Net Neutrality is a great big buzz-item right now, but I hate to tell you that battle has already been lost. It was lost in the late 90s, when marketing firms took over. All that the current controversy is arguing about is how much worse things are going to get.
You’re probably familiar with the fact that 99.9% of all email is spam (roughly). Until the web came along, that meant that almost all of the traffic on the internet was spam. Now, there’s probably a significant amount of media-streaming and porn, but only because those are bandwidth-heavy applications with a low transaction:usage ratio. The current “Internet Of Things” trend may also change that – there will be a lot of internet-connected toothbrushes announcing their current status to tracking sites and social media. And, there’s also the gigantic bandwidth-suck of software updates or or two gb/device/month according to my metered bandwidth (thanks, Verizon!) statistics.
There’s another sink we’re pouring usage and bandwidth into, and that’s marketing capture applications. If you’re on a fast connection, and a reasonably fast machine, you probably don’t even notice that there are gigantic wads of javascript bytecodes crunching away in the background all the time – and they’re not there to facilitate your browsing experience – they’re there to record and capture your browsing experience to sell it to marketers. This gigantic infrastructure of performance-sucking glarp exists to tailor those stupid banner ads a little more tightly to your interests. It’s a gigantic edifice of suck predicated on stealing a few more bits of your attention.
Thanks to corporate lobbying, any protections for the consumer have been bartered away long ago; that battle was over when the USA-CAN SPAM act included a cut-out for “anyone business you have done business with, religious organizations, or political parties” to be able to reach out and spam you. It took the spammers about .0002 seconds to realize that all they have to do is claim to have done business with you, but for the big companies like Google and Adobe and Amazon, it didn’t even cause a flutter: you’re using their affiliate portals and that means they can capture anything they want. They’d resell it, too, (Apple used to) except now it’s becoming too valuable to share. Another unnoticed side-effect of the government’s absolute unconcern with user privacy is that marketers felt empowered first to use things like “stealth tracking cookies” where your ISP modifies your data-streams so they can see where you’re going, and then to outright bug your browser. [ars] Since many sites’ interfaces are heavy with javascript, it’s easy enough to inject code into your edit-loop so that all your input routines are captured then the inputs are passed to where they are supposed to go.
There is (naturally) an entire ecosystem of businesses built to do this sort of thing. And they’re all very professional and above-board. They just exist to capture every keystroke you type at a website – what the website owners do with it; that’s not their problem. That’s true, too, but let’s not kid ourselves that they’re making any user’s experience or privacy better.
[site]
A study published last week reported that 482 of the 50,000 most trafficked websites employ such scripts, usually with no clear disclosure. It’s not always easy to detect sites that employ such scripts. The actual number is almost certainly much higher, particularly among sites outside the top 50,000 that were studied.
“Collection of page content by third-party replay scripts may cause sensitive information, such as medical conditions, credit card details, and other personal information displayed on a page, to leak to the third-party as part of the recording,” Steven Englehardt, a PhD candidate at Princeton University, wrote. “This may expose users to identity theft, online scams, and other unwanted behavior. The same is true for the collection of user inputs during checkout and registration processes.”
Englehardt installed replay scripts from six of the most widely used services and found they all exposed visitors’ private moments to varying degrees. During the process of creating an account, for instance, the scripts logged at least partial input typed into various fields. Scripts from FullStory, Hotjar, Yandex, and Smartlook were the most intrusive because, by default, they recorded all input typed into fields for names, e-mail addresses, phone numbers, addresses, Social Security numbers, and dates of birth.
If you ever wondered why some sites don’t work if you don’t whitelist every script, now you know why. If you’ve ever wondered why some sites are a bit slow, now you know why. If you’ve ever wondered where your bandwidth is going, now you know where.
Gap, Adobe, Microsoft, Unity 3D, Costco, Penn State (!), Ryanair, Autodesk, T-Mobile, CBS, gofundme, ToysRUs – if you want a list of 1,700+ sites with capture software, the researchers have published some of the ones they’ve found. [princeton] This is in addition to the tracking that’s already going on at your ISP – they’re stuffing tags into the unencrypted parts of your TLS connections, so they can identify who went where in case they can sell that information, too.
Then there’s the rather amazingly in-your-face customer capture idea that the NBA Golden State Warriors came up with: you can download a Warriors’ app to your smartphone, and it will drain your battery and gobble your bandwidth by turning your phone into a recording device for their marketing analysts. [beast]
The Warriors’ app bills itself as a way for fans to keep track of scores and stats. But while fans were watching the game, the app was watching them, fan LaTisha Satchell claims in a lawsuit. One of the app’s promotional tools allegedly turns a user’s phone microphone on and keeps it on, recording everything within earshot and relaying data back to the Warriors and a tech company, possibly in violation of wiretap laws.
“[The Warriors] gained access to tens of thousands of microphones belonging to consumers who downloaded the Warriors App and turned their mobile devices into bugged listening devices,” the suit alleges.
The unlikely snooping program started as an effort to sell merchandise and ticket upgrades, the suit contends. The Warriors wanted to know when fans were on Warrior-owned property, and how long they stayed there. The app tracked this through audio “beacons” that played through special transmitters in their arena and stores, the suit alleges. The app listened for those beacons and sent customized advertisements to a user’s phone.
See, marketing assholes aren’t even bothering to worry about their customers, anymore. Data, data, data! They’d hold you upside down, and stick a data probe up your butt, if they could. It wouldn’t bother them! Because they’ve convinced themselves that you really want that targeted advertising and you probably kind of consented to it by downloading their app. So, whatever.
The app has 10,000 or so 5-star reviews, and 500 or so 1-star reviews buried somewhere in the bottom of the listings. How much do you think the GW’s marketing people paid for all those 50-star reviews?
I suspect they buy in bulk.
[source]
There is a gigantic ecosystem of marketing companies that are all devoted to helping you sniff deeper up every other marketing channel’s backside. None of this is actually to help make users’ internet experiences faster, better, easier, more reliable, or to protect their privacy – it’s all just attempting to be more intrusive. Because, like the police state’s retro-scope, marketing companies are trapped in this vicious cycle in which they can’t actually read our minds, so they keep trying to collect more and more and more in hope that eventually they will be able to.
Here’s a hint, by the way: offer me $50 and I’ll just tell you. Leave my browser and everything alone. But that’s not acceptable because it would cut out the middle-man, the marketeer, and then they’d have to get a job they were qualified for, like stealing candy from children or mucking out stables.
[source]
What can you do?
What can you do with a trillion social media posts? Well, you can sell them to the NSA; it saves them a lot of trouble having to collect them. And you can stuff them up in Amazon Web Services and forget to secure them, so that anyone coming along can stumble on them. [ars]
The scrapings were left in three Amazon Web Servers S3 cloud storage buckets that were configured to allow access to anyone with a freely available AWS account. It’s only the latest trove of sensitive documents left unsecured on Amazon. In recent months, UpGuard has also found private data belonging to Viacom, security firm TigerSwan, and defense contractor Booz Allen Hamilton similarly exposed. In Friday’s post, UpGuard analyst Dan O’Sullivan wrote:
Massive in scale, it is difficult to state exactly how or why these particular posts were collected over the course of almost a decade. Given the enormous size of these data stores, a cursory search reveals a number of foreign-sourced posts that either appear entirely benign, with no apparent ties to areas of concern for US intelligence agencies, or ones that originate from American citizens, including a vast quantity of Facebook and Twitter posts, some stating political opinions. Among the details collected are the web addresses of targeted posts, as well as other background details on the authors which provide further confirmation of their origins from American citizens.
It’s an open secret that the US intelligence apparatus has been trying to get access to social media so that they can look for keywords in context that might indicate someone is planning a terrorist event or something. I.e.: really stupid terrorists (which is all they seem to catch!).
The article that described the breach didn’t name the vendor that provided the information; it took me several seconds to figure out that apparently was Crimson Hexagon (the Ars article appears to have deliberately been seeded with clues). The bits that worry me are:
Internet searches revealed multiple people who work for VendorX describing work they did for the US Central Command, based in Tampa, Florida. The project was called Outpost and was described as a “multi-lingual platform designed to positively influence change in high-risk youth in unstable regions of the world.”
A “multi-lingual platform designed to positively influence change in high-risk youth in unstable regions of the world” sounds a lot to me like one of those evil Russian troll-farms like the Democrats, Republicans, Israeli government, NRA and apparently everyone else has been operating for a long time. Automated propaganda: matched to your content and delivered to your browser.
Following the disastrous 2016 election and Brexit campaign there was some attention paid to organizations like Cambridge Analytics, that specialize in exactly this sort of stuff. My guess is that, as the media began to dig into Cambridge Analytics, they probably discovered that it’s just one of a gigantic ecosystem of monitoring, filtering, spinning, and robo-lying to sell diapers or unsuitable candidates. It really doesn’t matter which; the system is agnostic.
Net neutrality sounds nice, but the net has been an wholly owned subsidiary of corporate marketing since the early oughts. The scare-scenario that one big provider or another is going to start slowing down another’s traffic: the traffic is already being captured, slowed, and managed at every site and in your browser. The big enterprises are already making bandwidth war on each other and their customers; it’s been stealthy but it’s been going on for years already. Customer privacy and internet experience? That was encarrated immediately, around the time Google went public and sealed big marketing’s take-over of the internet. (2004)
Let me guess how this is going to play itself out: eventually Apple is going to realize that they don’t need to share with anyone, and can pull their entire ecosystem behind a curated experience. In return for mostly seeing no ads, and getting no spam or malware drivebys or whatever, you’ll be able to access Apple approved content providers who will have to (naturally) subsidize the ecosystem with nominal fees. And, if you leave the ecosystem, it’ll be worse than iTunes: buggy, slow, random crashes, and generally crappy. The worst part is that they’ll team up with a preferred bandwidth provider and it’ll probably be a monster crap-pile like AT&T or Verizon. Meanwhile, Amazon will have its own internet, and so will Google. That scenario is the only plausible way that everyone can get out from under Google’s control of the non-captive advo-sphere.
Given the US’ dominance of the internet, I’m surprised that no other country has made a separate walled garden other than China. The US is busy trying to make the whole internet its walled garden, while China is opting out. If I were a nationalist I’d be saying that all the other nations of the world ought to be seeing software and operating systems ecosystems as a strategic resource, and developing their own so they can capture their populations and control them. What else do you think is going on with all the internet Russians propaganda scare in the US?
So what’s a person to do? Use Firefox or Tor? Is there really any way around this?
In that ‘key benefits’ graphic, I first read “Turn customer feedback into revenge opportunities.”
The people at the pain clinic bugged me for months about using their online platform to manage my scrips and other stuff. I kept saying no, they kept bugging. Finally, I started to explain all the reasons I thought that was a remarkably bad idea; when I saw eyes starting to glaze, I knew I won. They stopped bugging me.
Raucous Indignation@#1:
There is nothing that can be done. Using firefox and adblock and noscript is a good way to keep overtly evil malware out of your system, but this stuff comes as a consequence of going to any useful site. Sites like Google, naturally, don’t “need” it because they already know everything you do. Well, none of them “need” it but they all want it so badly they can’t tell the difference.
If you use Tor you’re still going to be running the javascript (or the sites won’t work) and that means they’re tracking you.
The best answer would be to build an alternate internet with “no advertising” and a banning mechanism. But that would never be allowed.
Caine@#2:
I first read “Turn customer feedback into revenge opportunities.”
Basically. As far as I am concerned these platforms’ key benefits are “slow everything down, make it less reliable, violate users’ trust, and do all that to make marketing people happy.”
There must be a fortune to be made selling consumer data about consumer data consumers to consumer data suppliers. Part of that fortune belongs to the pharma industry, however, because of all the headaches this will cause. As an added bonus, the recursion of the data collection and sales business might just compound the slowdown and other deleterious effects it’s already having. We’ll need to keep inventing better technologies just to keep the internet moving at all. All this hastens along the singularity, when man and marketing scam will finally merge into one.
And all this, the gargantuan effort behind it all, boils down to the single goal of having a tissuepaper ad pop up on your phone just moments before you sneeze.
It’s a classic “underpants gnomes” business model:
1. Collect
underpantsuser data.2. ?????
3. Profit!
I reckon the way it’s eventually going to play out if that it will slowly become impossible to ignore that there’s nothing you can really stick in at step 2 that turns the whole thing into a viable business model. The entire ecosystem has been built with a gazillion dollars of VC money in the hope that somebody, somewhere will one day figure out how to spin
strawuser data into gold… However, I don’t think it’s going to happen, because users, however gullible and easily led they may be, are not that gullible or easily led – or at least, they don’t stay that way for long. There are statistical inference heuristics andmachinelearning algorithms working on the other side of the screen too, and they mostly work rather better. Once all the old fogeys who reflexively trust anything they see in print die off, the whole thing’s going up in smoke. Unfortunately, it’s going to take a lot of people’s pension funds along with it…komarov@#5:
And all this, the gargantuan effort behind it all, boils down to the single goal of having a tissuepaper ad pop up on your phone just moments before you sneeze.
Ideally! Then Amazon can send a toilet paper drone before you even know you want to buy… uh, did you say tissue paper? Click here to accept toilet paper too, bundled special deal!
I have been meaning to eventually do a post explaining why none of this crap will ever remotely catch up to google, but 1) they won’t listen 2) they’re going to keep trying 3) money!
Dunc@#6:
The entire ecosystem has been built with a gazillion dollars of VC money in the hope that somebody, somewhere will one day figure out how to spin straw user data into gold…
Google has, that’s the thing. I’ll try to do a post explaining all that, eventually. I just get into slamming my face into my desk whenever I think about it. Basically, these assclowns have realized half of what Google has, and are trying to get it, even though they can’t. You’re absolutely right, they’re the underpants gnomes. And that explains where all our underpants went.
Meanwhile, what can you do with a TRILLION social media posts?
Considering that around half are MARKETING, throw them away.
And if you’re NSA you trawl for jihadi communications.
And if you’re FBI you look for people planning mass shootings.
By the way, the 2016 election did one nice thing: it made the advertisers suddenly start to look at the content they are carrying. Prior to the Russians blowing the game, there was a great opportunity for someone to blow all the NSA’s search rules to hellangone by running ads that contained false jihadi codes, to get people to “like” and “share” them and build gigantic networks of false jihadi traffic.
No wonder my internet is so slow. And here I thought it was because I lived in the Middle of Nowhere and had crappy service. How depressing.
This is a terrible business plan, though. Even as companies commit these atrocities the average USAian has less and less money. When no one has any money, who are you going to sell your tissues to? Even if you can make an ad pop up the second they sneeze? These… whatever they are, should be dedicating themselves to voting out the oligarchy and building a strong middle class, because the oligarchy would prefer to have ALL the money and not share any at all with those icky poor people. A healthy middle class is the way forward, because you can’t sell stuff to people who have no money. Not to mention, at some point, they are not even going to be able to afford a phone or a computer, let alone the monthly bill that comes with it. In fact, the majority of my neighbors are in such a situation. It behooves these… whoever… to make certain that those people can get enough money to be able to afford a phone in the first place, so they can spam them. Right now they can’t.
I’m sure I’m a naive dimwit for thinking that.
kestrel@#10:
Yep. It’s why – even though I have only a page open, my Firefox is gobbling multiple threads and 2gb of RAM.
And, I wasn’t even using the browser. It’s just “sitting there” – actually, no, it’s probably running a load of javascript from friendly sites that want to see what I am doing. Even wordpress captures all your keystrokes (so it can do inline spell checking and whatnot)…
Even though it’s hopeless, I’m keeping that bit of tape covering the camera lens.
Well, there’s that.. There’s also the fact that most of that JS is fucking horribly written and is probably spending most of its runtime just wasting cycles and memory throwing exceptions and then ignoring them.
Combined automated prying ‘n’ propaganda – let’s call it prypoganda.
A 20-something friend insists that she and her pals will talk about something in old-fashioned realworld meatspace and then see a rash of ads related to that topic in their digital media (none of these people, sfaik, GS Warrior fans). She figures their phones are listening in and transcribing, but – though nominally a native of the 20th century – doesn’t seem too worried about it.
Me, I want at least a soundproofed phone case.
Huh. I was wondering why my old laptop always works so hard it’s on the brink of overheating and shutting off. That explains a lot.
Firefox is notorious for being resource intensive, though, and has been having some memory leak issue or years now. If you let it will happily absorb all the memory it can before becoming lethargic. Yet I still use it, partly due to inertia – that and a traditional disdain for Internet Explorer. Chrome is supposedly the ‘fast’ browser these days, but perhaps they just streamlined their data collection.
I first “got online” (i.e. used a network connected computer) in about 1983. I got a dialup modem in 1993. I got broadband in about 2003. Each time, I noticed a significant uptick in the speed at which I was able to access remote content.
Now, although the raw numbers have gone up (a bit) since then, my actual experience of how fast “using the internet” is hasn’t changed that much. This baffled me – the computer I’m using is much faster than the one I had 15 years ago… isn’t it? Even out of the box (i.e. before i downloaded a bucketload of resource-hungry bloatware onto it) it didn’t seem exactly blistering.
Now I know why. Thanks… I guess.
Can you imagine if the car industry did something similar and just kept churning out rubbish with a top speed of 65mph and 24mpg? Oh, wait…
Browsers often keep a cache of closed tabs, to enable speedier reloading. You’ll often see a big drop in memory usage if you close the browser and restart it.
Yeah, late night sessions get slower and slower, but at least all their targeting has no effect on me because the adblocker is always on. I’ve never taken kindly to being told what I should look at next.
Noscript seems pretty good at stopping a lot of this shit. Unfortunately, as Marcus says, you often have a choice: Turn off javascript for the website, which means it won’t run, or turn on javascript. With Noscript, you have rather fine grain ability to turn on and off javascript, but if they’re crafty enough, they’ll bundle the spyware in the same javascript as the functionality, which means that even Noscript cannot help you.
Noscript is still quite amazing at removing a lot of useless and spyware scripts to improve performance. Unfortunately, properly using Noscript is a huge and neverending nuisance (i.e. temporarily approve this javascript URL, see if the page functions, repeat until you find the minimum set, and them permanently block the rest, for every new website that you visit).
PS:
Apparently patheos.com didn’t like this, and within the last year or so, they installed some javascript on their main URL which detected things like Noscript, and just stopped the entire page loading if their javascript wasn’t on, meaning that you have to allow a substantial amount of shit in order to get patheos blogs to load. That was irritating.
Ketil Tveiten@#18:
You’ll often see a big drop in memory usage if you close the browser and restart it.
It’s the 40% of my CPU being used when I’m not even touching the browser that bothers me.
Pierce R. Butler@#14:
A 20-something friend insists that she and her pals will talk about something in old-fashioned realworld meatspace and then see a rash of ads related to that topic in their digital media (none of these people, sfaik, GS Warrior fans). She figures their phones are listening in and transcribing, but – though nominally a native of the 20th century – doesn’t seem too worried about it.
That’s actually possible, with the tech they have in most phones now. It’d kill battery life, though.
Hmmm… now I am wondering if anyone has petri dished a smartphone and make a list of all the traffic that goes in and out of it during a day of sitting unattended.
Thanks for opening up this stinking can of sulfurous excrement. Have a Very Special and Acrimonious Festvus!
Raucous Indignation@#23:
Thanks for opening up this stinking can of sulfurous excrement. Have a Very Special and Acrimonious Festvus!
You’re welcome! Have a great holiday and a Merry Christmas and everything!
komarov@#16:
Chrome is supposedly the ‘fast’ browser these days, but perhaps they just streamlined their data collection.
I think the concept of “fast” browser is kind of silly. The problem is really not the browser, it’s that it’s basically an entire operating system with a huge code-load written by people who aren’t qualified to stack cinder-blocks let alone write software. Google has some really good people – a lot of really good people, actually, but this is not a problem that having good people will make better.
sonofrojblake@#17:
This baffled me – the computer I’m using is much faster than the one I had 15 years ago… isn’t it? Even out of the box (i.e. before i downloaded a bucketload of resource-hungry bloatware onto it) it didn’t seem exactly blistering.
Add: huge overhead parsing various mark-up and screen layout, pretty 3d-looking graphics, U/I management, and content encoding and decoding..
We could re-enact the Monty Python sketch. When I was a young programmer, we used to support 25 users on a PDP-11/44 running Version 7 UNIX. And it was snappy! It had less than 1mb of RAM. Kids, these days!
Dunc@#13:
Well, there’s that.. There’s also the fact that most of that JS is fucking horribly written and is probably spending most of its runtime just wasting cycles and memory throwing exceptions and then ignoring them.
Exception: too many exceptions ignored, ignored.
The rendering itself is trivial — especially compared to games — so probably has little effect, but: add a huge chunk of the content being imported from other domains, each with their own latency and handshake protocols. This very site is pretty nasty, actually, though nowhere near the worst — it’s quite functional for me at home because I block most things, but it was essentially unusable from work (in passing, I had to convince the IT manager to enable FTB) even though the servers were pretty hefty. For example, my instance of FF is using 281Mb and I have two tabs open.
I know for a fact most people keep a shitload of tabs open, never realising each one takes a bunch of resources and is running scripts all the time. For that matter, most people keep every application they start open and minimised, though they don’t actually use them. So most users are to blame, too.
I don’t need an ad-blocker, but I run the NoScript and RequestPolicy addons which does the job for me — the latter recommended to me by SGBM some years ago.
Since AFAIK they’re only available in FireFox, that’s the browser I use.
(The most recent version of FF breaks them, alas — but they seem to be maintained and so I expect I will be able to go back to 57 soon)
John Morales@#28:
add a huge chunk of the content being imported from other domains, each with their own latency and handshake protocols
Yes, good point. And you get weird failure modes – if my connection gets sludgy, sometimes I’ll start getting TLS timeouts here and there and then I have partially-loaded pages, which sucks if the ‘partial’ bit is some script. It’s impossible to debug, one can only clutch one’s temples and hit reload a couple times.
I’m on a not-very-good bandwidth connection and there are some sites that use DDOS ‘protection’ in their front-end load balancers – if my system can’t talk to them fast enough, they saw my connections off at the knees. Except they do it cleanly – so my browser concludes “oh, that script I was asked to download and run? it’s empty!” But it cheerfully caches the idea that the script was empty.
The internet has become a mess of unreliable crap because of all the ways marketing weasels have tried to inject their little hooks so they can ‘monetize’ it. It would be much faster and better if they just stopped – which, naturally, they can’t do. I have a fantasy that the whole internet one day signs up and re-tweets or whatever to a statement saying: “if we get an annoying ad from you, we will never do business with you again.” In a week there would be no more annoying ads. And then they’d start again. Grrr… I remember back in the days when people used to yell at companies that came on the internet and tried to commercialize. We should have kept it non-commercial. That was when “net neutrality” was a dead issue.
We live in interesting times.
[utterly OT]
Re interesting times, this story entirely accords with my recollection of publicly-available information; I live in South Australia.
https://www.vox.com/energy-and-environment/2017/11/28/16709036/elon-musk-biggest-battery-100-days
(Seems to me Musk is the businessman Trump imagines himself to be)
@Marcus, 26: Massively off-topic trivia: if by “Monty Python”, you mean the Four Yorkshiremen sketch (“there were ‘undred fifty of us, livin’ in’t shoebox in’t middle o’t road” – “Cardboard box?” – “Aye” – “You were lucky.”), know that that is NOT a Monty Python sketch. It was performed by them and put on a record Live At Drury Lane theatre and the Hollywood Bowl, among others, but it’s originally from a show called “At Last the 1948 Show”, and the original performers were Cleese, Chapman, Tim Brooke-Taylor (later of The Goodies and still active on BBC Radio 4’s I’m Sorry I Haven’t A Clue) and Marty Feldman from Young Frankenstein and much else.
As you were.
Marcus:
I opened task manager yesterday after seeing yours, I had 3 tabs. CPU was at 6%. Just did it again, with 9 tabs, still at 6%.
Caine@#33:
I opened task manager yesterday after seeing yours, I had 3 tabs. CPU was at 6%. Just did it again, with 9 tabs, still at 6%.
What browser are you using? Maybe I go to more sites with tracking apps. :/ I suspect facebook and twitter are horrible.
sonofrojblake@#32:
Massively off-topic trivia: if by “Monty Python”, you mean the Four Yorkshiremen sketch (“there were ‘undred fifty of us, livin’ in’t shoebox in’t middle o’t road” – “Cardboard box?
I did not know it was not a Python sketch! Thanks for the additional trivia added to my knowledge-base. Maybe someday I’ll win a trivia contest with that one. Assuming I remember.
Marty Feldman. He was so good.
As of typing this my CPU usage is 2%. And Firefox uses about 994 MB RAM. I have three tabs open in Firefox. But I’m not doing anything, the tabs are just open. However I have noticed that sometimes Firefox CPU usage skyrockets to over 60%. It depends on what sites I visit, how many tabs I have open, whether sites are actually downloading at the moment.
Nowadays I never use Firefox simultaneously with any other CPU draining applications. If I try that, everything just slows down really badly.
I remember that 10 years ago I never used Photoshop simultaneously with anything else yet I had no such problems with Firefox. Nowadays it is vice versa – it’s Firefox that’s causing me problems and Photoshop runs just fine. Granted, I have a pretty old version of Photoshop, while Firefox has been updating itself regularly.
I live in a place where Internet connection is extremely fast, very cheap and I have no limitations on how much stuff I can download (I pay a fixed price per month regardless of how much I use Internet). So I never noticed anything about that. I just never needed to pay attention.
I use Firefox, but I’m on an old one, um, v43.