> It’s clear in retrospect that we should have communicated more on this one
What isn’t clear, in retrospect or otherwise, is why companies/apps/services need to keep learning this lesson. The user outcry was utterly predictable from even before the first web article was out. The fact that no one with decision power at Mozilla saw it coming is worrying: either they have zero understanding of people’s concerns for privacy or they don’t care. Neither is good.
> The fact that no one with decision power at Mozilla saw it coming is worrying: either they have zero understanding of people’s concerns for privacy or they don’t care.
Or the third option: they feel the tradeoff of HN & co's criticism style is not a big deal in the end. Criticism of Mozilla in general is very warranted right now, but the way(s) in which everyone is doing so just feels very out of touch with the actual situation. ;P
They're - by their own words - trying to do something in a privacy preserving way because the ad industry is not going away. They might fuck it up at first, and that's why it's an experiment. It's also possible to disable it, it's not like you're trapped in it.
This thread in general feels like it leaves Mozilla no room to experiment or find any form of growth. People want them to be "just a browser" but then also expect them to be stewards of the web - and then cry foul when they actually try to find a setup that fits into the current model of the web.
> Or the third option: they feel the tradeoff of HN & co's criticism style is not a big deal in the end.
That’s the second option: they don’t care.
> This thread in general feels like it leaves Mozilla no room to experiment
If you you’re going to experiment with something that’s going to cause this amount of backlash (and my criticism is that they didn’t take the obvious reaction into account), you show a dialog on first run that tells you what the feature is, perhaps include a “Learn More” link, and have an option to accept or deny. You can even have the former as the default. And do it in your betas first.
Would that still cause some backlash? Possibly. But it would’ve been significantly milder and you would have seen a lot more defence of Mozilla for not doing without asking.
Mozilla in particular is frequently pulling crap like this and getting flak for it. They have to constantly apologise and back track. After a while you’d expect they learned something.
> Mozilla in particular is frequently pulling crap like this and getting flak for it. They have to constantly apologise and back track. After a while you’d expect they learned something.
Well, they learned: they fuck up, backtrack & apologize (it is free, no real impact, so no worries), and life goes on.
> Or the third option: they feel the tradeoff of HN & co's criticism style is not a big deal in the end.
Well, right now, with their dwindling market cap, I feel like their only userbase is HN & co's type of user.
They repeatedly failed to increase their user base with non privacy conscious adjacent communities. So antagonizing the ONLY folks that go through the trouble of installing a non default browser to have a worse user experience seems like a big brain moment.
I wonder what the market share in that segment is? From my experience, startup types almost exclusively use Chrome or Safari. Firefox doesn't even register with most devs.
It seems somewhat questionable whether or not it is possible to sustain something as complex as Firefox based on users like us. There might not be enough, or enough people willing to pay.
They’d be really screwed if Google didn’t give them a good deal. Somewhat wondering if Google just keeps them around to stave off the appearance of being a monopoly.
The web seems to have gotten pretty unsustainable in general. Might consider upgrading to Lynx or something like that.
> It seems somewhat questionable whether or not it is possible to sustain something as complex as Firefox based on users like us.
I have this crazy theory that Firefox could be completely sustained by users willing to pay for it.
I mean... Mozilla Co definitely couldn't be sustained by users money only, but Firefox could.
The only path I can see for a healthy web (if this is even possible right now) is to completely liberate Firefox from Mozilla's shackles and mismanagement. A free and open-source browser should be treated more like a public good, such as a Linux distribution, than a money-making machine.
What you call Stockholm syndrome, I call reality. ;P
This is an area that we are stuck contending with. Legal solutions are needed here but that path is mired by complex and powerful lobbying. If Mozilla can push for a more private or more protective - even if not fully private or fully protective - then I’d like to see where it goes.
Firefox has 3% market share. Completely refusing to engage with your enemies only works when you have the actual guns to back that attitude up.
If you refuse to engage with the ad industry they just ignore you. Oh and the company that owns a large part of the world's ad industry and owns the browser that has 65% market share also pays like 90% of your bills.
I mean, what's step two of your glorious plan to charge fists raised into battle?
> The advertisers get your data either way, so why not use Chrome?
You might believe that the advertisers get less of your data if you use Firefox.
Similarly: you might be less likely to have your house burgled if there are locks on the doors and a burglar alarm, even though people with those things still get burgled sometimes. You might be less cold outdoors in winter if you wear a parka, even though it's still cold. You might be less bored if you buy/rent/stream some interesting books, music and movies, even though having those doesn't guarantee never being bored. You might be less likely to lose your next chess game if you practice tactics and learn openings, even though you'll still lose if you play Magnus Carlsen. You might be less likely to have a heart attack or stroke if you take those antihypertensives the doctor prescribed you, even though those are still tragically things that can happen to anyone. Etc., etc., etc.
Very few things are absolute and perfect. It's usually a matter of "less" versus "more".
This latest thing gives advertisers more information about me than they would have if Firefox didn't do it. (Unless I turn it off, which in fact I have done.) It doesn't give them very much information about me. I'm pretty sure they would get much more information about me if I switched to using Chrome (e.g., because Firefox supports better adblockers).
For the avoidance of doubt, I do think Mozilla should have made more noise about what they were doing, I do think there's a repeated pattern of them putting things into Firefox that their users don't really want and hoping no one will notice[1], I do think that says something bad about how Mozilla is run, and I would be happier if the Firefox project were run by people less inclined to do such things. But none of that means that you might as well use Chrome instead of Firefox, if you happen to value the things that Firefox still does better than Chrome.
[1] Actually, I think they know perfectly well that some users will notice, and they've decided it's overall better PR to do the thing quietly, wait for people to complain, and then say "oh, whoops, we should have been more open about this, we're so sorry and will totally not do the same thing again in six months".
> You might believe that the advertisers get less of your data if you use Firefox.
Shortly as Chrome implements Privacy Sandbox, both Chrome and Firefox will support the same levels of advertising tracking. For Chrome, this is a privacy upgrade of sorts, but for Firefox, this is a definite downgrade.
As Firefox converges on Chrome in this area, the privacy advantage evaporates.
Does Chrome do anything equivalent to Firefox's "Enhanced Tracking Protection"?
Chrome forces extensions to use "Manifest v3" rather than "v2", which cripples some ad-blockers; in particular, the full version of uBlock Origin will run on Firefox but not on Chrome. (I'm not sure of the details about the v2->v3 migration; maybe that isn't universally true yet. If not, it will be soon.)
"Reduces" and "evaporates" are not the same thing. I see the case for the former, not for the latter.
I dont believe that, and have no reason to believe that at this point.
Any browser that makes me monitor their changes for privacy destruction is basically just chrome with more steps.
Actually it's the other way around. As long as Firefox only has a negligible market share, advertisers are not going to care about it enough to work around Firefox-exclusive tracking protection forever. Regulators are also not going to be concerned that Firefox makes certain business models harder because it is insignificant.
I know it feels right to say that. But really, do you think the majority of people who switched from Firefox to Chrome did it because FF did not address their privacy concerns? Seems ridiculous. However bad FF is, Chrome is much worse.
It seems far more likely that the remaining 3% are the few people who care, and therefore, "pulling this shit" did not cause the current market share.
> This thread in general feels like it leaves Mozilla no room to experiment or find any form of growth.
Mozilla is welcome to experiment. The issue here is:
- The default opts the client in instead of the client making that choice to be a Guinea pig in the experiment
- I get emails almost weekly that amount to Mozilla playing the role of internet privacy police. They *are* well aware of the rights and wrongs. Are they going to call out themselves?
- As for growth? How about paid pro-privacy email hosting? And a suite of applications (a la Google docs)? Advertising might not be going away but there are still opportunities that align with Mozilla's ideals and brand... And they're too busy being hypocritical internet police???
I think the worst part of the funding equation is that had Mozilla stayed on mission and invested it's Google fees wisely, Firefox development could have been indefinitely funded.
Instead, we have had Mozilla sprawling in numerous directions secondary to the browser and failing in nearly all of them.
That is the problem, people want to run a modern corporation with its tentacles always reaching and growing instead of focusing on a core business proposition that they can win at.
If you dont grow at double digit percentages year of year, are you even trying?
> The default opts the client in instead of the client making that choice to be a Guinea pig in the experiment
I think this is a reasonable critique, even if I personally don't find it a big deal. If it's privacy preserving, I don't necessarily give a shit if it's defaulted on - especially if there's a way to disable it.
(IMO, defaulting it on and then widely announcing how to disable it is what they should have done, and their bungled communications on this is biting them)
> I get emails almost weekly that amount to Mozilla playing the role of internet privacy police. They are* well aware of the rights and wrongs. Are they going to call out themselves?*
Why would they call themselves out here...? They have stated, very bluntly, that they are trying to do something in a privacy preserving way. They are acting in line with their stated intentions/role/etc.
> As for growth? How about paid pro-privacy email hosting? And a suite of applications (a la Google docs)? Advertising might not be going away but there are still opportunities that align with Mozilla's ideals and brand... And they're too busy being hypocritical internet police???
Those are wholly separate business ventures, whereas dealing with the advertising behemoth is an unfortunate part of the browser ecosystem today. Someone, somewhere, is going to have to contend with this - and Mozilla is somewhat uniquely positioned to explore here.
If you think Apple or Google are going to do it without perverse incentives, then I don't know what to tell you.
We all lost our minds when Google tried to pull their privacy-preserving Federated Learning of Cohorts thing. I expect an even bigger outcry when Firefox, whose entire brand and reason for existence is privacy, quietly tries to do the same thing.
> People ... expect them to be stewards of the web
Do people really expect that? I'm glad they're part of whatwg etc., but I'd much prefer they just made a good browser instead of tooting their own horns about how much good they're doing for society. In the end I think society would have been better off if they'd just focus on good tech like Gecko/Servo and Rust and not bothered with all their side stuff.
One reason is that the people who would be promoting Firefox aren't.
Personally I feel mostly ashamed to admit I'm using Firefox. In theory Firefox is great. In practice they coming up with new ways to treat their core user base badly.
That is because Mozilla has consistently moved Firefox in the direction of a Chrome clone.
When Firefox started is was not a copy of existing browsers. There is no reason it would have to be now. But they have rejected their core users. So now the only option left is a Chrome clone because that is what people are used to.
People used to have a dozen different instances of IE6 open. It was a pain to switch between them and it made your computer run slow. Firefox had tabs. And it had AdBlock. Those were things people wanted.
But these days, Chrome is plenty good enough for most people. Even if Firefox had a perfect privacy story and focused on their core users’ every whim, I don’t think their market share would grow.
Well then they need to close up shop or think of something else, because adding more ad tracking isn't a feature to anyone but predatory advertisers, and they will only keep paying you if users keep showing up.
For what it’s worth, I agree. Adding more tracking definitely isn’t going to help. But I don’t think there are any easy solutions. I definitely don’t envy the people in charge of Firefox’s product strategy.
Even if it was a credible idea, how exactly do you think that Firefox - the browser that the minute anything changes, the internet blows up over - would significantly alter their product in a way to differentiate themselves from Chrome?
This isn’t even getting into base level stuff like available engineering resources, or the scenarios where the other vendors often control or have deals to give them favorable distribution on platforms.
This isn’t the IE6 era. It’s a significantly different and harder problem.
> Even if it was a credible idea, how exactly do you think that Firefox - the browser that the minute anything changes, the internet blows up over - would significantly alter their product in a way to differentiate themselves from Chrome?
You're presenting it as though any change would be met with hostility, but the alternative is that they're only met with hostility because they keep making changes that hurt the users. A little while ago they announced that they were working on properly supporting vertical tabs and tab groups; that wasn't met with any hostility. Of course, in the same announcement they said they were planning to dumb down the rest of the interface even more, which was. But the point stands; they can get a positive reaction by making changes their users actually like, they just don't do that as often as they do the other thing.
For one, not throwing out their only differentiated advantage versus Chrome. For two, not taking the option that removes user control and customization whenever there is an option to do so. They could have been the privacy-focused browser, but it is still full of crap like this and various bits of undisclosed telemetry.
There would be value in being the only browser to actually stop when users tell them no. But they seem incapable of listening.
> They could have been the privacy-focused browser
I don't see how trying to find a privacy-preserving way of dealing with the ad conundrum makes them not a privacy-focused browser/company.
You'd need to otherwise cite something re: undisclosed telemetry, considering the project is open source... so I'm not sure how exactly it'd be undisclosed.
> When Firefox started is was not a copy of existing browsers.
IIRC, when Firefox started, it was very similar to the full Mozilla Suite with some features removed (which is not surprising, since it started as a Mozilla Suite derivative and they shared a lot of code). It has a long lineage going back to the old-school Netscape Navigator.
I have already noted in my other comments that I think the desire for opt-in and/or way more notice with how to opt out is a very reasonable take, even if I don't necessarily agree with it.
There's no need to imply that people don't comprehend things here. ;P
> It's also possible to disable it, it's not like you're trapped in it.
Or so they say, in order to make people be OK with it. They might play the waiting game and in a year or two will make the setting not do anything and still collect / send data, hoping that by that time people have forgotten.
There is so much hypothetical-borderline-conspiracy-theory packed in to this single comment that I cannot find a charitable response.
I'd be fine to continue the discussion if you can find a way to engage without assuming that the people who build one of the last checks on the open internet are somehow trying to maliciously invade your privacy.
The days of Mozilla having earned the benefit of the doubt are long gone for most people.
The person you replied to made a reasonable point and your response reads as defensive and dismissive. Do you have an interest in Mozilla we should know about?
Eh, I don’t think my comment is defensive. I also could’ve just ignored the comment.
I explained to them that I’m open to discussing but there’s nothing to be gained when the comment starts off in conspiracy theory. It’s an open source project, people will 100% notice if they tried to do what the parent comment is suggesting.
> It’s an open source project, people will 100% notice if they tried to do what the parent comment is suggesting.
No-one thinks they'll lie about it. They'd announce it quietly just like this change, letting the fuss blow over. The average user would never even realise and Firefox would continue on its journey towards user hostility.
You’re certainly welcome to read it however you’d like.
OP specifically said “make the setting do nothing while still collecting the data”. I don’t know about you, but a setting that acts like that would be akin to lying.
> OP specifically said “make the setting do nothing while still collecting the data”. I don’t know about you, but a setting that acts like that would be akin to lying.
Well, that is what Firefox did here. They created a new feature, defaulted it to on, in direct contradiction to user choices. We know this because this Web Site Advertising feature defaults to on even where the user has the strictest level of tracking protection enabled and even when the DNT option is selected. Even so, Mozilla has decided that this form of tracking is not covered by those clear signals of user intent.
So why not believe that Mozilla will do this again. Deprecate existing tracking choices and enable Web Site Advertising tracking for everyone. Like this change, it would be announced and decried and ultimately used by the majority of users who don't follow browser changelogs.
What will happen is that privacy advocates like me will recommend not to use Firefox, as it's functionally equivalant to Chrome is this respect and far less supported, and Firefox will continue to die.
This pains me as a former contributor and advocate, but it's almost inevitable now unless a privacy-focused non-profit can fork Firefox and leave Mozilla to it's decline. I would even pay for a Firefox fork, but I will never donate to or purchase again from Mozilla.
No, let's be very clear here: what Mozilla/Firefox did here was default users in to a setting without good notice on how to opt out.
This is different from what was said in this thread, which is making the setting do nothing while still collecting the data. If you disable the setting/opt out, then the data isn't being collected.
> No, let's be very clear here: what Mozilla/Firefox did here was default users in to a setting without good notice on how to opt out.
That's a framing so charitable to Mozilla that it is untrue. Again, do you have an interest you should be declaring in this conversation?
> This is different from what was said in this thread, which is making the setting do nothing while still collecting the data.
No, it's not. It ignores the Strict Tracking Protection and DNT settings and opts in users to tracking. It's absolutely identical to possibility posited by the other commenter.
For all your pontificating above about other people's comments, it seems the only person commenting in bad faith is you.
I don't see how it's conspiracy theory. Firefox has done exactly this over and over again. (The latest example that annoyed me: browser.proton.enabled =false)
As a user of Firefox, I feel like I'm in a constant battle with Mozilla/FF to disable every new bad idea they have. Every time I'm forced into a surprise update I didn't ask for/try_to_install, something gets worse. This isn't an unusual state for commercial software, but Firefox is supposed to try to not be commercial.
Firefox is dependent on Google for ages, that should tell you all you need to know about "conspiracies".
I am not interested in a discussion with a person who gives the benefit of the doubt of a company who has clearly not only made a Faustian deal but is now looking to expand partnership with the people that nobody wants tracking their machines and activities.
Because as we both know, in the entire history of humanity there were NEVER any conspiracies when there is money to be made, right? Wink wink.
Well, no, that doesn’t tell us anything about conspiracies. That’s just Mozilla getting money from Google. You can argue that it’s problematic from the stance of Google using Firefox to argue they don’t hold a monopoly - and I’d agree with you there.
That deal with Google isn’t enough to leap to the conspiracy theory here though. The ad industry isn’t going away, Mozilla seems to want to try to make it work for all parties.
If you want to let perfect be the enemy of good, though, go for it. shrug
That is incredibly reductive and entirely misses the scope of the issue. It isn’t just HN. In case you’ve missed it, the article is not an HN page but a separate website. The comment I replied to linked to Reddit. It’s all over Mastodon. I’ve seen other blogs and publications commenting on it too.
Yes, of course a large number of people won’t talk about this in six weeks, let alone six months. On the other hand you’ll have ex-hardcore fans complaining about it for over six years. I still see people talking about the Mr Robot debacle and the other crap Mozilla has pulled to this day. If anything, Mozilla is more susceptible to this backlash than the average tech company. Regular computer users don’t give a rat’s ass about Firefox. The people Mozilla needs to convince are exactly the ones they keep alienating.
They might be correct but this thinking is also how Mozilla lost most of their German market share due to Cliqz. They assumed people would not care but they did. Also this is trending on /r/all on Reddit right now.
If this were, say, Adobe, I’d agree with you. HN as a community doesn’t have much clout in the design or video space.
This is Mozilla we’re talking about, though. HN is exactly the sort of audience they need on their side. That bunch of nerds is the same group they relied upon to evangelise for them during the IE era.
Mozilla might just have decided that that's no longer the case: that their funding from Google does not depend on nerds advocating for the browser. That is either they came to the conclusion that Google will continue to fund them even if the market share continues to fall or they have decided that the end is inevitable and are just trying to milk the cow for all that she's got.
This comment shows such a lack of context of the history of Firefox that I wonder if it's trolling?
Firefox exists and reached its peak because of the people that idealogically cared about the Web and interoperable,security, privacy, etc who contributed to and advocated for Firefox.
This bunch of nerds creates software, including for the web, and sometimes there's an option to test it on Firefox or not. Nerds also recommend browsers to friends and family.
Companies know this but they don't care because there are rarely any consequences that cannot easily be mitigated with cheap PR tactics. Even now you are responding to a PR statement that is trying to reframe the issue as users simply not understanding what Mozilla is doing when in reality Mozilla knows full well that this goes agains the explicit wishes of a large part of their userbase but have chosen to enable this anyway. This isn't a communitcation issue. This is a fundamental "who does Mozilla serve" issue.
> What isn’t clear, in retrospect or otherwise, is why companies/apps/services need to keep learning this lesson.
They are trying to find a funding model that makes them independent from Google.
- Building a fast, privacy-oriented browser that keeps up with web standards and fixes security bugs takes people, organisation and therefore money. Yes, much more than that CEO salary.
- No one wants to buy for a browser.
- No one wants to pay a subscription fee for a browser.
So you are left with ads. Mozilla is trying to find a balance there between privacy and ads with a clearing house approach. People who hate ads out of principle scream. How should browser development be funded?
One of the most common Mozilla complaints I see on the web is that you cannot fund Firefox development directly. People want to give money to it, but cannot.
Which makes sense, I guess. Anecdotally, Mozilla is by far the company I know with the most vocal users that get completely ignored.
Which is easy money that Apple uses for the company as a whole. They don’t make Safari because of Google’s money nor is it likely they would stop developing it if that money was no longer paid.
If the Mozilla foundation creates a donation button with the condition that the money goes solely to browser development (no CEO salary or political activism) I will donate.
Except that it's well-known fact that none of your donations for the foundation ever go anywhere near Firefox itself, since Firefox is spun off as their commercial sector to accept Google's money
Mozilla has tried experiment after experiment to try to earn money. Let's try forcing Pocket down people's throats. Let's automatically install Mr Robot. You know what people will love? Full-page ads for a VPN! No one has seen enough VPN ads!
The one funding model they haven't experimented with at all is actually asking people to pay for Firefox. Donations or subscription, they haven't even tried it once.
And yet people will over and over again insist that that would never work. Doesn't that strike you as odd? They're willing to flail about trying thing after thing after thing that their users hate and yell about and they end up having to pull back, they're willing to burn credibility over and over again, but the one funding model that their users keep telling them they want they refuse to even try on the grounds it would never work.
I do expect that's the next step at Mozilla - locking features behind paywall with some premium plan. Cloud sync probably will fall into that basket. And if that eventually won't work - they'll surely announce it's time to "sunset".
Personally, I think that's what they should've been doing all along. If it doesn't work at this point, it's because it's too late, and they've already burned enough of their credibility that people don't want to give them money anymore.
> And yet people will over and over again insist that that would never work. Doesn't that strike you as odd?
Not really. Perhaps they know enough about this that they believe it wouldn't work. How much would you pay for Firefox per year? How many people would pay that figure?
At the same time, even a tiny bit of friction is enough to get people over the mental hump of paying for something.
They could easily gate off certain features behind a paid build, so either you pay or compile it yourself from source. Downstream packagers could of course do whatever they want (eg Debian). However, it creates a minor amount of friction for a relatively large fraction of the user base, and moreover sets the baseline expectation that this is not really "free as in beer", even though it remains "free as in freedom".
See also: Sublime Text, which, despite being closed-source, is 100% free-as-in-beer to use in perpetuity, and yet somehow they make enough money To not only continue development, but even start developing other products (Sublime Merge), even as their brand recognition wanes and their competitive advantage shrinks.
It doesn't have to pay for the entire Mozilla organization, it just has to bring in more money than the random other stuff they've tried. That's not a very high bar to cross.
You can even donate money today: https://foundation.mozilla.org/en/donate/
From memory, Mozilla's spent years trying to get donations through asking people nicely and in relatively unobtrusive ways in-browser for years. You can even give monthly - a subscription, if you will.
Not only have they tried both donations and subscriptions, but their efforts have been resoundingly ignored. To the point where you are far from the first person to fault them for supposedly choosing to not do what they demonstrably do.
Perhaps people suggest that donations and subscriptions don't work well or reliably because there's history showing that.
> At one point Mozilla was literally selling a VPN subscription. That point is now - you can go buy one today.
I don't want a VPN. And I don't want to pay money to a Mozilla VPN of which some unspecified percentage will actually get used to pay for Firefox development (with the rest actually paying for the VPN). I honestly feel my money does more harm than good paying for the VPN because it creates a false impression of where the demand is.
I don't want a subscription to an unrelated service, I want a subscription to Firefox. I want my money to go into a stream that unambiguously shows my support for the single Mozilla project that I care about.
> You can even donate money today
That money will not (and I believe cannot) go to Firefox. As presently structured the corporation does all Firefox development, and the corporation cannot receive money from the foundation, so donations to Mozilla do nothing for Firefox.
> Not only have they tried both donations and subscriptions, but their efforts have been resoundingly ignored.
Not ignored, for the reasons stated above they haven't actually done what you say they've done.
Especially since this is very similar to what happened with Cliqz and that there likely are many at Mozilla who were around when that happened too. And the Cliqz scandal hurt Mozilla's market share a lot in Germany.
They don't care. It is not the first time, always the same excuse and blame the user to not be intelligent enough to understand (this is what communicated more means in their broken by profit minds).
> this is what communicated more means in their broken by profit minds
"We should have communicated more" seems like a passive-aggressive way of saying "Oh, you poor simpletons... We should have talked slower, used more, simple words, and been more persuasive. We failed to properly explain why you're wrong. If only we did that, you'd more readily accept what we're giving you."
> What isn’t clear, in retrospect or otherwise, is why companies/apps/services need to keep learning this lesson. The user outcry was utterly predictable from even before the first web article was out.
One possibility is they knew there would be an outcry but estimated that the loss in user support because of it would be limited enough that the upside of having the majority of users with the setting left on wins.
it's a classic abuse tactic: if you ask first, people will cry out and if you then do it, it'll be considered escalation on your part. so instead you do it first, and if possible, do something worse to begin with, and then when there's outcry, you take a small step back, claim to be the reasonable one, and then later on push the rest of the way.
> It’s clear in retrospect that we should have communicated more on this one
Oh maaaaaaaaaaaan do I despise hearing variations on this "non-pology."
It's never "Wow, we fucked up by doing something harmful to you." It's always, "My bad, I failed to explain exactly why you're wrong to think this is harming you. I take total responsibility for not explaining why this is actually good for you. I'll try again."
Lets be honest, the number of HNish folks running Firefox is insignificant, compared to number of people using Firefox because their friends recommended it. So even if lets say 1% of the users(HN and similar folks) perform an outcry and go ahead disabling it, the other 99% of the people will still be a huge moat of data. These strategies(though I am willing to give Mozilla the benefit of doubt), had been played out many times, "ops we did this ... emergency update to fix it ... we are releasing this now officially, agree to our terms if you want to continue ... you can always opt-out ... slow boiling frog metaphore ... this is now permanent with the option to disable is gone and forgotten about".
Y tho? I run firefox and chromium side by side all day to isolate personal from work and chromium crashes constantly on a 64GB machine. Chrome uses so much more memory.
> What isn’t clear, in retrospect or otherwise, is why companies/apps/services need to keep learning this lesson.
Please. This is never about learning and better communication. This is universal corporate English for: "you got us, but we really don't give a flying ef and we will fulfill our goals step by step - no matter what you say".
Step 1 - outrageous move
Step 2 - apologize, progressively pull back
Step 3 - people spread word they made it better
Step 4 - stick to still outrageous but comparatively better "middle" move
To really give it any excuse anymore. And so have you. If "Unity" tells you nothing... I'd like that rock, please, I'll need it to survive the incoming 4 years of social media.
Once you start assuming that every apology is fake and in bad faith, the world quickly goes to shit.
I'm not saying its impossible for apologies to be in bad faith, just that if it becomes impossible to apologize and move on after making a mistake, it becomes impossible to do anything productive.
Holding corporations (or anyone) to account requires having some way for them to rectify their past sins.
Otherwise this is just vengence. If you never forgive there is no rational reason for corporations (or anyone) to stop doing whatever objectionable things they are doing, since it would already be a sunk cost.
Honestly, having worked at companies that made unpopular product decisions (nothing like this, but still every company puts its foot in its mouth sometimes), it can be surprisingly non-obvious what gets people bothered and what doesn't.
We always see the decisions that blow up, but we dont notice the thousands of decisions nobody cares about. Sometimes it really does look like just another minor feature request at coding time.
> it can be surprisingly non-obvious what gets people bothered and what doesn't.
Agreed in general, disagreed in the specific Mozilla case. They’re an internet-related company where “privacy” is one of the stated core goals, yet they’ve stuck their foot in their mouth so often they could open a shoe shop. Failing to see this one is at best incompetence.
Key comment replying to him there which gets no reply from him: "Opt-out is NOT a consent".
This is very problematic, see my last comment: https://news.ycombinator.com/item?id=40966312
> First, in the absence of alternatives, there are enormous economic incentives for advertisers to try to bypass these countermeasures, leading to a perpetual arms race that we may not win.
It's very likely that this arms race will lead to DRM in web publications and video feeds (which Google is already experimenting with).
I will begrudgingly admit he has a point here. In a few years I imagine almost all sites will refuse to serve anything without WEI, and the "open" web will be the preserve of a few hobbyists. Annoyingly you'll still need to use a compromised browser (or worse, app) to do anything with your bank, etc.
Yes, the kneejerk reaction against FF here isn't really thinking things through. Mozilla has to walk this tight rope since ad companies own the web already.
Realistically, the best outcome at this point is that enough users are willing to send enough data to advertisers so they allow the open web to continue.
The alternative is that sites will eventually only work in Chrome or Safari on limited, locked down platforms (read: no Linux support at all).
This is an attempt to try. You don't win my being an immovable wall going against the biggest corporations. If the W3C manages to create a system that satisfies advertisers while preserving our privacy, that's how you win. There isn't a future where advertising will just disappear. I'm just being pragmatic here, as a user of ad blockers for 15 years.
It's not an attempt to try, it's reputation management. There is no 'anonymization' of data, because the advertising companies Mozilla is selling your data to now have almost 20 years of profiling that can effectively identify people through "anonymous" results. This has been known for years. Mozilla knows. They don't care.
Most advertisers will not be satisfied with that. The real question is if regulators will be and therefore can use this as a reason to clamp down on advertisers. If so this might work, but I am skeptical. And either way it was wrong of Mozilla to sneak this in as opt-out.
I can see the economic argument, but I am not sure that I buy it. W3C could push this as a standard, but surely anything that is privacy preserving will by its very definition provide less data for advertisement targeting, no? With less data, the targeting is likely to be worse in terms of advertisement efficiency. Thus, the economic incentive even in an ideal situation as with a W3C standard will be pushing any advertiser to "betray" the system and fall back on the very arms race that Mozilla is arguing that they are trying to avoid, no?
At best, politicians could jump on the "solution", but then why are Mozilla not already lobbying in that case? Why is the first party they are reaching out to the wolf in this drama?
Regardless, Mozilla has lost me at this point as a user. This being opt-out is inexcusable and I will find ways to gravitate away from them as I should not need my poor package maintainers to be paranoid with their upstream code in the same way they have to be with Chrome in order to protect us from developer abuse like this. Will try Mull on mobile now, hopefully it is viable, and see how I solve the desktop situation when I can find the time.
An immovable wall is exactly what is needed to confront big corporations when they behave abusively (and intrusive profiling is an example of this). 'Pragmatism' here is just acquiescence in creeping surrender. Look what advertising has already done to the web and privacy.
Except being uncompromising is exactly how free software won. And compromising on EME DRM did not make websites using that DRM any less restricted to popular platforms. Compromise is not a winning move when what you are fighting against is fundamentally unacceptable.
Which will lead to counter moves by alterative browsers and websites and Google risking the loss of browser market share. If you think this is unthinkable, just look back at Microsoft's dominance of the browser market twenty years ago. Exactly like Google is doing they were pushing through all sorts of user hostile stuff via internet explorer. Before Chrome came along, Firefox was one of the few holdouts against them. Internet explorer users were dealing with all sorts of crap. Popups, popunders, all sorts of viruses, cross site scripting attacks, etc. Mostly that was just a mix of poorly designed features but there was also MS trying to get into search and advertising and they were trying to abuse their defacto monopoly to do that.
I don’t disagree with you in principle, but this history is not quite right. IIRC the IE6 team was shut down. Basically only Mozilla and Apple were building browsers at scale until Chrome came along.
Yes, you are definitely missing a decade here. The internet explorer/edge team was shut down long after Google grabbed most of the market share.
Chrome was launched 2008; Safari had its first release in 2003. And I was using the early Phoenix builds (later the name change to Firefox happened) in 2001. The version of internet explorer around the time Chrome launched was v7. IE 6 was already old news by then. And IE 8 launched soon after the Chrome launch. 9, 10, and 11 followed. And then the switch to Edge happened; which was a complete rewrite of their browser engine. Only in 2020, MS announced switching to Chromium. So, that's about 12 years of MS trying to hold on before they finally gave up.
Wait aren't browsers already trying to implement anti-tracking measures? Are you saying Mozilla has been holding back improving anti-tracking for the benefit of advertisers until now? Now that is evil
> Wait aren't browsers already trying to implement anti-tracking measures?
Yes, and trackers are investing large sums of money into breaking those measures.
If you give advertisers a lawful non-user-threatening way to measure their ads performance, a lot of that money may disappear.
(Or it may not, or it may disappear either way. That one market is crazy and I know almost nothing about it. But the claim that the money may disappear is valid, and you have to provide a valid counter-claim if you want to contest it. Calling it evil doesn't cut it.)
But this is exactly what I wrote that I don't believe in my initial comment. There'll always be more money in more intrusive tracking. Why would they give that up? Surely Mozilla is selling out to advertisers based on something more substantive than "we hope that advertisers won't keep taking a mile if we give an inch"?
Which is one of the main reasons why it’s such a problem that the search engine with an overwhelming market share also owns the browser with overwhelming market share and is also the largest online ad company. Not to mention they pay billions each year to the other browsers. Google has a huge amount of control over every part of this.
google is the owner of the DRM verification system, they add exception for google robots, website only appears on google, kills other search engines in the process
If the DRM is coming from Google, I'm sure they'll take that into consideration when designing it. Feels ripe for an anti-trust lawsuit, but IANAL so who knows.
When I wrote the comment I was imagining Google using the tech as a moat to stop other search engines from indexing DRM protected content. I guess if they shared it and "all" search engines could index the content, it would probably be fine? I'm guessing that's why Widevine is "fine".
But like I said, I'm not a lawyer and have no idea what I'm talking about.
You’ll notice that Google search now shows excerpts from things you can’t actually see visiting the site (paywalled news, paywalled scientific articles). The age of “show us exactly what users see or get downranked into oblivion” is long gone, sadly.
This has happened before. Remember the critique against Encrypted Media Extensions (https://en.wikipedia.org/wiki/Encrypted_Media_Extensions): Oh no, DRM in the browser! But remember that web video used to require Adobe Flash for the longest time, and even after a decade of HTML5 video, sites were still clinging onto Adobe Flash (and later also Microsoft Silverlight) for what turned out to be DRM purposes. At the time, these plagued proprietary blobs were not going anywhere. Except, after EME had widely supplanted this last holdout usecase, they were quietly allowed to die. The result is that we have much smaller-scoped proprietary blobs in the form of content delivery modules with a lot fewer bugs and portability issues.
The situation with Flash and Silverlight was better than the situation currently is with EME. Before, you could implement a standard-compliant open source web browser, you just may not be able to view certain non-web embeds. Now, web browsers need permission from Google to view certain kinds of web content, and they can't be open source.
And that DRM will likely come anyway and restric users of niche browsers like Firefox and operatings systems no matter what Mozilla does - just look how EME implementations and Websites using it treat Linux users not to mention non-x86/ARM architectures. So best is to push back now while we still can instead of giving them an inch.
> doing something about [the massive web of surveillance] is a primary reason many of us are at Mozilla
> we consider modal consent dialogs to be a user-hostile distraction from better defaults, and do not believe such an experience would have been an improvement here.
You know what's user-hostile? Doing things without the user's knowledge or consent. The new tab page of Firefox after an update often advertises features of the release Mozilla sees important (their VPN offering, Firefox on mobile, etc.). This time the new tab page told me nothing about this change. Communicating it to me was "free" and they still actively refused to do it.
"Doing something" about surveillance starts with transparency but if Mozilla's leadership doesn't see this as important they have no place leading such a company. Mozilla doesn't seem to wrap its head around the fact that their users use Firefox because they don't want the same kind of shady tactics Google or Microsoft keep pulling, they don't want their browser control to be handed over to some guy in a board room who needs a PR team to give a lengthy non-answer to the problem.
I see a lot of words spent on why they came up with this technology but barely a mention about the biggest issue here especially from a company that presents itself as a champion of user rights: they pushed the change in the dead of night and took an actively hostile decision in the users' names by enabling a clearly controversial setting without any warning or communication.
> we should have communicated more on this one
This kind of PR speak for "we actively kept it hidden" is the best way to alienate the users who investigated and chose this browser for a reason.
> Most users just accept the defaults they’re given, and framing the issue as one of individual responsibility is a great way to mollify savvy users while ensuring that most peoples’ privacy remains compromised. Cookie banners are a good example of where this thinking ends up.
The problem we currently have with cookie banners is thanks to the browser vendors not caring about it.
An API could exist which a page can query, where the user has already pre-selected how they want to deal with cookies. For example reject all but the essential ones, reject none at all, reject some, according to certain criteria.
Even more, the browser could check if the page is adhering to the user's expectations, and if it doesn't, block it for a period of time, like a week or a month, and publish the fact that they ignored the user's wishes.
Possibly also give the user a signed document which claims that this page did not respect the user's privacy expectations, so that the user can use it in court.
This was already tried with the Do Not Track header. Websites simply ignore it. They don't want an easy way to get the user's preference. Because they know that most users would set it to decline tracking. Sites would rather annoy every visitor for the chance that they click 'accept'.
It is enforced, courts just work very slowly. Courts have already started interpreting the DNT header as GDPR-compliant opt-out that websites must follow.
If it wouldn't work, then I'd see no ads in my paper-based iX subscription, yet it is full of ads even though I'm paying for that paper.
But the paper has the benefit that the ads I see there don't collect information on me. This is what I want the internet to be.
Ads OK, but no tracking of me if I don't want it (which I express via cookies when in a browser).
Also, you should note how greedy these companies are that they show you the paywall after you have consented to the cookies in order to read the article. No hint on that accepting the cookies is only useful if you also have a subscription. When you can't read the article, they don't revert the setting of the cookies, but just pretend that they gave you access to the article and keep the cookies around for days or years.
It's not. Tracking leads to better targeting which leads to higher conversion ratios and overall higher "Cost Per 1000 Impressions" (CPM).
If you simply do "contextual" targeting, so targeting based on the page content, your CPM will go down and and the publisher will lose money.
> Also, you should note how greedy these companies are that they show you the paywall after you have consented to the cookies in order to read the article
Depends on the company. News media publishers use the same system but are usually barely profitable if at all.
> Also, you should note how greedy these companies are that they show you the paywall after you have consented to the cookies in order to read the article. No hint on that accepting the cookies is only useful if you also have a subscription. When you can't read the article, they don't revert the setting of the cookies, but just pretend that they gave you access to the article and keep the cookies around for days or years.
The EU Court of Law decided that offering a subscription or mandate for cookies to be enabled is not legal as an offer. So the transactional nature you propose is currently not allowed. What is allowed is a grey area which has yet to be explored.
Older folks might remember that there were a lot of people willing to make content free, just out of personal enthusiasm, and that this content was actually a lot higher quality than that pumped out by capitalist motivation.
So, actually, users and sites both had what they wanted, just not corporations.
Although I agree that news media quality is not always great (really depends from one publisher to another), I would not really qualify random people on Twitter as "news coverage".
DNT was before the GDPR. The landscape has changed considerably since then and a standardized opt out signal being enforced is not out of the question.
He's talking about cookie banners. The issue with cookie banners are the dark patterns, but the end-goal is to obtain permission from the user to set cookies.
This requirement to constantly ask the user while using these dark patterns is what makes normal people just give up and "accept".
If the page is expected to ask the browser which preferences the user has set regarding the cookies, then this problem is gone, because the page no longer is expected to ask a person via a popup.
First there's a justification based on current anti-tracking system being bypassed:
> "there are enormous economic incentives for advertisers to try to bypass these countermeasures"
Then:
> We’ve been collaborating with Meta on this
Given Meta's track record with scooping up just about any personal data they can find, it's pretty obvious that this is just going to be yet another datapoint in Meta's collection.
To be honest, I would have used a different approach and browsers would very well be capable to give erroneous data and contaminate data from tracking users. This would be going on the offensive, and I don't believe there are any legal barriers that prevent users from "ad fraud".
I don't believe in cooperation with an industry that has shown no remorse with tracking users at all. That will not be successful. Advertisers will employ this and still track. And it is possible to not get tracked and deliver false data, even today.
Maybe I'm cynical, but the rationale given seems extremely naive. There's nothing stopping advertisers from using this new attribution mechanism and tracking users as much as possible. In fact that's probably exactly what they'll do since it's likely that not every browser will support this kind of attribution.
The arms race will continue as it does today, but advertisers will have yet another avenue to exploit in the form of the attribution API.
"The devil is in the details, and not everything that claims to be privacy-preserving actually is"
Yeah, like Mozilla.
This is not the first time they silently added tracking and avertisement. The toggle with "firefox shares basic telemetry with the adcompany Adjust" has been there activated by default since a while (among other stuff). This is just more tracking from them, while claiming to defend privacy. Another day, another scandal.
Wow. This represents a profound misunderstanding of the advertising industry.
Data is their edge. It's how they compete with each other.
The privacy "arms race" isn't just between the browser vendors and the trackers, it's also between tracker a and tracker b.
Giving them a new data point (no matter how """privacy preserving""" it is) is just that, another data point. It's not going to make them give up on the others.
Is it just me that sometimes get the feeling that when companies have to explain them selves with this amoubt of text, they actually know that they are doing something wrong but are trying to cover it up by these long and unnecessary explanations?
https://old.reddit.com/r/firefox/comments/1e43w7v/a_word_abo...