Says the site that only offers one big button "accept" to its cookies :( :( There's no "Nope".
Edit: Weird, some people seem to have received more options than me. For me there was just one option to accept (Zustimmen) and nothing else. Everything was in German but I read German anyway. I was on mobile though, perhaps this is why? I can't see it again because I already pressed it.
A practice (pay or accept cookies) which was actually ruled in breach with GDPR but many German sites seem to do this somehow.
I agree with the criticism on Firefox but this is very hypocritical. Heise used to be a good company. I even used to subscribe to C'T and iX.
But even then, it's a bit hypocritical writing an article slamming firefox for this at least allegedly privacy-sensitive adtracking. While requiring readers to consent to tracking from your however many ad partners :P
These dark patterns will prevail. However, I honestly expect their reasoning to be "every single user reading heise.de should have a cookie banner blocking enabled in their Ad Blocker". Also, I think you can accept it for free when you click "Einstellungen", this is not golem.de.
they will not prevail, unless we collectively let them do so. they are already probably in breach of GDPR, and I don't see the EU backing down on this stuff.
Collectively? More people have no idea what the GSPR even is, what cookies are, what the question even means, and just randomly click a button.
The only way to get some collective action from 99.999% of web users, would be to get multiple high profile media personalities to endlessly, repeatedly tweet about it... along with a catchy jingle.
Users would still have no idea about anything privacy related, but maybe 10% would do as commanded by their idols.
Having only "accept all" and say "configure", or even a highlighted "accept all" and a very small or even just unhighlighted "deny all" is against GDPR. IIRC:
- choices presented must have the same visual weight (e.g for buttons)
- there must be no default choice preselected (e.g for radio/toggles)
- the fallback when no choice is made (e.g a dismissal or a "failure to display" a.k.a bug or nag blocker) must be equivalent to deny all
Instead we get this mess because enforcement requires litigation from users and these companies make just enough to claim "oh we thought it was Ok plus we go through a off the shelf pluggable third party so not on us" plausible deniability.
> If the data subject's consent is to be
given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive
to the use of the service for which it is provided.
> Consent should not be regarded as freely given if the data subject has no genuine or free choice or is
unable to refuse or withdraw consent without detriment.
> Example 6a: A website provider puts into place a script that will block content from being visible except
for a request to accept cookies and the information about which cookies are being set and for what
purposes data will be processed. There is no possibility to access the content without clicking on the
“Accept cookies” button. Since the data subject is not presented with a genuine choice, its consent is
not freely given.
> 41. This does not constitute valid consent, as the provision of the service relies on the data subject clicking
the “Accept cookies” button. It is not presented with a genuine choice.
> The use of pre-ticked opt-in boxes is invalid under the GDPR. Silence or inactivity on the part of the data subject, as well as merely proceeding with a service cannot be regarded as an active indication of choice.
> In the digital context, many services need personal data to function, hence, data subjects receive multiple consent requests that need answers through clicks and swipes every day. This may result in a certain degree of click fatigue: when encountered too many times, the actual warning effect of consent mechanisms is diminishing.
> This results in a situation where consent questions are no longer read. This is a particular risk to data subjects, as, typically, consent is asked for actions that are in principle unlawful without their consent. The GDPR places upon controllers the obligation to develop ways to tackle this issue
I get a different banner - it's a huge square with a wall of German text that I can't understand. There are three buttons, also in German, and I have no idea which button to press. Guess I won't be reading the article.
My current process for "modal asking any consent when I just jumped in the page and don’t have any certainty there is something there I am looking for" is
- does reader view toggle works? if yes, consult, end here
- am I really looking for some information that might be there? if "no I just clicked a link from somewhere on the internet", then end here
- still here? Hey, what about looking at the DOM, if the information looked for is not a simple small segment of text, there are good chances a few CSS/HTML tweak will reveal this. Got it? end here, though you might consider to automate this process with Greasemonkey if this domain often fall in your research.
- no luck so far? It’s ok, you know Internet is vast, there are plenty of other page to visit. WTF are you doing here anyway, don’t you have a job, hobbies and people to cherish? And what about a small walk, you look like you need some fresh air, you know?
Found it. Go to settings, type privacy into the search box.
The last item under "Firefox Data Collection and Use" is a check box labelled "Allow websites to perform privacy-preserving ad measurement".
It was already unchecked on mine when I looked just now.
Yeah on desktop. On mobile it's a lot harder. It's still turned on and you have to use a workaround to enable about: config because they don't bother to make this option visible in settings.
Yeah apparently you can use that to set: general.aboutConfig.enable to true
And then you can go to the normal about:config and set dom.private-attribution.submission.enabled to false
Only then is PPA actually off (apparently, I did not manage to test this yet but someone did confirm the default setting is true). Not cool. Especially because Mozilla provides instructions for the desktop version on their site but doesn't even mention the mobile version at all.
I had to go through some Gecko thing first like others mentioned, quite odd. Supposedly the setting to adjust is in there too, but I have no idea what applies here
I don't know of any "good guys" whatsoever that ever managed to build and maintain a browser. Anyone?
Maybe one day we'll have a usable FOSS browser but I doubt it (the companies will fight tooth and nail against it including legal means, buying out companies, blocking content for them, etc.).
I think the guys that built WebKit originally (Konqueror) are kinda good guys. I still sponsor KDE with a monthly donation <3 But the browser wasn't really kept up, I don't think they had the money for it. It lives on in Safari though.
Interestingly the option has a link to an explanation on how it works. Which was handy as I couldn't get past the German cookie dialogue on the original article.
I guess the question is whether the aggregation services can be persuaded by clever attribute manipulation to give the ad site a near unique report for a user across many sites.
Spyware is illegal. Jail all CEOs, managers, engineers that worked on spying features at google, ms, etc
They are repleaceble and next gen will not dare to spy on users.
Fines are stupid and don't work anyway.
This is in full compliance with the democratic process, judicial tradition, etc so I'm not ranting, instead it is that we have been so removed by the idea of punishing the actual people that do actual crimes just because they work in megacorps that any suggestion to do so sounds like a commie rant.
> First, in the absence of alternatives, there are enormous economic incentives for advertisers to try to bypass these countermeasures, leading to a perpetual arms race that we may not win.
It's very likely that this arms race will lead to DRM in web publications and video feeds (which Google is already experimenting with).
I will begrudgingly admit he has a point here. In a few years I imagine almost all sites will refuse to serve anything without WEI, and the "open" web will be the preserve of a few hobbyists. Annoyingly you'll still need to use a compromised browser (or worse, app) to do anything with your bank, etc.
Yes, the kneejerk reaction against FF here isn't really thinking things through. Mozilla has to walk this tight rope since ad companies own the web already.
Realistically, the best outcome at this point is that enough users are willing to send enough data to advertisers so they allow the open web to continue.
The alternative is that sites will eventually only work in Chrome or Safari on limited, locked down platforms (read: no Linux support at all).
google is the owner of the DRM verification system, they add exception for google robots, website only appears on google, kills other search engines in the process
If the DRM is coming from Google, I'm sure they'll take that into consideration when designing it. Feels ripe for an anti-trust lawsuit, but IANAL so who knows.
When I wrote the comment I was imagining Google using the tech as a moat to stop other search engines from indexing DRM protected content. I guess if they shared it and "all" search engines could index the content, it would probably be fine? I'm guessing that's why Widevine is "fine".
But like I said, I'm not a lawyer and have no idea what I'm talking about.
Which is one of the main reasons why it’s such a problem that the search engine with an overwhelming market share also owns the browser with overwhelming market share and is also the largest online ad company. Not to mention they pay billions each year to the other browsers. Google has a huge amount of control over every part of this.
You’ll notice that Google search now shows excerpts from things you can’t actually see visiting the site (paywalled news, paywalled scientific articles). The age of “show us exactly what users see or get downranked into oblivion” is long gone, sadly.
This is an attempt to try. You don't win my being an immovable wall going against the biggest corporations. If the W3C manages to create a system that satisfies advertisers while preserving our privacy, that's how you win. There isn't a future where advertising will just disappear. I'm just being pragmatic here, as a user of ad blockers for 15 years.
Most advertisers will not be satisfied with that. The real question is if regulators will be and therefore can use this as a reason to clamp down on advertisers. If so this might work, but I am skeptical. And either way it was wrong of Mozilla to sneak this in as opt-out.
I can see the economic argument, but I am not sure that I buy it. W3C could push this as a standard, but surely anything that is privacy preserving will by its very definition provide less data for advertisement targeting, no? With less data, the targeting is likely to be worse in terms of advertisement efficiency. Thus, the economic incentive even in an ideal situation as with a W3C standard will be pushing any advertiser to "betray" the system and fall back on the very arms race that Mozilla is arguing that they are trying to avoid, no?
At best, politicians could jump on the "solution", but then why are Mozilla not already lobbying in that case? Why is the first party they are reaching out to the wolf in this drama?
Regardless, Mozilla has lost me at this point as a user. This being opt-out is inexcusable and I will find ways to gravitate away from them as I should not need my poor package maintainers to be paranoid with their upstream code in the same way they have to be with Chrome in order to protect us from developer abuse like this. Will try Mull on mobile now, hopefully it is viable, and see how I solve the desktop situation when I can find the time.
It's not an attempt to try, it's reputation management. There is no 'anonymization' of data, because the advertising companies Mozilla is selling your data to now have almost 20 years of profiling that can effectively identify people through "anonymous" results. This has been known for years. Mozilla knows. They don't care.
An immovable wall is exactly what is needed to confront big corporations when they behave abusively (and intrusive profiling is an example of this). 'Pragmatism' here is just acquiescence in creeping surrender. Look what advertising has already done to the web and privacy.
Except being uncompromising is exactly how free software won. And compromising on EME DRM did not make websites using that DRM any less restricted to popular platforms. Compromise is not a winning move when what you are fighting against is fundamentally unacceptable.
Which will lead to counter moves by alterative browsers and websites and Google risking the loss of browser market share. If you think this is unthinkable, just look back at Microsoft's dominance of the browser market twenty years ago. Exactly like Google is doing they were pushing through all sorts of user hostile stuff via internet explorer. Before Chrome came along, Firefox was one of the few holdouts against them. Internet explorer users were dealing with all sorts of crap. Popups, popunders, all sorts of viruses, cross site scripting attacks, etc. Mostly that was just a mix of poorly designed features but there was also MS trying to get into search and advertising and they were trying to abuse their defacto monopoly to do that.
I don’t disagree with you in principle, but this history is not quite right. IIRC the IE6 team was shut down. Basically only Mozilla and Apple were building browsers at scale until Chrome came along.
Yes, you are definitely missing a decade here. The internet explorer/edge team was shut down long after Google grabbed most of the market share.
Chrome was launched 2008; Safari had its first release in 2003. And I was using the early Phoenix builds (later the name change to Firefox happened) in 2001. The version of internet explorer around the time Chrome launched was v7. IE 6 was already old news by then. And IE 8 launched soon after the Chrome launch. 9, 10, and 11 followed. And then the switch to Edge happened; which was a complete rewrite of their browser engine. Only in 2020, MS announced switching to Chromium. So, that's about 12 years of MS trying to hold on before they finally gave up.
This has happened before. Remember the critique against Encrypted Media Extensions (https://en.wikipedia.org/wiki/Encrypted_Media_Extensions): Oh no, DRM in the browser! But remember that web video used to require Adobe Flash for the longest time, and even after a decade of HTML5 video, sites were still clinging onto Adobe Flash (and later also Microsoft Silverlight) for what turned out to be DRM purposes. At the time, these plagued proprietary blobs were not going anywhere. Except, after EME had widely supplanted this last holdout usecase, they were quietly allowed to die. The result is that we have much smaller-scoped proprietary blobs in the form of content delivery modules with a lot fewer bugs and portability issues.
The situation with Flash and Silverlight was better than the situation currently is with EME. Before, you could implement a standard-compliant open source web browser, you just may not be able to view certain non-web embeds. Now, web browsers need permission from Google to view certain kinds of web content, and they can't be open source.
Wait aren't browsers already trying to implement anti-tracking measures? Are you saying Mozilla has been holding back improving anti-tracking for the benefit of advertisers until now? Now that is evil
> Wait aren't browsers already trying to implement anti-tracking measures?
Yes, and trackers are investing large sums of money into breaking those measures.
If you give advertisers a lawful non-user-threatening way to measure their ads performance, a lot of that money may disappear.
(Or it may not, or it may disappear either way. That one market is crazy and I know almost nothing about it. But the claim that the money may disappear is valid, and you have to provide a valid counter-claim if you want to contest it. Calling it evil doesn't cut it.)
But this is exactly what I wrote that I don't believe in my initial comment. There'll always be more money in more intrusive tracking. Why would they give that up? Surely Mozilla is selling out to advertisers based on something more substantive than "we hope that advertisers won't keep taking a mile if we give an inch"?
And that DRM will likely come anyway and restric users of niche browsers like Firefox and operatings systems no matter what Mozilla does - just look how EME implementations and Websites using it treat Linux users not to mention non-x86/ARM architectures. So best is to push back now while we still can instead of giving them an inch.
Key comment replying to him there which gets no reply from him: "Opt-out is NOT a consent".
This is very problematic, see my last comment: https://news.ycombinator.com/item?id=40966312
> doing something about [the massive web of surveillance] is a primary reason many of us are at Mozilla
> we consider modal consent dialogs to be a user-hostile distraction from better defaults, and do not believe such an experience would have been an improvement here.
You know what's user-hostile? Doing things without the user's knowledge or consent. The new tab page of Firefox after an update often advertises features of the release Mozilla sees important (their VPN offering, Firefox on mobile, etc.). This time the new tab page told me nothing about this change. Communicating it to me was "free" and they still actively refused to do it.
"Doing something" about surveillance starts with transparency but if Mozilla's leadership doesn't see this as important they have no place leading such a company. Mozilla doesn't seem to wrap its head around the fact that their users use Firefox because they don't want the same kind of shady tactics Google or Microsoft keep pulling, they don't want their browser control to be handed over to some guy in a board room who needs a PR team to give a lengthy non-answer to the problem.
I see a lot of words spent on why they came up with this technology but barely a mention about the biggest issue here especially from a company that presents itself as a champion of user rights: they pushed the change in the dead of night and took an actively hostile decision in the users' names by enabling a clearly controversial setting without any warning or communication.
> we should have communicated more on this one
This kind of PR speak for "we actively kept it hidden" is the best way to alienate the users who investigated and chose this browser for a reason.
"The devil is in the details, and not everything that claims to be privacy-preserving actually is"
Yeah, like Mozilla.
This is not the first time they silently added tracking and avertisement. The toggle with "firefox shares basic telemetry with the adcompany Adjust" has been there activated by default since a while (among other stuff). This is just more tracking from them, while claiming to defend privacy. Another day, another scandal.
> It’s clear in retrospect that we should have communicated more on this one
What isn’t clear, in retrospect or otherwise, is why companies/apps/services need to keep learning this lesson. The user outcry was utterly predictable from even before the first web article was out. The fact that no one with decision power at Mozilla saw it coming is worrying: either they have zero understanding of people’s concerns for privacy or they don’t care. Neither is good.
Especially since this is very similar to what happened with Cliqz and that there likely are many at Mozilla who were around when that happened too. And the Cliqz scandal hurt Mozilla's market share a lot in Germany.
> The fact that no one with decision power at Mozilla saw it coming is worrying: either they have zero understanding of people’s concerns for privacy or they don’t care.
Or the third option: they feel the tradeoff of HN & co's criticism style is not a big deal in the end. Criticism of Mozilla in general is very warranted right now, but the way(s) in which everyone is doing so just feels very out of touch with the actual situation. ;P
They're - by their own words - trying to do something in a privacy preserving way because the ad industry is not going away. They might fuck it up at first, and that's why it's an experiment. It's also possible to disable it, it's not like you're trapped in it.
This thread in general feels like it leaves Mozilla no room to experiment or find any form of growth. People want them to be "just a browser" but then also expect them to be stewards of the web - and then cry foul when they actually try to find a setup that fits into the current model of the web.
> It's also possible to disable it, it's not like you're trapped in it.
Or so they say, in order to make people be OK with it. They might play the waiting game and in a year or two will make the setting not do anything and still collect / send data, hoping that by that time people have forgotten.
There is so much hypothetical-borderline-conspiracy-theory packed in to this single comment that I cannot find a charitable response.
I'd be fine to continue the discussion if you can find a way to engage without assuming that the people who build one of the last checks on the open internet are somehow trying to maliciously invade your privacy.
The days of Mozilla having earned the benefit of the doubt are long gone for most people.
The person you replied to made a reasonable point and your response reads as defensive and dismissive. Do you have an interest in Mozilla we should know about?
Eh, I don’t think my comment is defensive. I also could’ve just ignored the comment.
I explained to them that I’m open to discussing but there’s nothing to be gained when the comment starts off in conspiracy theory. It’s an open source project, people will 100% notice if they tried to do what the parent comment is suggesting.
> It’s an open source project, people will 100% notice if they tried to do what the parent comment is suggesting.
No-one thinks they'll lie about it. They'd announce it quietly just like this change, letting the fuss blow over. The average user would never even realise and Firefox would continue on its journey towards user hostility.
You’re certainly welcome to read it however you’d like.
OP specifically said “make the setting do nothing while still collecting the data”. I don’t know about you, but a setting that acts like that would be akin to lying.
> OP specifically said “make the setting do nothing while still collecting the data”. I don’t know about you, but a setting that acts like that would be akin to lying.
Well, that is what Firefox did here. They created a new feature, defaulted it to on, in direct contradiction to user choices. We know this because this Web Site Advertising feature defaults to on even where the user has the strictest level of tracking protection enabled and even when the DNT option is selected. Even so, Mozilla has decided that this form of tracking is not covered by those clear signals of user intent.
So why not believe that Mozilla will do this again. Deprecate existing tracking choices and enable Web Site Advertising tracking for everyone. Like this change, it would be announced and decried and ultimately used by the majority of users who don't follow browser changelogs.
What will happen is that privacy advocates like me will recommend not to use Firefox, as it's functionally equivalant to Chrome is this respect and far less supported, and Firefox will continue to die.
This pains me as a former contributor and advocate, but it's almost inevitable now unless a privacy-focused non-profit can fork Firefox and leave Mozilla to it's decline. I would even pay for a Firefox fork, but I will never donate to or purchase again from Mozilla.
No, let's be very clear here: what Mozilla/Firefox did here was default users in to a setting without good notice on how to opt out.
This is different from what was said in this thread, which is making the setting do nothing while still collecting the data. If you disable the setting/opt out, then the data isn't being collected.
> No, let's be very clear here: what Mozilla/Firefox did here was default users in to a setting without good notice on how to opt out.
That's a framing so charitable to Mozilla that it is untrue. Again, do you have an interest you should be declaring in this conversation?
> This is different from what was said in this thread, which is making the setting do nothing while still collecting the data.
No, it's not. It ignores the Strict Tracking Protection and DNT settings and opts in users to tracking. It's absolutely identical to possibility posited by the other commenter.
For all your pontificating above about other people's comments, it seems the only person commenting in bad faith is you.
I don't see how it's conspiracy theory. Firefox has done exactly this over and over again. (The latest example that annoyed me: browser.proton.enabled =false)
As a user of Firefox, I feel like I'm in a constant battle with Mozilla/FF to disable every new bad idea they have. Every time I'm forced into a surprise update I didn't ask for/try_to_install, something gets worse. This isn't an unusual state for commercial software, but Firefox is supposed to try to not be commercial.
Firefox is dependent on Google for ages, that should tell you all you need to know about "conspiracies".
I am not interested in a discussion with a person who gives the benefit of the doubt of a company who has clearly not only made a Faustian deal but is now looking to expand partnership with the people that nobody wants tracking their machines and activities.
Because as we both know, in the entire history of humanity there were NEVER any conspiracies when there is money to be made, right? Wink wink.
Well, no, that doesn’t tell us anything about conspiracies. That’s just Mozilla getting money from Google. You can argue that it’s problematic from the stance of Google using Firefox to argue they don’t hold a monopoly - and I’d agree with you there.
That deal with Google isn’t enough to leap to the conspiracy theory here though. The ad industry isn’t going away, Mozilla seems to want to try to make it work for all parties.
If you want to let perfect be the enemy of good, though, go for it. shrug
> This thread in general feels like it leaves Mozilla no room to experiment or find any form of growth.
Mozilla is welcome to experiment. The issue here is:
- The default opts the client in instead of the client making that choice to be a Guinea pig in the experiment
- I get emails almost weekly that amount to Mozilla playing the role of internet privacy police. They *are* well aware of the rights and wrongs. Are they going to call out themselves?
- As for growth? How about paid pro-privacy email hosting? And a suite of applications (a la Google docs)? Advertising might not be going away but there are still opportunities that align with Mozilla's ideals and brand... And they're too busy being hypocritical internet police???
> The default opts the client in instead of the client making that choice to be a Guinea pig in the experiment
I think this is a reasonable critique, even if I personally don't find it a big deal. If it's privacy preserving, I don't necessarily give a shit if it's defaulted on - especially if there's a way to disable it.
(IMO, defaulting it on and then widely announcing how to disable it is what they should have done, and their bungled communications on this is biting them)
> I get emails almost weekly that amount to Mozilla playing the role of internet privacy police. They are* well aware of the rights and wrongs. Are they going to call out themselves?*
Why would they call themselves out here...? They have stated, very bluntly, that they are trying to do something in a privacy preserving way. They are acting in line with their stated intentions/role/etc.
> As for growth? How about paid pro-privacy email hosting? And a suite of applications (a la Google docs)? Advertising might not be going away but there are still opportunities that align with Mozilla's ideals and brand... And they're too busy being hypocritical internet police???
Those are wholly separate business ventures, whereas dealing with the advertising behemoth is an unfortunate part of the browser ecosystem today. Someone, somewhere, is going to have to contend with this - and Mozilla is somewhat uniquely positioned to explore here.
If you think Apple or Google are going to do it without perverse incentives, then I don't know what to tell you.
We all lost our minds when Google tried to pull their privacy-preserving Federated Learning of Cohorts thing. I expect an even bigger outcry when Firefox, whose entire brand and reason for existence is privacy, quietly tries to do the same thing.
I think the worst part of the funding equation is that had Mozilla stayed on mission and invested it's Google fees wisely, Firefox development could have been indefinitely funded.
Instead, we have had Mozilla sprawling in numerous directions secondary to the browser and failing in nearly all of them.
That is the problem, people want to run a modern corporation with its tentacles always reaching and growing instead of focusing on a core business proposition that they can win at.
If you dont grow at double digit percentages year of year, are you even trying?
That is incredibly reductive and entirely misses the scope of the issue. It isn’t just HN. In case you’ve missed it, the article is not an HN page but a separate website. The comment I replied to linked to Reddit. It’s all over Mastodon. I’ve seen other blogs and publications commenting on it too.
Yes, of course a large number of people won’t talk about this in six weeks, let alone six months. On the other hand you’ll have ex-hardcore fans complaining about it for over six years. I still see people talking about the Mr Robot debacle and the other crap Mozilla has pulled to this day. If anything, Mozilla is more susceptible to this backlash than the average tech company. Regular computer users don’t give a rat’s ass about Firefox. The people Mozilla needs to convince are exactly the ones they keep alienating.
They might be correct but this thinking is also how Mozilla lost most of their German market share due to Cliqz. They assumed people would not care but they did. Also this is trending on /r/all on Reddit right now.
This bunch of nerds creates software, including for the web, and sometimes there's an option to test it on Firefox or not. Nerds also recommend browsers to friends and family.
If this were, say, Adobe, I’d agree with you. HN as a community doesn’t have much clout in the design or video space.
This is Mozilla we’re talking about, though. HN is exactly the sort of audience they need on their side. That bunch of nerds is the same group they relied upon to evangelise for them during the IE era.
Mozilla might just have decided that that's no longer the case: that their funding from Google does not depend on nerds advocating for the browser. That is either they came to the conclusion that Google will continue to fund them even if the market share continues to fall or they have decided that the end is inevitable and are just trying to milk the cow for all that she's got.
This comment shows such a lack of context of the history of Firefox that I wonder if it's trolling?
Firefox exists and reached its peak because of the people that idealogically cared about the Web and interoperable,security, privacy, etc who contributed to and advocated for Firefox.
One reason is that the people who would be promoting Firefox aren't.
Personally I feel mostly ashamed to admit I'm using Firefox. In theory Firefox is great. In practice they coming up with new ways to treat their core user base badly.
That is because Mozilla has consistently moved Firefox in the direction of a Chrome clone.
When Firefox started is was not a copy of existing browsers. There is no reason it would have to be now. But they have rejected their core users. So now the only option left is a Chrome clone because that is what people are used to.
Even if it was a credible idea, how exactly do you think that Firefox - the browser that the minute anything changes, the internet blows up over - would significantly alter their product in a way to differentiate themselves from Chrome?
This isn’t even getting into base level stuff like available engineering resources, or the scenarios where the other vendors often control or have deals to give them favorable distribution on platforms.
This isn’t the IE6 era. It’s a significantly different and harder problem.
For one, not throwing out their only differentiated advantage versus Chrome. For two, not taking the option that removes user control and customization whenever there is an option to do so. They could have been the privacy-focused browser, but it is still full of crap like this and various bits of undisclosed telemetry.
There would be value in being the only browser to actually stop when users tell them no. But they seem incapable of listening.
> They could have been the privacy-focused browser
I don't see how trying to find a privacy-preserving way of dealing with the ad conundrum makes them not a privacy-focused browser/company.
You'd need to otherwise cite something re: undisclosed telemetry, considering the project is open source... so I'm not sure how exactly it'd be undisclosed.
> Even if it was a credible idea, how exactly do you think that Firefox - the browser that the minute anything changes, the internet blows up over - would significantly alter their product in a way to differentiate themselves from Chrome?
You're presenting it as though any change would be met with hostility, but the alternative is that they're only met with hostility because they keep making changes that hurt the users. A little while ago they announced that they were working on properly supporting vertical tabs and tab groups; that wasn't met with any hostility. Of course, in the same announcement they said they were planning to dumb down the rest of the interface even more, which was. But the point stands; they can get a positive reaction by making changes their users actually like, they just don't do that as often as they do the other thing.
People used to have a dozen different instances of IE6 open. It was a pain to switch between them and it made your computer run slow. Firefox had tabs. And it had AdBlock. Those were things people wanted.
But these days, Chrome is plenty good enough for most people. Even if Firefox had a perfect privacy story and focused on their core users’ every whim, I don’t think their market share would grow.
Well then they need to close up shop or think of something else, because adding more ad tracking isn't a feature to anyone but predatory advertisers, and they will only keep paying you if users keep showing up.
For what it’s worth, I agree. Adding more tracking definitely isn’t going to help. But I don’t think there are any easy solutions. I definitely don’t envy the people in charge of Firefox’s product strategy.
> When Firefox started is was not a copy of existing browsers.
IIRC, when Firefox started, it was very similar to the full Mozilla Suite with some features removed (which is not surprising, since it started as a Mozilla Suite derivative and they shared a lot of code). It has a long lineage going back to the old-school Netscape Navigator.
> Or the third option: they feel the tradeoff of HN & co's criticism style is not a big deal in the end.
That’s the second option: they don’t care.
> This thread in general feels like it leaves Mozilla no room to experiment
If you you’re going to experiment with something that’s going to cause this amount of backlash (and my criticism is that they didn’t take the obvious reaction into account), you show a dialog on first run that tells you what the feature is, perhaps include a “Learn More” link, and have an option to accept or deny. You can even have the former as the default. And do it in your betas first.
Would that still cause some backlash? Possibly. But it would’ve been significantly milder and you would have seen a lot more defence of Mozilla for not doing without asking.
Mozilla in particular is frequently pulling crap like this and getting flak for it. They have to constantly apologise and back track. After a while you’d expect they learned something.
> Mozilla in particular is frequently pulling crap like this and getting flak for it. They have to constantly apologise and back track. After a while you’d expect they learned something.
Well, they learned: they fuck up, backtrack & apologize (it is free, no real impact, so no worries), and life goes on.
What you call Stockholm syndrome, I call reality. ;P
This is an area that we are stuck contending with. Legal solutions are needed here but that path is mired by complex and powerful lobbying. If Mozilla can push for a more private or more protective - even if not fully private or fully protective - then I’d like to see where it goes.
Firefox has 3% market share. Completely refusing to engage with your enemies only works when you have the actual guns to back that attitude up.
If you refuse to engage with the ad industry they just ignore you. Oh and the company that owns a large part of the world's ad industry and owns the browser that has 65% market share also pays like 90% of your bills.
I mean, what's step two of your glorious plan to charge fists raised into battle?
I know it feels right to say that. But really, do you think the majority of people who switched from Firefox to Chrome did it because FF did not address their privacy concerns? Seems ridiculous. However bad FF is, Chrome is much worse.
It seems far more likely that the remaining 3% are the few people who care, and therefore, "pulling this shit" did not cause the current market share.
> The advertisers get your data either way, so why not use Chrome?
You might believe that the advertisers get less of your data if you use Firefox.
Similarly: you might be less likely to have your house burgled if there are locks on the doors and a burglar alarm, even though people with those things still get burgled sometimes. You might be less cold outdoors in winter if you wear a parka, even though it's still cold. You might be less bored if you buy/rent/stream some interesting books, music and movies, even though having those doesn't guarantee never being bored. You might be less likely to lose your next chess game if you practice tactics and learn openings, even though you'll still lose if you play Magnus Carlsen. You might be less likely to have a heart attack or stroke if you take those antihypertensives the doctor prescribed you, even though those are still tragically things that can happen to anyone. Etc., etc., etc.
Very few things are absolute and perfect. It's usually a matter of "less" versus "more".
This latest thing gives advertisers more information about me than they would have if Firefox didn't do it. (Unless I turn it off, which in fact I have done.) It doesn't give them very much information about me. I'm pretty sure they would get much more information about me if I switched to using Chrome (e.g., because Firefox supports better adblockers).
For the avoidance of doubt, I do think Mozilla should have made more noise about what they were doing, I do think there's a repeated pattern of them putting things into Firefox that their users don't really want and hoping no one will notice[1], I do think that says something bad about how Mozilla is run, and I would be happier if the Firefox project were run by people less inclined to do such things. But none of that means that you might as well use Chrome instead of Firefox, if you happen to value the things that Firefox still does better than Chrome.
[1] Actually, I think they know perfectly well that some users will notice, and they've decided it's overall better PR to do the thing quietly, wait for people to complain, and then say "oh, whoops, we should have been more open about this, we're so sorry and will totally not do the same thing again in six months".
> You might believe that the advertisers get less of your data if you use Firefox.
Shortly as Chrome implements Privacy Sandbox, both Chrome and Firefox will support the same levels of advertising tracking. For Chrome, this is a privacy upgrade of sorts, but for Firefox, this is a definite downgrade.
As Firefox converges on Chrome in this area, the privacy advantage evaporates.
Does Chrome do anything equivalent to Firefox's "Enhanced Tracking Protection"?
Chrome forces extensions to use "Manifest v3" rather than "v2", which cripples some ad-blockers; in particular, the full version of uBlock Origin will run on Firefox but not on Chrome. (I'm not sure of the details about the v2->v3 migration; maybe that isn't universally true yet. If not, it will be soon.)
"Reduces" and "evaporates" are not the same thing. I see the case for the former, not for the latter.
I dont believe that, and have no reason to believe that at this point.
Any browser that makes me monitor their changes for privacy destruction is basically just chrome with more steps.
Actually it's the other way around. As long as Firefox only has a negligible market share, advertisers are not going to care about it enough to work around Firefox-exclusive tracking protection forever. Regulators are also not going to be concerned that Firefox makes certain business models harder because it is insignificant.
> Or the third option: they feel the tradeoff of HN & co's criticism style is not a big deal in the end.
Well, right now, with their dwindling market cap, I feel like their only userbase is HN & co's type of user.
They repeatedly failed to increase their user base with non privacy conscious adjacent communities. So antagonizing the ONLY folks that go through the trouble of installing a non default browser to have a worse user experience seems like a big brain moment.
I wonder what the market share in that segment is? From my experience, startup types almost exclusively use Chrome or Safari. Firefox doesn't even register with most devs.
It seems somewhat questionable whether or not it is possible to sustain something as complex as Firefox based on users like us. There might not be enough, or enough people willing to pay.
They’d be really screwed if Google didn’t give them a good deal. Somewhat wondering if Google just keeps them around to stave off the appearance of being a monopoly.
The web seems to have gotten pretty unsustainable in general. Might consider upgrading to Lynx or something like that.
> It seems somewhat questionable whether or not it is possible to sustain something as complex as Firefox based on users like us.
I have this crazy theory that Firefox could be completely sustained by users willing to pay for it.
I mean... Mozilla Co definitely couldn't be sustained by users money only, but Firefox could.
The only path I can see for a healthy web (if this is even possible right now) is to completely liberate Firefox from Mozilla's shackles and mismanagement. A free and open-source browser should be treated more like a public good, such as a Linux distribution, than a money-making machine.
> People ... expect them to be stewards of the web
Do people really expect that? I'm glad they're part of whatwg etc., but I'd much prefer they just made a good browser instead of tooting their own horns about how much good they're doing for society. In the end I think society would have been better off if they'd just focus on good tech like Gecko/Servo and Rust and not bothered with all their side stuff.
Step 1 - outrageous move
Step 2 - apologize, progressively pull back
Step 3 - people spread word they made it better
Step 4 - stick to still outrageous but comparatively better "middle" move
To really give it any excuse anymore. And so have you. If "Unity" tells you nothing... I'd like that rock, please, I'll need it to survive the incoming 4 years of social media.
Once you start assuming that every apology is fake and in bad faith, the world quickly goes to shit.
I'm not saying its impossible for apologies to be in bad faith, just that if it becomes impossible to apologize and move on after making a mistake, it becomes impossible to do anything productive.
Holding corporations (or anyone) to account requires having some way for them to rectify their past sins.
Otherwise this is just vengence. If you never forgive there is no rational reason for corporations (or anyone) to stop doing whatever objectionable things they are doing, since it would already be a sunk cost.
it's a classic abuse tactic: if you ask first, people will cry out and if you then do it, it'll be considered escalation on your part. so instead you do it first, and if possible, do something worse to begin with, and then when there's outcry, you take a small step back, claim to be the reasonable one, and then later on push the rest of the way.
> What isn’t clear, in retrospect or otherwise, is why companies/apps/services need to keep learning this lesson.
They are trying to find a funding model that makes them independent from Google.
- Building a fast, privacy-oriented browser that keeps up with web standards and fixes security bugs takes people, organisation and therefore money. Yes, much more than that CEO salary.
- No one wants to buy for a browser.
- No one wants to pay a subscription fee for a browser.
So you are left with ads. Mozilla is trying to find a balance there between privacy and ads with a clearing house approach. People who hate ads out of principle scream. How should browser development be funded?
One of the most common Mozilla complaints I see on the web is that you cannot fund Firefox development directly. People want to give money to it, but cannot.
Which makes sense, I guess. Anecdotally, Mozilla is by far the company I know with the most vocal users that get completely ignored.
Which is easy money that Apple uses for the company as a whole. They don’t make Safari because of Google’s money nor is it likely they would stop developing it if that money was no longer paid.
Except that it's well-known fact that none of your donations for the foundation ever go anywhere near Firefox itself, since Firefox is spun off as their commercial sector to accept Google's money
If the Mozilla foundation creates a donation button with the condition that the money goes solely to browser development (no CEO salary or political activism) I will donate.
Mozilla has tried experiment after experiment to try to earn money. Let's try forcing Pocket down people's throats. Let's automatically install Mr Robot. You know what people will love? Full-page ads for a VPN! No one has seen enough VPN ads!
The one funding model they haven't experimented with at all is actually asking people to pay for Firefox. Donations or subscription, they haven't even tried it once.
And yet people will over and over again insist that that would never work. Doesn't that strike you as odd? They're willing to flail about trying thing after thing after thing that their users hate and yell about and they end up having to pull back, they're willing to burn credibility over and over again, but the one funding model that their users keep telling them they want they refuse to even try on the grounds it would never work.
You can even donate money today: https://foundation.mozilla.org/en/donate/
From memory, Mozilla's spent years trying to get donations through asking people nicely and in relatively unobtrusive ways in-browser for years. You can even give monthly - a subscription, if you will.
Not only have they tried both donations and subscriptions, but their efforts have been resoundingly ignored. To the point where you are far from the first person to fault them for supposedly choosing to not do what they demonstrably do.
Perhaps people suggest that donations and subscriptions don't work well or reliably because there's history showing that.
> At one point Mozilla was literally selling a VPN subscription. That point is now - you can go buy one today.
I don't want a VPN. And I don't want to pay money to a Mozilla VPN of which some unspecified percentage will actually get used to pay for Firefox development (with the rest actually paying for the VPN). I honestly feel my money does more harm than good paying for the VPN because it creates a false impression of where the demand is.
I don't want a subscription to an unrelated service, I want a subscription to Firefox. I want my money to go into a stream that unambiguously shows my support for the single Mozilla project that I care about.
> You can even donate money today
That money will not (and I believe cannot) go to Firefox. As presently structured the corporation does all Firefox development, and the corporation cannot receive money from the foundation, so donations to Mozilla do nothing for Firefox.
> Not only have they tried both donations and subscriptions, but their efforts have been resoundingly ignored.
Not ignored, for the reasons stated above they haven't actually done what you say they've done.
I do expect that's the next step at Mozilla - locking features behind paywall with some premium plan. Cloud sync probably will fall into that basket. And if that eventually won't work - they'll surely announce it's time to "sunset".
Personally, I think that's what they should've been doing all along. If it doesn't work at this point, it's because it's too late, and they've already burned enough of their credibility that people don't want to give them money anymore.
It doesn't have to pay for the entire Mozilla organization, it just has to bring in more money than the random other stuff they've tried. That's not a very high bar to cross.
At the same time, even a tiny bit of friction is enough to get people over the mental hump of paying for something.
They could easily gate off certain features behind a paid build, so either you pay or compile it yourself from source. Downstream packagers could of course do whatever they want (eg Debian). However, it creates a minor amount of friction for a relatively large fraction of the user base, and moreover sets the baseline expectation that this is not really "free as in beer", even though it remains "free as in freedom".
See also: Sublime Text, which, despite being closed-source, is 100% free-as-in-beer to use in perpetuity, and yet somehow they make enough money To not only continue development, but even start developing other products (Sublime Merge), even as their brand recognition wanes and their competitive advantage shrinks.
> And yet people will over and over again insist that that would never work. Doesn't that strike you as odd?
Not really. Perhaps they know enough about this that they believe it wouldn't work. How much would you pay for Firefox per year? How many people would pay that figure?
Lets be honest, the number of HNish folks running Firefox is insignificant, compared to number of people using Firefox because their friends recommended it. So even if lets say 1% of the users(HN and similar folks) perform an outcry and go ahead disabling it, the other 99% of the people will still be a huge moat of data. These strategies(though I am willing to give Mozilla the benefit of doubt), had been played out many times, "ops we did this ... emergency update to fix it ... we are releasing this now officially, agree to our terms if you want to continue ... you can always opt-out ... slow boiling frog metaphore ... this is now permanent with the option to disable is gone and forgotten about".
Y tho? I run firefox and chromium side by side all day to isolate personal from work and chromium crashes constantly on a 64GB machine. Chrome uses so much more memory.
Honestly, having worked at companies that made unpopular product decisions (nothing like this, but still every company puts its foot in its mouth sometimes), it can be surprisingly non-obvious what gets people bothered and what doesn't.
We always see the decisions that blow up, but we dont notice the thousands of decisions nobody cares about. Sometimes it really does look like just another minor feature request at coding time.
> it can be surprisingly non-obvious what gets people bothered and what doesn't.
Agreed in general, disagreed in the specific Mozilla case. They’re an internet-related company where “privacy” is one of the stated core goals, yet they’ve stuck their foot in their mouth so often they could open a shoe shop. Failing to see this one is at best incompetence.
They don't care. It is not the first time, always the same excuse and blame the user to not be intelligent enough to understand (this is what communicated more means in their broken by profit minds).
> this is what communicated more means in their broken by profit minds
"We should have communicated more" seems like a passive-aggressive way of saying "Oh, you poor simpletons... We should have talked slower, used more, simple words, and been more persuasive. We failed to properly explain why you're wrong. If only we did that, you'd more readily accept what we're giving you."
> What isn’t clear, in retrospect or otherwise, is why companies/apps/services need to keep learning this lesson.
Please. This is never about learning and better communication. This is universal corporate English for: "you got us, but we really don't give a flying ef and we will fulfill our goals step by step - no matter what you say".
Companies know this but they don't care because there are rarely any consequences that cannot easily be mitigated with cheap PR tactics. Even now you are responding to a PR statement that is trying to reframe the issue as users simply not understanding what Mozilla is doing when in reality Mozilla knows full well that this goes agains the explicit wishes of a large part of their userbase but have chosen to enable this anyway. This isn't a communitcation issue. This is a fundamental "who does Mozilla serve" issue.
> It’s clear in retrospect that we should have communicated more on this one
Oh maaaaaaaaaaaan do I despise hearing variations on this "non-pology."
It's never "Wow, we fucked up by doing something harmful to you." It's always, "My bad, I failed to explain exactly why you're wrong to think this is harming you. I take total responsibility for not explaining why this is actually good for you. I'll try again."
> What isn’t clear, in retrospect or otherwise, is why companies/apps/services need to keep learning this lesson. The user outcry was utterly predictable from even before the first web article was out.
One possibility is they knew there would be an outcry but estimated that the loss in user support because of it would be limited enough that the upside of having the majority of users with the setting left on wins.
> Most users just accept the defaults they’re given, and framing the issue as one of individual responsibility is a great way to mollify savvy users while ensuring that most peoples’ privacy remains compromised. Cookie banners are a good example of where this thinking ends up.
The problem we currently have with cookie banners is thanks to the browser vendors not caring about it.
An API could exist which a page can query, where the user has already pre-selected how they want to deal with cookies. For example reject all but the essential ones, reject none at all, reject some, according to certain criteria.
Even more, the browser could check if the page is adhering to the user's expectations, and if it doesn't, block it for a period of time, like a week or a month, and publish the fact that they ignored the user's wishes.
Possibly also give the user a signed document which claims that this page did not respect the user's privacy expectations, so that the user can use it in court.
He's talking about cookie banners. The issue with cookie banners are the dark patterns, but the end-goal is to obtain permission from the user to set cookies.
This requirement to constantly ask the user while using these dark patterns is what makes normal people just give up and "accept".
If the page is expected to ask the browser which preferences the user has set regarding the cookies, then this problem is gone, because the page no longer is expected to ask a person via a popup.
This was already tried with the Do Not Track header. Websites simply ignore it. They don't want an easy way to get the user's preference. Because they know that most users would set it to decline tracking. Sites would rather annoy every visitor for the chance that they click 'accept'.
If it wouldn't work, then I'd see no ads in my paper-based iX subscription, yet it is full of ads even though I'm paying for that paper.
But the paper has the benefit that the ads I see there don't collect information on me. This is what I want the internet to be.
Ads OK, but no tracking of me if I don't want it (which I express via cookies when in a browser).
Also, you should note how greedy these companies are that they show you the paywall after you have consented to the cookies in order to read the article. No hint on that accepting the cookies is only useful if you also have a subscription. When you can't read the article, they don't revert the setting of the cookies, but just pretend that they gave you access to the article and keep the cookies around for days or years.
It's not. Tracking leads to better targeting which leads to higher conversion ratios and overall higher "Cost Per 1000 Impressions" (CPM).
If you simply do "contextual" targeting, so targeting based on the page content, your CPM will go down and and the publisher will lose money.
> Also, you should note how greedy these companies are that they show you the paywall after you have consented to the cookies in order to read the article
Depends on the company. News media publishers use the same system but are usually barely profitable if at all.
> Also, you should note how greedy these companies are that they show you the paywall after you have consented to the cookies in order to read the article. No hint on that accepting the cookies is only useful if you also have a subscription. When you can't read the article, they don't revert the setting of the cookies, but just pretend that they gave you access to the article and keep the cookies around for days or years.
The EU Court of Law decided that offering a subscription or mandate for cookies to be enabled is not legal as an offer. So the transactional nature you propose is currently not allowed. What is allowed is a grey area which has yet to be explored.
Older folks might remember that there were a lot of people willing to make content free, just out of personal enthusiasm, and that this content was actually a lot higher quality than that pumped out by capitalist motivation.
So, actually, users and sites both had what they wanted, just not corporations.
Although I agree that news media quality is not always great (really depends from one publisher to another), I would not really qualify random people on Twitter as "news coverage".
It is enforced, courts just work very slowly. Courts have already started interpreting the DNT header as GDPR-compliant opt-out that websites must follow.
DNT was before the GDPR. The landscape has changed considerably since then and a standardized opt out signal being enforced is not out of the question.
Is it just me that sometimes get the feeling that when companies have to explain them selves with this amoubt of text, they actually know that they are doing something wrong but are trying to cover it up by these long and unnecessary explanations?
First there's a justification based on current anti-tracking system being bypassed:
> "there are enormous economic incentives for advertisers to try to bypass these countermeasures"
Then:
> We’ve been collaborating with Meta on this
Given Meta's track record with scooping up just about any personal data they can find, it's pretty obvious that this is just going to be yet another datapoint in Meta's collection.
Wow. This represents a profound misunderstanding of the advertising industry.
Data is their edge. It's how they compete with each other.
The privacy "arms race" isn't just between the browser vendors and the trackers, it's also between tracker a and tracker b.
Giving them a new data point (no matter how """privacy preserving""" it is) is just that, another data point. It's not going to make them give up on the others.
To be honest, I would have used a different approach and browsers would very well be capable to give erroneous data and contaminate data from tracking users. This would be going on the offensive, and I don't believe there are any legal barriers that prevent users from "ad fraud".
I don't believe in cooperation with an industry that has shown no remorse with tracking users at all. That will not be successful. Advertisers will employ this and still track. And it is possible to not get tracked and deliver false data, even today.
Maybe I'm cynical, but the rationale given seems extremely naive. There's nothing stopping advertisers from using this new attribution mechanism and tracking users as much as possible. In fact that's probably exactly what they'll do since it's likely that not every browser will support this kind of attribution.
The arms race will continue as it does today, but advertisers will have yet another avenue to exploit in the form of the attribution API.
>But how does the PPA actually work? There is an aggregation server between the advertising provider and the users or their data, which anonymizes the information from the individual app browsers. Only then does it make the data available to the participating advertising customers.
The article links to Mozilla’s press release / blog entry about the acquisition of Anonym [0]. It’s pretty dystopian reading. The last three paragraphs and the summary of Anonym are more worrying than anything else I’ve read on this so far:
> This acquisition marks a significant step in addressing the urgent need for privacy-preserving advertising solutions. By combining Mozilla’s scale and trusted reputation with Anonym’s cutting-edge technology, we can enhance user privacy and advertising effectiveness, leveling the playing field for all stakeholders.
I can only interpret this as the urgent need is money, and wants to sell its "scale and trusted reputation". Mozilla has been down this road before. It was not good for them.
> Anonym was founded with two core beliefs: First, that people have a fundamental right to privacy in online interactions and second, that digital advertising is critical for the sustainability of free content, services and experiences. Mozilla and Anonym share the belief that advanced technologies can enable relevant and measurable advertising while still preserving user privacy.
This is some pretty weak wording for a press release. The economics of the situation are that advertising will always trump privacy. Researchers have successfully de-anonymized anonymised data sets, including medical records. Why would these data be any different?
> As we integrate Anonym into the Mozilla family, we are excited about the possibilities this partnership brings. While Anonym will continue to serve its customer base, together, we are poised to lead the industry toward a future where privacy and effective advertising go hand in hand, supporting a free and open internet.
Anonym’s customers are advertisers, right? The same people who for decades poured money into eroding that free and open internet that we had…
> About Anonym: Anonym was founded in 2022 by former Meta executives Brad Smallwood and Graham Mudd. The company was backed by Griffin Gaming Partners, Norwest Venture Partners, Heracles Capital as well as a number of strategic individual investors.
Well, it seems Anonym, Smallwood and Mudd had a nice piece about them written in the Wall Street Journal [1]. From the second paragraph:
> Graham Mudd and Brad Smallwood each spent more than a decade building Meta’s advertising system, which allowed the company to offer granular data about how ad campaigns worked with individual users, often by tracking their web and mobile activity.
Chrome, which meant Mozilla managed to scare people away from their own browser into a using a browser which respects user privacy even less. Great job there Mozilla!
> Chrome, which meant Mozilla managed to scare people away from their own browser into a using a browser which puts less PR focus on claiming to respect user privacy. Great job there Mozilla!
FTFY. Both browsers have been pretty bad for privacy for a long time and are more than happy to exfiltrate your data to the respective operators without your consent.
I would say, average user is using Microsoft Edge(whatever that comes default with their OS) on their desktops and a combo of Chrome/Samsung/Safari on the mobile.
While Chrome adverts and fearmongering campaigns are now everywhere and people seem to be taking interest in Chrome, but Edge is probably the most common, as I see it literally everywhere(including public service office facilities).
The whole acquiring Anonym thing is almost guaranteed to go wrong. Either Mozilla just wasted a lot of money buying the company as it fails to be profitable or privacy will be eroded as Mozilla starts profiting from ad sales.
The companies buying ads aren't keen on privacy, at least not if it comes at the cost of optimizing sales, so I don't see anyone but small "do good" niche companies would buy into what Anonym is selling. Alternatively Mozilla will make money and start relaxing privacy restriction in order to extract even greater profits. I don't see them stopping half-way. The Mozilla leadership has again and again shown that they do not understand their user base.
Firefox is a great browser, but so it all Chromium based browsers. Mozilla apparently never considered why someone might stick with or switch to Firefox, when Chrome, Edge, Safari and other browsers do the exact same thing, sometimes perhaps better. I really want to ask the Mozilla CTO and upper management what they think their product is, because I got a in increasing hunch that Firefox isn't the first thing that would come across their lips.
Personally, right now the only reason I'm not switching to something like Vivaldi is my desire to ensure that rendering engines beyond Blink is represented in statistics.
They really need to start adding windows as a build target at some near point in the future. As a webdev, that’s the only way I can convince the public to switch.
Because of the whole culture of GNU/FSF/Stallman, it can be a little funky at times. It has been a while but I think it still comes bundled with LibreJS, an addon that checks every Java script for Libre licensing. And yes it can be disabled.
I get it and I like the idea but it does make for a difficult up front experience.
That would be a great day. Unfortunately the culture of Linux is still too much walled garden, not in the Apple-like commercial sense, but in the tech culture kind of way. We need a way to embrace the public without losing what makes Linux great (to hack it to your own specifications)
It's already too hard to convince public to switch from chrome to another chromium browser or firefox and you're talking about switching to browser that is at least several years away from feature parity
I appreciate Ladybird's initiative. But if they work with Servo, Ladybird can build the browser and Servo can focus on the engine. Also we can avoid C++ nightmare. Everybody wins.
Ladybird seems to have more momentum and be further along in development in my testing of visiting random websites. This may or may not have something to do with developer velocity of each language, genuinely I don't know but I think it's worth considering.
Regardless, from what I've gathered, Ladybird is going to ship of theseus their way into memory safety. It's not announced what the C++ replacement language will be, but they are working towards that.
In what way? Rendering pages CSS compatibility? I tried servo on Windows and it worked, not so much for Ladybird - granted, I wasn't feeling up to task of compiling it for Windows.
Ladybird doesn't support Windows yet because most developers use Linux or macOS. Ladybird has been progressing faster when it comes to CSS rendering and JavaScript support.
Slow is the price we'll have to pay. Just like how VPNs slow down your connection
Or, if one dreams for a moment, if slower becomes the norm, web apps will have to become less complicated. Fast seems to just enable more and more ad tech
I don't feel the need to fix the whole world. Just my corner of it.
I would use it to read my rss feeds. I'm sure we could make Hacker News discussions work. My mastodon feed could probably work too. That's 90% of my browser usage right there.
Just imagine how pleasant it would be to browse and navigate. Would be so fast, so responsive.
I really like https://geminiprotocol.net/ but I think they went too far removing images, sounds, video, and forms.
Or just don't access any content that is funded by advertising. The nonprofit web still exists. But for all content that's not someone's spare time passion project, someone's gotta foot the bill.
Yes. However, different protocols can be used for different purposes, but will need to be FOSS as well as not overly complicated specifications.
Some older protocols such as IRC, NNTP, Gopher, and email (especially plain text email and not HTML email), is one thing to be usable.
There are also some newer protocols and file formats for some uses, e.g.: Gemini protocol/file-format, Scorpion protocol/file-format, Spartan protocol (which uses the same file format as Gemini, although with an extra link type), Nightfall Express (probably the simplest one, although this means that virtual hosting will not be avavilable), and perhaps some others.
(One thing I have read somewhere (I cannot find it now) is three rules for making such a "small web" protocol: (1) Don't make it a subset; (2) Don't make it compatible; (3) Make it better for everyone (authors, readers, programmers, etc). They also discussed separation of "document web" from "application web"; I agree with that too, although of course there is the consideration of how such a separation should be working. I have ideas about this, and I believe my own designs do follow these three rules better than Gemini and Spartan do.)
I had written my own list of what "small web" protocols/file-formats that I am aware of: scorpion://zzo38computer.org/smallweb.txt (which was originally posted to Usenet, although it has been updated since then) One way to access this file would be a command such as:
echo 'R scorpion://zzo38computer.org/smallweb.txt' | nc zzo38computer.org 1517 | less
(If you have other mirrors of this document, perhaps with your own changes, you could tell me and I could add it to the list of mirrors.)
Another proposal is the following suggestion to make a "small web browser": gemini://xavi.privatedns.org/small-web-browser.gmi (the document I linked above describes how to access this file in case you don't know) I agree with some of the points made but disagree with others; I will comment about some of these points later. (However, you could use some of these ideas for the HTTP/HTML part of a multi-protocol browser.)
Comments about gemini://xavi.privatedns.org/small-web-browser.gmi :
I do not believe that just using this existing HTTP/HTML is the way to do it (and other people also agree with me about this), although it is one way to do it, and can be combined with others.
Such a "small web" browser could be designed to support multiple protocols and file formats. So, in addition to HTTP(S), also Gopher, Gemini, Spartan, Scorpion, Nex, local files, and possibly NNTP (although this would not be as good as a dedicated news reader software, it would at least allow to read articles from a NNTP server without needing to set up your dedicated NNTP client software; Lynx also supports NNTP).
> While I do think HTTP/1.1 is good enough for most tasks [...] there are several aspects that I do not particularly like: Cookies, User agent, Referer, Etag, Cross-origin requests
I do not like these features much either. HTTP/1.1 still is good enough for many tasks, although it is still messy in some ways and more complicated than it could be, although for the purpose of accessing services that use HTTP, it will be good enough for this purpose (which is what the article describes doing). (One feature of HTTP that I think is useful that Gemini, Spartan, and Gopher lack (but Scorpion does not lack) is Range requests, although that isn't that useful for a browser and is more useful for a download manager (including command-line programs such as curl). Multiple ranges in a single request seems an unnecessarily complexity to me, though.)
> Support a small subset of HTTP/1.1, supporting GET/POST, while effectively removing support for most HTTP headers.
Agree. (You could also suppport adding arbitrary extra headers by user configuration; e.g. the user could specify that they want to add a "Accept-Language" header or a "DNT" header or whatever other arbitrary headers they might want.)
> Support a subset of HTML5, so that embedded images, audio and video are possible.
Mostly agree. Embedded images would be useful to be able to switch on/off by the user; if off then they appear as links. Embedded audio/video is probably not useful at all; I would have <audio> and <video> commands to be displayed as a list of links (the audio/video can be viewed if you follow the links).
> Support modern CSS, possibly leaving deprecated or complex features out.
I would probably leave out most of the features, although you do not necessarily have to do so. However, important would be to allow disabling CSS (and ensure that "complying with the requirements above" (see below) means that it is guaranteed to work correctly if the user chooses to disable CSS).
> Support NO JavaScript at all, as JavaScript is one of the main sources of complexity behind a modern web browser, and is typically abused for user fingerprinting.
Agree.
> Mandate the use of TLS-encrypted connections.
Disagree. Encrypted and unencrypted connections are both useful (and the URI scheme would distinguish them; this allows end users to easily filter out any sites that do not support encryption from their local index).
> Allow integration with SOCKS5 proxies e.g.: Tor.
Agree, although in addition to this, it is also sometimes useful to be able to use local programs as proxies and to have the proxy to handle TLS (although there is some complication in handling client certificates when doing so).
> Provide passwordless authentication via client certificates, and always ask for user authorization beforehand.
Agree, with both parts. (Passwords might still be implemented too (although if you don't want to, then you don't have to); HTTP has a "Authorization" header for this purpose, and Scorpion also supports something similar (in addition to supporting client certificates if the connection is encrypted).) It will be necessary to ensure that the user can command the browser to log out at any time (both with passwords and with cli...
There are surely to be diminishing returns for sure. Ladybird is clearly improving this fast right now because the devs are picking the low hanging fruit. But we also don't need 100% parity before Ladybird usable. And when users pick it up then it begets more donations and more devs resources, which mean more improvement. So there is reason to be optimistic.
Is there any reason to believe that the Servo project will produce a full independent browser, rather than a browser engine as their website states? The only likely outcome is that it be used in Firefox...
How would that solve the problem? Years down the road, if they actually finish their browser, what guarantee do you have against it being enshittified in some way? The only option I see is a project that exists to deshittify an open source browser.
So far the core idea is a sort of constitutional foundation to try and ensure it doesn't get absorbed into that think. Mind you, that was Mozilla 20 years ago.
Short term, deshittify Firefox. Mid term move to some like Lady bird. Long term, if Lady bird is corrupted, start on browser replacement number 2.
Alternatively, the hardest step of just walking away for heavy internet usage I guess.
What do you expect from a company indirectly owned and controlled by Google money?
I can't wait for Ladybird to get good, in a decade realistically, swimming against a massive current of Google pushing its unstandardised nonsense on Chrome, and web developers jumping on the bandwagon, making web standards more and more complex by the day so no one ever is able to catch up.
You can add to the dead internet theory the fact that the Web is now maliciously impossible to recreate and access from scratch if you are unable to compete with the billions Google spend to maintain their hegemony. Heck, even Microsoft found it was more efficient to join Google rather than to try and direct what they laughably call "an open standard." There is more competition to build reusable space rockets than in web browsers.
A sad day, and sadder days await us. Shame of Mozilla, and on the CTO trying to sell this feature as a good thing.
They aren't owned nor controlled by Google. And certainly not directly.
I presume you refer to the fact that most income of Mozilla comes from Google paying a fee to have their search be the default. While that is worrysome, it's not control nor ownership. Let alone direct control. At most it gives Google leverage.
While the jokes is appreciated, I'm also half-serious in considering just using Links/Elinks or w3m and just use whatever is the default browser on my OS for those cases where I need to book ticket or do banking.
I'm sadly falling out of love with the web. So much fun and enjoyment have left the web in the past 20 years and I don't enjoy or to some extend even benefit from the modern hellscape of modern commercial web.
And fallback to Firefox when things don't work. Which is usually on sketchy websites, websites that have heavy bot protection and fingerprinting or ones that use gpu APIs.
* There is no legal entity behind the project. Should anything ever happen with the project (it can happen, even if unlikely), there are no legal ramifications.
* The binaries aren't signed. Yes, code signing is a bit of a racket, but there is some merit in it.
* There is no auto-update mechanism. Might not seem like a big deal, but IMO it is, especially on Windows where you're recommended to rely on 3rd party client to update the browser for you. You've now added a middle man, and since the binaries are not signed... well there's no guarantee you aren't downloading a malicious binary.
>There is no auto-update mechanism. Might not seem like a big deal, but IMO it is, especially on Windows where you're recommended to rely on 3rd party client to update the browser for you. You've now added a middle man, and since the binaries are not signed... well there's no guarantee you aren't downloading a malicious binary.
To me, this seems like a plus. If you want users to update, provide them with something worth updating to. This tracking suddenly being enabled for a ton of users is the very result of automatic updates.
Also, for some software vendors, frequent/automatic upgrades are a great place to hide silent reconfiguration.
Mozilla has been repeatedly resetting "Always check if Firefox is your default browser" option to "yes" with upgrades. I don't see why "private-attribution submission enabled" wouldn't be reset in future in the same way.
As mentioned above, we aren't talking about Firefox's update mechanism here, but rather Librewolf's.
> Mozilla has been repeatedly resetting "Always check if Firefox is your default browser" option to "yes" with upgrades.
I'm sorry to say this, but this just seems to be misinformation.
I don't see that anywhere in the source code[1]? Anything I can find regarding prompting the user regarding the default browser is hidden behind an if guard to make sure the pref is `true` and not `false`.
The only scenarios I am aware of that will change the pref if the user has toggled one manually is the `_migrationUI`[2] function (as you can see, no changes relating to `browser.shell.checkDefaultBrowser`). Otherwise, untoggled prefs will be changed if the value in `firefox.js`[3] or `all.js`[4] is changed. As you can see, the last time the pref was modified was 2004.
But we're not talking about Firefox's update mechanism here, we're talking about Librewolf's. They are already the custodians of custom settings and making the choice for you, so it doesn't seem like a valid comparison here.
I would also say a web browser should be the one piece of software constantly updated due to the sheer volume of security patches issued every few weeks.
>But we're not talking about Firefox's update mechanism here, we're talking about Librewolf's.
Doesn't matter. I don't inherently trust any organization.
>They are already the custodians of custom settings and making the choice for you, so it doesn't seem like a valid comparison here.
I can make the choice to install software. I should be able to make the choice to upgrade it as I choose as well.
If I buy a chair from Crate+Barrel, I have given them the choice of designing and manufacturing that chair and all the decisions that went into it. But I do not give Crate+Barrel the choice of sneaking into my house and swapping it with some newer version of the chair that 51% of the population liked slightly better after 5 minutes of testing or that they think will make them more money somehow.
> I can make the choice to install software. I should be able to make the choice to upgrade it as I choose as well.
I think that's completely valid.
I was just assuming (maybe incorrectly?) we're talking about what should be happening in general (so what the experience for the layman should be). Now whether that applies to Librewolf is another story, but arguably it becoming fairly known, it should.
Side-note: In Waterfox, I've re-added the ability to disable auto-updating completely. I completely understand the want to manually update software.
> You know perfectly well that point 1 is completely irrelevant in the world of open-source.
Genuinely, why not? Open source projects go through ownership changes (as unlikely as they may be), social engineering, etc. In the unlikely chance something were to happen and anything malicious were to occur, what recourse is a user to have? And we are talking about a web browser here, which will be accessing peoples most sensitive data. I don't think this is an unreasonable stance.
> A UK Ltd. is less transparent than Librewolf, an open-source project run by many volunteers without the incentive to make any money.
Well this UK Ltd is still beholden to English law and UK GDPR. You could argue the merits and teeth that GDPR has, but I don't see why it's not a valid comparison? I can't just start processing personal data without complying with GDPR, for example.
> The risks you are talking about are not inherent to Librewolf, but to Linux and open-source, and thus are not legitimate criticisms of Librewolf.
Linux has the Linux foundation, which AFAIK is going to be beholden to California law? I don't see how that can't also be a criticism of Librewolf (and any OSS in a similar spot?).
> Point 3 is no longer true, the installer comes with the option to enable auto-update and on Linux, it also auto-updates, depending on distro, etc.
It seems to me to still true, because the installer is installing WinUpdater. Which, as it seems, is maintained by an individual developer?
> If you want LibreWolf to be automatically updated (recommended), you can choose to install the LibreWolf WinUpdater[1], which is included in the installer.
While the Wikimedia Foundation is often quoted as having cancer[1], I guess the Mozilla Foundation has Alzheimer's, constantly forgetting who they are and why they are here in the first place.
And the scandals they have been involved in the past. Cliqz was another attempt by Mozilla to invest in privacy preserving technology (that time search, this time ads) where they did a stealth launch without user consent.
Out of the frying pan and into the fire. With regards to privacy and tracking Chrome/Chromium is so much worse than Firefox. Whether it be terrible defaults, exceptions which allow Google to see your system info, or an incognito mode which is a misnomer, Chrome just doesn't do privacy at all.
I can sympathise about general usability concerns but they don't really relate to the OP.
I personally run Ungoogled Chromium for anything that doesn't work in LibreWolf, which is fortunately not too much.
I've been looking at it and they are fortunately very open about how they are funded (search engines and bookmarks). Opera was my browser of choice, back in the days of Presto, so I trust the Vivaldi CEO/CTO who also ran Opera. My main annoyance with Vivaldi is that it's Chromium based, I really don't like the idea of a monoculture of rendering engines.
> By offering sites a non-invasive alternative to cross-site tracking, we hope to achieve a significant reduction in this harmful practice across the web.
Firefox should integrate a tracker-blocker which blocks all ads which rely on executing Javascript as well as profiling-related 3rd-party code snippets, but leaves ad images which are integrated into the page, served exclusively by the owner of the page, and are based on the content offered by the page. Like magazine ads.
Everything else is just agreeing with the advertising industry on their idea that profile-building is fine.
These advertisers nowadays think they have they are entitled to everything, and Firefox just helped them.
They could offer a deal to Toyota and tell them they're offering image-only ad space on all car-related pages. For example images with deals. Toyota would know from the referrer that the click came from Wikipedia.
All the other images are hosted by Wikipedia themselves and are not ad-related, so I don't see where's the issue here.
I'm just saying that the domain that hosts the page and the domain that hosts the image are often not the same. Wikipedia hosts the articles, wikimedia hosts the images.
If a browser wants to be strict about what it loads, most of the web would appear broken. Maybe google could have the weight to force such change, but no way could mozilla impose such a strict rule.
This works by adding noise. Can't an attacker bypass it by boosting the signal? Assuming the attacker can create sybil advertisers/browsers, this should be totally doable:
1. Define some baseline set of M impressions with various ad identifiers and from various sybil advertisers.
2. For each target user, define some set of M marker impressions, also with various ad identifiers and from various and sybil advertisers.
3. Save all impressions (marker + baseline) on a bunch of sybil browsers to get above the reporting baseline with some probability.
4. If/when a target user visits a target website, request a conversion report for each ad/advertiser.
You now have a baseline signal (from the baseline ads/advertisers) and a marker signal (from the marker ads/advertisers). If this is one of your target users, you'd expect their "marker" signal signal to be stronger than the baseline.
I assume it’s the MPC part that would need the Sybil protection?
Also, another assumption, but it’s that doc still builds upon the W3C proposal - would it not be worth raising as an issue in the repo? Seems to still be active.
If 1% of regular Firefox users just donated the equivalent of 10USD per year to mozilla, they would not have the need to find ...eyebrow-raising... ways to earn money.
On the other hand, people would be more inclined to donate money if they could trust Mozilla to value the privacy of their users, which is one of the biggest reasons people choose FF in the first place.
Only if they'd also spin off the browser from all the political activism and NGO cash grabbing, and let people choose themselves to which of the two their money goes.
520 comments
[ 2.5 ms ] story [ 318 ms ] threadEdit: Weird, some people seem to have received more options than me. For me there was just one option to accept (Zustimmen) and nothing else. Everything was in German but I read German anyway. I was on mobile though, perhaps this is why? I can't see it again because I already pressed it.
A practice (pay or accept cookies) which was actually ruled in breach with GDPR but many German sites seem to do this somehow.
I agree with the criticism on Firefox but this is very hypocritical. Heise used to be a good company. I even used to subscribe to C'T and iX.
Our Data Protection Agencies ruled it okay. There was a recent court case that called it into question again, so we’ll see how things develop.
FWIW, my normal blockers manage to block the heise.de pay-or-track banner, different from, e.g. golem.
No, this part is mandatory:
> Datenverarbeitungen von Werbeanbietern einschl. personalisierter Werbung mit Profilbildung [Zustimmung erforderlich für kostenfreie Nutzung]
! Jul 18, 2024 https://www.heise.de ||cmp.heise.de/index.html$subdocument
:)
The only way to get some collective action from 99.999% of web users, would be to get multiple high profile media personalities to endlessly, repeatedly tweet about it... along with a catchy jingle.
Users would still have no idea about anything privacy related, but maybe 10% would do as commanded by their idols.
- choices presented must have the same visual weight (e.g for buttons)
- there must be no default choice preselected (e.g for radio/toggles)
- the fallback when no choice is made (e.g a dismissal or a "failure to display" a.k.a bug or nag blocker) must be equivalent to deny all
Instead we get this mess because enforcement requires litigation from users and these companies make just enough to claim "oh we thought it was Ok plus we go through a off the shelf pluggable third party so not on us" plausible deniability.
from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELE...
> If the data subject's consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.
> Consent should not be regarded as freely given if the data subject has no genuine or free choice or is unable to refuse or withdraw consent without detriment.
from https://www.edpb.europa.eu/sites/default/files/files/file1/e...:
> Example 6a: A website provider puts into place a script that will block content from being visible except for a request to accept cookies and the information about which cookies are being set and for what purposes data will be processed. There is no possibility to access the content without clicking on the “Accept cookies” button. Since the data subject is not presented with a genuine choice, its consent is not freely given.
> 41. This does not constitute valid consent, as the provision of the service relies on the data subject clicking the “Accept cookies” button. It is not presented with a genuine choice.
> The use of pre-ticked opt-in boxes is invalid under the GDPR. Silence or inactivity on the part of the data subject, as well as merely proceeding with a service cannot be regarded as an active indication of choice.
> In the digital context, many services need personal data to function, hence, data subjects receive multiple consent requests that need answers through clicks and swipes every day. This may result in a certain degree of click fatigue: when encountered too many times, the actual warning effect of consent mechanisms is diminishing.
> This results in a situation where consent questions are no longer read. This is a particular risk to data subjects, as, typically, consent is asked for actions that are in principle unlawful without their consent. The GDPR places upon controllers the obligation to develop ways to tackle this issue
- does reader view toggle works? if yes, consult, end here
- am I really looking for some information that might be there? if "no I just clicked a link from somewhere on the internet", then end here
- still here? Hey, what about looking at the DOM, if the information looked for is not a simple small segment of text, there are good chances a few CSS/HTML tweak will reveal this. Got it? end here, though you might consider to automate this process with Greasemonkey if this domain often fall in your research.
- no luck so far? It’s ok, you know Internet is vast, there are plenty of other page to visit. WTF are you doing here anyway, don’t you have a job, hobbies and people to cherish? And what about a small walk, you look like you need some fresh air, you know?
Found it. Go to settings, type privacy into the search box. The last item under "Firefox Data Collection and Use" is a check box labelled "Allow websites to perform privacy-preserving ad measurement".
It was already unchecked on mine when I looked just now.
I know of no workaround short of installing from the Beta or Nightly channel.
source: https://connect.mozilla.org/t5/ideas/firefox-for-android-abo...
And then you can go to the normal about:config and set dom.private-attribution.submission.enabled to false
Only then is PPA actually off (apparently, I did not manage to test this yet but someone did confirm the default setting is true). Not cool. Especially because Mozilla provides instructions for the desktop version on their site but doesn't even mention the mobile version at all.
128.0 (Build #2016030615)
Wonder why this is even an issue.
And it felt kinda good, i actually thought that Firefox was different and a part of "the good guys", now it doesn't feel that way anymore. Sigh.
Maybe one day we'll have a usable FOSS browser but I doubt it (the companies will fight tooth and nail against it including legal means, buying out companies, blocking content for them, etc.).
open chrome://geckoview/content/config.xhtml, set general.aboutConfig.enable to true
open about:config, set dom.private-attribution.submission.enabled to false
I guess the question is whether the aggregation services can be persuaded by clever attribute manipulation to give the ad site a near unique report for a user across many sites.
<https://support.mozilla.org/en-US/kb/privacy-preserving-attr...>
<https://datatracker.ietf.org/doc/html/draft-ietf-ppm-dap>
<https://github.com/mozilla/explainers/tree/main/ppa-experime...>
https://news.ycombinator.com/item?id=40954535
https://news.ycombinator.com/item?id=40966312
https://news.ycombinator.com/item?id=40952330
https://news.ycombinator.com/item?id=40971247
https://news.ycombinator.com/item?id=40965161
...and probably a few I missed.
Can you elaborate? Please?
They are repleaceble and next gen will not dare to spy on users.
Fines are stupid and don't work anyway.
This is in full compliance with the democratic process, judicial tradition, etc so I'm not ranting, instead it is that we have been so removed by the idea of punishing the actual people that do actual crimes just because they work in megacorps that any suggestion to do so sounds like a commie rant.
https://old.reddit.com/r/firefox/comments/1e43w7v/a_word_abo...
> First, in the absence of alternatives, there are enormous economic incentives for advertisers to try to bypass these countermeasures, leading to a perpetual arms race that we may not win.
It's very likely that this arms race will lead to DRM in web publications and video feeds (which Google is already experimenting with).
And maybe that will be the Web healing. If all the value extraction moves elsewhere, we might finally have a sane web of hypertext documents again.
I hope enough mainstream things remain on the open web for it to be unrealistic to fully block.
I dunno. Considering the balkanization of the web maybe I should get in to ham radio or something.
Realistically, the best outcome at this point is that enough users are willing to send enough data to advertisers so they allow the open web to continue.
The alternative is that sites will eventually only work in Chrome or Safari on limited, locked down platforms (read: no Linux support at all).
But like I said, I'm not a lawyer and have no idea what I'm talking about.
So we're not even going to try.
At best, politicians could jump on the "solution", but then why are Mozilla not already lobbying in that case? Why is the first party they are reaching out to the wolf in this drama?
Regardless, Mozilla has lost me at this point as a user. This being opt-out is inexcusable and I will find ways to gravitate away from them as I should not need my poor package maintainers to be paranoid with their upstream code in the same way they have to be with Chrome in order to protect us from developer abuse like this. Will try Mull on mobile now, hopefully it is viable, and see how I solve the desktop situation when I can find the time.
I might be misremembering?
Chrome was launched 2008; Safari had its first release in 2003. And I was using the early Phoenix builds (later the name change to Firefox happened) in 2001. The version of internet explorer around the time Chrome launched was v7. IE 6 was already old news by then. And IE 8 launched soon after the Chrome launch. 9, 10, and 11 followed. And then the switch to Edge happened; which was a complete rewrite of their browser engine. Only in 2020, MS announced switching to Chromium. So, that's about 12 years of MS trying to hold on before they finally gave up.
This has happened before. Remember the critique against Encrypted Media Extensions (https://en.wikipedia.org/wiki/Encrypted_Media_Extensions): Oh no, DRM in the browser! But remember that web video used to require Adobe Flash for the longest time, and even after a decade of HTML5 video, sites were still clinging onto Adobe Flash (and later also Microsoft Silverlight) for what turned out to be DRM purposes. At the time, these plagued proprietary blobs were not going anywhere. Except, after EME had widely supplanted this last holdout usecase, they were quietly allowed to die. The result is that we have much smaller-scoped proprietary blobs in the form of content delivery modules with a lot fewer bugs and portability issues.
The current situation is worse.
EME requires that the browser ship with a DRM library like Widevine.
Flash used an industry standard plugin model and could work in any browser.
Yes, and trackers are investing large sums of money into breaking those measures.
If you give advertisers a lawful non-user-threatening way to measure their ads performance, a lot of that money may disappear.
(Or it may not, or it may disappear either way. That one market is crazy and I know almost nothing about it. But the claim that the money may disappear is valid, and you have to provide a valid counter-claim if you want to contest it. Calling it evil doesn't cut it.)
> we consider modal consent dialogs to be a user-hostile distraction from better defaults, and do not believe such an experience would have been an improvement here.
You know what's user-hostile? Doing things without the user's knowledge or consent. The new tab page of Firefox after an update often advertises features of the release Mozilla sees important (their VPN offering, Firefox on mobile, etc.). This time the new tab page told me nothing about this change. Communicating it to me was "free" and they still actively refused to do it.
"Doing something" about surveillance starts with transparency but if Mozilla's leadership doesn't see this as important they have no place leading such a company. Mozilla doesn't seem to wrap its head around the fact that their users use Firefox because they don't want the same kind of shady tactics Google or Microsoft keep pulling, they don't want their browser control to be handed over to some guy in a board room who needs a PR team to give a lengthy non-answer to the problem.
I see a lot of words spent on why they came up with this technology but barely a mention about the biggest issue here especially from a company that presents itself as a champion of user rights: they pushed the change in the dead of night and took an actively hostile decision in the users' names by enabling a clearly controversial setting without any warning or communication.
> we should have communicated more on this one
This kind of PR speak for "we actively kept it hidden" is the best way to alienate the users who investigated and chose this browser for a reason.
If you have telemetry disabled, this feature is also disabled, even though that isn't represented in the UI and looks like it's turned on.
It's not good that it exists and is on by default, but if you have already opted out of telemetry previously, you're opted out of this too.
> I’ll do my best to address [your questions], though I’ve got a busy week so it might take me a bit.
That means: I'll answer the easy ones, and ignore the hard ones, or ask the legal team to come up with some weasel words.
Yeah, like Mozilla.
This is not the first time they silently added tracking and avertisement. The toggle with "firefox shares basic telemetry with the adcompany Adjust" has been there activated by default since a while (among other stuff). This is just more tracking from them, while claiming to defend privacy. Another day, another scandal.
What isn’t clear, in retrospect or otherwise, is why companies/apps/services need to keep learning this lesson. The user outcry was utterly predictable from even before the first web article was out. The fact that no one with decision power at Mozilla saw it coming is worrying: either they have zero understanding of people’s concerns for privacy or they don’t care. Neither is good.
Or the third option: they feel the tradeoff of HN & co's criticism style is not a big deal in the end. Criticism of Mozilla in general is very warranted right now, but the way(s) in which everyone is doing so just feels very out of touch with the actual situation. ;P
They're - by their own words - trying to do something in a privacy preserving way because the ad industry is not going away. They might fuck it up at first, and that's why it's an experiment. It's also possible to disable it, it's not like you're trapped in it.
This thread in general feels like it leaves Mozilla no room to experiment or find any form of growth. People want them to be "just a browser" but then also expect them to be stewards of the web - and then cry foul when they actually try to find a setup that fits into the current model of the web.
Or so they say, in order to make people be OK with it. They might play the waiting game and in a year or two will make the setting not do anything and still collect / send data, hoping that by that time people have forgotten.
I'd be fine to continue the discussion if you can find a way to engage without assuming that the people who build one of the last checks on the open internet are somehow trying to maliciously invade your privacy.
The person you replied to made a reasonable point and your response reads as defensive and dismissive. Do you have an interest in Mozilla we should know about?
I explained to them that I’m open to discussing but there’s nothing to be gained when the comment starts off in conspiracy theory. It’s an open source project, people will 100% notice if they tried to do what the parent comment is suggesting.
> It’s an open source project, people will 100% notice if they tried to do what the parent comment is suggesting.
No-one thinks they'll lie about it. They'd announce it quietly just like this change, letting the fuss blow over. The average user would never even realise and Firefox would continue on its journey towards user hostility.
OP specifically said “make the setting do nothing while still collecting the data”. I don’t know about you, but a setting that acts like that would be akin to lying.
The comment chain is pretty clear here IMO.
Well, that is what Firefox did here. They created a new feature, defaulted it to on, in direct contradiction to user choices. We know this because this Web Site Advertising feature defaults to on even where the user has the strictest level of tracking protection enabled and even when the DNT option is selected. Even so, Mozilla has decided that this form of tracking is not covered by those clear signals of user intent.
So why not believe that Mozilla will do this again. Deprecate existing tracking choices and enable Web Site Advertising tracking for everyone. Like this change, it would be announced and decried and ultimately used by the majority of users who don't follow browser changelogs.
What will happen is that privacy advocates like me will recommend not to use Firefox, as it's functionally equivalant to Chrome is this respect and far less supported, and Firefox will continue to die.
This pains me as a former contributor and advocate, but it's almost inevitable now unless a privacy-focused non-profit can fork Firefox and leave Mozilla to it's decline. I would even pay for a Firefox fork, but I will never donate to or purchase again from Mozilla.
No, let's be very clear here: what Mozilla/Firefox did here was default users in to a setting without good notice on how to opt out.
This is different from what was said in this thread, which is making the setting do nothing while still collecting the data. If you disable the setting/opt out, then the data isn't being collected.
That's a framing so charitable to Mozilla that it is untrue. Again, do you have an interest you should be declaring in this conversation?
> This is different from what was said in this thread, which is making the setting do nothing while still collecting the data.
No, it's not. It ignores the Strict Tracking Protection and DNT settings and opts in users to tracking. It's absolutely identical to possibility posited by the other commenter.
For all your pontificating above about other people's comments, it seems the only person commenting in bad faith is you.
As a user of Firefox, I feel like I'm in a constant battle with Mozilla/FF to disable every new bad idea they have. Every time I'm forced into a surprise update I didn't ask for/try_to_install, something gets worse. This isn't an unusual state for commercial software, but Firefox is supposed to try to not be commercial.
I am not interested in a discussion with a person who gives the benefit of the doubt of a company who has clearly not only made a Faustian deal but is now looking to expand partnership with the people that nobody wants tracking their machines and activities.
Because as we both know, in the entire history of humanity there were NEVER any conspiracies when there is money to be made, right? Wink wink.
That deal with Google isn’t enough to leap to the conspiracy theory here though. The ad industry isn’t going away, Mozilla seems to want to try to make it work for all parties.
If you want to let perfect be the enemy of good, though, go for it. shrug
“That’s just politicians getting money from financial criminals.”
“That’s just police getting money from organized violence.”
“This is fine.”
Mozilla is welcome to experiment. The issue here is:
- The default opts the client in instead of the client making that choice to be a Guinea pig in the experiment
- I get emails almost weekly that amount to Mozilla playing the role of internet privacy police. They *are* well aware of the rights and wrongs. Are they going to call out themselves?
- As for growth? How about paid pro-privacy email hosting? And a suite of applications (a la Google docs)? Advertising might not be going away but there are still opportunities that align with Mozilla's ideals and brand... And they're too busy being hypocritical internet police???
I think this is a reasonable critique, even if I personally don't find it a big deal. If it's privacy preserving, I don't necessarily give a shit if it's defaulted on - especially if there's a way to disable it.
(IMO, defaulting it on and then widely announcing how to disable it is what they should have done, and their bungled communications on this is biting them)
> I get emails almost weekly that amount to Mozilla playing the role of internet privacy police. They are* well aware of the rights and wrongs. Are they going to call out themselves?*
Why would they call themselves out here...? They have stated, very bluntly, that they are trying to do something in a privacy preserving way. They are acting in line with their stated intentions/role/etc.
> As for growth? How about paid pro-privacy email hosting? And a suite of applications (a la Google docs)? Advertising might not be going away but there are still opportunities that align with Mozilla's ideals and brand... And they're too busy being hypocritical internet police???
Those are wholly separate business ventures, whereas dealing with the advertising behemoth is an unfortunate part of the browser ecosystem today. Someone, somewhere, is going to have to contend with this - and Mozilla is somewhat uniquely positioned to explore here.
If you think Apple or Google are going to do it without perverse incentives, then I don't know what to tell you.
Instead, we have had Mozilla sprawling in numerous directions secondary to the browser and failing in nearly all of them.
If you dont grow at double digit percentages year of year, are you even trying?
Yes, of course a large number of people won’t talk about this in six weeks, let alone six months. On the other hand you’ll have ex-hardcore fans complaining about it for over six years. I still see people talking about the Mr Robot debacle and the other crap Mozilla has pulled to this day. If anything, Mozilla is more susceptible to this backlash than the average tech company. Regular computer users don’t give a rat’s ass about Firefox. The people Mozilla needs to convince are exactly the ones they keep alienating.
https://www.reddit.com/r/pcmasterrace/comments/1e45mih/firef...
HN is also not the only bunch of nerds like that.
This is Mozilla we’re talking about, though. HN is exactly the sort of audience they need on their side. That bunch of nerds is the same group they relied upon to evangelise for them during the IE era.
Firefox exists and reached its peak because of the people that idealogically cared about the Web and interoperable,security, privacy, etc who contributed to and advocated for Firefox.
One reason is that the people who would be promoting Firefox aren't.
Personally I feel mostly ashamed to admit I'm using Firefox. In theory Firefox is great. In practice they coming up with new ways to treat their core user base badly.
Individual promotion of Firefox worked very well when the browser(s) it was trying to displace were effectively frozen in time.
Chrome (et al) and Safari are not those browsers. The average user isn't going to get a markedly different experience by switching to Firefox.
When Firefox started is was not a copy of existing browsers. There is no reason it would have to be now. But they have rejected their core users. So now the only option left is a Chrome clone because that is what people are used to.
This isn’t even getting into base level stuff like available engineering resources, or the scenarios where the other vendors often control or have deals to give them favorable distribution on platforms.
This isn’t the IE6 era. It’s a significantly different and harder problem.
There would be value in being the only browser to actually stop when users tell them no. But they seem incapable of listening.
I don't see how trying to find a privacy-preserving way of dealing with the ad conundrum makes them not a privacy-focused browser/company.
You'd need to otherwise cite something re: undisclosed telemetry, considering the project is open source... so I'm not sure how exactly it'd be undisclosed.
You're presenting it as though any change would be met with hostility, but the alternative is that they're only met with hostility because they keep making changes that hurt the users. A little while ago they announced that they were working on properly supporting vertical tabs and tab groups; that wasn't met with any hostility. Of course, in the same announcement they said they were planning to dumb down the rest of the interface even more, which was. But the point stands; they can get a positive reaction by making changes their users actually like, they just don't do that as often as they do the other thing.
But these days, Chrome is plenty good enough for most people. Even if Firefox had a perfect privacy story and focused on their core users’ every whim, I don’t think their market share would grow.
IIRC, when Firefox started, it was very similar to the full Mozilla Suite with some features removed (which is not surprising, since it started as a Mozilla Suite derivative and they shared a lot of code). It has a long lineage going back to the old-school Netscape Navigator.
That’s the second option: they don’t care.
> This thread in general feels like it leaves Mozilla no room to experiment
If you you’re going to experiment with something that’s going to cause this amount of backlash (and my criticism is that they didn’t take the obvious reaction into account), you show a dialog on first run that tells you what the feature is, perhaps include a “Learn More” link, and have an option to accept or deny. You can even have the former as the default. And do it in your betas first.
Would that still cause some backlash? Possibly. But it would’ve been significantly milder and you would have seen a lot more defence of Mozilla for not doing without asking.
Mozilla in particular is frequently pulling crap like this and getting flak for it. They have to constantly apologise and back track. After a while you’d expect they learned something.
Well, they learned: they fuck up, backtrack & apologize (it is free, no real impact, so no worries), and life goes on.
Apart from a market share that is continuously tending towards zero.
That's the start of full blown stockholm syndrome.
No data is ever fully anonymous, don't pretend otherwise. So no data should be send at all.
This is an area that we are stuck contending with. Legal solutions are needed here but that path is mired by complex and powerful lobbying. If Mozilla can push for a more private or more protective - even if not fully private or fully protective - then I’d like to see where it goes.
If you refuse to engage with the ad industry they just ignore you. Oh and the company that owns a large part of the world's ad industry and owns the browser that has 65% market share also pays like 90% of your bills.
I mean, what's step two of your glorious plan to charge fists raised into battle?
It seems far more likely that the remaining 3% are the few people who care, and therefore, "pulling this shit" did not cause the current market share.
I’m willing to put up with slowness and incompatability when I feel like firefox is on my side. Now? I’m going back to Safari.
Firefox compromising heralds its own irrelevance.
You might believe that the advertisers get less of your data if you use Firefox.
Similarly: you might be less likely to have your house burgled if there are locks on the doors and a burglar alarm, even though people with those things still get burgled sometimes. You might be less cold outdoors in winter if you wear a parka, even though it's still cold. You might be less bored if you buy/rent/stream some interesting books, music and movies, even though having those doesn't guarantee never being bored. You might be less likely to lose your next chess game if you practice tactics and learn openings, even though you'll still lose if you play Magnus Carlsen. You might be less likely to have a heart attack or stroke if you take those antihypertensives the doctor prescribed you, even though those are still tragically things that can happen to anyone. Etc., etc., etc.
Very few things are absolute and perfect. It's usually a matter of "less" versus "more".
This latest thing gives advertisers more information about me than they would have if Firefox didn't do it. (Unless I turn it off, which in fact I have done.) It doesn't give them very much information about me. I'm pretty sure they would get much more information about me if I switched to using Chrome (e.g., because Firefox supports better adblockers).
For the avoidance of doubt, I do think Mozilla should have made more noise about what they were doing, I do think there's a repeated pattern of them putting things into Firefox that their users don't really want and hoping no one will notice[1], I do think that says something bad about how Mozilla is run, and I would be happier if the Firefox project were run by people less inclined to do such things. But none of that means that you might as well use Chrome instead of Firefox, if you happen to value the things that Firefox still does better than Chrome.
[1] Actually, I think they know perfectly well that some users will notice, and they've decided it's overall better PR to do the thing quietly, wait for people to complain, and then say "oh, whoops, we should have been more open about this, we're so sorry and will totally not do the same thing again in six months".
Shortly as Chrome implements Privacy Sandbox, both Chrome and Firefox will support the same levels of advertising tracking. For Chrome, this is a privacy upgrade of sorts, but for Firefox, this is a definite downgrade.
As Firefox converges on Chrome in this area, the privacy advantage evaporates.
Chrome forces extensions to use "Manifest v3" rather than "v2", which cripples some ad-blockers; in particular, the full version of uBlock Origin will run on Firefox but not on Chrome. (I'm not sure of the details about the v2->v3 migration; maybe that isn't universally true yet. If not, it will be soon.)
"Reduces" and "evaporates" are not the same thing. I see the case for the former, not for the latter.
Well, right now, with their dwindling market cap, I feel like their only userbase is HN & co's type of user.
They repeatedly failed to increase their user base with non privacy conscious adjacent communities. So antagonizing the ONLY folks that go through the trouble of installing a non default browser to have a worse user experience seems like a big brain moment.
They’d be really screwed if Google didn’t give them a good deal. Somewhat wondering if Google just keeps them around to stave off the appearance of being a monopoly.
The web seems to have gotten pretty unsustainable in general. Might consider upgrading to Lynx or something like that.
I have this crazy theory that Firefox could be completely sustained by users willing to pay for it.
I mean... Mozilla Co definitely couldn't be sustained by users money only, but Firefox could.
The only path I can see for a healthy web (if this is even possible right now) is to completely liberate Firefox from Mozilla's shackles and mismanagement. A free and open-source browser should be treated more like a public good, such as a Linux distribution, than a money-making machine.
No shit.
they're bending for the ad industry because they want their money. they could also just keep blocking their tracking and call it a day.
> the ad industry is not going away
But users do. Let them have a great faking love affair with the ad industry.
Do people really expect that? I'm glad they're part of whatwg etc., but I'd much prefer they just made a good browser instead of tooting their own horns about how much good they're doing for society. In the end I think society would have been better off if they'd just focus on good tech like Gecko/Servo and Rust and not bothered with all their side stuff.
I've seen enough of:
Step 1 - outrageous move Step 2 - apologize, progressively pull back Step 3 - people spread word they made it better Step 4 - stick to still outrageous but comparatively better "middle" move
To really give it any excuse anymore. And so have you. If "Unity" tells you nothing... I'd like that rock, please, I'll need it to survive the incoming 4 years of social media.
I'm not saying its impossible for apologies to be in bad faith, just that if it becomes impossible to apologize and move on after making a mistake, it becomes impossible to do anything productive.
Society will not collapse if we start holding these monsters to account; the opposite.
Otherwise this is just vengence. If you never forgive there is no rational reason for corporations (or anyone) to stop doing whatever objectionable things they are doing, since it would already be a sunk cost.
https://en.m.wikipedia.org/wiki/Anchoring_effect
They are trying to find a funding model that makes them independent from Google.
- Building a fast, privacy-oriented browser that keeps up with web standards and fixes security bugs takes people, organisation and therefore money. Yes, much more than that CEO salary.
- No one wants to buy for a browser.
- No one wants to pay a subscription fee for a browser.
So you are left with ads. Mozilla is trying to find a balance there between privacy and ads with a clearing house approach. People who hate ads out of principle scream. How should browser development be funded?
One of the most common Mozilla complaints I see on the web is that you cannot fund Firefox development directly. People want to give money to it, but cannot.
Which makes sense, I guess. Anecdotally, Mozilla is by far the company I know with the most vocal users that get completely ignored.
https://ladybird.org/#sponsors
https://www.theverge.com/2024/5/2/24147007/google-paid-apple...
It's like email. You need to get people over the mental hump. But then if you offer a good product, buyers will be happy they got over it.
Here you go! Insert credit card here.
https://news.ycombinator.com/item?id=30665913
If the Mozilla foundation creates a donation button with the condition that the money goes solely to browser development (no CEO salary or political activism) I will donate.
The one funding model they haven't experimented with at all is actually asking people to pay for Firefox. Donations or subscription, they haven't even tried it once.
And yet people will over and over again insist that that would never work. Doesn't that strike you as odd? They're willing to flail about trying thing after thing after thing that their users hate and yell about and they end up having to pull back, they're willing to burn credibility over and over again, but the one funding model that their users keep telling them they want they refuse to even try on the grounds it would never work.
You can even donate money today: https://foundation.mozilla.org/en/donate/ From memory, Mozilla's spent years trying to get donations through asking people nicely and in relatively unobtrusive ways in-browser for years. You can even give monthly - a subscription, if you will.
Not only have they tried both donations and subscriptions, but their efforts have been resoundingly ignored. To the point where you are far from the first person to fault them for supposedly choosing to not do what they demonstrably do.
Perhaps people suggest that donations and subscriptions don't work well or reliably because there's history showing that.
I don't want a VPN. And I don't want to pay money to a Mozilla VPN of which some unspecified percentage will actually get used to pay for Firefox development (with the rest actually paying for the VPN). I honestly feel my money does more harm than good paying for the VPN because it creates a false impression of where the demand is.
I don't want a subscription to an unrelated service, I want a subscription to Firefox. I want my money to go into a stream that unambiguously shows my support for the single Mozilla project that I care about.
> You can even donate money today
That money will not (and I believe cannot) go to Firefox. As presently structured the corporation does all Firefox development, and the corporation cannot receive money from the foundation, so donations to Mozilla do nothing for Firefox.
> Not only have they tried both donations and subscriptions, but their efforts have been resoundingly ignored.
Not ignored, for the reasons stated above they haven't actually done what you say they've done.
I do expect that's the next step at Mozilla - locking features behind paywall with some premium plan. Cloud sync probably will fall into that basket. And if that eventually won't work - they'll surely announce it's time to "sunset".
Because it won't. And there is mountains of data to back it up. People will not pay if they don't have to.
Some people will, for sure, but to get those some people to carry the weight of "all the people" is totally untenable.
Besides, Chrome is "free".
https://en.wikipedia.org/wiki/User:Guy_Macon/Wikipedia_has_C...
They could easily gate off certain features behind a paid build, so either you pay or compile it yourself from source. Downstream packagers could of course do whatever they want (eg Debian). However, it creates a minor amount of friction for a relatively large fraction of the user base, and moreover sets the baseline expectation that this is not really "free as in beer", even though it remains "free as in freedom".
See also: Sublime Text, which, despite being closed-source, is 100% free-as-in-beer to use in perpetuity, and yet somehow they make enough money To not only continue development, but even start developing other products (Sublime Merge), even as their brand recognition wanes and their competitive advantage shrinks.
Not really. Perhaps they know enough about this that they believe it wouldn't work. How much would you pay for Firefox per year? How many people would pay that figure?
We always see the decisions that blow up, but we dont notice the thousands of decisions nobody cares about. Sometimes it really does look like just another minor feature request at coding time.
Agreed in general, disagreed in the specific Mozilla case. They’re an internet-related company where “privacy” is one of the stated core goals, yet they’ve stuck their foot in their mouth so often they could open a shoe shop. Failing to see this one is at best incompetence.
"We should have communicated more" seems like a passive-aggressive way of saying "Oh, you poor simpletons... We should have talked slower, used more, simple words, and been more persuasive. We failed to properly explain why you're wrong. If only we did that, you'd more readily accept what we're giving you."
Please. This is never about learning and better communication. This is universal corporate English for: "you got us, but we really don't give a flying ef and we will fulfill our goals step by step - no matter what you say".
Oh maaaaaaaaaaaan do I despise hearing variations on this "non-pology."
It's never "Wow, we fucked up by doing something harmful to you." It's always, "My bad, I failed to explain exactly why you're wrong to think this is harming you. I take total responsibility for not explaining why this is actually good for you. I'll try again."
One possibility is they knew there would be an outcry but estimated that the loss in user support because of it would be limited enough that the upside of having the majority of users with the setting left on wins.
The problem we currently have with cookie banners is thanks to the browser vendors not caring about it.
An API could exist which a page can query, where the user has already pre-selected how they want to deal with cookies. For example reject all but the essential ones, reject none at all, reject some, according to certain criteria.
Even more, the browser could check if the page is adhering to the user's expectations, and if it doesn't, block it for a period of time, like a week or a month, and publish the fact that they ignored the user's wishes.
Possibly also give the user a signed document which claims that this page did not respect the user's privacy expectations, so that the user can use it in court.
These should be solvable problems.
This requirement to constantly ask the user while using these dark patterns is what makes normal people just give up and "accept".
If the page is expected to ask the browser which preferences the user has set regarding the cookies, then this problem is gone, because the page no longer is expected to ask a person via a popup.
So I guess that both the user and the site can't get what they want and we should scrap the internet.
If it wouldn't work, then I'd see no ads in my paper-based iX subscription, yet it is full of ads even though I'm paying for that paper.
But the paper has the benefit that the ads I see there don't collect information on me. This is what I want the internet to be.
Ads OK, but no tracking of me if I don't want it (which I express via cookies when in a browser).
Also, you should note how greedy these companies are that they show you the paywall after you have consented to the cookies in order to read the article. No hint on that accepting the cookies is only useful if you also have a subscription. When you can't read the article, they don't revert the setting of the cookies, but just pretend that they gave you access to the article and keep the cookies around for days or years.
It's not. Tracking leads to better targeting which leads to higher conversion ratios and overall higher "Cost Per 1000 Impressions" (CPM).
If you simply do "contextual" targeting, so targeting based on the page content, your CPM will go down and and the publisher will lose money.
> Also, you should note how greedy these companies are that they show you the paywall after you have consented to the cookies in order to read the article
Depends on the company. News media publishers use the same system but are usually barely profitable if at all.
> Also, you should note how greedy these companies are that they show you the paywall after you have consented to the cookies in order to read the article. No hint on that accepting the cookies is only useful if you also have a subscription. When you can't read the article, they don't revert the setting of the cookies, but just pretend that they gave you access to the article and keep the cookies around for days or years.
The EU Court of Law decided that offering a subscription or mandate for cookies to be enabled is not legal as an offer. So the transactional nature you propose is currently not allowed. What is allowed is a grey area which has yet to be explored.
So, actually, users and sites both had what they wanted, just not corporations.
However not all content can be produced this way, news or sports coverage would be an example.
Is it just me that sometimes get the feeling that when companies have to explain them selves with this amoubt of text, they actually know that they are doing something wrong but are trying to cover it up by these long and unnecessary explanations?
That's what most of folks says in this sub-tree
> "there are enormous economic incentives for advertisers to try to bypass these countermeasures"
Then:
> We’ve been collaborating with Meta on this
Given Meta's track record with scooping up just about any personal data they can find, it's pretty obvious that this is just going to be yet another datapoint in Meta's collection.
It shows that the topic is merely now considered as a technical point, rather than a principal-based one.
Mozilla is a joke nowadays.
Data is their edge. It's how they compete with each other.
The privacy "arms race" isn't just between the browser vendors and the trackers, it's also between tracker a and tracker b.
Giving them a new data point (no matter how """privacy preserving""" it is) is just that, another data point. It's not going to make them give up on the others.
I don't believe in cooperation with an industry that has shown no remorse with tracking users at all. That will not be successful. Advertisers will employ this and still track. And it is possible to not get tracked and deliver false data, even today.
The arms race will continue as it does today, but advertisers will have yet another avenue to exploit in the form of the attribution API.
I suppose it shows who's paying Mozilla.
> This acquisition marks a significant step in addressing the urgent need for privacy-preserving advertising solutions. By combining Mozilla’s scale and trusted reputation with Anonym’s cutting-edge technology, we can enhance user privacy and advertising effectiveness, leveling the playing field for all stakeholders.
I can only interpret this as the urgent need is money, and wants to sell its "scale and trusted reputation". Mozilla has been down this road before. It was not good for them.
> Anonym was founded with two core beliefs: First, that people have a fundamental right to privacy in online interactions and second, that digital advertising is critical for the sustainability of free content, services and experiences. Mozilla and Anonym share the belief that advanced technologies can enable relevant and measurable advertising while still preserving user privacy.
This is some pretty weak wording for a press release. The economics of the situation are that advertising will always trump privacy. Researchers have successfully de-anonymized anonymised data sets, including medical records. Why would these data be any different?
> As we integrate Anonym into the Mozilla family, we are excited about the possibilities this partnership brings. While Anonym will continue to serve its customer base, together, we are poised to lead the industry toward a future where privacy and effective advertising go hand in hand, supporting a free and open internet.
Anonym’s customers are advertisers, right? The same people who for decades poured money into eroding that free and open internet that we had…
> About Anonym: Anonym was founded in 2022 by former Meta executives Brad Smallwood and Graham Mudd. The company was backed by Griffin Gaming Partners, Norwest Venture Partners, Heracles Capital as well as a number of strategic individual investors.
Well, it seems Anonym, Smallwood and Mudd had a nice piece about them written in the Wall Street Journal [1]. From the second paragraph:
> Graham Mudd and Brad Smallwood each spent more than a decade building Meta’s advertising system, which allowed the company to offer granular data about how ad campaigns worked with individual users, often by tracking their web and mobile activity.
[0] https://blog.mozilla.org/en/mozilla/mozilla-anonym-raising-t...
[1] https://archive.is/17c0f#selection-5751.0-5751.246
Yes, this is Cliqz all over again and that scandal cost them most of their German userbase.
FTFY. Both browsers have been pretty bad for privacy for a long time and are more than happy to exfiltrate your data to the respective operators without your consent.
While Chrome adverts and fearmongering campaigns are now everywhere and people seem to be taking interest in Chrome, but Edge is probably the most common, as I see it literally everywhere(including public service office facilities).
The companies buying ads aren't keen on privacy, at least not if it comes at the cost of optimizing sales, so I don't see anyone but small "do good" niche companies would buy into what Anonym is selling. Alternatively Mozilla will make money and start relaxing privacy restriction in order to extract even greater profits. I don't see them stopping half-way. The Mozilla leadership has again and again shown that they do not understand their user base.
Firefox is a great browser, but so it all Chromium based browsers. Mozilla apparently never considered why someone might stick with or switch to Firefox, when Chrome, Edge, Safari and other browsers do the exact same thing, sometimes perhaps better. I really want to ask the Mozilla CTO and upper management what they think their product is, because I got a in increasing hunch that Firefox isn't the first thing that would come across their lips.
Personally, right now the only reason I'm not switching to something like Vivaldi is my desire to ensure that rendering engines beyond Blink is represented in statistics.
Before anyone tries to respond with it. It is https://donorbox.org/ladybird
EDIT : Actually they still update it. Last version is 115.
I get it and I like the idea but it does make for a difficult up front experience.
It is not ready, to be a public browser.
Regardless, from what I've gathered, Ladybird is going to ship of theseus their way into memory safety. It's not announced what the C++ replacement language will be, but they are working towards that.
You can make a free web browser from Firefox's current engine just as easily as from Servo, I would fund the person who does that.
Or, if one dreams for a moment, if slower becomes the norm, web apps will have to become less complicated. Fast seems to just enable more and more ad tech
Let's build something that is Ad resistant from the start. Something that uses native technologies.
Edit: We need something that does not need backing of large corporations or huge funding to access the web.
Internet was always simple. We have become over dependent on browsers and http stack.
I would use it to read my rss feeds. I'm sure we could make Hacker News discussions work. My mastodon feed could probably work too. That's 90% of my browser usage right there.
Just imagine how pleasant it would be to browse and navigate. Would be so fast, so responsive.
I really like https://geminiprotocol.net/ but I think they went too far removing images, sounds, video, and forms.
Still a long way to go if that is to happen on the web.
Some older protocols such as IRC, NNTP, Gopher, and email (especially plain text email and not HTML email), is one thing to be usable.
There are also some newer protocols and file formats for some uses, e.g.: Gemini protocol/file-format, Scorpion protocol/file-format, Spartan protocol (which uses the same file format as Gemini, although with an extra link type), Nightfall Express (probably the simplest one, although this means that virtual hosting will not be avavilable), and perhaps some others.
(One thing I have read somewhere (I cannot find it now) is three rules for making such a "small web" protocol: (1) Don't make it a subset; (2) Don't make it compatible; (3) Make it better for everyone (authors, readers, programmers, etc). They also discussed separation of "document web" from "application web"; I agree with that too, although of course there is the consideration of how such a separation should be working. I have ideas about this, and I believe my own designs do follow these three rules better than Gemini and Spartan do.)
I had written my own list of what "small web" protocols/file-formats that I am aware of: scorpion://zzo38computer.org/smallweb.txt (which was originally posted to Usenet, although it has been updated since then) One way to access this file would be a command such as:
(If you have other mirrors of this document, perhaps with your own changes, you could tell me and I could add it to the list of mirrors.)Another proposal is the following suggestion to make a "small web browser": gemini://xavi.privatedns.org/small-web-browser.gmi (the document I linked above describes how to access this file in case you don't know) I agree with some of the points made but disagree with others; I will comment about some of these points later. (However, you could use some of these ideas for the HTTP/HTML part of a multi-protocol browser.)
I do not believe that just using this existing HTTP/HTML is the way to do it (and other people also agree with me about this), although it is one way to do it, and can be combined with others.
Such a "small web" browser could be designed to support multiple protocols and file formats. So, in addition to HTTP(S), also Gopher, Gemini, Spartan, Scorpion, Nex, local files, and possibly NNTP (although this would not be as good as a dedicated news reader software, it would at least allow to read articles from a NNTP server without needing to set up your dedicated NNTP client software; Lynx also supports NNTP).
> While I do think HTTP/1.1 is good enough for most tasks [...] there are several aspects that I do not particularly like: Cookies, User agent, Referer, Etag, Cross-origin requests
I do not like these features much either. HTTP/1.1 still is good enough for many tasks, although it is still messy in some ways and more complicated than it could be, although for the purpose of accessing services that use HTTP, it will be good enough for this purpose (which is what the article describes doing). (One feature of HTTP that I think is useful that Gemini, Spartan, and Gopher lack (but Scorpion does not lack) is Range requests, although that isn't that useful for a browser and is more useful for a download manager (including command-line programs such as curl). Multiple ranges in a single request seems an unnecessarily complexity to me, though.)
> Support a small subset of HTTP/1.1, supporting GET/POST, while effectively removing support for most HTTP headers.
Agree. (You could also suppport adding arbitrary extra headers by user configuration; e.g. the user could specify that they want to add a "Accept-Language" header or a "DNT" header or whatever other arbitrary headers they might want.)
> Support a subset of HTML5, so that embedded images, audio and video are possible.
Mostly agree. Embedded images would be useful to be able to switch on/off by the user; if off then they appear as links. Embedded audio/video is probably not useful at all; I would have <audio> and <video> commands to be displayed as a list of links (the audio/video can be viewed if you follow the links).
> Support modern CSS, possibly leaving deprecated or complex features out.
I would probably leave out most of the features, although you do not necessarily have to do so. However, important would be to allow disabling CSS (and ensure that "complying with the requirements above" (see below) means that it is guaranteed to work correctly if the user chooses to disable CSS).
> Support NO JavaScript at all, as JavaScript is one of the main sources of complexity behind a modern web browser, and is typically abused for user fingerprinting.
Agree.
> Mandate the use of TLS-encrypted connections.
Disagree. Encrypted and unencrypted connections are both useful (and the URI scheme would distinguish them; this allows end users to easily filter out any sites that do not support encryption from their local index).
> Allow integration with SOCKS5 proxies e.g.: Tor.
Agree, although in addition to this, it is also sometimes useful to be able to use local programs as proxies and to have the proxy to handle TLS (although there is some complication in handling client certificates when doing so).
> Provide passwordless authentication via client certificates, and always ask for user authorization beforehand.
Agree, with both parts. (Passwords might still be implemented too (although if you don't want to, then you don't have to); HTTP has a "Authorization" header for this purpose, and Scorpion also supports something similar (in addition to supporting client certificates if the connection is encrypted).) It will be necessary to ensure that the user can command the browser to log out at any time (both with passwords and with cli...
Things are progressing faster than you'd think.
Doesn't make it certain, but it is a good foundation to be working from.
Here's the Servo link: https://servo.org/sponsorship/
Short term, deshittify Firefox. Mid term move to some like Lady bird. Long term, if Lady bird is corrupted, start on browser replacement number 2.
Alternatively, the hardest step of just walking away for heavy internet usage I guess.
I can't wait for Ladybird to get good, in a decade realistically, swimming against a massive current of Google pushing its unstandardised nonsense on Chrome, and web developers jumping on the bandwagon, making web standards more and more complex by the day so no one ever is able to catch up.
You can add to the dead internet theory the fact that the Web is now maliciously impossible to recreate and access from scratch if you are unable to compete with the billions Google spend to maintain their hegemony. Heck, even Microsoft found it was more efficient to join Google rather than to try and direct what they laughably call "an open standard." There is more competition to build reusable space rockets than in web browsers.
A sad day, and sadder days await us. Shame of Mozilla, and on the CTO trying to sell this feature as a good thing.
I presume you refer to the fact that most income of Mozilla comes from Google paying a fee to have their search be the default. While that is worrysome, it's not control nor ownership. Let alone direct control. At most it gives Google leverage.
I don't see that happening in a decade. What makes you so optimistic?
https://news.ycombinator.com/item?id=40959723
Opera? Other recommendations?
For those that don't know, Elinks is a text only terminal browser.
Recommend Mull or something else sensible.
Edit: Whoopsy, oversaw your /jk
I'm sadly falling out of love with the web. So much fun and enjoyment have left the web in the past 20 years and I don't enjoy or to some extend even benefit from the modern hellscape of modern commercial web.
1. Links/Elinks for most stuff.
2. If that doesn't work, Trisquel Abrowser which is a privacy focused fork of Firefox.
3. If that doesn't work, Vivaldi browser in a sabdvox to get that Chromium conpatatibility.
Go to: chrome://geckoview/content/config.xhtml then enable about:config after that dom.private-attribution.submission.enabled can be set to false.
Fennec[2], the F-Droid build of Firefox, does have about:config enabled.
[1] https://news.ycombinator.com/item?id=39816429
[2] https://f-droid.org/en/packages/org.mozilla.fennec_fdroid
https://kagi.com/orion/
And fallback to Firefox when things don't work. Which is usually on sketchy websites, websites that have heavy bot protection and fingerprinting or ones that use gpu APIs.
* There is no legal entity behind the project. Should anything ever happen with the project (it can happen, even if unlikely), there are no legal ramifications.
* The binaries aren't signed. Yes, code signing is a bit of a racket, but there is some merit in it.
* There is no auto-update mechanism. Might not seem like a big deal, but IMO it is, especially on Windows where you're recommended to rely on 3rd party client to update the browser for you. You've now added a middle man, and since the binaries are not signed... well there's no guarantee you aren't downloading a malicious binary.
To me, this seems like a plus. If you want users to update, provide them with something worth updating to. This tracking suddenly being enabled for a ton of users is the very result of automatic updates.
Mozilla has been repeatedly resetting "Always check if Firefox is your default browser" option to "yes" with upgrades. I don't see why "private-attribution submission enabled" wouldn't be reset in future in the same way.
> Mozilla has been repeatedly resetting "Always check if Firefox is your default browser" option to "yes" with upgrades.
I'm sorry to say this, but this just seems to be misinformation.
I don't see that anywhere in the source code[1]? Anything I can find regarding prompting the user regarding the default browser is hidden behind an if guard to make sure the pref is `true` and not `false`.
The only scenarios I am aware of that will change the pref if the user has toggled one manually is the `_migrationUI`[2] function (as you can see, no changes relating to `browser.shell.checkDefaultBrowser`). Otherwise, untoggled prefs will be changed if the value in `firefox.js`[3] or `all.js`[4] is changed. As you can see, the last time the pref was modified was 2004.
[1] https://searchfox.org/mozilla-central/search?q=browser.shell...
[2] https://searchfox.org/mozilla-central/source/browser/compone...
[3] https://searchfox.org/mozilla-central/diff/94ff451885bb94679...
[4] https://searchfox.org/mozilla-central/source/modules/libpref...
I would also say a web browser should be the one piece of software constantly updated due to the sheer volume of security patches issued every few weeks.
Doesn't matter. I don't inherently trust any organization.
>They are already the custodians of custom settings and making the choice for you, so it doesn't seem like a valid comparison here.
I can make the choice to install software. I should be able to make the choice to upgrade it as I choose as well.
If I buy a chair from Crate+Barrel, I have given them the choice of designing and manufacturing that chair and all the decisions that went into it. But I do not give Crate+Barrel the choice of sneaking into my house and swapping it with some newer version of the chair that 51% of the population liked slightly better after 5 minutes of testing or that they think will make them more money somehow.
I think that's completely valid.
I was just assuming (maybe incorrectly?) we're talking about what should be happening in general (so what the experience for the layman should be). Now whether that applies to Librewolf is another story, but arguably it becoming fairly known, it should.
Side-note: In Waterfox, I've re-added the ability to disable auto-updating completely. I completely understand the want to manually update software.
In app update prompts work for me, they have a TOS / Legal Entity it seems. They broke away from Startpage in recentish years.
Plenty of feature trade offs to compare though with Librefox.
> Plenty of feature trade offs to compare though with Librefox.
Yes, for sure. Definitively different goal alignments.
A UK Ltd. is less transparent than Librewolf, an open-source project run by many volunteers without the incentive to make any money.
Point 3 is no longer true, the installer comes with the option to enable auto-update and on Linux, it also auto-updates, depending on distro, etc.
The risks you are talking about are not inherent to Librewolf, but to Linux and open-source, and thus are not legitimate criticisms of Librewolf.
Genuinely, why not? Open source projects go through ownership changes (as unlikely as they may be), social engineering, etc. In the unlikely chance something were to happen and anything malicious were to occur, what recourse is a user to have? And we are talking about a web browser here, which will be accessing peoples most sensitive data. I don't think this is an unreasonable stance.
> A UK Ltd. is less transparent than Librewolf, an open-source project run by many volunteers without the incentive to make any money.
Well this UK Ltd is still beholden to English law and UK GDPR. You could argue the merits and teeth that GDPR has, but I don't see why it's not a valid comparison? I can't just start processing personal data without complying with GDPR, for example.
> The risks you are talking about are not inherent to Librewolf, but to Linux and open-source, and thus are not legitimate criticisms of Librewolf.
Linux has the Linux foundation, which AFAIK is going to be beholden to California law? I don't see how that can't also be a criticism of Librewolf (and any OSS in a similar spot?).
> Point 3 is no longer true, the installer comes with the option to enable auto-update and on Linux, it also auto-updates, depending on distro, etc.
It seems to me to still true, because the installer is installing WinUpdater. Which, as it seems, is maintained by an individual developer?
> If you want LibreWolf to be automatically updated (recommended), you can choose to install the LibreWolf WinUpdater[1], which is included in the installer.
[1]: https://codeberg.org/ltguillaume/librewolf-winupdater
1. https://support.mozilla.org/en-US/kb/privacy-preserving-attr...
[1] https://en.wikipedia.org/wiki/User:Guy_Macon/Wikipedia_has_C...
I can sympathise about general usability concerns but they don't really relate to the OP.
I personally run Ungoogled Chromium for anything that doesn't work in LibreWolf, which is fortunately not too much.
The value of words is leaving the web.
Everything else is just agreeing with the advertising industry on their idea that profile-building is fine.
These advertisers nowadays think they have they are entitled to everything, and Firefox just helped them.
All the other images are hosted by Wikipedia themselves and are not ad-related, so I don't see where's the issue here.
If a browser wants to be strict about what it loads, most of the web would appear broken. Maybe google could have the weight to force such change, but no way could mozilla impose such a strict rule.
Safari seems to be the only decent, privacy-focused browser left on the market.
Until the Ladybird arrives.
Safari has Private Click Measurement: https://webkit.org/blog/11529/introducing-private-click-meas...
And AFAICT, Mozilla's implementation is technically superior?
1. Define some baseline set of M impressions with various ad identifiers and from various sybil advertisers.
2. For each target user, define some set of M marker impressions, also with various ad identifiers and from various and sybil advertisers.
3. Save all impressions (marker + baseline) on a bunch of sybil browsers to get above the reporting baseline with some probability.
4. If/when a target user visits a target website, request a conversion report for each ad/advertiser.
You now have a baseline signal (from the baseline ads/advertisers) and a marker signal (from the marker ads/advertisers). If this is one of your target users, you'd expect their "marker" signal signal to be stronger than the baseline.
Might be worth opening an issue if you believe there's merit to the attack?
And I'm now quite sure this system is insecure. Fundamentally, either:
1. There is some magical sybil protection: An attacker can only spend their own privacy budget without affecting the rest of the system.
2. The system can be saturated: An attacker can spend everyone's privacy budget.
3. The system is not private: An attacker can exceed the "safe" privacy budget by combining information from multiple sybils.
Also, another assumption, but it’s that doc still builds upon the W3C proposal - would it not be worth raising as an issue in the repo? Seems to still be active.
I've filed an issue at https://github.com/patcg-individual-drafts/ipa/issues/90 but I'm still not sure if that's the right repo.
https://en.wikipedia.org/wiki/Mitchell_Baker#Negative_salary...
No idea how much the new CEO is being paid. Probably just as bad.