Update: Firefox 69.0 released

User avatar
HansV
Administrator
Posts: 78229
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Update: Firefox 69.0 released

Post by HansV »

Best wishes,
Hans

User avatar
BobH
UraniumLounger
Posts: 9211
Joined: 13 Feb 2010, 01:27
Location: Deep in the Heart of Texas

Re: Update: Firefox 69.0 released

Post by BobH »

Thanks for the info, Hans!

I updated to 69 and was told about Firefox Monitor. I tried it and to my surprise found far too many compromises of data and passwords. Now to figure out what to do about them.
Bob's yer Uncle
(1/2)(1+√5)
Intel Core i5, 3570K, 3.40 GHz, 16 GB RAM, ECS Z77 H2-A3 Mobo, Windows 10 >HPE 64-bit, MS Office 2016

User avatar
viking33
PlatinumLounger
Posts: 5685
Joined: 24 Jan 2010, 19:16
Location: Cape Cod, Massachusetts,USA

Re: Update: Firefox 69.0 released

Post by viking33 »

I updated to ver.69 and it SEEMED to go OK. However it now takes a long to log on to a website ( including Eileen's)
I may have allows it to install Monitor but I see no indication that it has done so.

How do I check to see if it IS installed and how do I get rid of it?
BOB
:massachusetts: :usa:
______________________________________

If I agreed with you we'd both be wrong.

User avatar
Argus
GoldLounger
Posts: 3081
Joined: 24 Jan 2010, 19:07

Re: Update: Firefox 69.0 released

Post by Argus »

I don't know about Firefox Monitor and version 69; I think I've heard about Firefox Monitor earlier (it seems it's mentioned over a year ago), but didn't know any details at all. And I've not installed Fx 69 yet. Then yesterday I visited a site, and up pops a ballon about Firefox Monitor with what seems to be some info about accounts at the site (which I don't have and didn't know existed; and neither do I have a Firefox account so it's a bit of a no-go). It seems they may have changed some setting to make it more active, since that was the first time I saw it, and not using Fx 69.
Firefox Monitor.PNG
It's quite easy to get confused by their changes during the last years.

Mozilla Blog, September 3, 2019 (about this release):
For today’s release, Enhanced Tracking Protection will automatically be turned on by default for all users worldwide as part of the ‘Standard’ setting in the Firefox browser and will block known “third-party tracking cookies” according to the Disconnect list.
Mozilla Blog, June 4, 2019:
Today, Firefox will be rolling out this feature, Enhanced Tracking Protection, to all new users on by default, to make it harder for over a thousand companies to track their every move.
Both mention "Enhanced Tracking Protection" and "default", the difference seems to be "new users" (whatever they mean with that) and "all users" (in this release), if one isn't already using it in some way I assume.

Another thing:
I don't know about other people, but I tend to react when software such as a browser offers to check something as in the Privacy & Security section's: Block dangerous and deceptive content and downloads, which we have seen in Fx for many versions; i.e. to check every address against some kind of list. Depending how it's done that's also some kind of "tracking".
You do not have the required permissions to view the files attached to this post.
Byelingual    When you speak two languages but start losing vocabulary in both of them.

User avatar
viking33
PlatinumLounger
Posts: 5685
Joined: 24 Jan 2010, 19:16
Location: Cape Cod, Massachusetts,USA

Re: Update: Firefox 69.0 released

Post by viking33 »

Thanks, Argus. lot of reading in there, some of which I;ve seen by Googling but I did not find any plain and simple way to remove the default settings. They mention Enhanced Tracking Protection by default but haven't seen anything about removing it as default? I wold like to disable it just to try how or if it works. Guess I don't like settings by compulsive command?
BOB
:massachusetts: :usa:
______________________________________

If I agreed with you we'd both be wrong.

User avatar
HansV
Administrator
Posts: 78229
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: Update: Firefox 69.0 released

Post by HansV »

Activate the Options dialog, and select Privacy & Security.
To tweak the settings, select Custom. You can then specify whether tracking protection should be off, or on in private windows only, or on in all windows.
S2839.png
You do not have the required permissions to view the files attached to this post.
Best wishes,
Hans

User avatar
viking33
PlatinumLounger
Posts: 5685
Joined: 24 Jan 2010, 19:16
Location: Cape Cod, Massachusetts,USA

Re: Update: Firefox 69.0 released

Post by viking33 »

Thanks, Hans.
I did have my option settings like your attachment, so un-selected them all and then reset them to agree with the illustration.
I'll run for a while and see if that did any good. :thankyou:
BOB
:massachusetts: :usa:
______________________________________

If I agreed with you we'd both be wrong.

User avatar
Argus
GoldLounger
Posts: 3081
Joined: 24 Jan 2010, 19:07

Re: Update: Firefox 69.0 released

Post by Argus »

viking33 wrote:Thanks, Argus. lot of reading in there, some of which I;ve seen by Googling but I did not find any plain and simple way to remove the default settings. They mention Enhanced Tracking Protection by default but haven't seen anything about removing it as default? I wold like to disable it just to try how or if it works. Guess I don't like settings by compulsive command?
Sorry Bob, my post was a bit of mixed ramblings, sort of. At the time I hadn't found any "tangible" info about when Monitor was introduced etc. (apart from as I said having read something a year ago), and had to get on with other things, but just wanted to mention that I saw an "alert" when using Fx 68.0.2.

But I also wanted to mention something that did change in this version, sort of, if one hadn't used it earlier, the Enhanced Tracking Protection (ETP), which has nothing to do with Monitor.

As for Firefox Monitor; it is based on, is using, the "Have I Been Pwned"-database (HaveIBeenPwned.com), and is one of those system add-ons added to Firefox by Mozilla (As some know, one can find some general info about these Mozilla add-ons on the about:support (or via the Help menu); it simply tells you "Firefox Monitor" and version number.).

I think it was enabled by default in version 67, that's May this year, but they started in/around Fx 62, September a year ago.
https://blog.mozilla.org/blog/2018/09/2 ... ta-breach/" onclick="window.open(this.href);return false;

Back then there was a setting to disable/enable it in about:config, that seems to have changed now.

A check with the release notes tells me that, for example, version 67.0.1, June 4, saw this:
"Firefox Monitor 2.0 expands its capabilities to allow users with a Firefox account to monitor multiple email addresses and receive email alerts when any of them are involved in a known breach."
We are now seeing version 3.

Without knowledge about one's email addresses it simply informs you (if everything is working) if a site has seen data breaches in the past, as in my example above I assume.

As for Enhanced Tracking Protection, to be able to disable or fine-tune, it's Custom as Hans said (one can for example block all cookies and then add exceptions in the next section in the settings).
I think they muddied the waters a bit when they introduced this, it looks simple on the surface with a shield in the address bar and all; but if you are coming from the other end, as many of us are, already using some kind of blocking/whitelisting for scripts and cookies it’s not clear what’s included.
Byelingual    When you speak two languages but start losing vocabulary in both of them.

User avatar
BobH
UraniumLounger
Posts: 9211
Joined: 13 Feb 2010, 01:27
Location: Deep in the Heart of Texas

Re: Update: Firefox 69.0 released

Post by BobH »

All very good information. Thank you!

My question is what should one do if one finds that the Monitor shows that your data has been compromised? Some of the websites that appeared in my list are ones that I have never knowingly visited; however, if it says that I was compromised, how do I know which password(s) should be changed. Should email addresses themselves be discontinued? :scratch:
Bob's yer Uncle
(1/2)(1+√5)
Intel Core i5, 3570K, 3.40 GHz, 16 GB RAM, ECS Z77 H2-A3 Mobo, Windows 10 >HPE 64-bit, MS Office 2016

User avatar
HansV
Administrator
Posts: 78229
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: Update: Firefox 69.0 released

Post by HansV »

Although I use my email address to log on to many sites, I never use my email password for them. Instead, I specify a different password for each site. So even if one of those sites is hacked, the perpetrators cannot use my credentials for any other site. I only need to change the password for the site that was hacked. I don't have to change the email password, nor abandon the email address.

If someone uses the same password for multiple sites, they'd have to change the password for each of those sites.
And if they used their email password for other sites, they need to change their email password too ASAP.
Best wishes,
Hans

User avatar
viking33
PlatinumLounger
Posts: 5685
Joined: 24 Jan 2010, 19:16
Location: Cape Cod, Massachusetts,USA

Re: Update: Firefox 69.0 released

Post by viking33 »

Well, as usual, SWH and all appears OK. If Monitor is running or not........who knows?
Just POs me to have some unknown thing slip into my system!
If anyone finds a good way to disable Monitor, please let me know. :thankyou:
BOB
:massachusetts: :usa:
______________________________________

If I agreed with you we'd both be wrong.

User avatar
Argus
GoldLounger
Posts: 3081
Joined: 24 Jan 2010, 19:07

Re: Update: Firefox 69.0 released

Post by Argus »

I didn't think much, or at all (as usual), when posting above. The setting I had seen mentioned earlier appeared to be removed, or it never was there (but I got the impression it was introduced when they started trying it).

The following works for me, i.e. adding a setting that isn't there, with the only test I have, the abovementioned site:

In "about:config":
- Create: extensions.fxmonitor.enabled as a Boolean.
- Select False.

To enable it again, double-click on the value to change it to "true", or delete the setting. And that is "for now", perhaps one should add, they may change it any time.

That said, so far I've not seen any "downside" with this system add-on. But there have been several comments over the years about these add-ons.
Byelingual    When you speak two languages but start losing vocabulary in both of them.

User avatar
Argus
GoldLounger
Posts: 3081
Joined: 24 Jan 2010, 19:07

Re: Update: Firefox 69.0 released

Post by Argus »

As some may have noticed they have removed the preference browser.privatebrowsing.searchUI in Fx 69. That is, there is again a search box in private browsing windows/tabs.

Amazing it's so difficult to have an option to open a new window or a tab with a plain page.

Firefox 66.0
Argus wrote:
Argus wrote:Now there is a search box on the private browsing page ...
browser.privatebrowsing.searchUI
https://bugzilla.mozilla.org/show_bug.cgi?id=1508364" onclick="window.open(this.href);return false;
https://bugzilla.mozilla.org/show_bug.cgi?id=1556867" onclick="window.open(this.href);return false;
Byelingual    When you speak two languages but start losing vocabulary in both of them.

User avatar
BobH
UraniumLounger
Posts: 9211
Joined: 13 Feb 2010, 01:27
Location: Deep in the Heart of Texas

Re: Update: Firefox 69.0 released

Post by BobH »

HansV wrote:Although I use my email address to log on to many sites, I never use my email password for them. Instead, I specify a different password for each site. So even if one of those sites is hacked, the perpetrators cannot use my credentials for any other site. I only need to change the password for the site that was hacked. I don't have to change the email password, nor abandon the email address.

If someone uses the same password for multiple sites, they'd have to change the password for each of those sites.
And if they used their email password for other sites, they need to change their email password too ASAP.
Thanks, Hans!

Like you, I don't use my email passwords for any site login, only for logging into my ISP's email server. I use a different password for each site I visit, too. I'm still trying to figure out how I was compromised at sites I didn't visit.
Bob's yer Uncle
(1/2)(1+√5)
Intel Core i5, 3570K, 3.40 GHz, 16 GB RAM, ECS Z77 H2-A3 Mobo, Windows 10 >HPE 64-bit, MS Office 2016

User avatar
PaulB
BronzeLounger
Posts: 1596
Joined: 26 Jan 2010, 20:28
Location: Ottawa ON

Re: Update: Firefox 69.0 released

Post by PaulB »

I visited a link provided by Argus in another forum, and Firefox Monitor displayed the following advisory.
monitor.png
I assume Firefox must call home for every link that is followed. Wonder what kind of performance hit this causes.
You do not have the required permissions to view the files attached to this post.
Regards,
Paul

The pessimist complains about the wind. The optimist expects it to change. The realist adjusts his sails.