It absolutely feels like all the major web browsers have given up on being the User Agent, and instead act as the web developer's agent. I feel like I'm constantly fighting my web browser to do what I want rather than what the website wants.
Case in point which I'm fighting with at this very minute: HTTP. I want to access a site over HTTP, not HTTPS. I know it supports HTTP. I have used HTTP in the past. But my browser insists that I want HTTPS instead, despite my manually typing http://
HSTS is an abomination, directly ignoring the user's command to do what the site wants instead. As if I'm some kind of bystander of my computer, instead of the user.
There should definitely be a more convenient way to 'forget this site'. In Firefox it's hidden in right clicking on the site entry in History. For Chromium it seems to be a 7 step process unless invoking developer tools as History doesn't present a 1-click way to remove a whole site.
Don't forget what search engine is default, what sponsored stories are shown, turn those off, it's suggested stories next. Oh your bookmarks, why not share those with us, browser experiments, ... Thought that's enoigh? No, let's disable APIs that ad blockers use and replace them using BS excuses.
Don't get me wrong, the companies developing the browsers spend money that they have to make somehow on the other end but at least there used to be usable community driven browsers..
Oh yeah, Google is really bothering me right now with that crap! I run adblock for an accessibility reason, not just for an I hate ads reason. Stop trying to ban me from the entire internet, and especially YOutube!
> Case in point which I'm fighting with at this very minute: HTTP. I want to access a site over HTTP, not HTTPS.
I think there's a fix for this in firefox and its forks, browser.fixup.fallback-to-https or dom.security.https_first maybe... at least they used to allow you to disable that sort of thing.
In a negotiation, the goal is to reach an accommodation suitable for both parties. If the web developer doesn't want to set up his server on port 80 to serve HTTP, that's his business. Your user agent is still working for you, when it negotiates with the server what protocols it will accept. (It also negotiates a content type for the response; and if all the server has is static HTML, it's not your user agent's fault if what you get is HTML, even if you really wanted some other format. Take it up with the web developer, if you want the data in some other format. The browser is just doing its best for you.)
Your argument makes sense in one narrow circumstance which is not the typical HSTS setup: if the server is serving the site with plain HTTP on port 80 (and not just a redirect to the HTTPS version of the page), and also has a HTTPS version with HSTS headers. (So that the first time you visit the HTTPS version, your browser will insist on taking you to that version every time.)
Browsers need to be more eager to offer workarounds for things like... that dang snake oil TLS cert on the ISP's router setup in a weird way but in the 'reserved' private use address ranges.
NOT automatically, but with an accommodation that asks the user if they're _expecting_ to talk to a device such as a "Modem" or "ISP Router" when making that request, and offer to do what's necessary to connect.
I worked on a project where the site uses HTTP. Initially I did a double take as using requires a login, thinking that's just wrong.
But after a bit of reflection I now think that in this specific case there's nothing bad about using http. Services are offered on a first come first serve basis to a large but closed group of valid users. Key is that there are a bunch of real world processes that follow the initial trigger with no practical way for any other party to benefit.
Sorry, but why is http a benefit here? Http has lots of downsides - like the traffic can be snooped and edited. (It is edited by many ISPs for advertising. And in countries like Australia the ISPs are required by law to log all http requests.) And of course, you can’t use http2 without tls.
With all respect: because I want to, and I expect my computer to do what I command it to do, not second-guess me. I understand the use cases for HTTPS vs. HTTP, and in some cases I deliberately want HTTP. It is not my browser's job to wag its finger at me and "correct" me.
I'm really tired of using a computer and feeling like a passenger rather than the driver.
There’s plenty of reasons to be mad at big corporations. But for now at least, Firefox still supports your right to make bad life choices on the internet.
honestly, i run into the same issue. my use case is mostly for older wifi capture portals which just dont work against https since they obviously cant mitm the user. my other use case is for development work when I want to capture the traffic with wireshark without setting up https stripping via pinned certificate myself.
You generally shouldn't. But data at rest is different from data in transit in that you are vulnerable to a MITM with data in transit. Who cares if you're saving an encrypted file or not, if you can't trust that it's the same file that you intended to access.
For signed content where confidentiality is not important, an unencrypted HTTP connection is totally fine.
Some components of Public Key Infrastructure itself use unencrypted HTTP for this very reason. See Online Certificate Status Protocol (OCSP) - a method for distributing Certificate Revocation Lists.
Many Linux distributions operate package repositories in this manner. It allows caching of packages through a variety of methods.
Generally, CDNs can distribute signed HTTP content without requiring a customer to share a private key as would normally be required by HTTPS. So long as confidentiality is not a requirement.
The IETF, Google, and Cloudflare have been developing standards for it.
Whether or not there is a benefit should be a judgement left up to the user.
There's no benefit to saving a file on a floppy disk, but if I tell my computer to copy a file to my floppy drive, I don't expect it to say "No, can't do that. You should be using a USB flash drive--they're better in all ways!"
I'm sure there's plenty of good reasons for wanting to use unencrypted HTTP, just like there's probably plenty of reasons to enjoy using floppy disks.
But I'm asking you: Why do you want to use unencrypted HTTP? Surely there must be some reason you want to do that, right? You (and others) clearly care a lot about this. I'm sure you're not an idiot. Help me understand your point of view here?
In this specific case, it's a crappy IoT device supporting only TLS 1.1. So when my browsers "helpfully" redirect me from the http:// interface to the https:// interface, they then "helpfully" refuse to work because TLS 1.1 is icky and end-of-life and browsers have decided that means "tell the user to fuck off."
At the end of the day, I worked around all of this browser helpfulness by using Firefox and re-enabling TLS 1.1 in Firefox's settings. I never actually managed to force any browser to use http:// despite trying many proposed solutions in this thread and on the web.
But all that aside, it doesn't really matter why I want to use unencrypted HTTP. I am commanding my computer to do it, and I expect it to carry out my command. My computer is a tool. It should do what I want it to do, even if that might hurt me. If I type in sudo rm -rf /usr, I expect it to do what I tell it to do. Not ask "Why do you want to do that?"
This. While I don’t make my own extensions or bookmarklets, I chose to develop for the web because of its openness and how it’s not owned by a singular entity. I do not want to be at the mercy of Apple or Google with their distribution channels.
With Google’s manifest v3 debacle, it’s clear we need to fight continuously and ruthlessly to keep the web for the people.
We shouldn't be fighting. We're powerless. The anti-trust regulators should be taking up this fight.
Google should be broken into several companies.
A breakup would be good for shareholders. Google would be worth more as separate companies, because currently they're giving away hundreds of billions of dollars in value for free.
They'd also have to be more nimble, which would increase fitness instead of being an overfed goldfish in a tiny pond.
A breakup would oxygenate the field for competition and innovation. Right now, Google is killing all the competition with their platform pricing power.
Engineers would be better compensated too, as more firms would have to compete for talent.
The hulking behemoth is bad for everyone, including Google itself.
No we’re not. It’s okay for regulators to fix our mess in the meantime (though I wouldn’t get my hopes up), but we should teach others to see the imbalance and regain the power. This is the fight we should be fighting, and it’s the only sustainable way to go.
Let’s do both. Pressure your gov representatives to deal with the Googles/Apples of the world locking down computing, stifling competition.
And also do what you can as an engineer. We have the knowledge about what technologies are democratizing.
Support open source (the real kind)
When you’re building products, make sure you treat your users like real people, with respect.
At every level of the stack, from firmware to OS to application to cloud, let the user own their device, and their data.
Any amount of contribution, no matter how small, helps. Get your coworkers or classmates aware of the issue. It won’t be a monumental contribution, but it all counts.
I agree that a breakup would be better! I'm just hoping that Judge Brinkema doesn't get soft on Google. I'm thinking it's going to happen though.
They're saying that a full breakup likely won't happen, and that Google will probably just have to sell off Chrome. Or at least they were, last time I checked. I know it was or is being considered in the search case.
I was just talking about this with my wife. I have so many tabs open that I run out of memory but I find that all the solutions to save sites or resources I find and need to reference in the future are aweful. Bookmarks suck, search sucks, saving browser sessions sucks. I don’t have a good workflow and can’t even imagine one.
Completely agree as it has been the case for the last 25+ years since Tabs were invented.
I keep the Tabs opened as more like a ToDo-List. Saving me from going back and forth so I understand your frustration. Having drop down list in Chrome and Firefox allows you quickly Garbage collect from unused tabs. Which is already much better than the old days as this is a fairly recent additions. ( May be pass ~5 years )
Tree-Tabs sounds good in theory but in practice over the past 15+ years or so most of the tree tabs implementation dont work for me. Mostly an UI issue. Category of Tabs or sometimes called Tab Group seems to be the closest thing. I actually quite like Tab Groups on Chrome, and surprisingly Firefox over the years have tried many implementation but nothing like what chrome has offered ( at least by default )
I use Tab groups on both Safari and Chrome, one group for HN, one group for RSS feed. These two groups keep nearly 80-90% of new tabs generation for me already. So while it is not perfect it is a lot less of a mess than what I had. The rest are random thoughts that came up into my mind and I need some tabs research into it.
Safari is quite memory efficient and only stores metadata for inactive tabs, mostly the URL. I currently have 262 tabs in a single Safari window. Memory usage nothing or of the ordinary, a small fraction of my total.
As far as I aware Safari dont "unload" tabs after a period of time for inactivity. ( At least that has been the case both on my home and work machine ) It was an option as part of Dev Tools but was taken out. They haven't been doing unloading from Safari 8 to 17. Using Tab Overview, Unplugging Power Adopter, along with some other functions will trigger reload of all Tabs. Which causes crazy paging, my current Kernel_Task has written 60TB of Data over 6 months. That is 10TB per month.
The only way you have true inactive Tabs is if you restart Safari. On recent Chrome and for Firefox they have been doing it since Project MemShrink and at least 10 years. So for those who close their browser windows every now and then or shut down their computer at the end of the day they may be fine. ( Still possible for force reloading of Tabs on Safari though )
Sooooo, have that URL and the title of this thread in a simple, old-fashioned, file, text file, maintained with my favorite editor. Then, when want to revisit this thread, use the editor's excellent text search facilities to find the URL, and then, via a simple editor macro I wrote, one keystroke, and, bam, boom, have the Web page displayed via my pre-selected Web browser.
Text. Keep nearly everything important in just text. Source code of .NET for my startup's Web site? Text, never anything but text. Visual Studio? No thanks: Did I mention text? Posts at Hacker News? Text, both for my posts and those of everyone else. File system directory tree? Uh, again the T-word, with the tree from the Rexx function SysFileTree. In the editor, can sort on date, size, name, etc.
That is a good way of doing it, and I will cobble something like it together.
Right now, I am bookmarking to my phones home page, useing an alternative browser that lets me sset domain settings for each web site, java script, cookies, DOM,which add blockers, font, etc, etc,etc.
It works for me, and when it breaks a site, that is often a good indication that its run by rabid advertationalists, and data thieves, and there wont be any content worth the trouble.
I do have another browser running crome, to access(briefly) the sites that I cant find an alternative to, but I wipe the cache every once in a while.
The difference between the shiny one and the browser* that retains local control, is stark.
I have a bookmark file, but I haven't updated it in some while. The bookmark feature in browsers serves only two functions for me. Important sites, which I pin to the toolbar, and important history landmarks that I just chug down in "Others" (firefox) which is sorted by dates. I rely on the actual history for search (libraries docs,...).
I feel like I want a dedicated bookmarking app that integrates with the browser but is distinct from it. That has full "library management" features: nested folders AND tags AND something for more temporary storage.
Furthermore, you could integrate e.g. Claude with this, by creating a lightweight model-context-protocol server that lets Claude browse through datasette. You would probably want to throw in a vector db in-between somewhere, so you could get semantic search over bookmarks to work nicely.
Zotero can sort of work like this. It's designed as a reference management tool but you can use it to save more or less any web page. It can also save actual snapshots of the page which makes it nice for "really saving" a page in case it disappears (although these days a lot of sites have junk that makes it not work that well). It is a little awkward having it as a separate app though.
I looked at improving this a few years ago when looking for a product to do.
There are lots of ways to improve bookmarking, content recall etc on the web. Nobody is willing to pay for them.
1. Users don't pay for them. I found lots of startups with the same idea that had pivoted, mostly into dedicated research tools for academics.
2. Browser makers don't pay for them, because if they make their bookmarking tools bad then people search more, and they get paid for search referrals. So making bookmarking or history search better hurts their own revenue.
Nobody is willing to pay. So, nobody gets improvements. If people start being willing to pay for their browser, you'll see them get better at stuff like this.
They suck so bad lol. I bookmark something planning to look back at it the next day. I actually end up looking at the bookmark a year later thinking "oh ya, that".
Massively agreed. I've had this problem for years and always have hundreds, sometimes thousands of tabs open, spread across a couple dozen windows. Memory usage is actually pretty alright with Chrome these days as the vast majority of tabs stay unloaded, and its Memory Saver feature also unloads opened tabs over time, so it's perfectly usable even with 16GB of RAM. Before that I had to use The Great Suspender to keep the memory usage in check.
I feel like I've tried every tab/bookmark managing app/extension under the sun and none of them stuck. I've also thought about creating my own, but it feels like even I don't know what I'm looking for exactly. The main problem I have is that they all have too much friction compared to simply keeping the tabs open. It would have to be something deeply integrated into the browser.
Vivaldi has some really cool tab management features and it would be my main browser of choice, but with my amount of tabs, windows and extensions its UI performance degraded to the point of becoming unusable, whereas Chrome held up just fine. Granted it has been a couple of years since I last tried it so that might have improved since. I'd still recommend anyone with similar "power user" needs to give it a try. It's a pretty awesome browser.
Tab Groups in Chrome are actually surprisingly decent as well. They're pretty low friction, and open tab groups even sync across devices, including mobile, in (near) real time now, which is great. But I do have some issues with them causing me not to use them. For example, when you re-open a closed tab group it will instantly load all of the tabs inside of it, instead of keeping each tab unloaded until visited, like on startup. You also can't add tabs to a closed tab group. So you either always have to keep the tab group open, meaning they're not much more than a visual aid and only slightly more useful than bookmark folders, or store fewer tabs per group, making them even less useful. They also have the same "object permanence" issue as bookmarks, where it's simply too easy to forget about a closed tab group altogether once I close it.
I make a new window for each task in working on keeping the tabs grouped together, and more importantly, make it easy to kill them when the team is done. if I have a group of tabs open for a long time that I'm meaning to read (and I know deep down that I won't but can't admit it to myself) I'll just copy the URLs to a note in Obsidian and lay them to rest.
I think you want the "save tabs" feature of https://histre.com/ Not only can you restore the browser state, the search in histre is the best, if I can say so myself (it's mine). If you let histre save your browsing history, you don't even have explicitly save tabs or create bookmarks. You can just search to find anything you've ever touched.
> all the major web browsers have given up on being the User Agent, and instead act as the web developer's agent.
The elephant in the room: Chrome is owned by Google and Chromium is only a stripped down version with no independent development, Apple/Safari is paid by Google, Firefox is paid by Google.
We could argue design decisions aren't directly dictated by Google in regards to Safari and Firefox, but we're also not seeing any major decision that straight goes against Google's interests.
The most we've seen from Safari is manual element removal, and on iOS only.
There is a Firefox WebExtension that unloads memory from unused tabs, it works quite well. Enough that a window with many many tabs only uses about 10% of RAM on an 8GB machine. That might be a start.
The world would be a better place today if Android Chrome supported extensions. Users have so little control over their experience of using modern software. When the dominant browser on the most popular OS doesn't support extensions they just can't gain critical mass.
Extensions are the main reason I use Firefox on Android. I'm more committed to it there than I am on desktop.
Of course, Firefox also broke extensions on Android for several years, during which I mostly used a lightly tweaked Chromium build called Kiwi Browser.
This was exactly my path. Is it safe to switch back to Firefox now?
Firefox on Android still doesn't look like it has the ability to save pages. Chrome and Kiwi both have this feature, and Firefox used to have it via extension that triggered built-in, but unexposed, functionality.
I don't know what "safe" means to you. Firefox for Android has a decent extension ecosystem now as long as you're happy getting them from the official repository. The stable build won't let you install extensions from storage, which I find a little disrespectful.
> Of course, Firefox also broke extensions on Android for several years
Hmm, I didn’t really notice that. (I’m using Fennec F-Droid though, but it’s pretty close to the official Firefox build, with only a few minor tweaks.)
Could you tell me more about what was broken for you?
For several years, only "recommended" extensions could be installed, and the number available was extremely limited. Over time, some workarounds showed up, but broad extension support was absent from mid 2019 to late 2023.
Oh, yeah, you’re right. That was a shitty move, and the custom collection workaround wasn’t really nice either. I think even some Mozilla-owned extensions had to teach their users how to do that?
Personally, I’d just allow installing any extensions (from AMO at least) and put a big scary warning that this is unsupported (which was the reason they gave for the whitelist approach).
I had similar thoughts. There was never a satisfying explanation for the approach they took, which seemed more typical of Apple than an open source project.
FWIW, Safari on iOS allows extensions. Same manifest-v3-like limitations as desktop Safari (only allowlist-based blocking), but otherwise it implements a decent chunk of webextension APIs.
Also on iOS, Orion supports both Chrome and Firefox extensions.
I agree 100% with the author's take. But I'd go further: Whenever you have to reach for an extension, it means the browser has failed to do its job as the user's agent, and it's become the user's problem to correct this defect. I'd much rather a world where extensions didn't have to exist, because the browser acts on behalf of the user. Failing that, I'm glad we at least have extensions.
Fantastic article. I wish there was a crowdsourced “annoyances database” which people contribute information to everytime they kill an element on a page; it’d be amazing to have a browser extension that queries the database and auto-kills anything voted as annoying by the masses.
Everyone has favorite addons - if you’re looking to expand, here are mine for iOS Safari.
- Kill Sticky Scroll - hide dickbars and obnoxious overlays in front of the content. Use iOS Shortcuts app to create a new shortcut, set it to receive input from Share Sheet and add a “run javascript” then paste this js: https://github.com/t-mart/kill-sticky/blob/master/src/kill-s... (you’ll need to add a call to `completion()` to make it a valid Shortcuts js function)
I strongly believe if there was no browser, companies would have taken over the PDF viewers. Brochure files that let you select the product you want and then you email it back to them.
A step further than WebExtensions is customising the code in the Firefox omni.ja file. The next step after that you have to spend a lot of resources to recompile it.
I think the second one is just a userChrome.css tweak? It’s in between the WebExtensions and the omni tweaks I’d say.
userChrome tweaks can get you a long way – for example, I’ve reimplemented the Australis-like tabs (for the nostalgia sake, mostly) using that. Of course, the downside is those tweaks break with updates sometimes.
I'm looking for a good feed preview addon that isn't an RSS reader! Because I kind of have that, well not really, but sort of. RSS reader extensions wouldn't be accessible to me anyway, because I use a screen reader. I just need something where I can pull the feed up ya know, like it used to. The one I have is very slow!
I understand why a lot of these extensions are not allowed, simply because of security issues. But I agree on RSS needs more work.
I continue to think RSS Reader should be a function of browser and shouldn't require a third party web or app to do it. In modern days I wish that could be married with a personal LLM so I could ask question about things I have read but I cant find it easily.
I like having my RSS as a separate entity of my browser. I have a server that runs an RSS aggregator (FreshRSS), and I can hit it via multiple clients, from the built-in web to a mobile app.
You can't retake the web browser since the browser is a slave to the web itself, and the web's ridiculous excesses are enabled by the expansionism of Chrome and before that Firefox. It's a tragedy but I don't see a cure. Best I can hope for is a security-oriented niche subset getting some traction. Gemini tried to be that, but was too silly.
i wonder if we'll ever see good user owned and operated personal "ai agents" or if the technology will just skip the cottage-hipster phase and jump straight to enshitification.
By the time user owned ai agents are able to run on the kind of devices most people have they'll all be banned on the app stores just like any other non-pre-approved application that hasn't been paid for on the app stores will be. For "security reasons". Maybe there will be user owned/controlled ai agents for people with desktop computers and open source operating systems though.
I think the computing requirements to run a local agent are high enough that it'll always be more niche than browsers and certainly unlikely on phones, which already means you're probably running it on the cloud or something.
Case in point which I'm fighting with at this very minute: HTTP. I want to access a site over HTTP, not HTTPS. I know it supports HTTP. I have used HTTP in the past. But my browser insists that I want HTTPS instead, despite my manually typing http://
HSTS is an abomination, directly ignoring the user's command to do what the site wants instead. As if I'm some kind of bystander of my computer, instead of the user.