box.37590 > 89.27.243.8.http: Flags [.], ack 1, win 1036, options [nop,nop,TS val 5306919 ecr 9013488],  length 018


----------



## hruodr (Jan 16, 2019)

And as expected, chrome does the same, connects to google.

Are all [for everything usable] browsers so?


----------



## Sevendogsbsd (Jan 16, 2019)

Firefox makes all sorts of connections in the background. I use it at work with my MiTM proxy and I see it connecting to different Mozilla related sites. Could be Mozilla is using AWS to host some of their services. I ended up switching to www/seamonkey but I actually haven't checked to see if it is making connections 

I believe the connections are to update addons, search engines, and the browser itself, not sure what else. If you google your issue, there are sites showing you how to disable the connections.


----------



## hruodr (Jan 16, 2019)

Here is something:
https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections

Seamonkey is perhaps more blaoted and in this issue not much different.


----------



## Sevendogsbsd (Jan 16, 2019)

I don't care about bloat - I have essentially unlimited resources. I do need to check the connections though.


----------



## drhowarddrfine (Jan 17, 2019)

Sevendogsbsd said:


> Firefox makes all sorts of connections in the background.


There is a setting in Preferences > Privacy & Security where Firefox sends usage information to help improve Firefox. You can uncheck that if you wish.

hruodr You can change what displays in your browser when starting up or opening a tab. In Firefox it's under Preferences > Home


----------



## hruodr (Jan 17, 2019)

I am fed up customising `firefox`, and with upgrades there are always new need of customising, namely, to eliminate odd behaviour. Fed up!

The tragedy is, that there is no real alternatives to these bloated web browsers. Their behaviour differs in spite of standards. Web pages are written for specific browsers, javascript interpreters, render engines. The Web pages dictate, what browser one must use.

`Seamonkey` may be a clone of `firefox`, but it has the same strange things and more: the entry field for search is the sameone for URL. Absolute brainless design.


----------



## drhowarddrfine (Jan 17, 2019)

hruodr said:


> Their behaviour differs in spite of standards.


Yes and no. Some browsers just haven't caught up to newer standards but it is the web developers job to work around that. There are a lot of bad web developers around. Most are on reddit.


hruodr said:


> Web pages are written for specific browsers, javascript interpreters, render engines. The Web pages dictate, what browser one must use.


Only an amateur does that. See my previous sentence. Web pages should be written to the standard not one browser. 

But your complaints are about the software settings not web pages.


----------



## Sevendogsbsd (Jan 17, 2019)

Agree: browsers have gotten out of hand. Actually www/seamonkey is not a www/firefox clone, but a port or continuation of the old Netscape Communicator, which predates www/firefox.  Agree the UI design leaves much to be desired but I like that it doesn't require lang/rust which is a long compile. 

Problem is, my FreeBSD install is my desktop so I need a browser to do a lot, and I need it to be relatively secure. That leaves limited options. www/seamonkey probably isn't my best choice but it seems to run quickly and renders pages nicely and (irrelevant) but important to me, doesn't spew hundreds of lines of error messages to the console after i have exited X.  I know that's probably "normal", but when I used www/firefox and exited X, there were a large number of errors spit to the console. This is happening behind the scenes of course but no amount of analysis and tweaking made them stop. Like I said, probably  not important, but to me indicative something is wrong. 

This is the one single application I have not been able to really settle on in terms of which one gives me the best experience. www/seamonkey has thus far been pretty good, but I wonder how secure it is in terms of frequency of updates, etc. It does get updates and the port is maintained so maybe I shouldn't worry.


----------



## drhowarddrfine (Jan 17, 2019)

Sevendogsbsd said:


> there were a large number of errors spit to the console.


These errors are "normal" in the sense that they cause no harm and are used by the developers for information as they work on them rather than fill up a log file.


----------



## hruodr (Jan 17, 2019)

*drhowarddrfine*, you did not get the point of what I said when you wrote: "Only an amateur does that. See my previous sentence. Web pages should be written to the standard not one browser."

Amateurs are everywhere. Even the best professional can not undo as web-browser-user what amateurs do in supposedly proffessional websites. *Is that so difficult to understand?!*

In principle one have only two or three alternatives: chrome, mozilla, explorer and their clones. With every other browser you get in troubles by surprise in very critical situations, for example during internet banking or buying in an internet platform. And if I complain to the bank or platform, they answer that I must use Internet Explorer.


----------



## Sevendogsbsd (Jan 17, 2019)

I kind of figured that and I know they do no harm, but they aggravate my OCD  Seriously, www/firefox has been my best overall user experience and I know it receives a lot of developer attention so the security should be there. I want to say there is an association with audio/pulseaudio  but I eliminate this package in my build box's make.conf and use audio/sndio instead so that's not really an issue. Oddly, www/firefox does not show the youtube front page, only gray boxes, but does play individual videos, while www/seamonkey works perfectly.

Enough said - I tend to ramble...


----------



## Sevendogsbsd (Jan 17, 2019)

hruodr said:


> In principle one have only two or three alternatives: chrome, firefox, explorer and their plagiated clones. With every other browser you get in troubles by surprise in very critical situations, for example during internet banking or buying in an internet platform. And if I complain to the bank or platform, they answer that I must use Internet Explorer.



Unfortunately, Internet Explorer requires Windows and IE is a complete disaster as far as software applications go. On FreeBSD, which is why we are here , the big players are www/chromium and www/firefox.

Agree the companies we access with our browsers are focusing on major players. Personally, I use useragent string changes to trick them, or stop patronizing those businesses if possible.


----------



## hruodr (Jan 17, 2019)

Perhaps chrome [derivatives] is usable, read Theo de Raadt here:

https://marc.info/?t=152871676500002&r=1&w=2

Iridium is not in the FreeBSD ports.


----------



## MarcoB (Jan 17, 2019)

www/iridium?


----------



## hruodr (Jan 17, 2019)

MarcoB said:


> www/iridium?



Yes, I just saw it, but it is not as package, and I am following the principle: "do not mix ports and packages".

It is not that I have problems compiling ports, even not compiling raw distributions, but I also use at the moment FreeBSD as desktop and have other things to do than compiling everything.


----------



## olli@ (Jan 17, 2019)

Personally I use Chromium. I run it within its own jail environment for security reasons (but that's probably just because I'm paranoid).

For a few websites I use Dillo (www/dillo2). I does _not_ support JavaScript, so it's secure and fast, and it has the added benefit that it doesn't display ads on some sites that I visit (because the ads require JavaScript). On the other hand – of course – there are quite a lot of sites that don't work at all without JavaScript, unfortunately. For those I use the jailed Chromium.

I don't use Firefox at all. I don't like its attitude.


----------



## hruodr (Jan 17, 2019)

Olli, I press the three vertical points at the to right of chrome for customising it, and it happens nothing.

I use packages, but if I do `make` in /usr/ports/www/iridium, I get:


```
% make
===>  iridium-browser-58.0_12 Invalid perl5 version 5.28.
*** Error code 1

Stop.
make: stopped in /usr/ports/www/iridium
```

Is this not a proof, that almost everyone is using something else than `chromium / Iridium`.

And of course I have as you a predilect "alternative" browser: `w3m`.

And BTW: I dont like "Omniboxes".


----------



## SirDice (Jan 17, 2019)

hruodr said:


> Is this not a proof, that almost everyone is using something else than  chromium / Iridium.


No, this only proves _your_ installed Perl is the wrong version. It doesn't "prove" anything more than that.


----------



## olli@ (Jan 17, 2019)

hruodr said:


> Olli, I press the three vertical points at the to right of chrome for customising it, and it happens nothing.


Works fine here. What version of FreeBSD do you have, exactly? And do you have the latest version of Chromium (71.0.3578.98_2)?


----------



## hruodr (Jan 17, 2019)

```
# uname -a
FreeBSD fbsd.local 11.2-RELEASE FreeBSD 11.2-RELEASE #0 r335510: Fri Jun 22 04:32:14 UTC 2018
root@releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64
# chrome --version
Chromium 71.0.3578.98
```

I upgraded yesterday with `pkg upgrade` and this is the chromium and perl I got.

I also did yesterday `portsnap fetch update`. And just again, now compiles iridium.


```
To build Iridium, you should have around 2GB of memory
and a fair amount of free diskspace (~ 6.5GB).
```

Could it be perhaps called bloat?


----------



## drhowarddrfine (Jan 17, 2019)

hruodr said:


> I complain to the bank or platform, they answer that I must use Internet Explorer.


As I said. Rank amateurs. People who don't hold their profession in high regard. People who don't know how to do their job or are otherwise forced to do it one way such as this typical issue in finance where one is forced to use IE by old software which was dedicated to one browser. But that's not the fault of the browser.


----------



## olli@ (Jan 17, 2019)

hruodr said:


> ```
> # uname -a
> FreeBSD fbsd.local 11.2-RELEASE FreeBSD 11.2-RELEASE #0 r335510: Fri Jun 22 04:32:14 UTC 2018
> root@releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64
> ```


There was a fix committed to FreeBSD that is required by Chromium. It is in 12, but I don't think it is in 11.2.


----------



## meine (Jan 17, 2019)

Most browsers battle for the biggest amount of users. In that, such browsers should be able to effectively visit and use any website on the net. This comes with implementation of javascript, cookies and (still) flash.

Makers of these browsers want to gain some money in the race, which leads to implementation of techniques that allow transferring your surfing behaviour to third parties. Some do it openly (Microsoft), some sneaky, some try and get back (Firefox) and some have a user-data-to-cash model as an overall business model (Google). In the mix of open sourcing (parts of) the code, things can be mixed/messed up, leaving the above average user confused (Chromium and derivatives).

A "safe browser" is an ambivalent statement: is it safe in terms of 'not messing up your operating system and/or other software on your machine', or is it 'preventing snooping personal user data to whatever party'. We all hope for both, but our doubts sometimes say we get none.

Most modern and popular browsers have an extensive set of preferences to be set. Some also have hidden features that can be unset with less or lots more effort, if ever revealed at all. Sometimes your settings get (deliberately) changed after an update.

IMHO it is best to have a few browsers at hand, for specific purposes. lynx, dillo or netsurf work safe and fine, but isn't your tool to use this forum or manage your bank account. You can read the morning papers' website on it though. That leaves the 'usual suspects' to participate here, if you like with extensions to monitor or block data snooping: uBlock, Privacy Badger, etc.

The only thing we can do is avoid browsers and their companies with a bad reputation -- on software security, data security or both. Just follow the news to get updates on the Good, the Bad and the Ugly. My personal strategy is also to instantly remove software that misbehaves for whatever reason (freezing at normal use, not upgradable or deletable with pkg).

Or just switch to safer modes like mail-lists, RSS and IRC.

Just some thoughts...


----------



## Deleted member 30996 (Jan 17, 2019)

hruodr said:


> Amateurs are everywhere. Even the best professional can not undo as web-browser-user what amateurs do in supposedly proffessional websites.



I bet I can. I don't care what kind of script-driven dancing baloney you have on your site. it doesn't dance unless I call the tune. www/firefox has a whole set of web-dev tools built in so I can work from that if I desire to make your site look like I want it to.




hruodr said:


> *Is that so difficult to understand?!*



Slow your roll. We don't shout at each other here.


----------



## Beastie7 (Jan 18, 2019)

olli@ said:


> Personally I use Chromium. I run it within its own jail environment for security reasons (but that's probably just because I'm paranoid).



Wait a minute... what is this sorcery? How'd you do this? I thought xorg couldn't be ran in a jail - which I presume having chromium requires?

Please show me your ways.


----------



## olli@ (Jan 18, 2019)

Beastie7 said:


> Wait a minute... what is this sorcery? How'd you do this? I thought xorg couldn't be ran in a jail - which I presume having chromium requires?


I don't run my X server in a jail, only Chromium and its dependencies (which includes the Xorg libraries, of course, but not the server).

The /tmp directory inside the jail is a nullfs(5) mount of the host's /tmp directory, so the X applications inside the jail can access the X server via the usual socket mechanism, provided that you copy your ~/.Xauthority file over. Admittedly, there is still a certain risk because the jailed applications have access to your X server. Getting around that would be more difficult, at least with the standard X server. Wayland would provide better security, but my favorite window manager does not support Wayland yet. Well, at least the jailed Chromium cannot access any other parts of my system, it can't even access the network directly because the jail runs on a localhost alias IP (127.x.y.z on lo0). It has to go through the proxy running on that machine, so I have full control of what sites the jail can access.

Alternatively you could use ssh's X11 forwarding feature to let the jailed Chromium access the host's X server, but that comes with a performance penalty. I guess it would be too slow to watch HD video, though I haven't tried.


----------



## fernandel (Jan 20, 2019)

https://www.privateinternetaccess.com/blog/2018/09/firefox-hardening-guide/
I think it is helpful...


----------



## hukadan (Jan 20, 2019)

Beastie7 said:


> How'd you do this?


I wrote an Howto a while ago : Thread how-to-execute-firefox-in-a-jail-using-iocage-and-ssh-jailme.53362.
I haven't tried it recently but it should still work. Just keep in mind the limited protection described by olli@.


----------



## Deleted member 30996 (Jan 21, 2019)

> *Firefox to remove misleading button after months of complaints*
> 
> Misleading "Save" button worked as "Upload" and sent users' screenshots to Mozilla's servers.
> *snip*
> ...


----------

