rozodruI made a Firefox fork with Fediverse integration
𝘋𝘪𝘳𝘬So … Basically just another preconfigured Firefox with extensions?
sexy_peachGo ahead and show what you have done
// Enable userChrome.css
user_pref('toolkit.legacyUserProfileCustomizations.stylesheets', true);
// Warnings
user_pref('browser.aboutConfig.showWarning', false);
// Style
user_pref('browser.tabs.inTitlebar', 0);
user_pref('browser.theme.content-theme', 1);
user_pref('browser.theme.toolbar-theme', 1);
// Extensions
user_pref('extensions.activeThemeID', '[email protected]');
user_pref('extensions.pocket.enabled', false);
user_pref('extensions.screenshots.disabled', true);
user_pref('extensions.getAddons.showPane', false);
user_pref('extensions.htmlaboutaddons.recommendations.enabled', false);
// Zoom
user_pref('toolkit.zoomManager.zoomValues', '.5,.3,1,1.2,1.3,1.5');
user_pref('devtools.toolbox.zoomValue', '1.4');
user_pref('browser.zoom.siteSpecific', false);
// Privacy
//
// Basically do not leak URLs, IPs, etc. to external services
user_pref('browser.safebrowsing.malware.enabled', false);
user_pref('browser.safebrowsing.phishing.enabled', false);
user_pref('security.OCSP.enabled', 0);
user_pref('browser.contentblocking.category', 'custom');
user_pref('app.shield.optoutstudies.enabled', false);
user_pref('browser.urlbar.trending.featureGate', false);
// DoH explicitly off
user_pref('network.trr.mode', 5);
user_pref('network.trr.default_provider_uri', '');
// Cookies
user_pref('network.cookie.cookieBehavior', 2);
// AdBlock
user_pref('browser.newtabpage.activity-stream.showSponsoredTopSites', false);
user_pref('browser.newtabpage.activity-stream.feeds.section.topstories', false);
user_pref('browser.newtabpage.activity-stream.feeds.topsites', false);
// Remove weird URLS
user_pref('toolkit.shopping.ohttpConfigURL', '');
user_pref('toolkit.shopping.ohttpRelayURL', '');
user_pref('browser.partnerlink.attributionURL', '');
user_pref('browser.privatebrowsing.vpnpromourl', '');
// Do not track
user_pref('privacy.trackingprotection.enabled', false);
user_pref('privacy.trackingprotection.emailtracking.enabled', false);
user_pref('privacy.trackingprotection.socialtracking.enabled', false);
user_pref('privacy.trackingprotection.cryptomining.enabled', false);
user_pref('privacy.trackingprotection.fingerprinting.enabled', false);
user_pref('privacy.donottrackheader.enabled', true);
// Beahvior
user_pref('general.smoothScroll', false);
user_pref('signon.autofillForms', true);
user_pref('signon.firefoxRelay.feature', 'disabled');
user_pref('browser.download.manager.addToRecentDocs', false);
user_pref('security.tls.version.min', 1);
user_pref('browser.profiles.enabled', false);
// UI features
//
// https://github.com/yokoffing/Betterfox/blob/main/user.js
user_pref('browser.discovery.enabled', false);
user_pref('browser.shell.checkDefaultBrowser', false);
user_pref('browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons', false);
user_pref('browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features', false);
user_pref('browser.preferences.moreFromMozilla', false);
user_pref('browser.tabs.tabmanager.enabled', false);
user_pref('browser.aboutConfig.showWarning', false);
user_pref('browser.aboutwelcome.enabled', false);
user_pref('browser.uidensity', 0);
user_pref('browser.urlbar.trimURLs', false);
user_pref('browser.urlbar.showSearchTerms.enabled', false);
// Telemetry
//
// https://github.com/yokoffing/Betterfox/blob/main/user.js
user_pref('datareporting.policy.dataSubmissionEnabled', false);
user_pref('datareporting.healthreport.uploadEnabled', false);
user_pref('toolkit.telemetry.unified', false);
user_pref('toolkit.telemetry.enabled', false);
user_pref('toolkit.telemetry.server', 'data:,');
user_pref('toolkit.telemetry.archive.enabled', false);
user_pref('toolkit.telemetry.newProfilePing.enabled', false);
user_pref('toolkit.telemetry.shutdownPingSender.enabled', false);
user_pref('toolkit.telemetry.updatePing.enabled', false);
user_pref('toolkit.telemetry.bhrPing.enabled', false);
user_pref('toolkit.telemetry.firstShutdownPing.enabled', false);
user_pref('toolkit.telemetry.coverage.opt-out', true);
user_pref('toolkit.coverage.opt-out', true);
user_pref('toolkit.coverage.endpoint.base', '');
user_pref('browser.ping-centre.telemetry', false);
user_pref('browser.newtabpage.activity-stream.feeds.telemetry', false);
user_pref('browser.newtabpage.activity-stream.telemetry', false);
user_pref('breakpad.reportURL', '');
user_pref('browser.tabs.crashReporting.sendReport', false);
user_pref('browser.crashReports.unsubmittedCheck.autoSubmit2', false);
user_pref('app.shield.optoutstudies.enabled', false);
user_pref('app.normandy.enabled', false);
user_pref('app.normandy.api_url', '');
// Disable AI bullshit
//
user_pref('browser.ml.enable', false);
user_pref('browser.ml.chat.enabled', false);
user_pref('browser.ml.chat.shortcuts', false);
user_pref('browser.ml.chat.sidebar', false);
user_pref('pdfjs.enableAltText', false);
user_pref('pdfjs.enableUpdatedAddImage', false);
and
@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"); /* Tabs styling */ #TabsToolbar { background-color: #cccccc !important; --toolbarbutton-inner-padding: 0 !important; } .tabbrowser-tab { padding: 0 !important; } .tab-background { margin: 0 !important; border-radius: 0 !important; background-color: var(--toolbar-bgcolor) !important; box-shadow: none !important; } #alltabs-button { display: none !important; } #tabbrowser-tabs { min-height: unset !important; } /* secondary label indicators */ @font-face { /* copy font file to same directory as this CSS file */ font-family: 'SymbolsNerdFont'; src: url('SymbolsNerdFont.ttf') format('truetype'); } .tab-secondary-label { display: none; } .tab-text::before { font-family: SymbolsNerdFont; padding-right: 0.25em; } .tabbrowser-tab[soundplaying] .tab-text::before { content: ''; } .tabbrowser-tab[muted] .tab-text::before { content: ''; } .tabbrowser-tab[activemedia-blocked] .tab-text::before { content: ''; } /* unselected tabs */ .tab-background:not([selected]), .tab-icon-image:not([selected]) { opacity: 0.4 !important; } .tab-text:not([selected]) { color: #555753 !important; } #tabbrowser-arrowscrollbox { min-height: var(--tab-min-height) !important; max-height: var(--tab-min-height) !important; } scrollbox[part="scrollbox"] { gap: 2px; }and
/* Style about:home and about:newtab */ @-moz-document url-prefix(about:home), url-prefix(about:newtab) { .logo-and-wordmark { background-image: url(REPLACE_ME_WITH_YOUR_FAVORITE_IMAGE.jpg); background-size: cover; background-position: center; aspect-ratio: 16/9; border-radius: 1em; position: relative; width: auto; height: auto; max-width: 80%; max-height: 60vh; margin: 0 auto; } .logo-and-wordmark .logo { display: none !important; } .logo-and-wordmark .wordmark { position: absolute; right: 2em; bottom: 0.5em; --newtab-wordmark-color: #eb8819; } }Do you have a screenshot?
(Screenshots resized due to not wasting too much space.
Here’s a small one of hwo a website would look like.
Here’s a larger one of how my new tab page looks like.
Looks pretty clean, maybe a bit dated.
Thanks! I just prefer simple UIs.
So…Basically just another negative user with nothing of value to contribute besides a largely unwanted sarcastic comment?
FarraigePlaisteaċ (sé/é)Apparently not.
“How does Bridge compare to other privacy browsers?
Bridge goes beyond configuration changes by modifying Firefox at the source code level. This provides deeper privacy protections than browsers that only change settings.”
jaredwhiteVery cool idea! Just starred on Codeberg.
pelespiritThe RSS alone is awesome. Thank you.
This actually sounds really cool, the idea of having a sidebar pull up posts of the article your reading is like sci-fi movie magic stuff
Staden_ スタデンWould it be difficult to convert into a extension for other firefox-based browsers?
I love the idea of seeing lemmy discussions about the page I’m in directly on the page, but I don’t really wanna switch my web browser again.
I second this, I rely too much on Firefox and its sync features to give up just yet.
andyburkeThey are clearly enshittifying and may already be sharing data about you. Eject asap, friends.
🤷♂️
woelkchenAnd relying on a single volunteer to ship crucial security updates? Disabling the shitty FF features may be hidden in
about:config but as long as this is possible, using upstream FF is still the most secure way to use a Gecko browser.
Either upstream FF with something like arkenfox or Mullvad Browser, which is just Tor Browser minus Tor, developed by the same people. Librewolf is also an option, which is basically just FF with arkenfox preinstalled.
Librewolf is also an option, which is basically just FF with arkenfox preinstalled.
I don’t think that it’s just that. Librewolf probably makes many of the same changes, but from what I understand, it is a completely separate project, so not all of the arkenfox changes are included in Librewolf and vice versa.
Eventually yes, I will be turning it into a standalone extension.
you’re awesome :3
the extension: codeberg.org/rozodru/LemmyBridge
Wha?! I wasn’t expecting such a quick update :0
It was easy to pull out of the browser as a standalone because really that’s all it was, just an extension that was baked into the browser. and since a lot of people requested it I just decided to do it.
poVoqLooks pretty cool on first glance, but I think Opera Vivaldi had a Fediverse integration for some time already, so you are not the first to do so.
Kierunkowy74Did you mean Vivaldi? It features a sidebar already with their own Mastodon instance: Vivaldi Social featured as one of sidebar entries.
A Vivaldi account allows to use not only Vivaldi Social, but also to make a WordPress blog, with federation available too.
Ah, you are probably right.
If the extension sees that this has been posted on Lemmy, it will provide you with a direct link to whatever discussions it finds
This is effing cool
I'm on android firefox. How the heck do i download this. Codeberg is just as confusing as github to people like me that don't use it.
I want to try this.
Always look in the README.md file first for instructions for downloading and installing.
Prerequisites
Bridge requires a full Firefox build environment:
- Linux: GCC/Clang 13+, Python 3.8+, Node.js 16+, Rust 1.70+
- Windows: Visual Studio 2022, Python 3.8+, Node.js 16+, Rust 1.70+
- macOS: Xcode 14+, Python 3.8+, Node.js 16+, Rust 1.70+
So there is no Android version.
If you do want to install for one of OSes mentioned, the next section gives instructions on how to build by source. This means you have to follow in instructions. This might mean it is too technical for users not used to CLI (command line interface).
Thank you for the explanation and details. I appreciate it.
I actually support telemetry for Mozilla, especially the way they’ve implemented it. But the other features look great and I don’t want anything to do with GitHub projects. Starred on Codeberg!
It sounds really interesting, i’m definitely going to check it out!
алсааас [she/her]You can get more than half of the stuff you mentioned by using LibreWolf. Cool idea tho with the integration, would be nice as an extension
very cool!
Please announce on the Fediverse when you release the standalone extension
Please announce on the Fediverse when you release the standalone extension
IrdialDo you plan to offer a browser extension for those who would enjoy the Fediverse integration but don’t want to run a custom fork?
PikaHonestly, this is a really innovative project. I wish it came in an extension because I feel that is likely your biggest bottleneck for getting people to try it. I don’t think many are going to build a browser from source & then port all their stuff over strictly for the integration. Plus it looks like a primary advertisement for it is that integration, but it also disables a lot of the QoL features that FF has that some don’t have any problem with. Like the fact that Sync is removed as a whole is a major dealbreaker for me, as I do like the feature and I am not concerned about the privacy aspects of having it on.
If an extension version ever releases for the lemmy integration though, I would for sure be looking at that!
Woah, you separated it already? that’s insane. Defo checking it out!
RimuThis is going to absolutely hammer the search API endpoint. Every single time you visit any web page there will be around 5 different requests to lemmy-instance/api/v3/search (see generateUrlVariations()) and running a search is pretty heavy on the server.
I just read the code, didn't actually install the extension, so I could be wrong but at first glance this looks like it would cause real problems if a significant number of people started using it.
Totally understandable. I added in some rate limits, search result caching, timeout handling and error handling (to prevent retry storms), there’s also a max result limit per instance. If this WERE to take off with like 1000+ users I’d have to adjust it further. But right now as it stands the impact should be negligible.
All it would need is about 10 simultaneous users and the load on the server would be unacceptable to me, as an instance admin. I only run PieFed instances so this isn't going to impact me unless you add PieFed support (please don't).
Fair enough.
I guess if the logic for finding the posts was done on the server then you would only need one API call - the extension would just send through whatever url it had. That would be more efficient.
If this gets popular I'd be open to adding a dedicated API endpoint for this to PieFed.
Kind of a privacy nightmare though, aye. Sending your whole browser history to a third party... But that's a whole different issue.
…it doesn’t view the browser history at all.?
It doesn't access old browser history but from the moment it is installed onwards it sends every url you visit to 7 instances, to do a search.
Yeah. Interesting to think if there are ways to get around that problem. Still, very interesting work @[email protected], and great idea splitting it out into an extension!
Yeah. Interesting to think if there are ways to get around that problem.
At a first flance, perhaps a uBlockOrigin-style control pane with per-domain toggle, so that for example you can send the info only when browsing a specific domain (let’s say, a news site; that’d be interesting to find discussion in Lemmy of). This would also prevent the issue of sending URLs that are not internet-wide (eg.: are on a localnet resolver, or an intranet).
As well as the abiity with an option send the request through a relay or proxy, to remove IP origin information that can be used to build the profile.
INeedManaHow about a button? So instead of searching after every page load, the search would happen only when the user clicks "check on Lemmy" button in the search bar or in the extensions tray
moseschruteI don’t use Firefox or Linux, but you had me at Vim
Lol. Idk I like my iPhone. Absolutely not the labor practices of Apple, I’ve thought about a fairphone. But Apple is privacy focused enough, and I love their design language, both hardware and software. I love Linux, but mostly for SSH not my laptop.
Firefox is fine, but as a professional frontend developer, I need to test things on a Chromium based browser. I prefer the ethics and privacy of Mozilla, but Chrome is technically a great browser imo.
But vim, omg. I don’t think there’s a more beautifully designed piece of software. I want to reach wizard level. I want to navigate text like it’s magic with perfect fluidity. Vim is perfect.
SpookyBogMonsterI’m most stoked about RSS integration. I miss Firefox’s old RSS features
gholk@bovine3dom This firefox fork integrated #Tridactyl FYI
The Lemmy extension allows you to see and link directly to lemmy discussions on whatever instance you like (multiple even) if you’re on a site/news article/blog post/whatever. If the extension sees that this has been posted on Lemmy, it will provide you with a direct link to whatever discussions it finds based on the current URL you’re on.
So wait, it reports all browsing activity you do to third parties to search for matching Lemmy posts?
Bad, bad, system.
You’ve completely lost the point of why we’re here in Lemmy in the first place. Restrain or remove this feature ASAP.
No automatic browsing activity reporting - The extension only searches for Lemmy discussions when:
What data is sent:
- Only the current page URL and its variations (content.js:73-80)
- URL variations include cleaned URLs (no tracking params), with/without www, http/https variants (content.js:109-168)
Where data is sent:
- Only to Lemmy instances you’ve configured (background.js:149-152)
- No third-party analytics or tracking services
- All requests go directly to Lemmy APIs for post searches
Privacy protections:
- Results are cached locally for 30 minutes (background.js:141-143)
- No persistent logging of browsing history
- You can disable the notification indicator (content.js:172-184)
- Only sends URL when you actually visit a page, not preemptively
User control:
- You choose which Lemmy instances to search
- You can remove instances at any time
- The extension only activates on http/https URLs
Answer: No - The extension does not report all browsing activity to third parties. It only queries your configured Lemmy instances with the current page URL to find relevant discussions, and only when you actually visit a page.
Sending the current URL and directly from your own IP too is quite the privacy hurdle already. I’ve already posted on what kind of things could be done to improve this, but first, a notice.
Your README says in the Privacy section:
Does not track your browsing
On the current implementation, this should be changed to:
Enables unverified third parties to track your browsing data
As that honesty is quite important.
As for measures that could be taken to improve on this issue, I have three suggestions (I might Issue Tracker them to the codeberg later, if I can find my credentials XD)
- Set up a uBO-stye control pane that allows to set this on or off per-domain or per-site. Bonus points if it allows for per-site specific on which lemmy instances to use the same way as uBO’s “3p” Custom Rules does. This already prevents a number of undesirable use cases, such as automatically sending LAN / non-DNS names to third parties when they can’t really be searched for anyways.
- Anonimyzing assist: Allow for sending only the global context of the visited site (eg.: only the domain) instead of the full URL.
- Anonimyzing assist: Allow to cache requests to send them later / send them in batches, to avoid clock-based / timezone-based tracking attacks.
- Anonimyzing assist: Allow for the browser-specific request being sent through a proxy or relay, so that IP origin information is not leaked. (I think this only really makes sense for users not logged-in?)
Thanks, when I have the time I’ll look into implementing this.
I don’t think the ideas of Lambalicious work with Lemmy. What would sending the domain name only achieve? I assume it uses the same logic as Lemmy uses to find crossposts? Obviously it needs the whole address then.
Maybe instead of crawling automatically, the users need to click a button to look up discussions? (I have yet to install your extension, so I have yet to experience the workflow myself, sorry.)
Maybe link to the privacy terms of the default instances? In general, I think your approach is good. You don’t collect any data, the feature is 100% opt-in. A central relay/proxy is even worse than your current approach. People are obviously free to set up their own Lemmy/Mastodon server if they want a relay.