Every time Mozilla steps on a rake regarding privacy or security, people come rushing out telling everyone to switch to Firefox forks. And I always feel bad about it, because if your main concern is privacy or security, there is no scenario where you would be better off on a Firefox fork
reshared this
Jason Lefkowitz
in reply to Jason Lefkowitz • • •"Explain." OK.
1) No Firefox fork is doing large-scale engineering work on the browser. They're all small teams whose main contribution is things like different configuration settings. If Mozilla dies, these forks will all die too.
2) Some forks consider it a feature that they keep old, insecure APIs Firefox itself abandoned because they could not be secured (NPAPI, XUL, etc.) Mozilla could not secure these APIs; forks aren't going to be able to. Most don't bother trying.
3) You're still running on Mozilla code, so your trust model still includes Mozilla. Now it just also includes a third party. Do you trust them? Why?
reshared this
Hubert Figuière, Yamainu 🏳️🌈, Eleanor Saitta, jwz and Janne Moren reshared this.
Jason Lefkowitz
in reply to Jason Lefkowitz • • •Jason Lefkowitz
in reply to Jason Lefkowitz • • •Follow-up points, to answer frequently asked questions:
"Are you saying I should switch to Chrome?" No. I hate Chrome. I'm just saying no current Firefox fork is the silver bullet many people seem to think it is.
"Are Firefox forks inherently doomed?" No. I could imagine a Firefox fork that was a credible alternative. It would just require a lot more resources than any existing fork has.
"What's your suggestion then?" I don't have one. The options all come with a long train of drawbacks. You have to choose which drawbacks you can live with.
"That sucks!" Yeah man. Everything sucks these days. I don't know what to tell you
reshared this
Janne Moren, skze and Lazarou Monkey Terror 🚀💙🌈 reshared this.
Wolf480pl
in reply to Jason Lefkowitz • • •ok, but consider the following:
If every time Mozila steps on a rake, we will stick to Firefox, because that's still the least bad option, what will Mozilla learn?
That there are no negative consequences from stepping on rakes.
Conversely, if every time Mozilla steps on a rake, we take a destructive action that hurts both us and Mozilla, then hopefully Mozilla will stop stepping on rakes.
Now the question is, what is the best way to make Mozilla suffer?
alcinnz
in reply to Wolf480pl • • •@wolf480pl Personally I think we need a more radical answer!
We need a better web where we don't up begging Mozilla (or whoever takes their place) to stop stepping on those rakes!
Lorraine Lee likes this.
josemanuel
in reply to alcinnz • • •@alcinnz I'm all for that as long as we stop talking about it and start working on it, even if it eventually leads us nowhere.
@wolf480pl @jalefkowit
Lorraine Lee
in reply to josemanuel • •#Gemini is the alternative to the bloated #WebStandards that we all deserve. It's an even smaller slice of the audience pie than Firefox, though. I think the goal is not to make Mozilla suffer, but to make sure the 0.01% who want to operate noncommercially on the Internet are not edged out entirely. The question is whether commercial and noncommercial can "share the road" on the so-called information duperhighway. I call it the information duperhighway because it has the economic climate of a carny show.
If what you need is an agent to do your online banking, there will never be an open source way to interface with that until the banking monopoly is busted. (Note, I'm not a Christian, this is one of those stopped clock things) Keep that chromium browser, or handset mfr supplied Spamdroid phone, on hand for unavoidable "number of the beast" type transactions, while minimizing your involvement in elective NOTB stuff such as main$tream $ocial media, while putting out feelers for community in non-web Internet resources such as Gemini, or the Fediverse accessed via open source non-browser utilities such as Tuba, Relatica, etc.
Wolf480pl
in reply to Lorraine Lee • • •@lori @alcinnz @josemanuel
> Gemini is the alternative to the bloated WebStandards that we all deserve
but not the alternative we need
Lorraine Lee
in reply to Wolf480pl • •alcinnz
in reply to Lorraine Lee • • •@lori @wolf480pl @josemanuel Personally I'm sticking with HTML+CSS because:
1) I love writing inline links & emphasis, though I understand why others wouldn't.
2) There's *lots* of existing pages which at least mostly restrict themselves to this subset, which deserve preserving.
3) I don't consider HTML+optional-CSS unwarranted complexity.
alcinnz
in reply to josemanuel • • •Yes, I should get back to it...
Thankfully I'm not the only one doing something about it!
@wolf480pl @jalefkowit
mav
in reply to Jason Lefkowitz • • •Th3 Wr3w
in reply to mav • • •@mav
We use browsers for everything, meaning it’s the single best source of info gathering companies have. Information / data = money. These companies and organizations know that and want that cash, and that automatically means our privacy is in jeopardy.
What we need is a truly independent browser, built and maintained by a non-profit like The Veilid Foundation that is dedicated to providing for privacy and security and restoring your data to…. You.
It’d help if it was fast and didn’t suck, too.
Jason Lefkowitz
in reply to Th3 Wr3w • • •@Wrewdison @mav This is all true. It would also cost an absolutely eye-watering amount of money.
This is the nut of the problem. The browser has become an enormous platform. It's too big a project for a small team on a small budget to tackle. Creating a new browser from scratch requires a large team and a large budget.
Everyone wants that to happen, but nobody's figured out where the money to pay for it all would come from.
Lorraine Lee likes this.
Th3 Wr3w
in reply to Jason Lefkowitz • • •@mav I’m kind of feeling like the “it’s too big and would cost too much” thing is more assumption than fact. That’s not to say it’s untrue, just that I think there may be some underestimation of what a small but focused team can accomplish with a fairly small budget.
Browsers are big - but they don’t necessarily need to be.
Jason Lefkowitz
in reply to Th3 Wr3w • • •@Wrewdison @mav I mean, if you think you can compete with Chrome on a small budget, by all means do it. Prove me wrong! I would LOVE to be wrong.
I'm just going off what everyone I've heard talk about the subject who works on browsers has ever said. The modern Web platform is MASSIVE. It includes 3D graphics. It includes USB. It includes Bluetooth. Which of those bits do you leave out? How do you explain to users that they don't really need it, when they can get a browser that includes all those features from Google for free?
It's a hard problem.
mav
in reply to Jason Lefkowitz • • •@Wrewdison I mean, from an OS standpoint, the browser essentially is all of userspace. Essentially the only thing it doesn't do is provide the hardware interface. A kernel plus a browser is like 95% of an OS, which is exactly what Chrome OS is.
So that's the target scope.
Steve Lord
in reply to Th3 Wr3w • • •@Wrewdison @mav we need better frameworks and standards for simpler services. We need people building for Dillo+ and ladybird, not chrome.
Simplified standards leads to a smaller attack surface. Not good for everything but good enough to get off the treadmill.
reshared this
Lorraine Lee, Not a certified biri-biri technician and n8chz 🩎 reshared this.
Lorraine Lee
in reply to Steve Lord • •Steve Lord likes this.
reshared this
Steve Lord and n8chz 🩎 reshared this.
Lorraine Lee
in reply to Steve Lord • •like this
Steve Lord, Average and Eggler like this.
n8chz 🩎 reshared this.
René
in reply to Jason Lefkowitz • • •Jordan Maris 🇪🇺 🇺🇦 #NAFO
in reply to René • • •mav
in reply to Jordan Maris 🇪🇺 🇺🇦 #NAFO • • •@jmaris @muzicofiel @Wrewdison
It did clear up some things, but there are still a number of questions that remain unanswered (and likely that's intentional.)
Th3 Wr3w
in reply to mav • • •@mav @jmaris @muzicofiel possibly intentional, but doubtful it’s anything nefarious.
I’ve been on the other side of this before, where some terms of service had to be updated and there was some serious talk about what nefarious plans we had. There weren’t any, it was lawyers taking what we (the product management org) provided about the services and throwing in a bunch of legalese to “protect us from those who would seek to throw frivolous lawsuits at us”.
Don’t get me wrong - sometimes there is nefarious shit happening, but I don’t think this is one of those times.
That said, I’ve been wrong before so, 🤷🏻♂️
mcc
in reply to Jason Lefkowitz • • •Hi, I see your point, but here is the problem. The new Firefox Terms of Use, the one with unacceptable IP terms, contains this line:
"These Terms only apply to the Executable Code version of Firefox, not the Firefox source code."
Therefore, I must use a fork of Firefox (or at least an alternate build/distribution, such as Debian's) or I must switch to Chrome. Those are my only options. I am unable to take your thread as anything except an argument to switch to Chrome.
Jason Lefkowitz
in reply to mcc • • •@mcc My argument isn't specific to the current ToS changes.
I agree that the current options suck. I don't like them any more than you do. I just don't see any existing Firefox forks that offer a compelling reason to believe they are a long term solution.
Preston Maness ☭
in reply to Jason Lefkowitz • • •mcc
in reply to Preston Maness ☭ • • •Mattias Eriksson 🦀🚵♂️
in reply to mcc • • •Maybe the data harvesting protection clauses should be moved from the EULA to the software license. That way it isn't something you can change on a whim.
Don Marti
in reply to Jason Lefkowitz • • •Good point. If you have the IT skills to switch to a Firefox fork, you can probably do your own enterprise configuration management (easier in the long run than drilling down in settings or about:config because it covers all profiles and accounts) codeberg.org/dmarti/browser-ad…
(yes, someone please do Mac OS and MSFT Windows versions of this)
browser-adfraud-protection
Codeberg.orgMichael Downey 🧢
in reply to Don Marti • • •@dmarti True, but the problem here isn't so much a technical one as it is a legal one that seemingly could only be solved by creating a new binary, no?
There isn't any config switch to "decline TOS" is there?
No way my (or any) IT department is going to allow users' consent to involuntary MITM attacks.
#Mozilla #Firefox
Don Marti
in reply to Michael Downey 🧢 • • •reshared this
Lazarou Monkey Terror 🚀💙🌈, Lorraine Lee and n8chz 🩎 reshared this.
yoasif
in reply to Don Marti • • •@dmarti @downey There is a plan for a clickwrap:
>And actually asking you to acknowledge it is an important step, so we’re making it a part of the standard product experience starting in early March for new users and later this year for existing ones.
blog.mozilla.org/en/products/f…
Introducing a terms of use and updated privacy notice for Firefox
Kristina Bravo (The Mozilla Blog)Lorraine Lee
in reply to yoasif • •David Hembrow likes this.
yoasif
in reply to Lorraine Lee • • •Mozilla’s approach to Manifest V3: What’s different and why it matters for extension users
Kristina Bravo (The Mozilla Blog)Lorraine Lee
in reply to yoasif • •n8chz 🩎 reshared this.
yoasif
in reply to Lorraine Lee • • •Lorraine Lee
in reply to yoasif • •yoasif likes this.
Don Marti
in reply to Lorraine Lee • • •@lori @yoasif @downey building advertising features into browsers is a current fad. Eventually it'll stop being a thing—hopefully as soon and with as little harm to users as possible.
Firefox is definitely hinky out of the box, but you can still reliably turn off the problematic stuff (my Linux version is here, can someone do Mac OS and MS Windows? codeberg.org/dmarti/browser-ad… )
browser-adfraud-protection
Codeberg.orgDon Marti
in reply to Don Marti • • •yoasif
in reply to Don Marti • • •@dmarti @lori @downey That is interesting -- do you have any handy reference for that (sorry for the #lazyweb query)?
Do you think that it matters that Mozilla claims California as their "choice of law" in the context of the clickwrap and EU?
Don Marti
in reply to yoasif • • •@yoasif @lori @downey
noyb.eu/en/firefox-tracks-you-…
gdpr-info.eu/issues/consent/
hypothetically there could be a single form that could be both a software license and consent to processing, but I'm not seeing it (and at least one Firefox ad feature is complicated enough that it would take a lot of explanation to get users informed about what they're turning on)
Firefox tracks you with “privacy preserving” feature
noyb.euawoodland
in reply to Don Marti • • •Don Marti
in reply to awoodland • • •Mozilla hit with privacy complaint in EU over Firefox tracking tech | TechCrunch
Natasha Lomas (TechCrunch)Digital Mark λ ☕️ 🕹 🙄
in reply to Jason Lefkowitz • • •I think you don't understand Mozilla's motivation. They didn't "step on a rake". They're doing what they can to make Firefox more profitable or less competitive for their owners, Google.
Mozilla is not some happy idealistic pod, they're agents of Google, living off Google's money.
And they make that money by putting in more spyware and ads. You cannot expect to have any privacy or security on a Google product like Chrome OR Firefox.
reshared this
Lorraine Lee and n8chz 🩎 reshared this.
Lorraine Lee
in reply to Digital Mark λ ☕️ 🕹 🙄 • •But can you have reasonably independent (as in independent of $ itself) implementation of Tha Web Standards when that standard gets more complex with every iteration? Ladybird has an impressive list of sponsors, some individuals, but most of the larger ones being tech firms, as far as I know none of which are among the "tech giants," but I'm guessing some nonzero number are Fortune 500.
I'm probably in the minority among open source (or free software) advocates as someone who thinks of open source as a means to the end of noncommerciality, but I do see "sponsored" and "independent" as mutually exclusive. Maybe it's one of those happy medium things. Mozilla is not an idealistic pod (massive understatement) and therefore sells out at every opportunity, but yours truly is an over-idealistic no-account dreamer who has accomplished nothing.
Digital Mark λ ☕️ 🕹 🙄 likes this.
n8chz 🩎 reshared this.