return to table of content

For advertising, Firefox now collects user data by default

latexr
100 replies
9h3m

It’s clear in retrospect that we should have communicated more on this one

What isn’t clear, in retrospect or otherwise, is why companies/apps/services need to keep learning this lesson. The user outcry was utterly predictable from even before the first web article was out. The fact that no one with decision power at Mozilla saw it coming is worrying: either they have zero understanding of people’s concerns for privacy or they don’t care. Neither is good.

Klonoar
60 replies
8h35m

> The fact that no one with decision power at Mozilla saw it coming is worrying: either they have zero understanding of people’s concerns for privacy or they don’t care.

Or the third option: they feel the tradeoff of HN & co's criticism style is not a big deal in the end. Criticism of Mozilla in general is very warranted right now, but the way(s) in which everyone is doing so just feels very out of touch with the actual situation. ;P

They're - by their own words - trying to do something in a privacy preserving way because the ad industry is not going away. They might fuck it up at first, and that's why it's an experiment. It's also possible to disable it, it's not like you're trapped in it.

This thread in general feels like it leaves Mozilla no room to experiment or find any form of growth. People want them to be "just a browser" but then also expect them to be stewards of the web - and then cry foul when they actually try to find a setup that fits into the current model of the web.

pdimitar
15 replies
8h19m

It's also possible to disable it, it's not like you're trapped in it.

Or so they say, in order to make people be OK with it. They might play the waiting game and in a year or two will make the setting not do anything and still collect / send data, hoping that by that time people have forgotten.

Klonoar
13 replies
7h57m

There is so much hypothetical-borderline-conspiracy-theory packed in to this single comment that I cannot find a charitable response.

I'd be fine to continue the discussion if you can find a way to engage without assuming that the people who build one of the last checks on the open internet are somehow trying to maliciously invade your privacy.

closewith
7 replies
7h27m

The days of Mozilla having earned the benefit of the doubt are long gone for most people.

The person you replied to made a reasonable point and your response reads as defensive and dismissive. Do you have an interest in Mozilla we should know about?

Klonoar
6 replies
7h12m

Eh, I don’t think my comment is defensive. I also could’ve just ignored the comment.

I explained to them that I’m open to discussing but there’s nothing to be gained when the comment starts off in conspiracy theory. It’s an open source project, people will 100% notice if they tried to do what the parent comment is suggesting.

closewith
4 replies
6h32m

It certainly reads defensively.

It’s an open source project, people will 100% notice if they tried to do what the parent comment is suggesting.

No-one thinks they'll lie about it. They'd announce it quietly just like this change, letting the fuss blow over. The average user would never even realise and Firefox would continue on its journey towards user hostility.

Klonoar
3 replies
5h37m

You’re certainly welcome to read it however you’d like.

OP specifically said “make the setting do nothing while still collecting the data”. I don’t know about you, but a setting that acts like that would be akin to lying.

The comment chain is pretty clear here IMO.

closewith
2 replies
4h41m

OP specifically said “make the setting do nothing while still collecting the data”. I don’t know about you, but a setting that acts like that would be akin to lying.

Well, that is what Firefox did here. They created a new feature, defaulted it to on, in direct contradiction to user choices. We know this because this Web Site Advertising feature defaults to on even where the user has the strictest level of tracking protection enabled and even when the DNT option is selected. Even so, Mozilla has decided that this form of tracking is not covered by those clear signals of user intent.

So why not believe that Mozilla will do this again. Deprecate existing tracking choices and enable Web Site Advertising tracking for everyone. Like this change, it would be announced and decried and ultimately used by the majority of users who don't follow browser changelogs.

What will happen is that privacy advocates like me will recommend not to use Firefox, as it's functionally equivalant to Chrome is this respect and far less supported, and Firefox will continue to die.

This pains me as a former contributor and advocate, but it's almost inevitable now unless a privacy-focused non-profit can fork Firefox and leave Mozilla to it's decline. I would even pay for a Firefox fork, but I will never donate to or purchase again from Mozilla.

Klonoar
1 replies
3h27m

> Well, that is what Firefox did here.

No, let's be very clear here: what Mozilla/Firefox did here was default users in to a setting without good notice on how to opt out.

This is different from what was said in this thread, which is making the setting do nothing while still collecting the data. If you disable the setting/opt out, then the data isn't being collected.

closewith
0 replies
2h15m

No, let's be very clear here: what Mozilla/Firefox did here was default users in to a setting without good notice on how to opt out.

That's a framing so charitable to Mozilla that it is untrue. Again, do you have an interest you should be declaring in this conversation?

This is different from what was said in this thread, which is making the setting do nothing while still collecting the data.

No, it's not. It ignores the Strict Tracking Protection and DNT settings and opts in users to tracking. It's absolutely identical to possibility posited by the other commenter.

For all your pontificating above about other people's comments, it seems the only person commenting in bad faith is you.

marky1991
0 replies
3h7m

I don't see how it's conspiracy theory. Firefox has done exactly this over and over again. (The latest example that annoyed me: browser.proton.enabled =false)

As a user of Firefox, I feel like I'm in a constant battle with Mozilla/FF to disable every new bad idea they have. Every time I'm forced into a surprise update I didn't ask for/try_to_install, something gets worse. This isn't an unusual state for commercial software, but Firefox is supposed to try to not be commercial.

pdimitar
2 replies
7h15m

Firefox is dependent on Google for ages, that should tell you all you need to know about "conspiracies".

I am not interested in a discussion with a person who gives the benefit of the doubt of a company who has clearly not only made a Faustian deal but is now looking to expand partnership with the people that nobody wants tracking their machines and activities.

Because as we both know, in the entire history of humanity there were NEVER any conspiracies when there is money to be made, right? Wink wink.

Klonoar
1 replies
5h29m

Well, no, that doesn’t tell us anything about conspiracies. That’s just Mozilla getting money from Google. You can argue that it’s problematic from the stance of Google using Firefox to argue they don’t hold a monopoly - and I’d agree with you there.

That deal with Google isn’t enough to leap to the conspiracy theory here though. The ad industry isn’t going away, Mozilla seems to want to try to make it work for all parties.

If you want to let perfect be the enemy of good, though, go for it. shrug

thoroughburro
0 replies
5h3m

That’s just Mozilla getting money from Google.

“That’s just politicians getting money from financial criminals.”

“That’s just police getting money from organized violence.”

“This is fine.”

yencabulator
0 replies
2h52m

If Firefox was the last check on the open internet, Librewolf wouldn't have to exist.

beeboobaa3
0 replies
7h8m

You're new to the internet and bigtech, huh? If not, what rock have you been living under?

closewith
0 replies
7h25m

They don't need to. Defaults are retained by the majority of users, who will never know about this change.

consp
12 replies
7h29m

the ad industry is not going away

That's the start of full blown stockholm syndrome.

No data is ever fully anonymous, don't pretend otherwise. So no data should be send at all.

Klonoar
11 replies
7h17m

What you call Stockholm syndrome, I call reality. ;P

This is an area that we are stuck contending with. Legal solutions are needed here but that path is mired by complex and powerful lobbying. If Mozilla can push for a more private or more protective - even if not fully private or fully protective - then I’d like to see where it goes.

freeone3000
10 replies
6h36m

Or they could just not do this shit. Completely refuse to help your enemies. Actually support their users.

Barrin92
9 replies
6h4m

Firefox has 3% market share. Completely refusing to engage with your enemies only works when you have the actual guns to back that attitude up.

If you refuse to engage with the ad industry they just ignore you. Oh and the company that owns a large part of the world's ad industry and owns the browser that has 65% market share also pays like 90% of your bills.

I mean, what's step two of your glorious plan to charge fists raised into battle?

closewith
4 replies
5h44m

Firefox playing their game makes Firefox completely redundant. The advertisers get your data either way, so why not use Chrome?

Firefox compromising heralds its own irrelevance.

gjm11
3 replies
5h7m

The advertisers get your data either way, so why not use Chrome?

You might believe that the advertisers get less of your data if you use Firefox.

Similarly: you might be less likely to have your house burgled if there are locks on the doors and a burglar alarm, even though people with those things still get burgled sometimes. You might be less cold outdoors in winter if you wear a parka, even though it's still cold. You might be less bored if you buy/rent/stream some interesting books, music and movies, even though having those doesn't guarantee never being bored. You might be less likely to lose your next chess game if you practice tactics and learn openings, even though you'll still lose if you play Magnus Carlsen. You might be less likely to have a heart attack or stroke if you take those antihypertensives the doctor prescribed you, even though those are still tragically things that can happen to anyone. Etc., etc., etc.

Very few things are absolute and perfect. It's usually a matter of "less" versus "more".

This latest thing gives advertisers more information about me than they would have if Firefox didn't do it. (Unless I turn it off, which in fact I have done.) It doesn't give them very much information about me. I'm pretty sure they would get much more information about me if I switched to using Chrome (e.g., because Firefox supports better adblockers).

For the avoidance of doubt, I do think Mozilla should have made more noise about what they were doing, I do think there's a repeated pattern of them putting things into Firefox that their users don't really want and hoping no one will notice[1], I do think that says something bad about how Mozilla is run, and I would be happier if the Firefox project were run by people less inclined to do such things. But none of that means that you might as well use Chrome instead of Firefox, if you happen to value the things that Firefox still does better than Chrome.

[1] Actually, I think they know perfectly well that some users will notice, and they've decided it's overall better PR to do the thing quietly, wait for people to complain, and then say "oh, whoops, we should have been more open about this, we're so sorry and will totally not do the same thing again in six months".

closewith
1 replies
4h49m

You might believe that the advertisers get less of your data if you use Firefox.

Shortly as Chrome implements Privacy Sandbox, both Chrome and Firefox will support the same levels of advertising tracking. For Chrome, this is a privacy upgrade of sorts, but for Firefox, this is a definite downgrade.

As Firefox converges on Chrome in this area, the privacy advantage evaporates.

gjm11
0 replies
3h53m

Does Chrome do anything equivalent to Firefox's "Enhanced Tracking Protection"?

Chrome forces extensions to use "Manifest v3" rather than "v2", which cripples some ad-blockers; in particular, the full version of uBlock Origin will run on Firefox but not on Chrome. (I'm not sure of the details about the v2->v3 migration; maybe that isn't universally true yet. If not, it will be soon.)

"Reduces" and "evaporates" are not the same thing. I see the case for the former, not for the latter.

hobs
0 replies
4h36m

I dont believe that, and have no reason to believe that at this point. Any browser that makes me monitor their changes for privacy destruction is basically just chrome with more steps.

nubinetwork
2 replies
5h50m

Maybe they would have a better market share if they weren't constantly pulling this shit every two or three years...

lucianbr
1 replies
5h17m

I know it feels right to say that. But really, do you think the majority of people who switched from Firefox to Chrome did it because FF did not address their privacy concerns? Seems ridiculous. However bad FF is, Chrome is much worse.

It seems far more likely that the remaining 3% are the few people who care, and therefore, "pulling this shit" did not cause the current market share.

freeone3000
0 replies
5h9m

Which means the people who care about privacy are their CORE market. You do not offend your core market. I’m not a business expert but c’mon.

I’m willing to put up with slowness and incompatability when I feel like firefox is on my side. Now? I’m going back to Safari.

account42
0 replies
3h42m

Actually it's the other way around. As long as Firefox only has a negligible market share, advertisers are not going to care about it enough to work around Firefox-exclusive tracking protection forever. Regulators are also not going to be concerned that Firefox makes certain business models harder because it is insignificant.

phicoh
10 replies
7h54m

Firefox market share is going down.

One reason is that the people who would be promoting Firefox aren't.

Personally I feel mostly ashamed to admit I'm using Firefox. In theory Firefox is great. In practice they coming up with new ways to treat their core user base badly.

Klonoar
9 replies
7h47m

> One reason is that the people who would be promoting Firefox aren't.

Individual promotion of Firefox worked very well when the browser(s) it was trying to displace were effectively frozen in time.

Chrome (et al) and Safari are not those browsers. The average user isn't going to get a markedly different experience by switching to Firefox.

phicoh
8 replies
5h59m

That is because Mozilla has consistently moved Firefox in the direction of a Chrome clone.

When Firefox started is was not a copy of existing browsers. There is no reason it would have to be now. But they have rejected their core users. So now the only option left is a Chrome clone because that is what people are used to.

Klonoar
3 replies
5h24m

Even if it was a credible idea, how exactly do you think that Firefox - the browser that the minute anything changes, the internet blows up over - would significantly alter their product in a way to differentiate themselves from Chrome?

This isn’t even getting into base level stuff like available engineering resources, or the scenarios where the other vendors often control or have deals to give them favorable distribution on platforms.

This isn’t the IE6 era. It’s a significantly different and harder problem.

Karunamon
1 replies
5h10m

For one, not throwing out their only differentiated advantage versus Chrome. For two, not taking the option that removes user control and customization whenever there is an option to do so. They could have been the privacy-focused browser, but it is still full of crap like this and various bits of undisclosed telemetry.

There would be value in being the only browser to actually stop when users tell them no. But they seem incapable of listening.

Klonoar
0 replies
3h23m

> They could have been the privacy-focused browser

I don't see how trying to find a privacy-preserving way of dealing with the ad conundrum makes them not a privacy-focused browser/company.

You'd need to otherwise cite something re: undisclosed telemetry, considering the project is open source... so I'm not sure how exactly it'd be undisclosed.

yjftsjthsd-h
0 replies
4h5m

Even if it was a credible idea, how exactly do you think that Firefox - the browser that the minute anything changes, the internet blows up over - would significantly alter their product in a way to differentiate themselves from Chrome?

You're presenting it as though any change would be met with hostility, but the alternative is that they're only met with hostility because they keep making changes that hurt the users. A little while ago they announced that they were working on properly supporting vertical tabs and tab groups; that wasn't met with any hostility. Of course, in the same announcement they said they were planning to dumb down the rest of the interface even more, which was. But the point stands; they can get a positive reaction by making changes their users actually like, they just don't do that as often as they do the other thing.

zztop44
2 replies
5h19m

People used to have a dozen different instances of IE6 open. It was a pain to switch between them and it made your computer run slow. Firefox had tabs. And it had AdBlock. Those were things people wanted.

But these days, Chrome is plenty good enough for most people. Even if Firefox had a perfect privacy story and focused on their core users’ every whim, I don’t think their market share would grow.

hobs
1 replies
4h32m

Well then they need to close up shop or think of something else, because adding more ad tracking isn't a feature to anyone but predatory advertisers, and they will only keep paying you if users keep showing up.

zztop44
0 replies
4h8m

For what it’s worth, I agree. Adding more tracking definitely isn’t going to help. But I don’t think there are any easy solutions. I definitely don’t envy the people in charge of Firefox’s product strategy.

cesarb
0 replies
4h5m

When Firefox started is was not a copy of existing browsers.

IIRC, when Firefox started, it was very similar to the full Mozilla Suite with some features removed (which is not surprising, since it started as a Mozilla Suite derivative and they shared a lot of code). It has a long lineage going back to the old-school Netscape Navigator.

chiefalchemist
5 replies
8h15m

This thread in general feels like it leaves Mozilla no room to experiment or find any form of growth.

Mozilla is welcome to experiment. The issue here is:

- The default opts the client in instead of the client making that choice to be a Guinea pig in the experiment

- I get emails almost weekly that amount to Mozilla playing the role of internet privacy police. They *are* well aware of the rights and wrongs. Are they going to call out themselves?

- As for growth? How about paid pro-privacy email hosting? And a suite of applications (a la Google docs)? Advertising might not be going away but there are still opportunities that align with Mozilla's ideals and brand... And they're too busy being hypocritical internet police???

closewith
2 replies
6h6m

I think the worst part of the funding equation is that had Mozilla stayed on mission and invested it's Google fees wisely, Firefox development could have been indefinitely funded.

Instead, we have had Mozilla sprawling in numerous directions secondary to the browser and failing in nearly all of them.

hobs
1 replies
4h31m

That is the problem, people want to run a modern corporation with its tentacles always reaching and growing instead of focusing on a core business proposition that they can win at.

If you dont grow at double digit percentages year of year, are you even trying?

account42
0 replies
3h26m

Mozilla Corporation was a mistake.

Klonoar
1 replies
7h51m

> The default opts the client in instead of the client making that choice to be a Guinea pig in the experiment

I think this is a reasonable critique, even if I personally don't find it a big deal. If it's privacy preserving, I don't necessarily give a shit if it's defaulted on - especially if there's a way to disable it.

(IMO, defaulting it on and then widely announcing how to disable it is what they should have done, and their bungled communications on this is biting them)

> I get emails almost weekly that amount to Mozilla playing the role of internet privacy police. They are* well aware of the rights and wrongs. Are they going to call out themselves?*

Why would they call themselves out here...? They have stated, very bluntly, that they are trying to do something in a privacy preserving way. They are acting in line with their stated intentions/role/etc.

> As for growth? How about paid pro-privacy email hosting? And a suite of applications (a la Google docs)? Advertising might not be going away but there are still opportunities that align with Mozilla's ideals and brand... And they're too busy being hypocritical internet police???

Those are wholly separate business ventures, whereas dealing with the advertising behemoth is an unfortunate part of the browser ecosystem today. Someone, somewhere, is going to have to contend with this - and Mozilla is somewhat uniquely positioned to explore here.

If you think Apple or Google are going to do it without perverse incentives, then I don't know what to tell you.

et1337
0 replies
5h26m

We all lost our minds when Google tried to pull their privacy-preserving Federated Learning of Cohorts thing. I expect an even bigger outcry when Firefox, whose entire brand and reason for existence is privacy, quietly tries to do the same thing.

latexr
4 replies
7h47m

Or the third option: they feel the tradeoff of HN & co's criticism style is not a big deal in the end.

That’s the second option: they don’t care.

This thread in general feels like it leaves Mozilla no room to experiment

If you you’re going to experiment with something that’s going to cause this amount of backlash (and my criticism is that they didn’t take the obvious reaction into account), you show a dialog on first run that tells you what the feature is, perhaps include a “Learn More” link, and have an option to accept or deny. You can even have the former as the default. And do it in your betas first.

Would that still cause some backlash? Possibly. But it would’ve been significantly milder and you would have seen a lot more defence of Mozilla for not doing without asking.

Mozilla in particular is frequently pulling crap like this and getting flak for it. They have to constantly apologise and back track. After a while you’d expect they learned something.

vetinari
3 replies
5h24m

Mozilla in particular is frequently pulling crap like this and getting flak for it. They have to constantly apologise and back track. After a while you’d expect they learned something.

Well, they learned: they fuck up, backtrack & apologize (it is free, no real impact, so no worries), and life goes on.

latexr
1 replies
5h0m

no real impact

Apart from a market share that is continuously tending towards zero.

account42
0 replies
3h48m

That hasn't impacted their salaries so far though, especially that of the leadership.

hobs
0 replies
4h37m

Learning implies a future where you don't keep doing the same thing.

arepublicadoceu
3 replies
7h18m

Or the third option: they feel the tradeoff of HN & co's criticism style is not a big deal in the end.

Well, right now, with their dwindling market cap, I feel like their only userbase is HN & co's type of user.

They repeatedly failed to increase their user base with non privacy conscious adjacent communities. So antagonizing the ONLY folks that go through the trouble of installing a non default browser to have a worse user experience seems like a big brain moment.

bee_rider
1 replies
5h33m

It seems somewhat questionable whether or not it is possible to sustain something as complex as Firefox based on users like us. There might not be enough, or enough people willing to pay.

They’d be really screwed if Google didn’t give them a good deal. Somewhat wondering if Google just keeps them around to stave off the appearance of being a monopoly.

The web seems to have gotten pretty unsustainable in general. Might consider upgrading to Lynx or something like that.

arepublicadoceu
0 replies
5h18m

It seems somewhat questionable whether or not it is possible to sustain something as complex as Firefox based on users like us.

I have this crazy theory that Firefox could be completely sustained by users willing to pay for it.

I mean... Mozilla Co definitely couldn't be sustained by users money only, but Firefox could.

The only path I can see for a healthy web (if this is even possible right now) is to completely liberate Firefox from Mozilla's shackles and mismanagement. A free and open-source browser should be treated more like a public good, such as a Linux distribution, than a money-making machine.

closewith
0 replies
5h43m

I wonder what the market share in that segment is? From my experience, startup types almost exclusively use Chrome or Safari. Firefox doesn't even register with most devs.

account42
1 replies
3h50m

Yes, Mozilla should not be experimenting on users without explicit consent. Have things really gotten so bad that this is incomprehensible?

Klonoar
0 replies
3h31m

I have already noted in my other comments that I think the desire for opt-in and/or way more notice with how to opt out is a very reasonable take, even if I don't necessarily agree with it.

There's no need to imply that people don't comprehend things here. ;P

mihaaly
0 replies
6h18m

They introduced quite a bit of privacy aware of measures, quite effective ones, so pretending they are stupid is not really beleivable.

the ad industry is not going away

But users do. Let them have a great faking love affair with the ad industry.

beeboobaa3
0 replies
7h9m

trying to do something in a privacy preserving way because the ad industry is not going away

they're bending for the ad industry because they want their money. they could also just keep blocking their tracking and call it a day.

Y_Y
0 replies
2h24m

People ... expect them to be stewards of the web

Do people really expect that? I'm glad they're part of whatwg etc., but I'd much prefer they just made a good browser instead of tooting their own horns about how much good they're doing for society. In the end I think society would have been better off if they'd just focus on good tech like Gecko/Servo and Rust and not bothered with all their side stuff.

david_draco
20 replies
8h2m

What isn’t clear, in retrospect or otherwise, is why companies/apps/services need to keep learning this lesson.

They are trying to find a funding model that makes them independent from Google.

- Building a fast, privacy-oriented browser that keeps up with web standards and fixes security bugs takes people, organisation and therefore money. Yes, much more than that CEO salary.

- No one wants to buy for a browser.

- No one wants to pay a subscription fee for a browser.

So you are left with ads. Mozilla is trying to find a balance there between privacy and ads with a clearing house approach. People who hate ads out of principle scream. How should browser development be funded?

lolinder
8 replies
6h13m

Mozilla has tried experiment after experiment to try to earn money. Let's try forcing Pocket down people's throats. Let's automatically install Mr Robot. You know what people will love? Full-page ads for a VPN! No one has seen enough VPN ads!

The one funding model they haven't experimented with at all is actually asking people to pay for Firefox. Donations or subscription, they haven't even tried it once.

And yet people will over and over again insist that that would never work. Doesn't that strike you as odd? They're willing to flail about trying thing after thing after thing that their users hate and yell about and they end up having to pull back, they're willing to burn credibility over and over again, but the one funding model that their users keep telling them they want they refuse to even try on the grounds it would never work.

Workaccount2
3 replies
4h53m

And yet people will over and over again insist that that would never work.

Because it won't. And there is mountains of data to back it up. People will not pay if they don't have to.

Some people will, for sure, but to get those some people to carry the weight of "all the people" is totally untenable.

Besides, Chrome is "free".

nerdponx
0 replies
3h12m

At the same time, even a tiny bit of friction is enough to get people over the mental hump of paying for something.

They could easily gate off certain features behind a paid build, so either you pay or compile it yourself from source. Downstream packagers could of course do whatever they want (eg Debian). However, it creates a minor amount of friction for a relatively large fraction of the user base, and moreover sets the baseline expectation that this is not really "free as in beer", even though it remains "free as in freedom".

See also: Sublime Text, which, despite being closed-source, is 100% free-as-in-beer to use in perpetuity, and yet somehow they make enough money To not only continue development, but even start developing other products (Sublime Merge), even as their brand recognition wanes and their competitive advantage shrinks.

lolinder
0 replies
4h37m

It doesn't have to pay for the entire Mozilla organization, it just has to bring in more money than the random other stuff they've tried. That's not a very high bar to cross.

pndy
1 replies
5h15m

asking people to pay for Firefox

I do expect that's the next step at Mozilla - locking features behind paywall with some premium plan. Cloud sync probably will fall into that basket. And if that eventually won't work - they'll surely announce it's time to "sunset".

nerdponx
0 replies
3h4m

Personally, I think that's what they should've been doing all along. If it doesn't work at this point, it's because it's too late, and they've already burned enough of their credibility that people don't want to give them money anymore.

Kalium
1 replies
5h37m

At one point Mozilla was literally selling a VPN subscription. That point is now - you can go buy one today. https://support.mozilla.org/en-US/kb/what-mozilla-vpn-and-ho...

You can even donate money today: https://foundation.mozilla.org/en/donate/ From memory, Mozilla's spent years trying to get donations through asking people nicely and in relatively unobtrusive ways in-browser for years. You can even give monthly - a subscription, if you will.

Not only have they tried both donations and subscriptions, but their efforts have been resoundingly ignored. To the point where you are far from the first person to fault them for supposedly choosing to not do what they demonstrably do.

Perhaps people suggest that donations and subscriptions don't work well or reliably because there's history showing that.

lolinder
0 replies
5h23m

At one point Mozilla was literally selling a VPN subscription. That point is now - you can go buy one today.

I don't want a VPN. And I don't want to pay money to a Mozilla VPN of which some unspecified percentage will actually get used to pay for Firefox development (with the rest actually paying for the VPN). I honestly feel my money does more harm than good paying for the VPN because it creates a false impression of where the demand is.

I don't want a subscription to an unrelated service, I want a subscription to Firefox. I want my money to go into a stream that unambiguously shows my support for the single Mozilla project that I care about.

You can even donate money today

That money will not (and I believe cannot) go to Firefox. As presently structured the corporation does all Firefox development, and the corporation cannot receive money from the foundation, so donations to Mozilla do nothing for Firefox.

Not only have they tried both donations and subscriptions, but their efforts have been resoundingly ignored.

Not ignored, for the reasons stated above they haven't actually done what you say they've done.

nerdponx
5 replies
6h36m

If there is one single piece of software I will post a recurring fee for, it's a web browser. Look at Kagi and Orion for example (I pay for both).

It's like email. You need to get people over the mental hump. But then if you offer a good product, buyers will be happy they got over it.

yupyupyups
0 replies
4h38m

CEO of Mozilla earns $3m/year.

https://news.ycombinator.com/item?id=30665913

If the Mozilla foundation creates a donation button with the condition that the money goes solely to browser development (no CEO salary or political activism) I will donate.

nick__m
0 replies
4h43m

that doesn't pay for Firefox...

nerdponx
0 replies
3h19m

I donate to them as well, but donating broadly to the Mozilla foundation isn't the same as selling the web browser in exchange for money.

ajdude
0 replies
5h20m

Except that it's well-known fact that none of your donations for the foundation ever go anywhere near Firefox itself, since Firefox is spun off as their commercial sector to accept Google's money

latexr
3 replies
7h23m

How should browser development be funded?

One of the most common Mozilla complaints I see on the web is that you cannot fund Firefox development directly. People want to give money to it, but cannot.

Which makes sense, I guess. Anecdotally, Mozilla is by far the company I know with the most vocal users that get completely ignored.

ninjin
2 replies
6h47m

Come now, let us be realistic, no one and nothing funds browser development other than advertisement:

https://ladybird.org/#sponsors

rascul
0 replies
4h22m

None of those appear to be advertising companies.

latexr
0 replies
6h32m

That is provably false. Safari isn’t funded by advertising, neither is Orion, or LibreWolf, or any number of other smaller open-source browsers.

account42
0 replies
3h15m

If they wanted independence from google they'd cut overhead instead of raising the CEO salary year after year.

rstarast
5 replies
8h17m

Who's to say this "my bad, we'll do better next time" isn't part of the playbook?

bawolff
1 replies
7h33m

Once you start assuming that every apology is fake and in bad faith, the world quickly goes to shit.

I'm not saying its impossible for apologies to be in bad faith, just that if it becomes impossible to apologize and move on after making a mistake, it becomes impossible to do anything productive.

thoroughburro
0 replies
5h52m

Not real apologies, like from people — just corporate apologies, like from paid-for stooges.

Society will not collapse if we start holding these monsters to account; the opposite.

TheSameOlTrick
1 replies
8h11m

This.

I've seen enough of:

Step 1 - outrageous move Step 2 - apologize, progressively pull back Step 3 - people spread word they made it better Step 4 - stick to still outrageous but comparatively better "middle" move

To really give it any excuse anymore. And so have you. If "Unity" tells you nothing... I'd like that rock, please, I'll need it to survive the incoming 4 years of social media.

carlosjobim
0 replies
5h26m

Now you've learned how parliamentary politics function.

latexr
0 replies
8h9m

That would be the “or they don’t care” part.

n_ary
1 replies
7h41m

Lets be honest, the number of HNish folks running Firefox is insignificant, compared to number of people using Firefox because their friends recommended it. So even if lets say 1% of the users(HN and similar folks) perform an outcry and go ahead disabling it, the other 99% of the people will still be a huge moat of data. These strategies(though I am willing to give Mozilla the benefit of doubt), had been played out many times, "ops we did this ... emergency update to fix it ... we are releasing this now officially, agree to our terms if you want to continue ... you can always opt-out ... slow boiling frog metaphore ... this is now permanent with the option to disable is gone and forgotten about".

chillingeffect
0 replies
6h8m

Y tho? I run firefox and chromium side by side all day to isolate personal from work and chromium crashes constantly on a 64GB machine. Chrome uses so much more memory.

exe34
1 replies
8h8m

it's a classic abuse tactic: if you ask first, people will cry out and if you then do it, it'll be considered escalation on your part. so instead you do it first, and if possible, do something worse to begin with, and then when there's outcry, you take a small step back, claim to be the reasonable one, and then later on push the rest of the way.

bawolff
1 replies
7h36m

Honestly, having worked at companies that made unpopular product decisions (nothing like this, but still every company puts its foot in its mouth sometimes), it can be surprisingly non-obvious what gets people bothered and what doesn't.

We always see the decisions that blow up, but we dont notice the thousands of decisions nobody cares about. Sometimes it really does look like just another minor feature request at coding time.

latexr
0 replies
7h16m

it can be surprisingly non-obvious what gets people bothered and what doesn't.

Agreed in general, disagreed in the specific Mozilla case. They’re an internet-related company where “privacy” is one of the stated core goals, yet they’ve stuck their foot in their mouth so often they could open a shoe shop. Failing to see this one is at best incompetence.

ta988
0 replies
6h1m

They don't care. It is not the first time, always the same excuse and blame the user to not be intelligent enough to understand (this is what communicated more means in their broken by profit minds).

pndy
0 replies
5h21m

What isn’t clear, in retrospect or otherwise, is why companies/apps/services need to keep learning this lesson.

Please. This is never about learning and better communication. This is universal corporate English for: "you got us, but we really don't give a flying ef and we will fulfill our goals step by step - no matter what you say".

mihaaly
0 replies
6h21m

Acting stupid and being uninformed, clueless, incompetent CTO/CEO/CXX is less prone to lawsuits than admitting intent of harm.

jeltz
0 replies
8h41m

Especially since this is very similar to what happened with Cliqz and that there likely are many at Mozilla who were around when that happened too. And the Cliqz scandal hurt Mozilla's market share a lot in Germany.

account42
0 replies
4h37m

Companies know this but they don't care because there are rarely any consequences that cannot easily be mitigated with cheap PR tactics. Even now you are responding to a PR statement that is trying to reframe the issue as users simply not understanding what Mozilla is doing when in reality Mozilla knows full well that this goes agains the explicit wishes of a large part of their userbase but have chosen to enable this anyway. This isn't a communitcation issue. This is a fundamental "who does Mozilla serve" issue.

a4isms
0 replies
4h22m

It’s clear in retrospect that we should have communicated more on this one

Oh maaaaaaaaaaaan do I despise hearing variations on this "non-pology."

It's never "Wow, we fucked up by doing something harmful to you." It's always, "My bad, I failed to explain exactly why you're wrong to think this is harming you. I take total responsibility for not explaining why this is actually good for you. I'll try again."

lopis
35 replies
10h31m

I think this line is very important:

First, in the absence of alternatives, there are enormous economic incentives for advertisers to try to bypass these countermeasures, leading to a perpetual arms race that we may not win.

It's very likely that this arms race will lead to DRM in web publications and video feeds (which Google is already experimenting with).

cynicalsecurity
9 replies
9h50m

DRM on a website = no search engine can scan the website = no users = the DRM website dies.

doix
4 replies
9h37m

If the DRM is coming from Google, I'm sure they'll take that into consideration when designing it. Feels ripe for an anti-trust lawsuit, but IANAL so who knows.

jimkoen
2 replies
9h28m

With that logic, wouldn't Widevine DRM already be ripe for an antitrust lawsuit? Genuine question.

doix
0 replies
7h46m

When I wrote the comment I was imagining Google using the tech as a moat to stop other search engines from indexing DRM protected content. I guess if they shared it and "all" search engines could index the content, it would probably be fine? I'm guessing that's why Widevine is "fine".

But like I said, I'm not a lawyer and have no idea what I'm talking about.

account42
0 replies
2h47m

It would be if antitrust regulators were not asleep.

cynicalsecurity
0 replies
7h28m

EU would destroy them.

mananaysiempre
0 replies
6h23m

You’ll notice that Google search now shows excerpts from things you can’t actually see visiting the site (paywalled news, paywalled scientific articles). The age of “show us exactly what users see or get downranked into oblivion” is long gone, sadly.

hollow-moe
0 replies
9h38m

google is the owner of the DRM verification system, they add exception for google robots, website only appears on google, kills other search engines in the process

deafpolygon
0 replies
9h48m

Which is why it hasn't rolled out yet. Once this is solved, you bet your ass they will start rolling it out.

JimDabell
0 replies
9h21m

Which is one of the main reasons why it’s such a problem that the search engine with an overwhelming market share also owns the browser with overwhelming market share and is also the largest online ad company. Not to mention they pay billions each year to the other browsers. Google has a huge amount of control over every part of this.

rwmj
6 replies
9h24m

leading to a perpetual arms race that we may not win

So we're not even going to try.

lopis
5 replies
9h15m

This is an attempt to try. You don't win my being an immovable wall going against the biggest corporations. If the W3C manages to create a system that satisfies advertisers while preserving our privacy, that's how you win. There isn't a future where advertising will just disappear. I'm just being pragmatic here, as a user of ad blockers for 15 years.

squidbeak
0 replies
7h52m

An immovable wall is exactly what is needed to confront big corporations when they behave abusively (and intrusive profiling is an example of this). 'Pragmatism' here is just acquiescence in creeping surrender. Look what advertising has already done to the web and privacy.

ninjin
0 replies
8h31m

I can see the economic argument, but I am not sure that I buy it. W3C could push this as a standard, but surely anything that is privacy preserving will by its very definition provide less data for advertisement targeting, no? With less data, the targeting is likely to be worse in terms of advertisement efficiency. Thus, the economic incentive even in an ideal situation as with a W3C standard will be pushing any advertiser to "betray" the system and fall back on the very arms race that Mozilla is arguing that they are trying to avoid, no?

At best, politicians could jump on the "solution", but then why are Mozilla not already lobbying in that case? Why is the first party they are reaching out to the wolf in this drama?

Regardless, Mozilla has lost me at this point as a user. This being opt-out is inexcusable and I will find ways to gravitate away from them as I should not need my poor package maintainers to be paranoid with their upstream code in the same way they have to be with Chrome in order to protect us from developer abuse like this. Will try Mull on mobile now, hopefully it is viable, and see how I solve the desktop situation when I can find the time.

jeltz
0 replies
9h8m

Most advertisers will not be satisfied with that. The real question is if regulators will be and therefore can use this as a reason to clamp down on advertisers. If so this might work, but I am skeptical. And either way it was wrong of Mozilla to sneak this in as opt-out.

account42
0 replies
2h52m

Except being uncompromising is exactly how free software won. And compromising on EME DRM did not make websites using that DRM any less restricted to popular platforms. Compromise is not a winning move when what you are fighting against is fundamentally unacceptable.

DoItToMe81
0 replies
8h3m

It's not an attempt to try, it's reputation management. There is no 'anonymization' of data, because the advertising companies Mozilla is selling your data to now have almost 20 years of profiling that can effectively identify people through "anonymous" results. This has been known for years. Mozilla knows. They don't care.

CalRobert
5 replies
10h15m

I will begrudgingly admit he has a point here. In a few years I imagine almost all sites will refuse to serve anything without WEI, and the "open" web will be the preserve of a few hobbyists. Annoyingly you'll still need to use a compromised browser (or worse, app) to do anything with your bank, etc.

xk_id
2 replies
4h59m

the "open" web will be the preserve of a few hobbyists.

And maybe that will be the Web healing. If all the value extraction moves elsewhere, we might finally have a sane web of hypertext documents again.

setopt
0 replies
4h11m

Unless that is labeled the new darkweb and blocked by the firewalls of ISPs and govs.

I hope enough mainstream things remain on the open web for it to be unrealistic to fully block.

CalRobert
0 replies
3h26m

Maybe, but I suspect it will be more like trying to access Usenet now.

I dunno. Considering the balkanization of the web maybe I should get in to ham radio or something.

JeremyNT
0 replies
1h19m

Yes, the kneejerk reaction against FF here isn't really thinking things through. Mozilla has to walk this tight rope since ad companies own the web already.

Realistically, the best outcome at this point is that enough users are willing to send enough data to advertisers so they allow the open web to continue.

The alternative is that sites will eventually only work in Chrome or Safari on limited, locked down platforms (read: no Linux support at all).

DaoVeles
0 replies
10h2m

It will be something like WEI or sites will just be a giant blob served via WebASM.

mort96
3 replies
7h21m

This move does not stop the arms race. Non-anonymous data is still better for the ad industry. Why give that up?

pacifika
2 replies
7h11m

Because browsers can clamp down on The non-anon data streams when there’s a working alternative.

mort96
1 replies
7h4m

Wait aren't browsers already trying to implement anti-tracking measures? Are you saying Mozilla has been holding back improving anti-tracking for the benefit of advertisers until now? Now that is evil

marcosdumay
0 replies
2h44m

Wait aren't browsers already trying to implement anti-tracking measures?

Yes, and trackers are investing large sums of money into breaking those measures.

If you give advertisers a lawful non-user-threatening way to measure their ads performance, a lot of that money may disappear.

(Or it may not, or it may disappear either way. That one market is crazy and I know almost nothing about it. But the claim that the money may disappear is valid, and you have to provide a valid counter-claim if you want to contest it. Calling it evil doesn't cut it.)

jillesvangurp
3 replies
8h27m

Which will lead to counter moves by alterative browsers and websites and Google risking the loss of browser market share. If you think this is unthinkable, just look back at Microsoft's dominance of the browser market twenty years ago. Exactly like Google is doing they were pushing through all sorts of user hostile stuff via internet explorer. Before Chrome came along, Firefox was one of the few holdouts against them. Internet explorer users were dealing with all sorts of crap. Popups, popunders, all sorts of viruses, cross site scripting attacks, etc. Mostly that was just a mix of poorly designed features but there was also MS trying to get into search and advertising and they were trying to abuse their defacto monopoly to do that.

doctor_eval
1 replies
8h23m

I don’t disagree with you in principle, but this history is not quite right. IIRC the IE6 team was shut down. Basically only Mozilla and Apple were building browsers at scale until Chrome came along.

I might be misremembering?

jillesvangurp
0 replies
4h12m

Yes, you are definitely missing a decade here. The internet explorer/edge team was shut down long after Google grabbed most of the market share.

Chrome was launched 2008; Safari had its first release in 2003. And I was using the early Phoenix builds (later the name change to Firefox happened) in 2001. The version of internet explorer around the time Chrome launched was v7. IE 6 was already old news by then. And IE 8 launched soon after the Chrome launch. 9, 10, and 11 followed. And then the switch to Edge happened; which was a complete rewrite of their browser engine. Only in 2020, MS announced switching to Chromium. So, that's about 12 years of MS trying to hold on before they finally gave up.

CalRobert
0 replies
3h24m

How will an alternative browser get people to use it when major sites all make it impossible to use a non-Chromium browser?

anordal
2 replies
8h7m

Yes, that line is important.

This has happened before. Remember the critique against Encrypted Media Extensions (https://en.wikipedia.org/wiki/Encrypted_Media_Extensions): Oh no, DRM in the browser! But remember that web video used to require Adobe Flash for the longest time, and even after a decade of HTML5 video, sites were still clinging onto Adobe Flash (and later also Microsoft Silverlight) for what turned out to be DRM purposes. At the time, these plagued proprietary blobs were not going anywhere. Except, after EME had widely supplanted this last holdout usecase, they were quietly allowed to die. The result is that we have much smaller-scoped proprietary blobs in the form of content delivery modules with a lot fewer bugs and portability issues.

mort96
0 replies
7h20m

The situation with Flash and Silverlight was better than the situation currently is with EME. Before, you could implement a standard-compliant open source web browser, you just may not be able to view certain non-web embeds. Now, web browsers need permission from Google to view certain kinds of web content, and they can't be open source.

daveoc64
0 replies
7h8m

I agree with the other commenter.

The current situation is worse.

EME requires that the browser ship with a DRM library like Widevine.

Flash used an industry standard plugin model and could work in any browser.

account42
0 replies
2h55m

And that DRM will likely come anyway and restric users of niche browsers like Firefox and operatings systems no matter what Mozilla does - just look how EME implementations and Websites using it treat Linux users not to mention non-x86/ARM architectures. So best is to push back now while we still can instead of giving them an inch.

qwertox
13 replies
8h21m

Most users just accept the defaults they’re given, and framing the issue as one of individual responsibility is a great way to mollify savvy users while ensuring that most peoples’ privacy remains compromised. Cookie banners are a good example of where this thinking ends up.

The problem we currently have with cookie banners is thanks to the browser vendors not caring about it.

An API could exist which a page can query, where the user has already pre-selected how they want to deal with cookies. For example reject all but the essential ones, reject none at all, reject some, according to certain criteria.

Even more, the browser could check if the page is adhering to the user's expectations, and if it doesn't, block it for a period of time, like a week or a month, and publish the fact that they ignored the user's wishes.

Possibly also give the user a signed document which claims that this page did not respect the user's privacy expectations, so that the user can use it in court.

These should be solvable problems.

remedan
10 replies
7h58m

This was already tried with the Do Not Track header. Websites simply ignore it. They don't want an easy way to get the user's preference. Because they know that most users would set it to decline tracking. Sites would rather annoy every visitor for the chance that they click 'accept'.

LunaSea
7 replies
5h45m

Users also don't want to pay to access content.

So I guess that both the user and the site can't get what they want and we should scrap the internet.

thoroughburro
3 replies
4h50m

Older folks might remember that there were a lot of people willing to make content free, just out of personal enthusiasm, and that this content was actually a lot higher quality than that pumped out by capitalist motivation.

So, actually, users and sites both had what they wanted, just not corporations.

LunaSea
2 replies
4h40m

I agree and these people still exist.

However not all content can be produced this way, news or sports coverage would be an example.

account42
1 replies
2h42m

You get faster and better news coverage from random people on social media than news corporations these days.

LunaSea
0 replies
1h54m

Although I agree that news media quality is not always great (really depends from one publisher to another), I would not really qualify random people on Twitter as "news coverage".

qwertox
1 replies
5h26m

This is unrelated. Paywalling != tracking.

If it wouldn't work, then I'd see no ads in my paper-based iX subscription, yet it is full of ads even though I'm paying for that paper.

But the paper has the benefit that the ads I see there don't collect information on me. This is what I want the internet to be.

Ads OK, but no tracking of me if I don't want it (which I express via cookies when in a browser).

Also, you should note how greedy these companies are that they show you the paywall after you have consented to the cookies in order to read the article. No hint on that accepting the cookies is only useful if you also have a subscription. When you can't read the article, they don't revert the setting of the cookies, but just pretend that they gave you access to the article and keep the cookies around for days or years.

LunaSea
0 replies
4h54m

This is unrelated

It's not. Tracking leads to better targeting which leads to higher conversion ratios and overall higher "Cost Per 1000 Impressions" (CPM).

If you simply do "contextual" targeting, so targeting based on the page content, your CPM will go down and and the publisher will lose money.

Also, you should note how greedy these companies are that they show you the paywall after you have consented to the cookies in order to read the article

Depends on the company. News media publishers use the same system but are usually barely profitable if at all.

Also, you should note how greedy these companies are that they show you the paywall after you have consented to the cookies in order to read the article. No hint on that accepting the cookies is only useful if you also have a subscription. When you can't read the article, they don't revert the setting of the cookies, but just pretend that they gave you access to the article and keep the cookies around for days or years.

The EU Court of Law decided that offering a subscription or mandate for cookies to be enabled is not legal as an offer. So the transactional nature you propose is currently not allowed. What is allowed is a grey area which has yet to be explored.

account42
0 replies
2h43m

There are unpaid sites without ads.

dgb23
0 replies
4h22m

This could easily be enforced now. I don't get how it isn't.

account42
0 replies
2h44m

DNT was before the GDPR. The landscape has changed considerably since then and a standardized opt out signal being enforced is not out of the question.

cqqxo4zV46cp
1 replies
8h20m

What!? What’s the benefit of this from a site’s POV? Your technical solution is completely out of touch with real goals and incentives.

qwertox
0 replies
8h13m

He's talking about cookie banners. The issue with cookie banners are the dark patterns, but the end-goal is to obtain permission from the user to set cookies.

This requirement to constantly ask the user while using these dark patterns is what makes normal people just give up and "accept".

If the page is expected to ask the browser which preferences the user has set regarding the cookies, then this problem is gone, because the page no longer is expected to ask a person via a popup.

htiawe
1 replies
8h9m

Wow, that really was a wall of text.

Is it just me that sometimes get the feeling that when companies have to explain them selves with this amoubt of text, they actually know that they are doing something wrong but are trying to cover it up by these long and unnecessary explanations?

pndy
0 replies
2h53m

they are doing something wrong but are trying to cover it up

That's what most of folks says in this sub-tree

deskr
1 replies
7h49m

First there's a justification based on current anti-tracking system being bypassed:

"there are enormous economic incentives for advertisers to try to bypass these countermeasures"

Then:

We’ve been collaborating with Meta on this

Given Meta's track record with scooping up just about any personal data they can find, it's pretty obvious that this is just going to be yet another datapoint in Meta's collection.

robertlagrant
0 replies
7h8m

I imagine Meta like this because most of their tracking is done behind a Facebook login anyway, and it reduces the fidelity of Google ads.

close04
1 replies
10h11m

doing something about [the massive web of surveillance] is a primary reason many of us are at Mozilla

we consider modal consent dialogs to be a user-hostile distraction from better defaults, and do not believe such an experience would have been an improvement here.

You know what's user-hostile? Doing things without the user's knowledge or consent. The new tab page of Firefox after an update often advertises features of the release Mozilla sees important (their VPN offering, Firefox on mobile, etc.). This time the new tab page told me nothing about this change. Communicating it to me was "free" and they still actively refused to do it.

"Doing something" about surveillance starts with transparency but if Mozilla's leadership doesn't see this as important they have no place leading such a company. Mozilla doesn't seem to wrap its head around the fact that their users use Firefox because they don't want the same kind of shady tactics Google or Microsoft keep pulling, they don't want their browser control to be handed over to some guy in a board room who needs a PR team to give a lengthy non-answer to the problem.

I see a lot of words spent on why they came up with this technology but barely a mention about the biggest issue here especially from a company that presents itself as a champion of user rights: they pushed the change in the dead of night and took an actively hostile decision in the users' names by enabling a clearly controversial setting without any warning or communication.

we should have communicated more on this one

This kind of PR speak for "we actively kept it hidden" is the best way to alienate the users who investigated and chose this browser for a reason.

DaoVeles
0 replies
9h58m

Thats just it, that they are doing this in a somewhat quiet manner is a sign that they know how this would go down.

Juliate
1 replies
6h56m

What is really concerning (and enlightening) is that it is the CTO that's posting, and not the CEO.

It shows that the topic is merely now considered as a technical point, rather than a principal-based one.

justinclift
0 replies
6h42m

The Mozilla CEO would be very unlikely to receive a positive reception.

42lux
1 replies
9h38m

Oh my... not exactly reassuring.

tgv
0 replies
8h32m

This phrase in particular:

I’ll do my best to address [your questions], though I’ve got a busy week so it might take me a bit.

That means: I'll answer the easy ones, and ignore the hard ones, or ask the legal team to come up with some weasel words.

worble
0 replies
10h11m

Interesting comment here: https://old.reddit.com/r/firefox/comments/1e43w7v/a_word_abo...

If you have telemetry disabled, this feature is also disabled, even though that isn't represented in the UI and looks like it's turned on.

It's not good that it exists and is on by default, but if you have already opted out of telemetry previously, you're opted out of this too.

raxxorraxor
0 replies
6h0m

To be honest, I would have used a different approach and browsers would very well be capable to give erroneous data and contaminate data from tracking users. This would be going on the offensive, and I don't believe there are any legal barriers that prevent users from "ad fraud".

I don't believe in cooperation with an industry that has shown no remorse with tracking users at all. That will not be successful. Advertisers will employ this and still track. And it is possible to not get tracked and deliver false data, even today.

nubinetwork
0 replies
9h30m

And nothing of value was posted.

luke-stanley
0 replies
10h22m

Key comment replying to him there which gets no reply from him: "Opt-out is NOT a consent". This is very problematic, see my last comment: https://news.ycombinator.com/item?id=40966312

lukan
0 replies
9h16m

"The devil is in the details, and not everything that claims to be privacy-preserving actually is"

Yeah, like Mozilla.

This is not the first time they silently added tracking and avertisement. The toggle with "firefox shares basic telemetry with the adcompany Adjust" has been there activated by default since a while (among other stuff). This is just more tracking from them, while claiming to defend privacy. Another day, another scandal.

dist-epoch
0 replies
7h30m

TL;DR: sorry, we're not sorry. we will go ahead with it and explain it to you better why it's a good thing in your interest.

Retr0id
0 replies
6h12m

Wow. This represents a profound misunderstanding of the advertising industry.

Data is their edge. It's how they compete with each other.

The privacy "arms race" isn't just between the browser vendors and the trackers, it's also between tracker a and tracker b.

Giving them a new data point (no matter how """privacy preserving""" it is) is just that, another data point. It's not going to make them give up on the others.

JoosToopit
0 replies
6h35m

That's just the most brain dead rot I've read in a while.

Mozilla is a joke nowadays.

AlexandrB
0 replies
2h42m

Maybe I'm cynical, but the rationale given seems extremely naive. There's nothing stopping advertisers from using this new attribution mechanism and tracking users as much as possible. In fact that's probably exactly what they'll do since it's likely that not every browser will support this kind of attribution.

The arms race will continue as it does today, but advertisers will have yet another avenue to exploit in the form of the attribution API.

temporarely
70 replies
7h40m

Enough of this waiting for virtuous entities to address legitimate concerns of the public.

The "ad industry" is a cancer and we need legal protection against this "industry". The solution is political not technical and definitely can not be left to "the market".

Haven't you had enough?

berkes
20 replies
7h32m

How would that legal "protection" work in practice? What would it protect against? Who would it protect?

What you say sounds reasonable. And I'm not trying to say "well, it's impossible because of some current status quo", because we could change that.

What I'm trying to say is that we need this "industry" to work out the practicalities. Otherwise we are "protected" in a same way the GDPR protects us against 3rd part trackers (you don't need a cookie banner if you don't allow 3rd parties to track your users. Yet here we are...)

talkin
8 replies
7h27m

Legal: “it’s forbidden to target ads at specific users”

Done.

SebastianKra
6 replies
7h16m

My perfect world would have a law against advertising in general. If someone's paying you to say something, it's a conflict of interest and illegal.

Hopefully, the vacuum of people needing to know things would result in better independent Product reviews.

And the vacuum of not spending 30% of your company budget on advertising would hopefully lead to sinking prices and people being more willing to spend on things that were previously funded by advertising.

_heimdall
5 replies
6h47m

If someone's paying you to say something, it's a conflict of interest and illegal.

That already misses a huge problem though, I don't pay Mozilla for Firefox and I don't pay most online sites and services that gobble up my data and sell it off.

robin_reala
2 replies
6h39m

Mozilla has never given us a choice to pay for Firefox.

_heimdall
1 replies
6h32m

Sure, but I don't think that really changes anything here. The idea of a law that bans advertising when the customer pays you would miss a huge portion of advertising and data collection including Firefox.

nemomarx
0 replies
5h55m

I read their post as banning it when the advertiser pays anyone else?

SebastianKra
1 replies
4h6m

That's what my third paragraph was for.

_heimdall
0 replies
1h3m

Is the concern you want fixed only that paid products still collect and sell data?

I may have misunderstood you, but my read on the third paragraph was mainly that Firefox, in this case, could still have a free browser that collects and sells data. That rule would just add one more fsctor for them to consider if they ever want a paid browser, they both need a viable market and be willing to give up the option to sell data.

berkes
0 replies
7h19m

Sounds reasonable.

But I highly doubt it removes the want for private data, though. Tracking is also there to measure performance, do AB tests, etc etc.

I'm sure such a broad sweeping law would solve some. But it won't make the ad industry suddenly "good" or go away, or get purged or such.

bondarchuk
5 replies
7h23m

We don't necessarily need the ad industry to work out the practicalities if we simply do away with the whole ad industry. We could quite easily outlaw receiving payments from a third party in exchange for displaying information to your users.

berkes
4 replies
7h17m

That hardly worked when implemented in the GDPR, where this exchange is most often "free". Why would it work this time?

bondarchuk
3 replies
6h53m

Sorry, what do you mean ""that" hardly worked"? Making any regulation at all? The GDPR did not do at all what I proposed.

ninjin
2 replies
6h18m

There is a (lazy) line of argument related to GDPR, cookie banners, etc. that goes something like this: "That legislation failed, thus any legislation will fail." It was a while since I did proof by induction, but I do believe there is some step missing here.

Personally, I am open to an argument that any legislation is folly. But we need to raise the discourse rather than just bash legislative failures (or merely partial successes) of the past.

berkes
1 replies
5h12m

I wasn't trying to make the argument that since some parts of the GDPR didn't work out as intentended/hoped, other legislation will fail too.

My point was specifically that the GDPR put a law in place that when you send private data from users to third parties, you must ask the user for permission and allow that user to decline this and then not send that users' private data to these third parties.

The idea and intention and hope is clear: that site/app/platform owners don't send/sell data to other parties. Or, if they still do so, are punished by having to nag users with popups/banners etc.

The ad industry then spun this around, ensured that virtually every site nags users (mitigating that punishment), continue harvesting data exactly like before, and -above all- pursuade the general public that "the EU is forcing you to click cookie banners all day" or similar double-speak.

With which I was trying to put forward that any legislation must be a lot better than what the GDPR did here. So as to avoid being circumvented by the industry and also hated by the public.

bondarchuk
0 replies
4h24m

Ok, sure, but that's exactly what I said: simply outlawing advertising leaves a lot less wiggle room than allowing it but with some minor semblance of consent.

alemanek
3 replies
7h8m

Full liability for secondary harms caused by the leak of data that wasn’t directly required to provide a service to those same end users. Selling of data to third parties doesn’t transfer this liability but expands it to include any leaks or misuse coming from the entities the data is sold to. No statute of limitations.

So if company X sells data to company Y and then Y sells to company Z then company X has full liability for leaks or misuse from all entities in the chain.

No more free credit monitoring. Banks, credit card companies, and end users get to directly sue these companies. May not completely solve it but you can try to make it so expensive to mine data you don’t truly need that it ends the whole industry.

I am sure there are holes in this but we can at least try to kill the data brokers and bad actors.

_heimdall
2 replies
6h51m

We don't need more laws to solve this if your concern is a more harsh punishment for data leaks, we need to remove existing laws that limit the damages a company can be liable for and we need consumers that care enough to sue when they are harmed.

alemanek
1 replies
6h46m

That is what I am saying above. Full liability for the data stored and shared with others. Transitive liability would need to be a new law though as I don’t believe that currently exists.

EDIT: forgot to mention consumers don’t need to care much for this to be effective. If there are damages to be had law firms are incentivized to file class action lawsuits and recruit affected customers. So, there is an incentivized actor within this framework to do the leg work to get a big payday.

_heimdall
0 replies
6h30m

Transitive liability would need to be a new law though as I don’t believe that currently exists.

That likely would end up just being case law rather than legislation. Meaning, a lawsuit can be filed for it today and its up to the courts to decide if that liability is reasonable.

eleveriven
0 replies
7h4m

I think legal protections can effectively safeguard user data

_heimdall
16 replies
6h55m

Anyone bothered enough by advertising can stop using whatever product has been ruined by ads, or find ways to remove the advertising.

More laws and larger governments doesn't have to be the answer to all problems. If consumers care enough they'll change their usage, if they don't change their usage they likely don't care enough.

sloowm
8 replies
6h28m

If I walk outside I'm bombarded by ads. Almost all websites have been tailored to include ads and hide information. You're tracked on all devices you touch.

Vaguely referencing more laws or larger government doesn't mean anything. We're not talking about all problems but a specific one. There is an obvious imbalance between the power and information an individual consumer can use to shield themselves from activities by companies that are detrimental to them. We are also not expected to test our own food for toxins.

More platitudes and soundbites doesn't have to be the answer to all problems.

_heimdall
7 replies
6h21m

Seeing ads outside likely doesn't harm you though, you can ignore them. If your city is plastered with ads to a point at where you can't stand it you can always move, that's just another part of a city that someone may decide they don't like and want something different.

Almost all websites have been tailored to include ads and hide information. You're tracked on all devices you touch.

That's really the crux of it though. The problem isn't just that companies are gobbling up all this data, it's also that we make the data available in the first place.

Stop using a smartphone and taking it everywhere with you, limit what you do online in general, and pay cash when you can. A few simple changes would really reduce the data you make available, I'm sure there are other simple changes I'm missing here but the point is that we don't have to protect data that doesn't exist.

Y_Y
2 replies
5h58m

Seeing ads outside likely doesn't harm you though, you can ignore them.

Just for a different perspective, I can't ignore them. I read more-or-less all text that comes into my field of vision, and cannot help but look at bright flashing lights. To my knowledge this isn't recognized anywhere as a disability (though it is associated with a standard diagnosis).

For me, and presumably others like me, flashing road signs that tell me I'm driving the right speed thanks are a serious dustraction even though I've seen the same one hundreds of times. I stopped watching association football when animated sideline ads became common because I could mot focus on the game.

If it makes sense to put in wheelchair ramps at the stadium couldn't it make sense to accommodate me, even if most people can redirect their attention just as easily as walking up the stairs?

hfsh
0 replies
5h8m

To my knowledge this isn't recognized anywhere as a disability (though it is associated with a standard diagnosis)

I have the same issue, and I strongly suspect it has to do with my ADHD. I absolutely hate ads in pretty much all forms.

_heimdall
0 replies
4h40m

When it comes to driving, that's seems like a totally reasonable concern. I also find roadside signs, digital boards, etc really distracting when driving. That one falls into a safety concern for everyone on the road too, where as ads in general may just be distracting, that distrsction could literally kill someone on the road.

In general, it is a really tough line to draw what is considered a protected disability. I don't know where I would draw the line, and it just gets harder as we create more diagnoses. I don't mean that to demonize the diagnoses at all, but it does make drawing a line for what to legally protect that much harder.

sloowm
1 replies
5h55m

So because we want to keep government small and ad companies can get so big they basically invade every part of your life you have to leave your phone, close your eyes, stay offline, just move bro. This doesn't seem like a very serious or productive line of reasoning.

_heimdall
0 replies
5h34m

you have to leave your phone

Sure. A phone is a product, it isn't a right or necessity. I get that they are very convenient, and addictive, but they're a very new novelty on the scale of a legal system. There are good arguments for wanting to limit advertising and data privacy, but protecting our right to use a certain piece of technology really just isn't very compelling IMO.

close your eyes

Advertising is nothing new though. If your concern is even just seeing ads at all, that's a problem that has existed much longer than digital data brokers.

stay offline

Similar to smartphones, being online isn't a right and is a very new concept. We don't have to be online to live our lives, and we shouldn't expect that everyone is online.

just move bro

Moving isn't easy, and may not be cheap depending on how you do it, but is there really something wrong with moving when you don't like the area you live in? To me that seems like a totally reasonable response for anyone that's able, and for those that aren't willing to move they can try to change the place they live. Moving is just easier than somehow convincing a locality to limit or remove advertising.

A4ET8a8uTh0
1 replies
6h16m

<< Seeing ads outside likely doesn't harm you though, you can ignore them.

I honestly do not think it is possible to ignore ads unless you do not see/smell/hear/experience them. Even if you dismiss them, you have received an impression of that ad. Your mind has been affected. It just happens that we normalized it as a normal function of society ( not completely unlike how we normalized cameras everywhere including on doorbell ). I have no interest in dating farmers, but I still remember being exposed to farmers only ad.

edit:

<< Stop using a smartphone and taking it everywhere with you.

It seems less and less of an option. Amtrak gatekeeps its best prices behind an app. Parking lot wants me to use an app. My workplace now effectively forced me to have phone on me ( even if I come into office.. I can understand the need for it while remote ).

The current societal construct practically requires a smartphone. You could technically go on without it the same way you COULD technically not have a car. It is possible, but very, very limiting. And I would argue that not having a car now is way more forgiving than not having a cell and that is saying something.

_heimdall
0 replies
5h27m

I honestly do not think it is possible to ignore ads unless you do not see/smell/hear/experience them

While we can't avoid seeing ads in a public place, we can manage how we respond to them. That's really not much different than not liking what someone else says. We can try to regulate everything such that people can be comfortable and never have to build a thick skin, or we can trust that people can and should be able to manage their emotions well enough to ignore things they don't like.

It seems less and less of an option. Amtrak gatekeeps its best prices behind an app. Parking lot wants me to use an app. My workplace now effectively forced me to have phone on me ( even if I come into office.. I can understand the need for it while remote

I can't stand when companies do this stuff, assuming that everyone has a smartphone and is willing to give them access to it. I choose not to patronize companies that do it, but yeah that's harder when your office building requires a smartphone to enter. When push comes to shove, I wonder what the employer would say if someone raised that it isn't an option for them and they need a different way to enter.

Broadly, we have a real issue today with society allowing conveniences to become necessities. We do it to ourselves, but just because smartphones and cars are convenient doesn't mean we should build a world where everyone has to have them. It locks us into certain paths, and when concerns like climate change come up for example we're hamstrung because we can't imagine giving up things like personal vehicles, air travel, smartphones, etc.

A4ET8a8uTh0
2 replies
6h20m

We can, but, as OP noted, the change is only temporary, while political change is harder, but also tends to last longer. I still remember when pihole worked on most things. These days it is just a part of adblocking approach for me.

tldr: Some of us are tired of fiddling with things where were we shouldn't have to.

<< More laws and larger governments doesn't have to be the answer to all problems.

If market participants can't behave ( and they clearly can't help themselves ), it is the only real answer.

<< If consumers care enough they'll change their usage, if they don't change their usage they likely don't care enough.

Or.. options for consumers are limited, which affects what they do. In all seriousness, streaming execs seemed to admit the ads simply bring more money for them so they don't care if non-ad version is profitable. It is not enough.

My household dropped Netflix and Prime over their silliness. We currently still have Disney until they get too greedy. And that is just streaming. Regular net is soooo much worse without a way to scrub the ads away.

_heimdall
1 replies
5h18m

My household dropped Netflix and Prime over their silliness. We currently still have Disney until they get too greedy. And that is just streaming. Regular net is soooo much worse without a way to scrub the ads away.

Isn't that a good example of consumers exercising their right to not patronize companies they don't agree with? You didn't need a law stopping you from using Prime, and you don't have a right to use it, you just decided you didn't like their product anymore.

The blindspot missing in a ban of advertising is what that does to the viability and price of a product. Prime and Netflix as it is today is built based partly on the advertising revenue. Presumably if that money disappears the product would get worse, disappear, or become more expensive.

jcynix
0 replies
4h59m

Regular net is soooo much worse without a way to scrub the ads away.

Hmm, there are ways: I browse with NoScript and unlock Origin installed and see almost no ads. If a website doesn't work and I really need to visit it for some reason, I selectively enable part of the JS they want me to load. Other sites simply don't get my attention.

throw10920
1 replies
4h32m

More laws and larger governments doesn't have to be the answer to all problems

More laws and larger governments are generally undesirable (for obvious reasons) but saying that we shouldn't make any laws at all is throwing the baby out of the bathwater.

If you're thoughtful and deliberate about how you write your legislation, you can have a disproportionately positive impact with a very small amount of additional weight.

For instance, instead of trying to enumerate every single way that data could be leaked and forbid that (see: HIPAA), you should just make the end state (PII in the hands of someone the user didn't explicitly authorize it to be in) illegal and mandate a fine per unit of information (e.g. 1% of the median US salary for SSN) to every entity in the leak chain (because a chain of custody for personal information is just about mandatory at this point).

Details will vary, but this general approach is vastly better than the crazy laws we have in other areas that attempt to "enumerate badness" in the intermediate rather than the end state.

_heimdall
0 replies
56m

I wasn't arguing for no laws though, only that we don't need to resch for them as quickly as we often do or want to do. I thought the topic here was about banning advertising as a whole, if we want to zoom into privacy concerns relates to the retention of PII data that is more doable and we already have a framework to start with based on the EU.

If you're thoughtful and deliberate about how you write your legislation, you can have a disproportionately positive impact with a very small amount of additional weight.

Unfortunately that really is a non-starter in the US today. I have very little faith that Congress is interested in carefully considering and clarifying. I have even less faith that any bill with thousands of pages of text, which is how they appear to do business these days, could ever be clearly defined and scoped to avoid obvious unintended consequences or misplaced boundaries.

dspillett
1 replies
6h33m

> Anyone bothered enough by advertising

I don't particularly have an issue with advertising itself. If adverts get on my nerves on a product or page I just leave, as you suggest: problem solved.

The actual issue is the stalky tracking of me throughout my life that is currently inseparable from the advertising. I can't just walk away from that: it happens behind my back, it has happened before I get the chance to walk away.

> can stop using whatever product has been ruined by ads

Which will not stop the stalky behaviour of the ad industry. They'll still track me if I happen to click the wrong thing, or track me through my connections to other people. I suppose I could walk away from life and become a hermit, but that would be just a little extreme.

> or find ways to remove the advertising.

Which is, while I do take part, an ultimately fruitless task. Every block we make for the stalky behaviour, be it technical or legislative (other than outright banning the tracking of personal data except with explicit opt-in without exceptions, and properly enforcing punishments for breaking the ban), they'll find a way around. Removing it is not a long term solution, it is a war or attrition where we have to have our guard up all the time and they only have to get lucky, or just be particularly sneaky, every now and again.

> More laws and larger governments doesn't have to be the answer to all problems.

This has often been said by companies and their shills. Oddly, they are all in favour of extra laws and government reach when it is, for example, to protect what they consider to be their intellectual property.

_heimdall
0 replies
6h25m

Which will not stop the stalky behaviour of the ad industry. They'll still track me if I happen to click the wrong thing, or track me through my connections to other people. I suppose I could walk away from life and become a hermit, but that would be just a little extreme.

You could make some real progress without being a hermit though, it doesn't have to be all or nothing. Don't use a smartphone, limit as much of your time online as you can, and pay in cash when you can. Those wouldn't make you a hermit but would seriously limit the data you make available to be gobbled up in the first place.

This has often been said by companies and their shills. Oddly, they are all in favour of extra laws and government reach when it is, for example, to protect what they consider to be their intellectual property.

Well that's actually what I see as a better approach, remove protections for those companies and industries rather than trying to create new laws to limit them. Its a strange balancing act to attempt to both protect and limit an industry with different laws, we would be better off not doing either.

ho_schi
12 replies
7h26m

Yep. One of the things which the FSF did right was the GPL. They didn’t tried like programmers hack against bad things which never works in long term.

The bad people will change the API, lock the bootloader, implement a problematic standard (ACPI, SecureBoot) or add more DRM.

We cannot solve political issues (law) with technical solutions (programming). If we don’t like locked iPhones, the solution is a law. If we don’t like tracking, the solution is a law. But the EU Cookie-Directive of failed? Because malicious compliance, they made a business case out of it instead of ending it (cookies for logins are fine). And if we want public APIs, local computing and open-source the solutions are laws.

The FSF uses the law :)

Let us go a step further, change it.

gjsman-1000
6 replies
5h20m

One of the things which the FSF did right was the GPL

And the GPL is dying. Every year fewer projects are maintained under the GPL standard. Violations abound anyway. The MIT License and other permissive licenses; or commercially restrictive licenses like the SSPL, are the new go-to; because the GPL didn’t think about SaaS or “Tivoization” until it was too late.

Croftengea
5 replies
5h13m

AGPL is the way.

gjsman-1000
4 replies
5h10m

AGPL is a lawyer’s nightmare. Not just because of the restrictions - but because it’s very, very sloppily put together.

Does connecting a AGPL-licensed database to your website make your whole website AGPL? What is the line between an innocent connection, or a viral integration?

What happens if you add a proprietary protocol to the database specifically for your app? Do you need to open source it, if that database is/isn’t publicly accessible? Why wouldn’t it be considered? Your project dependencies certainly aren’t directly publicly available, yet you agree the AGPL applies there.

Some have quoted the FSF about how “internal data structures” should be the distinction. But even that is something a lawyer could seriously bend - is JSON from your database, that only your app understands, such a structure?

The license is ridiculously vague in this regard. Not that it matters anyway - almost all of the big AGPL projects offer alternative proprietary licenses to paying customers, so it’s really more of a source available license.

alright2565
2 replies
4h39m

Let's look at this paragraph, which is the only real difference between the GPL & AGPL, because I think the English is perfectly clear and understandable:

Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software. This Corresponding Source shall include the Corresponding Source for any work covered by version 3 of the GNU General Public License that is incorporated pursuant to the following paragraph.

Does connecting a AGPL-licensed database to your website make your whole website AGPL?

The user doesn't interact with the database, so no. Since the app server is not linking to the database, it also isn't subject to the AGPL from that direction.

What is the line between an innocent connection, or a viral integration?

Exactly the same as the GPL, since that section has not changed.

What happens if you add a proprietary protocol to the database specifically for your app? Do you need to open source it, if that database is/isn’t publicly accessible?

If the user can access the database, you must provide them with the combined source code under the AGPL. If the user cannot access the database, you do not need to do anything.

Why wouldn’t it be considered? Your project dependencies certainly aren’t directly publicly available, yet you agree the AGPL applies there.

You are linking against those dependencies. Therefore the whole work is under the AGPL, through the same mechanism as the GPL. Now that the entire work is under the AGPL, you must provide users who access it over the network the source code.

Some have quoted the FSF about how “internal data structures” should be the distinction.

See this is a real source of ambiguity. But it is an ambiguity that applies to every *GPL license, not just the AGPL. But it's really not as big of a deal as you make it out to be, using the documented public network APIs obviously is not linking.

gjsman-1000
1 replies
4h33m

I think the English is perfectly clear and understandable.

Because you are not a lawyer. The points I’ve made have been cited by actual lawyers. Your opinion as a technologist blinds you to the degree of legal ambiguity.

https://opensource.google/documentation/reference/using/agpl...

https://writing.kemitchell.com/2021/01/24/Reading-AGPL

Also, the very fact that these opinions exist shows this license is not safe. There’s never a correct interpretation that will perfectly win the day eventually, only rulings. As the AGPL has never been in court before, things could quickly go sideways.

As my second link, written by an actual lawyer, puts it: “Inebriated aliens might as well have beamed it down from space as a kind of practical joke.”

alright2565
0 replies
4h1m

https://opensource.google/documentation/reference/using/agpl...

If you have some background knowledge of Google's architecture, this explains exactly why the AGPL is banned there: all code is built from one monorepo where everything is linked together.

https://writing.kemitchell.com/2021/01/24/Reading-AGPL

This completely agrees with what I said. At it's core, the A part of the AGPL only kicks in if:

“you modify the Program” and > “your [modified] version supports such interaction [remotely through a computer network]”

Yes he calls out various potential problems and a potential loophole, but those same problems are also present in the regular GPL!

devman0
0 replies
5h3m

The AGPL also turns what was distribution license (GPLv3) in to a EULA which kind of contradicts freedom zero of the GNU philosophy.

DyslexicAtheist
4 replies
6h24m

I was with you until secureboot.

At least on my Debian I retain full control using the shim and my own enrolled keys. So seems less an issue with the technology but perhaps with how some vendors (that are already locking you in anyway) use secureboot?

from https://wiki.debian.org/SecureBoot

> Shim then becomes the root of trust for all the other distro-provided UEFI programs. It embeds a further distro-specific CA key that is itself used for as a trust root for signing further programs (e.g. Linux, GRUB, fwupdate). This allows for a clean delegation of trust - the distros are then responsible for signing the rest of their packages. Shim itself should ideally not need to be updated very often, reducing the workload on the central auditing and CA teams.
candiddevmike
2 replies
6h6m

In theory the benefits of secureboot around attestation and hashing/measuring of boot components do not require a secure/verifiable chain of custody. You could self verify using PCRs. The boot loader signing aspects were always for control and restricting devices, IMO.

dathinab
0 replies
4h31m

this is simply not true

only using self verifying of PCRs is not an effective protecting against most attacks. (Against which a secure boot chain is supposed to help.)

Sure it depends a bit on what you want from secure boot. But in general if you need PCRs you also need to make sure only verified code can run. If you don't, you likely don't need PCRs either, and some simple flawed secure module key storage would work as good.

In a certain way having a trust verification of the boot loader is the most important part. Everything after that depends on how the boot loader is implemented, through having PCRs is still helpful.

Through this is where secure boot failed (very hard), as long as you don't enroll your own keys you are not really getting a secure boot chain. Something which IMHO is fundamental requirement for any company laptops and similar. (Or, instead of using custom PKs, you are MS and disable all 3rd party keys and disable any BIOS option to add/enroll 3rd party keys, like they did on some older ARM devices).

I.e. IMHO a secure boot chain and protocols related to it are a must have, but the current implementation is garbage, especially for most Windows users.

If you want to know in which direction things could be done you could look a ARM Mac Books more specifically the documentation Asahi Linux created for it. Through just the direction not the exact design.

Basically for PCs (even in huge companies with MDA) you don't need global trust chains, just local per-system trust automatically setup on first boot after "reset" and making sure a "reset" is roughly like a wipe (by using full disk encryption) is all you need (and want). The devil is in the details, but it isn't really that hard to make it work.

blueflow
0 replies
5h47m

The boot loader signing aspects were always for control and restricting devices

Not surprising, given the huge role Microsoft had in developing this.

You can't enroll your MOK without booting up, and you can't boot up if Microsoft hasn't signed your bootloader/kernel... It used to be an no-brainer and now its difficult.

raxxorraxor
0 replies
6h12m

Personally I don't get any benefits from secure boot and it is already used to verify the alleged integrity of systems. Not sure how using your own keys would work for remote attestation, it probably wouldn't. Healthy experience with the industry and the market tells me the future if such systems are widely adapted. And that would be a net negative for software freedom that is beyond the security gains, which can be reached through other means as well.

jellykid
4 replies
7h13m

When it comes to the internet... I'd prefer it to stay like the wild west. Least amount of regulation beyond something like net neutrality. People forget that the reason we have all of these "free" services is because of ads and that's coming from someone who hates ads. Every streaming subscription I have, I pay for the ad-free service. Let the people who don't know how to install a browser extension or change a few settings pay for these things for the rest of us.

otachack
1 replies
6h38m

I have a feeling that is most people out there.

I observed a friend of mine click on a malicious ad link recently in front of me when driving a presentation for a community meeting. It was shown as an overlay for a seemingly harmless site I found. In my home with a pihole I didn't see any of the ads.

I felt terrible that I was partially responsible for her clicking it. This knowledge and habit of ad-blocking and secure computer usage takes factors of time, effort, and money to learn, and not everyone is going to, or is capable of, devoting what's needed.

A4ET8a8uTh0
0 replies
6h30m

I agree; it seems worth it. My wife, who resisted dropping cable for the longest time, now prefers adless streaming and asks if wifi is down, because ads popped on her phone. If it has a downside, it is that my kid now is fascinated by ads, when we are in the wild. She normally does not see them and thus has no internal firewall built up.

btylke
0 replies
5h17m

You may not see the ads in that content, but your data will still be collected and sold. This is where we lack fundamental protections.

account42
0 replies
5h24m

People forget that the reason we have all of these "free" services is because of ads and that's coming from someone who hates ads.

People forget that before ad-supported "free" services took over we had community-run actually free services.

The internet does not need ads.

8jef
3 replies
7h4m

Yes, that's why I've donated to the LadyBird project.

ZhongXina
0 replies
5h0m

It's an understandable reaction against a loud and aggressive (political) minority we've been seeing for the past four years. Thanks for the link, this finally pushed me to support the developer.

Workaccount2
0 replies
5h2m

You're not gonna die pissing off 0.1% of the population.

throw10920
2 replies
5h38m

Please don't engage in this blatant political activism and flamebait here. This is anti-intellectual and not what I want to see on HN.

I agree that something needs to be done about the ad industry and rampant data collection, but your emotionally manipulative comments are not it, and actively make it harder to discuss solutions to the problem.

dartos
1 replies
5h31m

How so?

throw10920
0 replies
3h50m

Enough of this waiting for virtuous entities to address legitimate concerns of the public.

The "ad industry" is a cancer and we need legal protection against this "industry".

Emotional pleading, charged language, snuck premises.

The solution is political not technical and definitely can not be left to "the market".

Obvious political pandering/dogwhistling.

Haven't you had enough?

Obvious call to action.

Throughout the whole comment, zero logic or reasoning, zero useful information, zero actual solutions presented.

This comment is devoid of any value whatsoever and completely inappropriate for HN.

I wouldn't even want this on Reddit.

hilbert42
1 replies
7h0m

"ad industry" is a cancer and we need legal protection..."

Absolutely true, but how do you expect that to happen or come about?

Rampant advertising is similar to the copyright law problem. The majority of users may not like what's happening but their opposition and or dislike is but mild so when it comes to political action it collectively amounts to little more than nought.

On the other hand, advertisers, like copyright holders, have strong vested interests thus are highly motivated to ensure politicians act in their favor (one only has to look at the lopsidedness of lobbying interests to see that).

The real enemy is indifference, as a whole the citizenry is not motivated enough for things to change. Simply, we have ourselves to blame.

temporarely
0 replies
3h54m

Absolutely true, but how do you expect that to happen or come about?

In the same manner through which legal protection for various other matters have come about. By raising awareness, sharing thoughts and solutions, and organizing.

sneak
0 replies
6h52m

What is happening today that you don’t want to happen in the future?

What would these political solutions achieve that aren’t achievable instantly today via technical solutions?

Most people don’t care about what the ad industry is doing.

pyinstallwoes
0 replies
6h25m

Only legal form of advertising should be in public marketplaces, that is it.

gaoshan
0 replies
4h56m

"The market" needs to be checked in so many ways. You'd think that by now we could learn to take what works and modify the rest but apparently everything has to be black and white and even a concept like "the market" ends up bound by dogma.

eleveriven
0 replies
7h6m

Agree, interventions are needed to protect consumers

dfxm12
0 replies
4h52m

There's an election in a few months. Now is the time to write to the candidates and tell them to do something about it.

DaoVeles
29 replies
10h23m

So where can I donate to Ladybird browser development?

Before anyone tries to respond with it. It is https://donorbox.org/ladybird

tgv
9 replies
8h30m

Don't hold your breath. It takes ages to develop a browser that's as fast as Firefox. CSS and JS are no joke.

quaintdev
5 replies
8h3m

Maybe it's time to move away from whole html/css/js, http and browsers?

Let's build something that is Ad resistant from the start. Something that uses native technologies.

Edit: We need something that does not need backing of large corporations or huge funding to access the web.

Internet was always simple. We have become over dependent on browsers and http stack.

leshenka
2 replies
7h59m

have you got any suggestions?

jay_kyburz
1 replies
7h36m

HTML only (with forms). Client side css only. No JavaScript. No cookies.

tgv
0 replies
2h56m

That's not acceptable for 99.9% of the people, so they'll stay on their current browsers. An alternative must be attractive to succeed.

aAaaArrRgH
0 replies
7h27m

Or just don't access any content that is funded by advertising. The nonprofit web still exists. But for all content that's not someone's spare time passion project, someone's gotta foot the bill.

Sammi
1 replies
7h43m

Ladybird more than doubled their js performane in five months between january and may and are now about 2x as slow as Safari: https://x.com/awesomekling/status/1790098727081836697

Things are progressing faster than you'd think.

tgv
0 replies
2h58m

First, that's uncompiled/jitted. Second: the 80/20 rule.

switch007
0 replies
8h11m

Slow is the price we'll have to pay. Just like how VPNs slow down your connection

Or, if one dreams for a moment, if slower becomes the norm, web apps will have to become less complicated. Fast seems to just enable more and more ad tech

prox
8 replies
10h12m

They really need to start adding windows as a build target at some near point in the future. As a webdev, that’s the only way I can convince the public to switch.

master-lincoln
1 replies
9h16m

Maybe Ladybird can be a good reason to convince the "public" to switch away from Windows in the near future

prox
0 replies
7h40m

That would be a great day. Unfortunately the culture of Linux is still too much walled garden, not in the Apple-like commercial sense, but in the tech culture kind of way. We need a way to embrace the public without losing what makes Linux great (to hack it to your own specifications)

Sammi
1 replies
7h40m

They want to be able to run more websites well before they invite the unwashed masses from windows XD

prox
0 replies
7h39m

I don’t disagree :)

DaoVeles
1 replies
9h59m

I mean for a long while even the GNU project provided Windows builds for Icecat browser. Probably to much Stallman grumbling.

EDIT : Actually they still update it. Last version is 115.

actionfromafar
0 replies
6h40m

First time I hear about Icecat browser. It seems like something that should be much more known!

lukan
0 replies
9h56m

"that’s the only way I can convince the public to switch."

It is not ready, to be a public browser.

leshenka
0 replies
7h53m

It's already too hard to convince public to switch from chrome to another chromium browser or firefox and you're talking about switching to browser that is at least several years away from feature parity

Ygg2
6 replies
9h57m

Why Ladybird? Why not Servo?

different_base
4 replies
9h36m

I appreciate Ladybird's initiative. But if they work with Servo, Ladybird can build the browser and Servo can focus on the engine. Also we can avoid C++ nightmare. Everybody wins.

paddim8
1 replies
6h30m

Ladybird is all about the engine. It's progressing faster than servo

Ygg2
0 replies
5h7m

In what way? Rendering pages CSS compatibility? I tried servo on Windows and it worked, not so much for Ladybird - granted, I wasn't feeling up to task of compiling it for Windows.

suby
0 replies
8h7m

Ladybird seems to have more momentum and be further along in development in my testing of visiting random websites. This may or may not have something to do with developer velocity of each language, genuinely I don't know but I think it's worth considering.

Regardless, from what I've gathered, Ladybird is going to ship of theseus their way into memory safety. It's not announced what the C++ replacement language will be, but they are working towards that.

sgt
0 replies
5h51m

For the user, C++ won't be a nightmare.

remram
0 replies
5h4m

Isn't Servo a new rendering engine for Firefox? How does it fix all of Firefox's problems, that are not engine limitations?

You can make a free web browser from Firefox's current engine just as easily as from Servo, I would fund the person who does that.

ethagnawl
1 replies
8h16m

Thanks. I just donated to Ladybird and Servo.

Here's the Servo link: https://servo.org/sponsorship/

remram
0 replies
5h6m

Is there any reason to believe that the Servo project will produce a full independent browser, rather than a browser engine as their website states? The only likely outcome is that it be used in Firefox...

bachmeier
0 replies
6h26m

How would that solve the problem? Years down the road, if they actually finish their browser, what guarantee do you have against it being enshittified in some way? The only option I see is a project that exists to deshittify an open source browser.

kwhitefoot
22 replies
11h16m

So how do we turn it off?

Found it. Go to settings, type privacy into the search box. The last item under "Firefox Data Collection and Use" is a check box labelled "Allow websites to perform privacy-preserving ad measurement".

It was already unchecked on mine when I looked just now.

wkat4242
13 replies
10h58m

Yeah on desktop. On mobile it's a lot harder. It's still turned on and you have to use a workaround to enable about: config because they don't bother to make this option visible in settings.

perryizgr8
3 replies
10h2m

Do we know why they blocked about:config on mobile? It doesn't make any sense at all...

Bilal_io
2 replies
7h4m

It worked for me, no issues. I am on version 128.0 (Build #2016030615)

perryizgr8
0 replies
1h5m

Doesn't work for me

128.0 (Build #2016030615)

Wonder why this is even an issue.

bravetraveler
0 replies
6h48m

I had to go through some Gecko thing first like others mentioned, quite odd. Supposedly the setting to adjust is in there too, but I have no idea what applies here

htiawe
2 replies
8h13m

I recently started using Firefox again, because of all the madness around Chrome and the change of how add-ons (mainly uBlock and similar) would work.

And it felt kinda good, i actually thought that Firefox was different and a part of "the good guys", now it doesn't feel that way anymore. Sigh.

staunton
1 replies
6h35m

I don't know of any "good guys" whatsoever that ever managed to build and maintain a browser. Anyone?

Maybe one day we'll have a usable FOSS browser but I doubt it (the companies will fight tooth and nail against it including legal means, buying out companies, blocking content for them, etc.).

wkat4242
0 replies
4h31m

I think the guys that built WebKit originally (Konqueror) are kinda good guys. I still sponsor KDE with a monthly donation <3 But the browser wasn't really kept up, I don't think they had the money for it. It lives on in Safari though.

squarefoot
1 replies
10h32m

On mobile you probably want to try Fennec and/or Mull, both Firefox forks, compatible with FF addons and available on F-Droid.

parlortricks
0 replies
9h37m

As of June Fennec is now under Mozilla?

wkat4242
0 replies
10h31m

Yeah apparently you can use that to set: general.aboutConfig.enable to true

And then you can go to the normal about:config and set dom.private-attribution.submission.enabled to false

Only then is PPA actually off (apparently, I did not manage to test this yet but someone did confirm the default setting is true). Not cool. Especially because Mozilla provides instructions for the desktop version on their site but doesn't even mention the mobile version at all.

zaik
0 replies
10h41m

I can access the about:config page on mobile, but I can't seem to find a relevant option. Maybe it's already disabled for the Fennec app from F-Droid?

chrismorgan
0 replies
10h46m

and you have to use a workaround to enable about: config

I know of no workaround short of installing from the Beta or Nightly channel.

tda
4 replies
10h40m

on firefox mobile:

open chrome://geckoview/content/config.xhtml, set general.aboutConfig.enable to true

open about:config, set dom.private-attribution.submission.enabled to false

fransje26
1 replies
8h59m

What's the difference with setting

    dom.private-attribution.submission.enabled 
to false in the gekoview?

tda
0 replies
7h59m

Probably none, I didn't know it was also there. I just compiled what worked for me after scrolling through a few other posts.

psychoslave
0 replies
10h17m

Wow, thanks for this and the parent post.

aaubry
0 replies
8h56m

Thanks a lot for this tip. I don't know how one is supposed to find this setting.

tromp
0 replies
10h0m

On MacOS that checkbox is in a separate section called "Website Advertising Preferences".

RegW
0 replies
6h41m

Interestingly the option has a link to an explanation on how it works. Which was handy as I couldn't get past the German cookie dialogue on the original article.

I guess the question is whether the aggregation services can be persuaded by clever attribute manipulation to give the ad site a near unique report for a user across many sites.

<https://support.mozilla.org/en-US/kb/privacy-preserving-attr...>

<https://datatracker.ietf.org/doc/html/draft-ietf-ppm-dap>

<https://github.com/mozilla/explainers/tree/main/ppa-experime...>

wkat4242
13 replies
11h19m

Says the site that only offers one big button "accept" to its cookies :( :( There's no "Nope".

Edit: Weird, some people seem to have received more options than me. For me there was just one option to accept (Zustimmen) and nothing else. Everything was in German but I read German anyway. I was on mobile though, perhaps this is why? I can't see it again because I already pressed it.

A practice (pay or accept cookies) which was actually ruled in breach with GDPR but many German sites seem to do this somehow.

I agree with the criticism on Firefox but this is very hypocritical. Heise used to be a good company. I even used to subscribe to C'T and iX.

copywrong2
4 replies
11h4m

These dark patterns will prevail. However, I honestly expect their reasoning to be "every single user reading heise.de should have a cookie banner blocking enabled in their Ad Blocker". Also, I think you can accept it for free when you click "Einstellungen", this is not golem.de.

agos
1 replies
10h43m

they will not prevail, unless we collectively let them do so. they are already probably in breach of GDPR, and I don't see the EU backing down on this stuff.

bbarnett
0 replies
9h47m

Collectively? More people have no idea what the GSPR even is, what cookies are, what the question even means, and just randomly click a button.

The only way to get some collective action from 99.999% of web users, would be to get multiple high profile media personalities to endlessly, repeatedly tweet about it... along with a catchy jingle.

Users would still have no idea about anything privacy related, but maybe 10% would do as commanded by their idols.

bratwurst3000
0 replies
10h58m

i stopped reading golem because of this. what a shit

Semaphor
0 replies
10h59m

Also, I think you can accept it for free when you click "Einstellungen"

No, this part is mandatory:

Datenverarbeitungen von Werbeanbietern einschl. personalisierter Werbung mit Profilbildung [Zustimmung erforderlich für kostenfreie Nutzung]
Semaphor
4 replies
11h8m

A practice (pay or accept cookies) which was actually ruled in breach with GDPR but many German sites seem to do this somehow.

Our Data Protection Agencies ruled it okay. There was a recent court case that called it into question again, so we’ll see how things develop.

FWIW, my normal blockers manage to block the heise.de pay-or-track banner, different from, e.g. golem.

agos
2 replies
10h43m

what data protection agencies?

Semaphor
1 replies
9h39m

I used the wrong word, it’s authorities. The German word is "Datenschutzaufsichtsbehörde"

wkat4242
0 replies
9h20m

This is why scrabble is such a popular game in Germany :)

wkat4242
0 replies
10h32m

But even then, it's a bit hypocritical writing an article slamming firefox for this at least allegedly privacy-sensitive adtracking. While requiring readers to consent to tracking from your however many ad partners :P

psychoslave
0 replies
10h1m

My current process for "modal asking any consent when I just jumped in the page and don’t have any certainty there is something there I am looking for" is

- does reader view toggle works? if yes, consult, end here

- am I really looking for some information that might be there? if "no I just clicked a link from somewhere on the internet", then end here

- still here? Hey, what about looking at the DOM, if the information looked for is not a simple small segment of text, there are good chances a few CSS/HTML tweak will reveal this. Got it? end here, though you might consider to automate this process with Greasemonkey if this domain often fall in your research.

- no luck so far? It’s ok, you know Internet is vast, there are plenty of other page to visit. WTF are you doing here anyway, don’t you have a job, hobbies and people to cherish? And what about a small walk, you look like you need some fresh air, you know?

lloeki
0 replies
10h52m

Having only "accept all" and say "configure", or even a highlighted "accept all" and a very small or even just unhighlighted "deny all" is against GDPR. IIRC:

- choices presented must have the same visual weight (e.g for buttons)

- there must be no default choice preselected (e.g for radio/toggles)

- the fallback when no choice is made (e.g a dismissal or a "failure to display" a.k.a bug or nag blocker) must be equivalent to deny all

Instead we get this mess because enforcement requires litigation from users and these companies make just enough to claim "oh we thought it was Ok plus we go through a off the shelf pluggable third party so not on us" plausible deniability.

from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELE...

If the data subject's consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.

Consent should not be regarded as freely given if the data subject has no genuine or free choice or is unable to refuse or withdraw consent without detriment.

from https://www.edpb.europa.eu/sites/default/files/files/file1/e...:

Example 6a: A website provider puts into place a script that will block content from being visible except for a request to accept cookies and the information about which cookies are being set and for what purposes data will be processed. There is no possibility to access the content without clicking on the “Accept cookies” button. Since the data subject is not presented with a genuine choice, its consent is not freely given.

41. This does not constitute valid consent, as the provision of the service relies on the data subject clicking the “Accept cookies” button. It is not presented with a genuine choice.

The use of pre-ticked opt-in boxes is invalid under the GDPR. Silence or inactivity on the part of the data subject, as well as merely proceeding with a service cannot be regarded as an active indication of choice.

In the digital context, many services need personal data to function, hence, data subjects receive multiple consent requests that need answers through clicks and swipes every day. This may result in a certain degree of click fatigue: when encountered too many times, the actual warning effect of consent mechanisms is diminishing.

This results in a situation where consent questions are no longer read. This is a particular risk to data subjects, as, typically, consent is asked for actions that are in principle unlawful without their consent. The GDPR places upon controllers the obligation to develop ways to tackle this issue
amanzi
0 replies
10h50m

I get a different banner - it's a huge square with a wall of German text that I can't understand. There are three buttons, also in German, and I have no idea which button to press. Guess I won't be reading the article.

uyzstvqs
12 replies
8h3m

What's dumb is that Firefox is not the freedom browser people think it is. Mozilla is a crappy organization. Firefox has extension signing, it's as restrictive as installing apps on iOS where only approved apps can be installed, without a setting to easily disable it. Mozilla can also remotely install extensions by default (opt out) called "experiments" or something. Their anti-tracking is purposefully weak because of their dealings with Google. Now this data collection for ads. They didn't enable DNS-over-HTTPS by default specifically in the UK. And Mozilla leadership is associated with radical left politics, just as an extra.

Maybe check out Brave Browser, LibreWolf or Vivaldi.

3l3ktr4
8 replies
7h38m

And Mozilla leadership is associated with radical left politics, just as an extra.

Do you have proof for this? I'd be curious. I also fail to see how is that related to the collecting data by default thing. Is that a leftist thing now?

freeone3000
2 replies
6h29m

Seems like standard centre-left to me: no issues with current ideas of capital or governance structures at all!

freeone3000
0 replies
3h58m

Quick primer:

Radical right: “Almost nothing great has ever been done in the world except by the genius and firmness of a single man combating the prejudices of the multitude.”

Far-right: “I know there are some who become sick when they see black uniforms… but those who come to fear us at any time must have a guilty conscience before the nation.”

Right: “This means that every Canadian will see their income taxes go down. This means more money to pay the bills, to save up for your kids' education or maybe even finally afford a family vacation.”

Centre: “There is nothing which I dread so much as a division of the republic into two great parties, each arranged under its leader, and concerting measures in opposition to each other.”

Left: “To put it bluntly, no one should be faced with a choice that says, in effect, “your money or your life”. “

far left: “ The role of the police and the military is growing, and the links between these enforcers of ruling class power and far-right and fascist parties and movements, are becoming more visible.”

Radical left: “ They openly declare that their ends can be attained only by the forcible overthrow of all existing social conditions.”

beepbooptheory
0 replies
5h42m

Getting people to identify corporate PR speak with "radical leftist rhetoric" is perhaps one of the most darkly genius angles of the conservative culture war in recent memory.

Who even read these dumb company blogs before this?

Ensorceled
0 replies
6h10m

Pretty much every company has made such statements and policies, including some very much not "leftist" companies.

bawolff
0 replies
7h31m

Personally i'd rather judge people by the things they do (or fail to do), not who they are associated with.

kiviuq
0 replies
7h4m

communists and anarchists have been dominating the ad industry for decades :p

jasonlotito
0 replies
4h26m

And Mozilla leadership is associated with radical left politics

Maybe check out ... LibreWolf

GNU says hi.

bionsystem
0 replies
7h36m

I daily drive Vivaldi, for about 2 years now. I was a bit concerned with the closed source part but the experience is great, it's fast and with plenty of features. I don't know how good they are with regards to privacy but on the other hand I do not need to install any plugin as everything is integrated so at least my data is contained with them.

ranguna
12 replies
10h3m

https://librewolf.net/

And fallback to Firefox when things don't work. Which is usually on sketchy websites, websites that have heavy bot protection and fingerprinting or ones that use gpu APIs.

MrAlex94
10 replies
8h17m

A few criticisms of LibreWolf:

* There is no legal entity behind the project. Should anything ever happen with the project (it can happen, even if unlikely), there are no legal ramifications.

* The binaries aren't signed. Yes, code signing is a bit of a racket, but there is some merit in it.

* There is no auto-update mechanism. Might not seem like a big deal, but IMO it is, especially on Windows where you're recommended to rely on 3rd party client to update the browser for you. You've now added a middle man, and since the binaries are not signed... well there's no guarantee you aren't downloading a malicious binary.

MiddleEndian
5 replies
6h24m

There is no auto-update mechanism. Might not seem like a big deal, but IMO it is, especially on Windows where you're recommended to rely on 3rd party client to update the browser for you. You've now added a middle man, and since the binaries are not signed... well there's no guarantee you aren't downloading a malicious binary.

To me, this seems like a plus. If you want users to update, provide them with something worth updating to. This tracking suddenly being enabled for a ton of users is the very result of automatic updates.

MrAlex94
2 replies
6h4m

But we're not talking about Firefox's update mechanism here, we're talking about Librewolf's. They are already the custodians of custom settings and making the choice for you, so it doesn't seem like a valid comparison here.

I would also say a web browser should be the one piece of software constantly updated due to the sheer volume of security patches issued every few weeks.

MiddleEndian
1 replies
5h20m

But we're not talking about Firefox's update mechanism here, we're talking about Librewolf's.

Doesn't matter. I don't inherently trust any organization.

They are already the custodians of custom settings and making the choice for you, so it doesn't seem like a valid comparison here.

I can make the choice to install software. I should be able to make the choice to upgrade it as I choose as well.

If I buy a chair from Crate+Barrel, I have given them the choice of designing and manufacturing that chair and all the decisions that went into it. But I do not give Crate+Barrel the choice of sneaking into my house and swapping it with some newer version of the chair that 51% of the population liked slightly better after 5 minutes of testing or that they think will make them more money somehow.

MrAlex94
0 replies
4h25m

I can make the choice to install software. I should be able to make the choice to upgrade it as I choose as well.

I think that's completely valid.

I was just assuming (maybe incorrectly?) we're talking about what should be happening in general (so what the experience for the layman should be). Now whether that applies to Librewolf is another story, but arguably it becoming fairly known, it should.

Side-note: In Waterfox, I've re-added the ability to disable auto-updating completely. I completely understand the want to manually update software.

kees99
1 replies
6h16m

Also, for some software vendors, frequent/automatic upgrades are a great place to hide silent reconfiguration.

Mozilla has been repeatedly resetting "Always check if Firefox is your default browser" option to "yes" with upgrades. I don't see why "private-attribution submission enabled" wouldn't be reset in future in the same way.

MrAlex94
0 replies
5h53m

As mentioned above, we aren't talking about Firefox's update mechanism here, but rather Librewolf's.

Mozilla has been repeatedly resetting "Always check if Firefox is your default browser" option to "yes" with upgrades.

I'm sorry to say this, but this just seems to be misinformation.

I don't see that anywhere in the source code[1]? Anything I can find regarding prompting the user regarding the default browser is hidden behind an if guard to make sure the pref is `true` and not `false`.

The only scenarios I am aware of that will change the pref if the user has toggled one manually is the `_migrationUI`[2] function (as you can see, no changes relating to `browser.shell.checkDefaultBrowser`). Otherwise, untoggled prefs will be changed if the value in `firefox.js`[3] or `all.js`[4] is changed. As you can see, the last time the pref was modified was 2004.

[1] https://searchfox.org/mozilla-central/search?q=browser.shell...

[2] https://searchfox.org/mozilla-central/source/browser/compone...

[3] https://searchfox.org/mozilla-central/diff/94ff451885bb94679...

[4] https://searchfox.org/mozilla-central/source/modules/libpref...

michael9423
1 replies
2h12m

You know perfectly well that point 1 is completely irrelevant in the world of open-source.

A UK Ltd. is less transparent than Librewolf, an open-source project run by many volunteers without the incentive to make any money.

Point 3 is no longer true, the installer comes with the option to enable auto-update and on Linux, it also auto-updates, depending on distro, etc.

The risks you are talking about are not inherent to Librewolf, but to Linux and open-source, and thus are not legitimate criticisms of Librewolf.

MrAlex94
0 replies
1h36m

You know perfectly well that point 1 is completely irrelevant in the world of open-source.

Genuinely, why not? Open source projects go through ownership changes (as unlikely as they may be), social engineering, etc. In the unlikely chance something were to happen and anything malicious were to occur, what recourse is a user to have? And we are talking about a web browser here, which will be accessing peoples most sensitive data. I don't think this is an unreasonable stance.

A UK Ltd. is less transparent than Librewolf, an open-source project run by many volunteers without the incentive to make any money.

Well this UK Ltd is still beholden to English law and UK GDPR. You could argue the merits and teeth that GDPR has, but I don't see why it's not a valid comparison? I can't just start processing personal data without complying with GDPR, for example.

The risks you are talking about are not inherent to Librewolf, but to Linux and open-source, and thus are not legitimate criticisms of Librewolf.

Linux has the Linux foundation, which AFAIK is going to be beholden to California law? I don't see how that can't also be a criticism of Librewolf (and any OSS in a similar spot?).

Point 3 is no longer true, the installer comes with the option to enable auto-update and on Linux, it also auto-updates, depending on distro, etc.

It seems to me to still true, because the installer is installing WinUpdater. Which, as it seems, is maintained by an individual developer?

If you want LibreWolf to be automatically updated (recommended), you can choose to install the LibreWolf WinUpdater[1], which is included in the installer.

[1]: https://codeberg.org/ltguillaume/librewolf-winupdater

itscrush
1 replies
5h40m

Have you spent time with Waterfox as an alternative or have some thoughts when comparing against Librefox?

In app update prompts work for me, they have a TOS / Legal Entity it seems. They broke away from Startpage in recentish years.

Plenty of feature trade offs to compare though with Librefox.

MrAlex94
0 replies
4h22m

Yes, I'm the developer of Waterfox :-)

Plenty of feature trade offs to compare though with Librefox.

Yes, for sure. Definitively different goal alignments.

poidos
0 replies
7h5m

Installed it a couple days ago and it works great, haven’t had any problems yet. Nice to have it through Brew.

seanhunter
11 replies
5h56m

If you want to disable this, instructions are given here[1] but

1) Hamburger menu -> Settings -> Privacy & Security

2) scroll down to the new section entitled "Web Site Advertising Preferences".

3) Make sure the box marked "Allow web sites to perform privacy-preserving ad measurement" is not checked.

[1] https://support.mozilla.org/en-US/kb/privacy-preserving-attr...

defulmere
5 replies
5h4m

Thanks for providing these instructions. My usual way to get to some setting in Firefox is to use the search box but it seems that Mozilla is actively hiding this one by excluding it from search, ie if you type "advertising" into the settings search box then there are no results.

noisy_boy
2 replies
4h25m

That is because "Allow web sites to perform privacy-preserving ad measurement" doesn't have the word "advertising" in it. Granted the current phrasing a bit awkward and may have a certain degree of deliberateness behind it.

yogeshp
0 replies
3h5m

Yes, but the section name "Web Site Advertising Preferences" has the word Advertising in it.

marcosdumay
0 replies
3h33m

IMO, almost all of the Firefox preferences are phrased awkwardly.

rascul
1 replies
4h28m

It seems the search matches on the text of the option, not the section text. The text of the option is "Allow websites to perform privacy-preserving ad measurement" and the search for me brings up the option (and of course anything else that matches) when I search for any of that.

defulmere
0 replies
3h51m

Ah, thanks for pointing that out. I'd expected a match on the section heading :\

kevincox
3 replies
5h21m

And of course this setting doesn't sync to new devices by default. So you need to remember to opt-out on every device.

The underlying pref is dom.private-attribution.submission.enabled. I'm going to force this off in my policies.

blueflow
2 replies
5h17m

How do you sync these settings across devices? I need such a thing, too.

ringer
0 replies
3h10m

Basically, you need to create a `user.js` file in the root folder of your profile, you can find/open the profile folder using about:profiles or about:support (default path is `~/.mozilla/firefox/${profile-name}/user.js`). You can sync it however you like, e.g. upload it to your dotfiles repo and symlink with stow, etc.

The syntax is: user_pref("dom.private-attribution.submission.enabled", false); // Disable Privacy-Preserving Attribution

You can find a lot of examples and "documentation" on https://github.com/arkenfox/user.js

kevincox
0 replies
5h8m

If you want to use Firefox sync IIUC you can define a new pref services.sync.prefs.sync.dom.private-attribution.submission.enabled. However this has always been flakey in the past for me. (I think maybe the sync prefs themselves don't sync?)

Now I install an organizational policy that sets the prefs. I use NixOS to apply this and it looks like this:

    environment.systemPackages = [(pkgs.firefox.override {
      extraPrefs = ''
        lockPref("dom.private-attribution.submission.enabled", false);
      ''
    })];
I think this is just creating a `prefs.js` file under the hood, so you should be able to replicate on other systems that you manage.

Edit: This is creating a lib/firefox/mozilla.cfg. IDK how exactly this applies to other distros.

Y_Y
0 replies
2h31m

    sudo rm $(which firefox)

JonChesterfield
9 replies
10h6m

Firefox mobile also won't let me into about:config. So I guess that's the end.

Opera? Other recommendations?

DaoVeles
2 replies
9h54m

Elinks via Termux? /jk

For those that don't know, Elinks is a text only terminal browser.

mrweasel
0 replies
7h33m

While the jokes is appreciated, I'm also half-serious in considering just using Links/Elinks or w3m and just use whatever is the default browser on my OS for those cases where I need to book ticket or do banking.

I'm sadly falling out of love with the web. So much fun and enjoyment have left the web in the past 20 years and I don't enjoy or to some extend even benefit from the modern hellscape of modern commercial web.

brettermeier
0 replies
9h40m

Lol, nobody wants that.

Recommend Mull or something else sensible.

Edit: Whoopsy, oversaw your /jk

quikoa
1 replies
9h42m

As mentioned elsewhere in this thread:

Go to: chrome://geckoview/content/config.xhtml then enable about:config after that dom.private-attribution.submission.enabled can be set to false.

gkbrk
0 replies
6h0m

If you need to do that much hacking around to plug a deliberate privacy hole, you might as well use another browser.

justinclift
1 replies
10h2m

Which OS are you using?

Ygg2
0 replies
9h59m

Firefox mobile is only on Android. The iOS version is a reskin, so it's not affected.

southernplaces7
6 replies
6h47m

One of the few things about Firefox that made me attempt to tolerate its repeatedly slow, shitty performance and tendency to slow my whole device down, was the privacy angle. With that gone, why bother? Might as well use Chrome. At least it's light and fairly quick.

rc_mob
3 replies
6h32m

Eh? Chrome is famously bulky and a memory hog

southernplaces7
0 replies
5h28m

Sorry folks but though i'm just speaking from personal experience, it's what I noticed time and time again. I've given Firefox multiple chances as my default browser over several years right up until maybe a year ago and the same problem presented itself across different laptops and FF versions (many after in those cases someone told me that FF was FINALLY fixed, oops). Were these laptops heavy duty models with serious CPU, GPU, RAM and etc power? Nope, but they shouldn't have to be for just running a browser.

Chrome on the other hand (and believe me I despise Google in so many different ways) has consistently been okay. Not great, but okay, and certainly better than Firefox. This while having the same browsing, tab and extension habits in both browsers.

With comments like my original above I've always seen a bunch of people come out with all sorts of caveats defending or justifying FF, but personal experience has consistently shown me differently.

lolinder
0 replies
5h58m

There are a lot of people who still think of Firefox from 5 years ago. Whatever else you can say about Mozilla (and I have a lot to say about Mozilla) they have actually really improved performance to where I'm not convinced it's any worse than Chrome. Browsers are just doing more than they used to.

acdha
0 replies
5h43m

Firefox’s reputation got hit a decade or so ago by performance problems in popular extensions like AdBlock Plus, and it was common to see people mistake switching to a new browser as the reason for the speed up because the initial performance would be notably better before they loaded the new one up with extensions, too.

pbronez
0 replies
3h1m

huh. Maybe I should try Brave again.

stebalien
5 replies
8h39m

This works by adding noise. Can't an attacker bypass it by boosting the signal? Assuming the attacker can create sybil advertisers/browsers, this should be totally doable:

1. Define some baseline set of M impressions with various ad identifiers and from various sybil advertisers.

2. For each target user, define some set of M marker impressions, also with various ad identifiers and from various and sybil advertisers.

3. Save all impressions (marker + baseline) on a bunch of sybil browsers to get above the reporting baseline with some probability.

4. If/when a target user visits a target website, request a conversion report for each ad/advertiser.

You now have a baseline signal (from the baseline ads/advertisers) and a marker signal (from the marker ads/advertisers). If this is one of your target users, you'd expect their "marker" signal signal to be stronger than the baseline.

stebalien
2 replies
6h51m

Those docs look out of date and appear to be designed for "app" ecosystems. The latest proposal from Mozilla is https://docs.google.com/document/d/1QMHkAQ4JiuJkNcyGjAkOikPK...

And I'm now quite sure this system is insecure. Fundamentally, either:

1. There is some magical sybil protection: An attacker can only spend their own privacy budget without affecting the rest of the system.

2. The system can be saturated: An attacker can spend everyone's privacy budget.

3. The system is not private: An attacker can exceed the "safe" privacy budget by combining information from multiple sybils.

MrAlex94
1 replies
6h19m

I assume it’s the MPC part that would need the Sybil protection?

Also, another assumption, but it’s that doc still builds upon the W3C proposal - would it not be worth raising as an issue in the repo? Seems to still be active.

stebalien
0 replies
3h16m

It's all other parties, actually. I'm assuming Mozilla and friends are trusted and that the cryptography is perfect.

I've filed an issue at https://github.com/patcg-individual-drafts/ipa/issues/90 but I'm still not sure if that's the right repo.

stebalien
0 replies
7h38m

I can try. But I'm pretty sure what they're trying to do is fundamentally impossible without some kind of sybil protection.

dpwm
5 replies
10h42m

The article links to Mozilla’s press release / blog entry about the acquisition of Anonym [0]. It’s pretty dystopian reading. The last three paragraphs and the summary of Anonym are more worrying than anything else I’ve read on this so far:

This acquisition marks a significant step in addressing the urgent need for privacy-preserving advertising solutions. By combining Mozilla’s scale and trusted reputation with Anonym’s cutting-edge technology, we can enhance user privacy and advertising effectiveness, leveling the playing field for all stakeholders.

I can only interpret this as the urgent need is money, and wants to sell its "scale and trusted reputation". Mozilla has been down this road before. It was not good for them.

Anonym was founded with two core beliefs: First, that people have a fundamental right to privacy in online interactions and second, that digital advertising is critical for the sustainability of free content, services and experiences. Mozilla and Anonym share the belief that advanced technologies can enable relevant and measurable advertising while still preserving user privacy.

This is some pretty weak wording for a press release. The economics of the situation are that advertising will always trump privacy. Researchers have successfully de-anonymized anonymised data sets, including medical records. Why would these data be any different?

As we integrate Anonym into the Mozilla family, we are excited about the possibilities this partnership brings. While Anonym will continue to serve its customer base, together, we are poised to lead the industry toward a future where privacy and effective advertising go hand in hand, supporting a free and open internet.

Anonym’s customers are advertisers, right? The same people who for decades poured money into eroding that free and open internet that we had…

About Anonym: Anonym was founded in 2022 by former Meta executives Brad Smallwood and Graham Mudd. The company was backed by Griffin Gaming Partners, Norwest Venture Partners, Heracles Capital as well as a number of strategic individual investors.

Well, it seems Anonym, Smallwood and Mudd had a nice piece about them written in the Wall Street Journal [1]. From the second paragraph:

Graham Mudd and Brad Smallwood each spent more than a decade building Meta’s advertising system, which allowed the company to offer granular data about how ad campaigns worked with individual users, often by tracking their web and mobile activity.

[0] https://blog.mozilla.org/en/mozilla/mozilla-anonym-raising-t...

[1] https://archive.is/17c0f#selection-5751.0-5751.246

jeltz
3 replies
9h17m

Mozilla has been down this road before. It was not good for them.

Yes, this is Cliqz all over again and that scandal cost them most of their German userbase.

se0
2 replies
8h50m

And which browser are using the German now ?

n_ary
0 replies
7h50m

I would say, average user is using Microsoft Edge(whatever that comes default with their OS) on their desktops and a combo of Chrome/Samsung/Safari on the mobile.

While Chrome adverts and fearmongering campaigns are now everywhere and people seem to be taking interest in Chrome, but Edge is probably the most common, as I see it literally everywhere(including public service office facilities).

jeltz
0 replies
8h39m

Chrome, which meant Mozilla managed to scare people away from their own browser into a using a browser which respects user privacy even less. Great job there Mozilla!

mrweasel
0 replies
7h43m

The whole acquiring Anonym thing is almost guaranteed to go wrong. Either Mozilla just wasted a lot of money buying the company as it fails to be profitable or privacy will be eroded as Mozilla starts profiting from ad sales.

The companies buying ads aren't keen on privacy, at least not if it comes at the cost of optimizing sales, so I don't see anyone but small "do good" niche companies would buy into what Anonym is selling. Alternatively Mozilla will make money and start relaxing privacy restriction in order to extract even greater profits. I don't see them stopping half-way. The Mozilla leadership has again and again shown that they do not understand their user base.

Firefox is a great browser, but so it all Chromium based browsers. Mozilla apparently never considered why someone might stick with or switch to Firefox, when Chrome, Edge, Safari and other browsers do the exact same thing, sometimes perhaps better. I really want to ask the Mozilla CTO and upper management what they think their product is, because I got a in increasing hunch that Firefox isn't the first thing that would come across their lips.

Personally, right now the only reason I'm not switching to something like Vivaldi is my desire to ensure that rendering engines beyond Blink is represented in statistics.

Piraty
5 replies
8h16m

If 1% of regular Firefox users just donated the equivalent of 10USD per year to mozilla, they would not have the need to find ...eyebrow-raising... ways to earn money.

lawn
1 replies
8h9m

Nah, they'd just increase the already ridiculous salary to their CEO.

n_plus_1_acc
0 replies
8h13m

On the other hand, people would be more inclined to donate money if they could trust Mozilla to value the privacy of their users, which is one of the biggest reasons people choose FF in the first place.

mardifoufs
0 replies
4h4m

0% of donations go towards financing the Firefox project. Donations to Mozilla are explicitly not used for Firefox, they say so in the donation page.

bondarchuk
0 replies
8h6m

Only if they'd also spin off the browser from all the political activism and NGO cash grabbing, and let people choose themselves to which of the two their money goes.

albeva
4 replies
8h44m

And there goes my trust in Firefox out the window...

Safari seems to be the only decent, privacy-focused browser left on the market.

Until the Ladybird arrives.

Tarq0n
1 replies
7h11m

Safari also has attestation, as far as I know without user consent.

sumuyuda
0 replies
8h14m

The fact that Apple killed any real third party extensions ended my use of Safari.

sph
3 replies
10h15m

What do you expect from a company indirectly owned and controlled by Google money?

I can't wait for Ladybird to get good, in a decade realistically, swimming against a massive current of Google pushing its unstandardised nonsense on Chrome, and web developers jumping on the bandwagon, making web standards more and more complex by the day so no one ever is able to catch up.

You can add to the dead internet theory the fact that the Web is now maliciously impossible to recreate and access from scratch if you are unable to compete with the billions Google spend to maintain their hegemony. Heck, even Microsoft found it was more efficient to join Google rather than to try and direct what they laughably call "an open standard." There is more competition to build reusable space rockets than in web browsers.

A sad day, and sadder days await us. Shame of Mozilla, and on the CTO trying to sell this feature as a good thing.

berkes
1 replies
7h22m

They aren't owned nor controlled by Google. And certainly not directly.

I presume you refer to the fact that most income of Mozilla comes from Google paying a fee to have their search be the default. While that is worrysome, it's not control nor ownership. Let alone direct control. At most it gives Google leverage.

cdrini
0 replies
6h24m

The previous post said "indirectly" controls; maybe a misread?

newzisforsukas
0 replies
6h20m

I can't wait for Ladybird to get good

I don't see that happening in a decade. What makes you so optimistic?

qwertox
3 replies
8h50m

Firefox should integrate a tracker-blocker which blocks all ads which rely on executing Javascript as well as profiling-related 3rd-party code snippets, but leaves ad images which are integrated into the page, served exclusively by the owner of the page, and are based on the content offered by the page. Like magazine ads.

Everything else is just agreeing with the advertising industry on their idea that profile-building is fine.

These advertisers nowadays think they have they are entitled to everything, and Firefox just helped them.

alex_duf
2 replies
8h48m

By this logic wikipedia wouldn't be able to load any image

qwertox
1 replies
8h41m

They could offer a deal to Toyota and tell them they're offering image-only ad space on all car-related pages. For example images with deals. Toyota would know from the referrer that the click came from Wikipedia.

All the other images are hosted by Wikipedia themselves and are not ad-related, so I don't see where's the issue here.

alex_duf
0 replies
4h28m

I'm just saying that the domain that hosts the page and the domain that hosts the image are often not the same. Wikipedia hosts the articles, wikimedia hosts the images.

If a browser wants to be strict about what it loads, most of the web would appear broken. Maybe google could have the weight to force such change, but no way could mozilla impose such a strict rule.

3l3ktr4
3 replies
7h34m

I wonder why they claim they need this... Tor seems to be doing fine as an organization without collecting user data? Why maintaining Firefox is much more expensive? I guess the codebase for Firefox is much larger and in the end Tor is a fork of Firefox, right? So maybe they do need much more resources? Not to say I'm not disappointed with Mozilla once again.

berkes
2 replies
7h25m

Tor is (was?) heavily subsidised by secret services in a.o. the US.

likewise, agencies within the U.S. government variously fund Tor (the U.S. State Department, the National Science Foundation, and – through the Broadcasting Board of Governors, which itself partially funded Tor until October 2012 https://en.wikipedia.org/wiki/Tor_%28network%29?wprov=sfla1
toofy
1 replies
6h42m

While it has had funding from some sources we don’t necessarily trust, it’s still entirely open source and the code has been combed through repeatedly.

When it comes to privacy apps, I’d place significantly more trust in something like that than literally anything closed source or unscrutinized to that degree.

berkes
0 replies
5h10m

Sorry, I wasn't trying to imply that we should not trust it.

I was merely implying that there's a major difference between the model behind TOR and that of Firefox.

And also similarities: if TOR is funded by entitities we don't trust and it turns out to work fine, then Firefox, being "funded" by Google should not have to be a severe problem either.

hulk_
2 replies
9h32m

Just installed Chrome again. I loved everything about the idea behind Mozilla but the browser is quite not useable these days. Really sad.

moontear
0 replies
9h22m

How is your personal story related to the story? I don’t believe Chrome is better than Firefox on terms of ad tracking.

linuxandrew
0 replies
9h19m

Out of the frying pan and into the fire. With regards to privacy and tracking Chrome/Chromium is so much worse than Firefox. Whether it be terrible defaults, exceptions which allow Google to see your system info, or an incognito mode which is a misnomer, Chrome just doesn't do privacy at all.

I can sympathise about general usability concerns but they don't really relate to the OP.

I personally run Ungoogled Chromium for anything that doesn't work in LibreWolf, which is fortunately not too much.

alabhyajindal
2 replies
6h10m

Greeted by a cookie banner in a different language when I open. I swear cookie banners are the biggest problem facing the internet. We need to do something about this!

lexicality
0 replies
6h5m

honestly it's got to the point that any time I get a cookie banner more complicated than yes/no I immediately revoke JS privileges for that website.

At least ublock origin makes that easy, but it's still ridiculous.

On the bright side, French courts have ruled that this kind of cookie popup is illegal under the GDPR so maybe they'll slowly be destroyed

belorn
0 replies
5h38m

EU created a task force in 2021 to address the cookie banner, which gave a report last year that basically said that all current form of cookie banners are practically not legal in terms of giving consent.

As with this kind of regulations, we now have to wait for the law suits to target a few select large companies, then the courts to reconfirm that the regulations says what it says, and then appeals, and then finally the large companies will pay a large fine and then comply, followed then by the industry in large.

Delay, delay and then delay some more has been the response from the data collection industry for the past 10 years. Same for right to repair regulations and smartphones.

TimCTRL
2 replies
9h20m

Do you guys like or trust Vivaldi?

toofy
0 replies
6h49m

vivaldi is not open source, they’re almost certainly more invasive than Mozilla.

mrweasel
0 replies
7h30m

I've been looking at it and they are fortunately very open about how they are funded (search engines and bookmarks). Opera was my browser of choice, back in the days of Presto, so I trust the Vivaldi CEO/CTO who also ran Opera. My main annoyance with Vivaldi is that it's Chromium based, I really don't like the idea of a monoculture of rendering engines.

jeltz
0 replies
9h23m

And the scandals they have been involved in the past. Cliqz was another attempt by Mozilla to invest in privacy preserving technology (that time search, this time ads) where they did a stealth launch without user consent.

sotix
1 replies
5h26m

Can companies not see how their ads are performing by looking at their income statements? An ad campaign costs x dollars. Widget sales increase by y dollars. Companies were able to run this method for a long time. I think ads have gone way too far. It’s shocking we’ve gotten to the point of this discussion on data collection to fuel ads.

tyree731
0 replies
5h8m

In the aggregate, yes, but in the specific, no. Companies nowadays want to see which advertising channels and specific ads, over a given period of time, are performing, so as to decide how to better invest their ad spend

nabla9
1 replies
10h43m

But how does the PPA actually work? There is an aggregation server between the advertising provider and the users or their data, which anonymizes the information from the individual app browsers. Only then does it make the data available to the participating advertising customers.
Ygg2
0 replies
9h58m

Question is, how do we know that? What proof do we have of that?

gala8y
0 replies
10h51m

Thx. Nevertheless, https://xkcd.com/1053/ still applies. I'm one of lucky 10000 today.

xyproto
0 replies
9h58m

Will we see a comeback from IceWeasel?

tiffanyh
0 replies
5h44m

Firefox needs to update their Mission.

Because it's very confusing now.

thinkingemote
0 replies
10h14m

A user in another thread said that disabling this via config made their user agent also change. Can anyone confirm? Seems unrelated I imagine?

https://news.ycombinator.com/item?id=40959723

slowhadoken
0 replies
8h7m

An app that alerts you to invasive content in updates like this would be cool.

silcoon
0 replies
8h58m

By offering sites a non-invasive alternative to cross-site tracking, we hope to achieve a significant reduction in this harmful practice across the web.

The value of words is leaving the web.

pfzero
0 replies
6h15m

I wish there was a serious conversation on how a browser can be productivized and make actual profits. I think that model has the best chances of working out over the long-term in guarding user's privacy - at least for those users willing to pay for it.

Most (all?) companies which developed a browser have lax policies on data privacy. At most those are inline with major directives like GDPR. However, it's not in their best interest to protect / not leverage user data. So the real discussion should've been about the set of features that would attract a sufficiently large user base who would pay ~10$ per month subscription in order to make the model sustainable on the long-term.

peanut_worm
0 replies
3h46m

I don’t think Mozilla is trustworthy anymore.

matheusmoreira
0 replies
6h5m

Reminder: Mozilla has billions of dollars in the bank. They don't need to do this. They want to.

justinclift
0 replies
10h4m

As an alternative, if you're using macOS (or iOS) then Kagi's Orion Browser seems decent:

https://kagi.com/orion/

jandrusk
0 replies
1h1m

Not a good strategy for keeping an already very small user base.

irq-1
0 replies
4h52m

Our hope is that if we develop a good attribution solution, it will offer a real alternative to more objectionable practices like tracking.

There is no negotiating with the advertising industry. No system will stop them from acting unethically to gain an edge.

--

My idea for such a system: random GUID added to each ad. Browser plugin collects GUIDs. Client protects itself with random GUIDs removed and new random GUIDs added. Client sends GUIDs to a Collector they choose. Collectors run client GUIDs against Advertisers lists (bloom filters). Advertisers pay Collectors, and Collectors give to orgs.

Edit: replace GUIDs with 6 random bytes, so the existence of an id is not proof of it's being viewed. it needs to be plausible that the client added an id randomly, and that's not the case with a GUID.

genezeta
0 replies
7h51m

I've been wondering about this whole affair. The thing that got me wondering is this: Is this really interesting for advertisers?

I mean, let's imagine this works as explained -whatever, let's imagine it does and with no downsides even-. Now as far as I can understand this aggregate information ends up producing something like "this particular ad placed here ends up producing this number of conversions". Is this really something an advertiser wants to know? Maybe to some extent, but to me it sounds a lot more like something an advertising platform would want to know. Which is why I'm not surprised by Meta's interest.

To me this feels like a good tool to avoid paying small websites at all for just having ads. Impressions would be finally and completely discarded as something payable. Now for the ads on your site to earn you something at all you need conversions that you can now reliably track. For a site owner to be paid, they'd need to increase the CTR; they can't just "provide ad space", they have to work to earn clicks.

So maybe -probably- I'm way off here. Maybe someone can correct me. But as I see this, this tool seems very specifically made for the big advertising platforms.

eleveriven
0 replies
7h8m

I think Mozilla Firefox has long been positioned as a browser focused on user privacy and data protection... This decision is indeed a significant breach of trust

anordal
0 replies
7h5m

I see this as an attempt at a lesser evil, and I would support that (see my EME DRM comment), but I have one concern:

Does this new "privacy preserving attribution" feature respect multi-account containers? Or is it somehow not considered necessary, because it's meant to be less invasive than the tracking cookies it's supposed to replace? Call me skeptical for now.

I'm a happy user of multi-account containers, which lets me separate my cookie identities in Firefox. Before, I had to use different browsers for work and private, and yes, it solves this problem, but the best part is that I don't have to worry about tracking cookies, because they aren't tied to my personal accounts: In my experience, I can to a great extent escape the echo chamber I'm in, and the ads I see in it, by just deleting the cookies of my sacrificial default container.

Other than that, considering the status quo – that the web is already an unfriendly GDPR nightmare, I'm positive to the initiative. And because of the power of the default, I can understand that the feature wouldn't likely take off if it was opt-in, so I won't criticize Mozilla for that move either.

account42
0 replies
5h28m

I always think it's ironic when these things are reported on by websites that force you into accepting their ad tracking which really should be illegal under the GDPR.

Timber-6539
0 replies
1h55m

At this point Firefox is just a brand for Mozilla to do with as they please. All the talk about a non-Chrome browser with defacto privacy features was just bait to get loyal followers and later on down the road sell them something. Seems ads is just their newest offering.

ManBeardPc
0 replies
8h0m

Maybe I don't fully understand the technical implementation, but as far as I have read about the implementation this gives personal information to a third-party. This should automatically mean that Firefox would violate European GDPR laws, they clearly need to get consent from the user before collecting anything. Not just a moral issue, but can quickly become a legal one as well.

EADDRINUSE
0 replies
5h1m

`sudo echo "127.0.0.1 push.services.mozilla.com incoming.telemetry.mozilla.org" >> /etc/hosts`

Dwedit
0 replies
4h33m

How does using uBlock Origin affect this?

Archelaos
0 replies
4h51m

Years ago I had a "Download Firefox" button on my Web-site. I have removed it because of similar incidents in the past. And I stopped recommending Firefox to friends and relatives, because I can no longer do it wholeheartedly. I am not even sure myself, whether it makes a big difference which browser you use nowadays. More out of tradition I am still using Firefox myself, but I know other technologically competent people who shifted away from it. I can only assume that this was for similar reasons: It is felt that Firefox gives no less cause for annoyance than other browsers. When Firefox gradually loses more and more dedicated supporters who become indifferent, I see a rather bleak future for it.

AlecSchueler
0 replies
1h2m

Anyone else feel done with the web? I can't remember the last time I enjoyed a browsing experience. I think this new default might be the end for me.

8jef
0 replies
7h16m

Please give to LadyBird project and be done with it.