Not sure if this the appropriate place for it but the FOSS communities seemed dead.
This is Bridge - a privacy focused, Firefox AI disabled, Fediverse integrated browser. It has vim navigation via Tridactyl, Bitwarden integration, as well as Ublock integration.
It has an old Firefox RSS feature where you can scan a site for RSS feeds and it will add them to the RSS feed reader.
But the highlight of this is the Mastodon and Lemmy integration. you can have your Mastodon feed displayed in the sidebar on the browser which will give you access to your home, local, and fediverse feeds. you can post, reply, boost, and favourite posts.
The Lemmy extension allows you to see and link directly to lemmy discussions on whatever instance you like (multiple even) if you’re on a site/news article/blog post/whatever. If the extension sees that this has been posted on Lemmy, it will provide you with a direct link to whatever discussions it finds based on the current URL you’re on.
This has been a hobby project of mine for a bit now, It’s very slow development as I have a job and can’t dedicate all the time in the world to this. I wanted to originally build a browser from scratch but realized that would probably take me years so I settled with a fork of firefox.
Currently I believe it only works on Linux and is in a very early alpha. It hasn’t crashed on me yet but visually is a bit rough around the edges.
I just wanted to share this little hobby project I’ve been working on. Thanks!
https://codeberg.org/rozodru/Bridge
UPDATE Since I already got a lot of feedback and more people than anything else wanted the Lemmy Extension as a stand alone extension…I delivered.
You were all correct, the Lemmy Add-on is a bigger deal than the browser. Again this was just a hobby project of mine as I’ve never played around with firefox forks before or extensions/addons for that matter so this is my first time.
Regardless, here it is: https://codeberg.org/rozodru/LemmyBridge
NOTE: I have submitted it to Mozilla so it is NOT VERIFIED as of right now, if you want to use it, use it at your own discretion. If it breaks something in whatever fork of firefox you’re using then I take no responsibility.
Again thanks for all the support, appreciate it.
The Lemmy extension allows you to see and link directly to lemmy discussions on whatever instance you like (multiple even) if you’re on a site/news article/blog post/whatever. If the extension sees that this has been posted on Lemmy, it will provide you with a direct link to whatever discussions it finds based on the current URL you’re on.
So wait, it reports all browsing activity you do to third parties to search for matching Lemmy posts?
Bad, bad, system.
You’ve completely lost the point of why we’re here in Lemmy in the first place. Restrain or remove this feature ASAP.
No automatic browsing activity reporting - The extension only searches for Lemmy discussions when:
- A page finishes loading (background.js:119-128)
- URL changes are detected (content.js:37-54)
What data is sent:
- Only the current page URL and its variations (content.js:73-80)
- URL variations include cleaned URLs (no tracking params), with/without www, http/https variants (content.js:109-168)
Where data is sent:
- Only to Lemmy instances you’ve configured (background.js:149-152)
- No third-party analytics or tracking services
- All requests go directly to Lemmy APIs for post searches
Privacy protections:
- Results are cached locally for 30 minutes (background.js:141-143)
- No persistent logging of browsing history
- You can disable the notification indicator (content.js:172-184)
- Only sends URL when you actually visit a page, not preemptively
User control:
- You choose which Lemmy instances to search
- You can remove instances at any time
- The extension only activates on http/https URLs
Answer: No - The extension does not report all browsing activity to third parties. It only queries your configured Lemmy instances with the current page URL to find relevant discussions, and only when you actually visit a page.
Regardless after some discussion last night I’ve added a consent notification when the extension is installed, it can now also be enabled/disabled via the sidebar so now people know exactly how the extension is being used: https://codeberg.org/rozodru/LemmyBridge/commit/2e735b56f273d44bae9df638b01985519debcfd1
Sending the current URL and directly from your own IP too is quite the privacy hurdle already. I’ve already posted on what kind of things could be done to improve this, but first, a notice.
Your README says in the Privacy section:
Does not track your browsing
On the current implementation, this should be changed to:
Enables unverified third parties to track your browsing data
As that honesty is quite important.
As for measures that could be taken to improve on this issue, I have three suggestions (I might Issue Tracker them to the codeberg later, if I can find my credentials XD)
- Set up a uBO-stye control pane that allows to set this on or off per-domain or per-site. Bonus points if it allows for per-site specific on which lemmy instances to use the same way as uBO’s “3p” Custom Rules does. This already prevents a number of undesirable use cases, such as automatically sending LAN / non-DNS names to third parties when they can’t really be searched for anyways.
- Anonimyzing assist: Allow for sending only the global context of the visited site (eg.: only the domain) instead of the full URL.
- Anonimyzing assist: Allow to cache requests to send them later / send them in batches, to avoid clock-based / timezone-based tracking attacks.
- Anonimyzing assist: Allow for the browser-specific request being sent through a proxy or relay, so that IP origin information is not leaked. (I think this only really makes sense for users not logged-in?)
Thanks, when I have the time I’ll look into implementing this.
I don’t think the ideas of Lambalicious work with Lemmy. What would sending the domain name only achieve? I assume it uses the same logic as Lemmy uses to find crossposts? Obviously it needs the whole address then.
Maybe instead of crawling automatically, the users need to click a button to look up discussions? (I have yet to install your extension, so I have yet to experience the workflow myself, sorry.)
Maybe link to the privacy terms of the default instances? In general, I think your approach is good. You don’t collect any data, the feature is 100% opt-in. A central relay/proxy is even worse than your current approach. People are obviously free to set up their own Lemmy/Mastodon server if they want a relay.
What would sending the domain name only achieve?
I’m guessing the idea could be to fetch a batch of recent discussions based on pages within a domain, then filter the results locally. This could even work very well with local caching.
Would it be difficult to convert into a extension for other firefox-based browsers? I love the idea of seeing lemmy discussions about the page I’m in directly on the page, but I don’t really wanna switch my web browser again.
Eventually yes, I will be turning it into a standalone extension.
you’re awesome :3
the extension: https://codeberg.org/rozodru/LemmyBridge
Wha?! I wasn’t expecting such a quick update :0
It was easy to pull out of the browser as a standalone because really that’s all it was, just an extension that was baked into the browser. and since a lot of people requested it I just decided to do it.
I second this, I rely too much on Firefox and its sync features to give up just yet.
They are clearly enshittifying and may already be sharing data about you. Eject asap, friends.
🤷♂️
And relying on a single volunteer to ship crucial security updates? Disabling the shitty FF features may be hidden in
about:configbut as long as this is possible, using upstream FF is still the most secure way to use a Gecko browser.Either upstream FF with something like arkenfox or Mullvad Browser, which is just Tor Browser minus Tor, developed by the same people. Librewolf is also an option, which is basically just FF with arkenfox preinstalled.
This is going to absolutely hammer the search API endpoint. Every single time you visit any web page there will be around 5 different requests to lemmy-instance/api/v3/search (see
generateUrlVariations()) and running a search is pretty heavy on the server.I just read the code, didn’t actually install the extension, so I could be wrong but at first glance this looks like it would cause real problems if a significant number of people started using it.
Totally understandable. I added in some rate limits, search result caching, timeout handling and error handling (to prevent retry storms), there’s also a max result limit per instance. If this WERE to take off with like 1000+ users I’d have to adjust it further. But right now as it stands the impact should be negligible.
All it would need is about 10 simultaneous users and the load on the server would be unacceptable to me, as an instance admin. I only run PieFed instances so this isn’t going to impact me unless you add PieFed support (please don’t).
Fair enough. also to your earlier point it’s only 1 request per instance. the reason you might be seeing 5 is because 5 instances are the default.
Worst-Case Scenario (10 Heavy Users)
- 10 users × 60 page visits/hour = 600 searches/hour
- With 30-minute caching, actual API calls = ~300/hour
- Distributed across 5 default instances = 60 requests/hour per instance
- That’s 1 request per minute per instance
Lemmy Server Context:
- Normal web traffic: Thousands of requests per hour
- Single user browsing: 10-50 requests/hour easily
- RSS bot: Often 100+ requests/hour
- This extension: 1 request/minute = trivial load
A single person browsing Lemmy normally generates more API traffic than 10 extension users combined. The /api/v3/search endpoint is also one of the lightest operations, it doesn’t involve complex database queries like fetching full comment threads.
I guess if the logic for finding the posts was done on the server then you would only need one API call - the extension would just send through whatever url it had. That would be more efficient.
If this gets popular I’d be open to adding a dedicated API endpoint for this to PieFed.
Kind of a privacy nightmare though, aye. Sending your whole browser history to a third party… But that’s a whole different issue.
…it doesn’t view the browser history at all.?
It doesn’t access old browser history but from the moment it is installed onwards it sends every url you visit to 7 instances, to do a search. Any one of those instances could save those urls and over time build up a profile on someone.
Yeah. Interesting to think if there are ways to get around that problem. Still, very interesting work @[email protected], and great idea splitting it out into an extension!
Very cool idea! Just starred on Codeberg.
This actually sounds really cool, the idea of having a sidebar pull up posts of the article your reading is like sci-fi movie magic stuff
very cool!
Please announce on the Fediverse when you release the standalone extensionDo you plan to offer a browser extension for those who would enjoy the Fediverse integration but don’t want to run a custom fork?
I’m most stoked about RSS integration. I miss Firefox’s old RSS features
You can get more than half of the stuff you mentioned by using LibreWolf. Cool idea tho with the integration, would be nice as an extension
Honestly, this is a really innovative project. I wish it came in an extension because I feel that is likely your biggest bottleneck for getting people to try it. I don’t think many are going to build a browser from source & then port all their stuff over strictly for the integration. Plus it looks like a primary advertisement for it is that integration, but it also disables a lot of the QoL features that FF has that some don’t have any problem with. Like the fact that Sync is removed as a whole is a major dealbreaker for me, as I do like the feature and I am not concerned about the privacy aspects of having it on.
If an extension version ever releases for the lemmy integration though, I would for sure be looking at that!
Woah, you separated it already? that’s insane. Defo checking it out! Cheers!
The RSS alone is awesome. Thank you.
If the extension sees that this has been posted on Lemmy, it will provide you with a direct link to whatever discussions it finds
This is effing cool
I’m on android firefox. How the heck do i download this. Codeberg is just as confusing as github to people like me that don’t use it.
I want to try this.
Always look in the README.md file first for instructions for downloading and installing.
Prerequisites
Bridge requires a full Firefox build environment:
- Linux: GCC/Clang 13+, Python 3.8+, Node.js 16+, Rust 1.70+
- Windows: Visual Studio 2022, Python 3.8+, Node.js 16+, Rust 1.70+
- macOS: Xcode 14+, Python 3.8+, Node.js 16+, Rust 1.70+
So there is no Android version.
If you do want to install for one of OSes mentioned, the next section gives instructions on how to build by source. This means you have to follow in instructions. This might mean it is too technical for users not used to CLI (command line interface).
Thank you for the explanation and details. I appreciate it.
@bovine3dom This firefox fork integrated #Tridactyl FYI
I actually support telemetry for Mozilla, especially the way they’ve implemented it. But the other features look great and I don’t want anything to do with GitHub projects. Starred on Codeberg!
