This article was originally published on June 18, 2008.
After Microsoft switched to Chromium as its code base for Edge, I left Firefox in the dust. The organization turned unnecessarily political and ideological, and as various security and privacy concerns were raised, I decided it was no longer worth my time.
To date, Firefox continues to store passwords in an insecure fashion: if someone has access to your logged-in session (like someone using your computer at work or school), they can easily access your passwords.
All Chromium-based browsers, including Edge, make use of the operating system's secure password storage - this is called Credential Manager in Windows and the Keychain in MacOS. Revealing passwords requires the logged-in user's password.
I strongly advise against continuing to use Firefox in any capacity. It isn't secure and will not keep your online account passwords secure.
Very old builds of Firefox still have some utility on older operating systems. Very old versions of Firefox classic are solid enough to use as daily drivers in Windows 9x and XP. I will be maintaining a mirror of themes and extensions I use, because there is no longer any central repository online where these may be found and downloaded.
So Firefox 3.0 was released recently. I downloaded it today to see if it was worth upgrading from 1.5 (I skipped 2.0 entirely – too many annoyances for me).
The verdict thus far is, as I used to say when I was 15, “big negative on that one”.
I really don’t see much happiness in the future of Firefox. What I see is yet another great piece of open source software going drastically downhill in an attempt to “reach out” to a wider user base – meaning a dumber user base.
There is a delicate balance between making an app so unusable that nobody downloads it (even though you, as the developer, might find it plenty useful) and making an app so dumbed-down that anyone, including a computer-illiterate 90-year-old, can use it. This is particularly a problem with open-source software.
I’ve been a big fan of how Microsoft does things. I’m sure I’ll get blasted by “real geeks” for saying that, but the fact is, Microsoft’s products cater to everyone – from the stupidest of the stupid users to the most advanced power-using geeks out there. While there are certain things that Linux indeed does better, Windows meets all of my needs as a power user – and all of my mother’s needs as someone who only uses the computer for email and the occasional game of Spider Solitaire.
In the case of OSS, it’s too easy to either make a product really dumbed-down or really complex. This is more or less what happened when Gaim was released as Pidgin several years ago. Since then, Pidgin’s development has gotten drastically more user-unfriendly in an attempt to make it more accessible to people who would otherwise avoid unfamiliar software. In the case of Pidgin, as “features” were added (which translated into actual features being removed, hidden, or dumbed down) and the user base got wind of the changes and requested fixes or reversions, the developers unfortunately were not too interested in listening to their users.
Firefox is a much bigger open-source project compared to Pidgin, which makes me wonder if they’ll be less likely to listen to their users – or more likely because they have such a public presence now. It’s hard to tell, really.
Surprisingly, Firefox 3.0 has made an effort to behave more like Internet Explorer – I tend to believe it should be the other way around. The oversized back button just gets in the way – who even uses the back button anymore? Ctrl+Left is a heck of a lot faster when navigating your page history.
Not only that, but, like IE7, FF 3.0 has condensed the history into a single button. Rather than having arrows next to both back and forward so that you can navigate in either direction in a tab’s page history, it’s all been shoved into a single button. Does this actually increase usability? I tend to think not. When you’re doing a lot of heavy browsing (and lord knows I do that enough), you don’t want to try and work with one list for all your page history – it’s easier when it’s split between what’s behind and what’s ahead in your page history.
The new drop-down URL bar is ridiculously obnoxious. I Googled around a bit to see what others thought, and there’s a pretty clear consensus so far – the new auto search is annoying, frustrating, and at times unusable. While I’m sure there are people who only remember URLs by title, I don’t. I know the actual URL. When I type in “sla” to go to slashdot, I’d rather not have it start throwing back search suggestions and entries from my history or my bookmarks. If I want to find a page in my history, I’ll hit Ctrl+H and search for it in the History sidebar.
I would imagine that this particular problem, given how many people already dislike it, will be fixed soon with an extension.
Then we come to the feature that I was most interested in – memory management. I am a tab addict. On any given day, I’ll generally have between 20 and 40 tabs open in a single Firefox window. On top of that, each tab has enough browsing history that I start to quickly suck up any and all available physical and virtual RAM as Firefox attempts to cache my history in RAM. After a few days of leaving my workstation at Purdue up and running with Firefox open, I’ll look in the task manager to discover that Firefox is using 500MB of RAM (out of 2GB) and another 1.2GB or so of virtual memory. Closing tabs doesn’t fix the problem – the cache is still there. Killing the process entirely and starting over is the only way to free up memory.
I haven’t really put FF 3.0 through the wringer yet on this one. However, in running the same general activities in 1.5 and 3.0 today, both were using almost identical amounts of physical and virtual memory. It’s not a good sign so far, but I’ll have to really do some hardcore browsing to see if 3.0 is actually an improvement over previous releases.
So far, 3.0 has not impressed me. The only feature I’ve seen so far that I liked was the ability to make it remember to always allow SSL certificates with mismatched domains – at work, our development environment’s SSL certificate doesn’t match the server’s URL. It gets annoying to get that “are you sure you want to do this?” popup every time I login (particularly when the login has to expire after an hour). Being able to set it to always authenticate without needing an extension is nice.
Other than that, though, I think I’ll be sticking with 1.5 for awhile longer, much like I’ve been forced to use older versions of Pidgin to compensate for the fact that the developers appear to be writing the application into its grave.