Seriously considering switching back to Firefox after all these years.
My anonymous source claimed that way back in 2005, Google wanted the full clickstream of billions of Internet users, and with Chrome, they’ve now got it. The API documents suggest Google calculates several types of metrics that can be called using Chrome views related to both individual pages and entire domains.
What answer do the engineers at google working on this have for this violation of privacy?
Personal (not work related opinion): This basically can’t happen with things like DMA and GDPR. DMA in particular means you can’t share data across “products” without explicit consent. So you could for example collect websites that don’t work for the purposes of improving Chrome, but not then share that with the Ads/Search orgs for personalisation or targeting, as far as I understand the legislation.
Personal opinion about work at Google (still not googles opinion) I’m consistently impressed with how seriously this stuff is taken and the amount of work that goes into making sure that things like this sharing can’t happen accidentally, and that user choice is respected. The engineers on the ground are absolutely making sure this all works, and most of us care deeply about user privacy. I have personally worked both on implementing new features that significantly push forward privacy, and on implementing privacy controls for regulatory purposes.
The thing is that preventing "sharing" isn't sufficient. People who are concerned about privacy don't want any such data collected or stored in the first place, ever. The implicit "sharing" of my data with Google (or whatever company) is a problem in itself. Regardless of how "seriously" Google (or whatever company) takes it, for a lot of the data I don't want them to ever have it in the first place.
This is a fair position to take, but assuming good faith all round, one that I think will typically be a minority. If you ask a user if they're willing to share crash reports only to improve the reliability of the software, I'd bet most people would be ok with this. In fact it's sufficiently reasonable that I believe GDPR allows this to be opt-out, something I broadly agree with. I do think opt-outs should be available, I do think there should be configuration available for those who do not wish to share anything, but if the laws are being met, in the right spirit, then I would hope it would provide little actual benefit.
assuming good faith all round
But why would anyone assume that? I think the position of many privacy advocates is that we're long past the point where it's reasonable to assume Google is acting in good faith in the best interests of its users. (Again, to be fair, this is true of more companies than just Google.)
Assuming good faith from a corporation is absurd.
Corporations measure success by one metric and one metric alone: shareholder value. Under our current system, a corporation that doesn't increase shareholder value is considered a bad company. Such a company is punished.
If Google can increase shareholder value by violating user privacy, and the consequences of getting caught won't reduce shareholder value too much, it's a bad company if it doesn't violate user privacy.
Of course there are mechanisms that slow this down, like laws and employees trying to follow laws, employee ethics, old guard culture, etc, but all will be defeated one by one for shareholder value.
If you ask a user if they're willing to share crash reports only to improve the reliability of the software, I'd bet most people would be ok with this.
You do realize the majority of people are completely oblivious as to why privacy matters as it relates to their data collection.
It's not that they're willing to do anything. It's that they're passive/apathetic when faced with vague prompts telling them about a matter they don't have insight on, after being bombarded by terms of service agreements, cookie pop ups, etc for years and years.
This is a fair position to take, but assuming good faith all round, one that I think will typically be a minority.
If they were aware of privacy implications / exactly what's being collected on them and how that data is being used, then it's safe to say that they'd be the majority. Can't blame them for not taking the time to read into the matter either, as most outside of tech are wrapped up with a million other hostilities in their daily lives.
Defend it all you want, but it's just one more unethical thing screwing people over.
That analogy doesn't seem like a match. If you ask a user if they're willing to share every action they ever take "only to improve the reliability of the software", a lot of them are going to say "wait, why would you even need that?"
If I'm letting you scrape crash dumps and my browser happens to crash in the request where I send my credit card information to xhamster, that's one thing. Odds are that's never happened to anyone. It's another thing for you to guarantee that you're planning to record that information.
You know most of the data Google collect are not crash reports. Most and all are not the same. And you would get most of the data you wanted if you asked according to you.
In fact your opinion is not a fact.
The right spirit is informed consent.
The thing is that preventing "sharing" isn't sufficient.
Exactly this. It doesn't matter that google doesn't "share" what they gather if they own so many conversion funnels from top to bottom anyway.
Yes and:
Require opt-in by default. In all cases.
All PII data at rest must be encrypted at the field level. Like how passwords should be stored. aka Translucent Database techniques. Not just in transit. Not just encrypting the whole database. But encrypt the actual fields within a database.
Constitutional privacy means personal sovereignty over oneself. (A superset of the folk definition of keeping secrets.) Meaning any and all data about me is owned by me. Any one using my data for any purpose has to pay me. (See opt-in by default above.)
I’m consistently impressed with how seriously this stuff is taken and the amount of work that goes into making sure that things like this sharing can’t happen accidentally
I believe the law is violated when it's sufficiently profitable -- it just requires VP permission.
No public sources for this except Jedi Blue, the old anti-poaching case, etc.
This basically can’t happen with things like DMA and GDPR
I'm sorry but this is just wishful thinking. It might be what the spirit of the DMA & GDPR want but definitely not the reality thanks to inadequate or outright non-existent enforcement.
There are businesses out there whose entire business model and revenue stream are based on violating the GDPR. Not some kind of internal conspiracy or rogue employee, but the entire company is doing it in the open and the result of its doings (targeted ads or spam) are visible out there in the open for all to see.
Facebook, credit bureaus, data brokers, "consent management platforms", etc. All these companies' business models are big, obvious breaches of the GDPR. Yet, they are... still alive and kicking?
There is no chance that a concealed GDPR breach (whether intentional or accidental) will get addressed when the biggest intentional breaches are still allowed to continue out there in the open.
I suspect something very similar is going to happen with the DMA - Apple is already acting in bad faith but have yet to see any consequences.
I am not an engineer at Google but this is I would say if I was.
We don't know who you are, you are just a number in a database, and we don't even know what number, we just get the total number of visits for each website, not who visited it. It is like counting cars on a highway, not following your car. Plus, it serves the useful purpose of providing you with better search results, the terms and conditions allow it, and it can be disabled.
we don't even know what number, we just get the total number of visits for each website, not who visited it
This is not what a clickstream is. A clickstream requires that the sequence of clicks be preserved, and preserving that sequence undermines anonymity.
It can be pseudonymous. It doesn't have to undermine anonymity.
Google researchers spend time ensuring k-anonymity (for reasonably large k) when using data.
Forgive my language but I'd expect people here to understand that's horeshit, they absolutely have enough data and patterning to de-anonymize the data. They spent time making it look anonymous.
GP explained what a click stream is and said that preserving click sequences undermines anonymity. De-anonymization is not a conclusion you can draw from only mentioning "click stream."
De-anonymization would require linking that click stream with something that identifies the user, rather than the click stream. Perhaps that exists, perhaps not. GP didn't provide enough material to go that far.
Exactly because Google has these powers is why they have internal processes to avoid it. Of course there are products that use non-anonymous data, but this idea that everything at Google flows around with user-IDs for everyone to use and abuse is a weird stance. Google has a lot of internal auditing and validation systems when e.g. reading logs and doing feature extraction.
But I also got way more respect for Google's internal systems after I worked there than before, so I understand your scepticism.
The data doesn't have to be tied to me directly to affect me directly. If my clicks suggest that I'm a wealthy woman, isn't that the reason enough to try and connect me with advertisers that try to sell overpriced shoes? Let's downrank all the good deals, surely she can't be interested in 10$ sneakers. If my clicks suggest that I'm from Russia|Ukraine, isn't that the reason enough to show me one side of the news more then the other?
In some way our interests define us more then social security number assigned.
The obvious response being that counting cars on the highway is a necessary first step on the road to identifying and then tracking their movements.
Similar to how insurance companies have offered voluntary, “anonymized” data dongles for discounts that are now being used (or at least revealed to be used) to collect data most often used to reject claims.
Agriculture is a necessary first step toward a dystopian society, so clearly we should ban agriculture.
The logic does not follow. "A is required for B, B is bad, so A is bad" is not logically valid.
I absolutely agree — my statement was merely one of fact; to get to point B, one must first achieve point A.
Much like inventing the wheel (positive) is a necessary precursor to both ambulances/fire fighting (also positive), as well as DUIs (less positive).
The larger point being simply that I find it somewhat disingenuous for those of us who consider it our job to think through problems from many angles to pretend we’re somehow unable to imagine the potential unfortunate consequences arising from our work, given the existing Powers That Be (meaning both entities and trends).
How is it a violation of privacy. Did you read the terms of service?
A tos announcement is not an explicit consent. I doubt that this will help in court, even pre-GDPR.
Further, a TOS announcement can be easily construed as an admission of intent to fuck users.
It's a privacy violation regardless of the ToS.
See, that’s the nice thing about the GDPR: You cannot hide unexpected hostile stuff in the ToS anymore. If you don’t tell me what you do with my data in a way that is obvious, easy to understand, and most importantly easy to disable, it’s illegal.
That would be money. If someone has another excuse, they are naive or lying to themselves.
It certainly is not "to improve the net or advertising" - that would be the lying part.
Google has done some good for the net, but the scales of their contributions slowly but steadily move to the negative side.
Reminds me of the studies they’ve done on cognitive dissonance/lying.
Basically if you believe lies you tell yourself, they tend to turn into truths in your mind over time. Even if you were doing it “ironically.”
What answer do the engineers at google working on this have for this violation of privacy?
The same answer you probably have for the millions of questions about what the things you do that some other people find offensive to their personal views and beliefs.
And that's why if a developer doesn't use Firefox and uses Chrome, they are just helping a monopoly take over everything and make a mess.
Any user, not just developers
Developers just replaced IE as the only thing they develop for with chrome, users then _have_ to use chrome because of web developers who only develop for chrome and consider any behaviour other than "it works in chrome" as a bug in other browsers, just as they did with IE.
Then there's the relentless parade of "alternative browsers" that are just chrome skins - a period IE also went through - that intentionally try to trick people into believing they're not just using chrome but with less security engineering, and more scams.
You’re conflating lots of unrelated things. IE was a horrible browser to support because Microsoft deliberately implemented their own incompatible version of web standards, or refused to implement modern standards. The push to deprecate IE was because it was creating a massive burden, I personally dealt with IE6 support in corporate world and can attest it’s depreciation was necessary.
What you call chrome skins isn’t a thing, people are building softwares on top of Blink, the rendering engine used by Chrome. The issue here is the risk of ending with a single rendering engine for the majority of the browser market, a diversity of engine ensure a good respect of web standards, that has nothing to do with privacy or security.
When you say “they just replaced IE”, that was >10 years ago…
You’re responding to someone complaining about an overly authoritative government by saying that you don’t see the problem, it’s just that the local police force tortures people with downright medieval techniques.
What
While I obviously disagree with your prior comment, I feel "What" is a pretty much perfect comment here. +1.
What.
It seems like my analogy was too difficult to follow.
The point is that the fundamental problem is a company in a monopoly position throwing their weight around and/or keeping their product stagnant “because they can”, which is also a function of power. This is the “authoritarian government”.
The police part is referring to people thinking of specific IE6 technical issues “as the problem”, when it’s just a symptom of a larger problem.
Microsoft treated web developers badly because they could. Google will abuse the whole world in the same way now that Chromium has achieved near total dominance.
It became trendy recently to break compatibility with Firefox. Blogs almost bragging about how they boldly made the choice. Very embarrassing stuff
Do you have examples? I would like to see how they talked about it.
It’s on hn here or there, or in random blog posts shared in here. Just keep your eyes open for a bit and you’ll see something pop up
As soon as they add the ability to configure shortcuts, I'd more than happy to. After several years of requests, we're finally seeing some movement on their end.
Shortcuts? Like bookmarks?
Or search engine keywords in the address bar? https://support.mozilla.org/en-US/kb/how-search-from-address...
Or adding “top site” shortcuts on the Firefox New Tab page? https://support.mozilla.org/en-US/kb/customize-items-on-fire...
I hear you. But at the same time our duty on this planet as developers is to take one for the team when it comes to minor issues like this, which I am assuming this is for you. Otherwise the world will be consumed in the flame of the monopoly which others do not care about who do not understand browser engines.
GoogleApi.ContentWarehouse.V1.Model.AppsPeopleOzExternalMergedpeopleapiAboutMeExtendedDataPhotosCompareDataDiffData
Java, is that you?!
Missing the ‘ManagerAgentUtil’ at the end.
FactoryFactoryImpl
Builder
Bean
Singleton
Factory
Singleton Factory, good one, haha. It was worth fending off the downvotes to reach that punchline.
EDIT: I just searched this term and it actually exists. Sometimes I despair of my chosen profession.
https://news.ycombinator.com/newsguidelines.html
Omit internet tropes.
Indeed. Eschew humor. Avoid anything not super serious. Laughs aren't allowed on HN.
There's a difference between humor and pattern-matching memes like you see in Reddit threads.
I laughed, that's good enough for me. I don't care for snobbiness.
I don't know what you want here.
The grandparent comment quoted the site's rules. I provided my opinion what is humor vs internet tropes.
I want people who aren't snobbish and rule-lawyering. This isn't middle school we don't need hall monitors.
This just proves all the "suspicions" privacy-conscious users have had about large corporations fingerprinting users, often in very obvious ways. There's often no better place to find ideas for surveillance than the people conscious about being surveilled.
Many of the SEO suspicions were confirmed too.
I found it VERY amusing if you go to r/SEO just yesterday there were moderators and flaired users (you know, the elites of the SEO community, lol) insisting much of this was "debunked" years ago.
They of course deleted their posts, but the threads are still up. What a den of scammers over there.
https://www.reddit.com/r/SEO/comments/1d1eqjj/comment/l5tvfw...
https://www.reddit.com/user/WebLinkr/
I love how reddit is turning into the new SEO scam over night because of this stuff. Great work as always Danny Sullivan!
SEO is vandalism and I one day hope the majority of Internet users see that
SEO is just another form of advertising, with all the costs, benefits and externalities of any other form.
Advertising is also vandalism
Without agreeing, I'm sympathetic to that point of view.
I had experience working with seo specialist, most of people in seo are there because good money is paid by startups to bring there site organic traffic by whatever black hat seo method, seo stands a good marketing tool for these startups.
Perhaps, though a world without SEO doesn't necessarily surface the best content either. Not everything about Google's algorithm that's subpar is because of spam or SEO.
There's no world with SEO that is a positive, don't delude yourself
I didn't say anything like that, don't delude yourself.
Most people are aware but are powerless to do anything about it.
It's just endlessly fascinating to me the grift on rSEO
How these types first gain moderator status on a few subs and then the spam begins (picture of spam https://pixeldrain.com/u/a6qUPjTq )
I haven't been able to find a single legitimate expert in the entire sub, and I've checked about every flaired user and moderator.
You have lots of people like the above, or https://www.reddit.com/user/jesustellezllc/ that claim to run an agency in Frenso California called Ozelot Media, but when you look him up there's nothing. When you google "SEO" + "Fresno California", Ozelot media isn't even in the top 100 results. Lol, I thought that was the job of a SEO-type? Why let that stop the grift though?
If anyone is surprised about chrome sending urls to Google, you can turn the “feature” off by unchecking “Make searches and browsing better” in the sync section of Google chrome settings.
Creepy.
"But what if I don't want my own computer to build and share a detailed profile of everyone I know, everywhere I go, all my preferences, and how to manipulate me?"
"Well obviously it's your fault for not picking the 'Don't Be Cool' option on subpage 27b-6, duh!"
Yeah. It's victim blaming. Reminds me of "they should have shouted louder".
The confusing thing is the crime itself is small on an individual level. The question is: does it add up cumulatively if a small crime is committed against many?
I don't know if it's "Victim Blaming"...I teach Digital Literacy courses for seniors new to technology. While I do set them up with Firefox and Ublock, we generally have them use Gmail as they are all Android Devices. Google sends a confirmation email to walk each one of them through their security settings. Of course most users just ignore this email (like I used to have students do) but now we go through it and uncheck this setting in all my courses, and unpersonalize ads as well. Feel like the most basic user who has even the tiniest concern of data privacy should know how to look at their Google Account settings. These are 80 year olds who don't even know what a "click" is but they know to be skeptical of using Google.
please also explicitly teach folks to re-visit settings frequently; apps/webui's love to change settings, and often opt-in to new "features". one thing i feel is underrated is the frequency at which those settings change on users for the company's benifit
A small crime can result in massive power. Knowledge is power.
Barring the ethics you can single handedly use such data to manipulate stock market, countries etc.
It’s just too much power
Or, and hear me out, you never use Chrome again, in any platform.. like ever ever again.
I only have chrome installed for a couple of work related sites that don't display correctly on firefox. I dont get to choose not use the work related site and MS edge likely isn't any safer and also is not available on my choice of operating system
you could use ungoogled-chromium, brave, vivaldi
Is that part of Chrome not open-source?
Presumably no, I haven't seen any overly creepy shit in Chromium. There's a project called ungoogled-chromium that tracks all the Google junk in Chromium and gets rid of it, their patch set is actually surprisingly small:
[1] https://github.com/ungoogled-software/ungoogled-chromium/tre...
Imagine thinking you can escape your abuser by living in their house and asking them politely to stop.
Prior to the email and call, I had neither met nor heard of the person who emailed me about this leak. They asked that their identity remain veiled
And yet the journalist included a screenshot with one of the weakest blurs I've ever seen... Why would you not excise the person's video portion completely? What good does it serve to have it included in the story? Even if that portion is faked, why would you offer potential signals like skin complexion, hair color, background picture, etc.? Why...
The author is Rand Fishkin, who's not a journalist. He's the founder of SparkToro and Moz, both companies that provide tooling and analytics for SEO.
I haven't looked deeply into Fishkin's companies, but I wouldn't expect either to be on the user's side when it comes to privacy. Both companies seem to monetize clickstream data and personal information from users who probably didn't give informed consent.
If the source was trying to get this information to a responsible journalist who cares about privacy, I have no idea why they'd approach a company (not even a news organization) who seems to fund the erosion of user privacy.
And since then, the person on the call has revealed their identity. This was an SEO bro talking to an SEO bro about something they found on Github, not an insider leak.
Both companies seem to monetize clickstream data and personal information from users who probably didn't give informed consent.
I don't think you know what you're talking about. During Rand's tenure Moz was a subscription business selling access to marketing analytics tools. Those tools focused on the structure of the clients' sites themselves rather than any analytics they might have consumed.
Source: I worked at Moz for several of those years, and helped maintain those tools.
To make it worse, he made clear when the call had happened, and you have: 1) Who was in the call 2) When the call happened 3) A blur instead of a complete black out
I'm not sure I would feel safe reporting stuff to journalists nowadays.
This person is not a journalist.
That also struck me as odd. And seemingly a violation of journalistic best-practices of protecting sources. I sure hope this was done with consent of the anonymous source.
weakest blurs I've ever seen
Isn't this the same type of "swirl" blur that Interpol was able to reverse even 10 years back? With advancements since then you're basically handing evidence on a silver platter.
It's a fake background.
It's also clearly from Google Meet so... yeah. If he was worried about retribution (from Google, anyway) then they probably wouldn't have been using a Google service.
Seems like a lot of it came from them inadvertently posting some internal API to GitHub: https://github.com/googleapis/elixir-google-api/commit/078b4...
I guess too many people got laid off to do the whole "three reviewers per PR" thing!
When I was at Google (about a decade ago by now), we had two reviews per PR; not three. Could you tell me more about the third review?
I think GP meant <Author>, <Reviewer 1>, <Reviewer 2>
And it's Apache licensed, which grants a patent license. Some of the comments refer to specific aspects of how page rank is calculated. Pagerank itself is past patent protection but I wonder if this also accidentally might grant licenses to other patents.
There's still an angle where the copyright owner claims that the person who caused this to happen did not have the authority to apply the license to it.
Oops, someone’s script was too greedy when uploading those elixir api documents.
What I find most interesting about this is that a lot of supposed "smart" algorithms of Big Tech are in fact a patchwork of "dumb" rules rules and human-picked winners. This would explain why the quality of search results is failing to keep up with developments in LLMs.
This also explains why it's impossible for incumbents to unseat the winners in many search categories -- because they've literally been picked as the winners by humans at Google.
Looking at my Twitter/X feed, I also see an oddly similar dynamic. Certain accounts appear to have been manually boosted, showing up all the time -- whereas others posting even the same exact content will never appear.
Silicon valley will loudly tell you all about how wonderful they are at "democratizing," however, if you look under the surface it appears they're just hand picking the winners.
because they've literally been picked as the winners by humans at Google
Is there evidence of that in the leaked documents?
Yes, it’s in the linked article.
I read the linked article. It doesn’t say that.
#4: Employing Quality Rater Feedback
You mean the Search Quality Raters that Google has written about extensively in public[1] including the 170 page quality rater guidelines doc?
This isn't a secret, nor is it the smoking gun you seem to think it is.
[1] - https://www.google.com/search/howsearchworks/how-search-work...
I believe these are the leaked docs: https://hexdocs.pm/google_api_content_warehouse/0.4.0/api-re...
... why the hell would an anonymous source use google meet to share info on google? ... so much for remaining anonymous :/
From the article:
Boosting "organic traffic":
- Brand matters more than anything else
- Experience, expertise, authoritativeness, and trustworthiness (“E-E-A-T”) might not matter as directly as some SEOs think.
- Content and links are secondary when user intention around navigation (and the patterns that intent creates) are present.
- Classic ranking factors: PageRank, anchors (topical PageRank based on the anchor text of the link), and text-matching have been waning in importance for years. But Page Titles are still quite important.
- For most small and medium businesses and newer creators/publishers, SEO is likely to show poor returns until you’ve established credibility, navigational demand, and a strong reputation among a sizable audience.
TL;DR: Clickbait + bot farms are the way to go. No wonder the internet is going to shit.
A sample of statements from Google representatives (Matt Cutts, Gary Ilyes, and John Mueller) denying the use of click-based user signals in rankings over the years.
It doesn't look like a leak but a misdeployment.
Same service wrappers from two years ago: https://github.com/googleapis/google-api-php-client-services...
For those out of the know, what's a "crap" in this? A "crap crap"?
What's stopping you? I use both browsers and I see no reason why someone would pick Chrome over Firefox at this point in time.
(Some) sites don't work on Firefox.
Sure it isn't frequent, but it is frequent enough that once a day or so I have to open chrome to do something.
Seriously curious what sites those are, especially if it's not the same page every day. It literally never occurs to me (using Firefox again since 3-4 years) but I mostly browse dev-related websites.
jlcpcb's site is often broken in firefox, sadly. i keep chrome around just for it.
Worked for me when I've used it in Firefox. What isn't working?
Try ordering a PCB or seeing the list of house parts for PCBA
Not sure where the list of parts is, but I've ordered PCBs using Firefox.
I used to as well, sometimes it works and sometimes nothing on the page is clickable. New FF profile does not help, chrome works every time and their support has told me many times "we only chrome support sir"
At least they're polite about it. :-)
One example I often run into: Plaid (the bank-linking company) doesn't work. Just hangs. Though I'll admit it's possible they fixed it. I've been trained to use Chrome when I have to interact with it.
I have the same problem. I certainly don't use Chrome daily, but do have to keep it around, typically for shopping checkout and a fair number of US government websites don't work on any browser but Chrome.
Some government and hospital websites in Taiwan.
Some startup websites I applied to.
Payment portals are a big one. Non-stripe or PayPal. But even there, if it's a new window payment flow, there can be issues on Firefox.
I've been daily driving Firefox since quantum and up until 2012, but 2fa registration is still needlessly locked out on some sites (need to open up chromium to register the key)
https://business.apple.com simply throws an Unsupported Browser error when trying to visit from Firefox. Unfortunate, but it's another one of those "gotta do it for work" things I deal with.
ICYDK, do consider reporting on https://webcompat.com if you see them.
Once a day? That’s huge. What sites? (I use Firefox daily for about the last year and haven’t had this kind of issue)
Have people never heard of Brave?
While the reasons someone would pick Firefox:
- uBo works better in firefox https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-b...
for now the seamless extension switching using Extensity. I am yet to find an extension on Firefox which can deliver this functionality.
No shortcut configuration.
I've been using Firefox since Chrome forced users to sign in to the browser with their Google account, and I'm quite happy.
The only time it's a problem is when a site detects Firefox and won't display unlocked your using chrome or IE. I've only seen that a couple of times in the years since I switched back
How did Chrome force you to log in? I've been using it signed out for the longest time.
Back in 2018, Chrome released an update that automatically logged users into the browser if they'd logged into a google. It was done silently and automatically, and it was a pain to log out of. They faced a ton of backlash (https://www.pcmag.com/news/google-faces-privacy-backlash-ove...) and rolled the feature back, but that was the tipping point for me. I've been a happy Firefox user since
Even in that case,there are Firefox extensions to change your user agent. Suddenly the app requesting Chrome/Edge works perfectly, even though we are running in Firefox.
I've been using Firefox since the days when it had the other name. Meanwhile, I use Floorp [1], which is based on Firefox, but offers much more possibilities for customization. I am very satisfied, except for the stupid name...
[1]: https://floorp.app/en/
Not to be a stickler, but just a note it no longer counts as FOSS or even open source I believe, with their new licence: https://github.com/Floorp-Projects/Floorp-private-components...
It’s left a bad taste in my mouth since they used the work of others to get to where they are, then when others do the same, they don’t like it.
Go for Firefox and keep ungoogled-chromium[0] for those sites that refuses to work properly on non-Chromium browsers.
[0] https://github.com/ungoogled-software/ungoogled-chromium
… just considering?!? What is it gonna take
Firefox is better than Chrome [in the privacy aspect]... but still pretty terrible.
It sends a lot of "analytics" and "tracking" to some of Mozilla's servers, but if you inspect the requests, those servers are actually behind Google's CDN,and Google does the TLS termination.
So... Google has access too all the data that Mozilla sends when it phones home. Some of it even has a unique identifying id.
I have used both for many years, and now, I see little difference in practice. I am leaning more towards Firefox these days. Main change is that I now use Firefox as my main mobile browser for ad blocking reasons. A few websites don't work on Firefox, I use Chrome for these few.
I don't consider it a problem to use two browsers at the same time, I usually don't to the same thing with them, so having separate profiles can be an advantage.
Note that privacy is not the reason why I am using Firefox. It is just that I think that knowing both is a good thing, and they are both good browsers, so why not? In some case, Firefox is better, in others Chrome is better, most of the times, they are interchangeable.