@ploum @mozilla I always strip Pocket and the other crapware out of Firefox. I never let anyone's browser connect to the Internet without stripping out monetized shit, and I don't run Chrome at all.
No Pocket, no sponsored links, none of that. All telemetry turned off, and all the Google shit removed. All taken out before first connection to a network, plus the UI rolled back to mate MATE with a real menu bar etc. First site to visit with Firefox is always about:config

There are multiple firefox forks now because of shit like this, unfortunately the arms race between browsers and exploits make any delays in security updates dangerous. Best defense is probably to limit what sites are permitted to run JS and never, ever allow ads as they are a known vector of malware.

We need a fully community maintained desktop browser with up to date security, a minimal feature set to reduce attack surface, antitracking and antifingerprinting code like Firefox uses, first party isolation of cookies, and the functionality of NoScript or Ublock Origin by default. There should be no parties involved whose reason for being there is financial.