A "more private browsing experience" that still features the Pocket bundleware and button in the toolbar thats still not un-installable like other extensions and requires about:config edits to disable..
Awesome! This was the only way forward for a user-centric web browser like Firefox. Glad to see that they have listened to user feedback (and uproar) and backed down.
sort of hoping other similar things like hello do that too. thats how id like firefox to be, as a user. would be even better if default off at install ;-) (albeit id probably enable hello, its just nice to not be forced-in for such features)
I was bouncing between firefox and chrome, using them both more-or-less equally. The day the "hello" thing appeared, I uninstalled firefox. Too many useless and annoying things being added to firefox as core components where they do not belong. The fact that anybody can pay Mozilla to have their crappy addon forced onto all users is a problem.
In theory, you can examine it, sure. But I fear that in practice, it's so complicated and large, it's unlikely there are many humans who can really tell about themselves that they really know how the thing works. A certain part - sure, given enough time to read and learn. A whole thing - quite unlikely.
You don't have to understand it in this case, you just have to make sure that code path isn't invoked by anything other than clicking the button. This can be pretty easily verified.
Not really easily in general sense, given that it's JS and not, say, Haskell or BitC.
But true enough, you can spend some time and check that it's unlikely to be executed, unless there's some hidden malicious obfuscated code sneaked under the hood. And discovery of such code would be a giant scandal, so it's unlikely there'd be some - it just won't worth it. Anyway, such analysis would take some time and skill. It's not really possible to just open Firefox source code and immediately understand what's going on. And I was commenting on the general nature of Firefox, not this particular button.
To be precise, though, static analysis can only confirm that there are no obvious direct references to the specific code parts outside of certain areas. Given that in a language like JS such references are surely not the only way how execution can get there, the task is not really trivial.
> And I was commenting on the general nature of Firefox, not this particular button.
Then we have no argument there. I thought you were commenting on the general nature of the Pocket feature, which is also probably complicated given it's its own separate thing, and my reply was just echoing that you only need to understand and audit the layer that talks to the black box. In this case, a button response handler.
I found https://hg.mozilla.org/mozilla-central/file/tip/browser/comp... within 5 minutes of looking. It's very readable, I spent another 5-10 minutes reading it. This is the first time in memory I've looked at Firefox's code, so I didn't even know where to find it, though I'm sure I've browsed bits of the codebase before for some reason. I first browsed to their files, went to 'browser', and since we're talking about the button I thought 'components' was a good next choice, and hey, a pocket directory. Lucky? Maybe. Reading through the component tells me the initial claim of nothing important happening until you click the button seems accurate, except that functions are exposed publicly so other bits of Firefox could probably get at them without user interaction, and when you do click on it (L165) it'll prompt you to sign up at about:pocket-signup before doing anything. If I wanted to get rid of this, googling seems to say you can override default components with some extra effort. I build Firefox from source (Gentoo) so it would be simpler to just add a patch to the build process that removes the whole directory and deletes the dir line from moz.build.
This is just static human analysis, it didn't take much time or skill. But static analysis isn't the only thing you can do, as I initially said "verify". Active verification by monitoring and alerting works great, and if you can do rebuilds like you can with Firefox then you have even greater control. If I were particularly concerned about something happening without my knowledge (with or without the button) I'd use what I learned from reading the code to monitor my network for outreaches to pocket's website. Of course I can't be fully certain some other code doesn't send all my visited sites to some other IP (or maybe an IRC server) that is then harvested by pocket asynchronously... But as you say, it's very unlikely for such malicious and underhanded code to be there.
Stick a printf/file write/breakpoint at the root of the code path if you want continuous verification that the code path never executes except by clicking the button. This isn't hard.
The "Hello" button automatically came back to the toolbar (I had removed it) after the Firefox 42 upgrade. Thought that it could be accidental and checked on a different machine, the same thing happened.
Funny how decisions which financially benefit the developer have a way of "accidentally" being activated by default. The automatic downloading of the Windows 10 update. Or these bundled Telefonica extensions in Firefox.
It compromises Mozilla's claims that they still put users' interests first. Furthermore, they insist that these promoted tiles is something that people want, whereby it absolutely bloody obvious that nobody, except for Mozilla, wants this junk. These tiles basically show that Mozilla can act against users' interests and in a blatantly disingenuous manner. This in turn makes you question the rest of their efforts that are branded as pro-user.
Ads on the web want to track that you saw it, clicked on it, on which website you saw it, when, with which browser, which OS, which was the previous page you visited, what site you are used to browsing, what you purchased, where you live, what is your sexual preference, ... and nowadays they can and they do :/
There are many sites that I like and would happily unblock their ads to support them, but I often don't because they use ad systems that want to spy on me.
The main problem with ads on the web is not that they are annoying (like on TV for example), it is that they are spying on you.
As far as I know, that's not really severe. They only collect stats how much those "directory tiles" are clicked, pinned or removed. Maybe I'm unaware, though.
There are other concerns, though. Did you know that when you type in sync passphrase (if you dare to use sync, of course) - the one that Mozilla is supposed to never have any access to - you're actually fetching a piece of HTML+JS from Mozilla's servers and letting that code process it? That's a privacy/security concern that really bothers me.
> They only collect stats how much those "directory tiles" are clicked, pinned or removed. Maybe I'm unaware, though.
No personally identifiable data leaves your machine, AFAIK. It's actually an innovative way to provide advertising, necessary to fund many things today, while maintaining privacy. Unfortunately there is a lot of misinformation about it and knee-jerk responses to any advertising.
So, as I get it (I haven't read code for this part of Firefox) it sends some counters about how tiles perform. The data is weakly personally identifiable - in a sense that sender's IP address is logged.
Whatever, I disabled those tiles because I just didn't fancy the selection - but it doesn't bother me (personally, other opinions may vary) if browser would eventually ping Mozilla back telling that I had clicked few tiles.
To deliver content, Firefox downloads all possible Tiles for your location and/or language and determines for itself what to display. Data is only collected to report on the performance of Tiles in Firefox. No data is collected to deliver the New Tab experience.
To report on the performance of these Tiles, Firefox reports back to Mozilla:
* Geo/Locale
* How many times a Tile is:
-- Displayed
-- Pinned
-- Clicked on
-- Blocked
The data is stored on a restricted access server for a maximum of 7 days, and then the IP address (the only data that would associate the Tile with an individual) is removed.
--------------
WHERE DOES MY DATA GO/GET SHARED?
Data is transmitted directly to Mozilla and only aggregate data is stored on Mozilla servers. Mozilla is sharing aggregate numbers with partners on the number of impressions, clicks, pins, and hides their own content received. The little data that suggested sites reports goes to a restricted access server located in the USA. This data is stripped of IP addresses within 7 days, meaning that no one can be identified. We retain this data for a maximum of 13 months.
Any data that is to be shared with a partner is this aggregated data on the number of impressions, clicks, pins, and hides their own content received.
In fairness, what amounts to a hyperlink is not "bloat". I wish it wasn't there because it's a thing nobody is ever going to use in the age of Hangouts and Skype, but it's not like impacts the rest of the browser in any way
It only takes a tiny number of people to make a lot of noise, but I don't think it represents public opinion. Consider the Tea Party: Whether you agree with them or not (please don't answer), based on the noise they generate they might seem to be a majority, but they are a small and shrinking minority.
I wouldn't be so sure about that. There may be a relatively small number of very vocal individuals, but I think their opinions may be much more widely held that you believe they are. It's no secret that Firefox's share of the market has been dropping lately. For every individual who speaks out against the latest set of bad decisions from Mozilla, there are clearly many other users who share that disappointment, but say nothing, and instead just move from Firefox to some other browser. It's these silent former users who contribute to Firefox's decline in market share each month.
Those are all essentially infrastructure projects that (one way or another) add value to end user products that (not always, but quite often) are monetised somehow and in turn contribute or donate back, because they can. Firefox OTOH is an end user product itself, quite a different case.
Note that I'm no fan of the Pocket integration at all - to my knowledge there isn't even any sort of bundling deal or other kind of monetisation involved. I don't understand why Mozilla does this.
I don't agree with you. Firefox is an infrastructure product; it's how end users interact with actual products they care about (e.g., Facebook, Netflix, etc). Few people fire up a web browser without the intention of consuming third-party (non-Mozilla) content, just like few people boot a linux system just to watch the kernel run.
You are welcome to draw your own conclusions about the viability of constructing a modern browser engine on donated time from a handful of Facebook and Netflix engineers.
OTOH, there's the counter argument that if search engines and OS vendors are willing to pay for browsers, why should Facebook and/or Netflix spend any money? It seems to be the classic business case problem of, "well everyone else is paying for it already, and as a result we won't have much affect".
I do, of course, realise that FB and Netflix very much have an interest in the web platform, and could undoubtedly influence it more if they were willing to contribute code. That said, it's probably worthwhile to point out to those who don't know that both FB and Netflix are W3C members, and have several people who contribute heavily to specs.
With very few exceptions, open source projects (particularly infrastructure projects that add value to end-user projects) are not getting financial contributions from the companies that monetize them.
Just look at GnuPG, OpenSSH, or OpenBSD. These are projects that produce some really essential infrastructure that runs the modern web. This software has been in use at companies like Amazon, Facebook, Google, IBM, etc for decades. They have received almost no support whatsover. Werner Koch (of GPG fame) was so broke and desperate that he considered getting a corporate job. Theo de Raadt tried to get support from any of the hardware vendors that used OpenSSH in their products. He eventually got a laptop from IBM after pestering them for a year. I doubt busybox or mksh get much in the way of support from Google or Android hardware manufacturers.
I would hazard a guess that Firefox is better-funded than most open source "infrastructure" products.
So Telefonica is just doing this because they're really nice guys and aren't trying to increase the visibility of their products? And the Mozilla Foundation took on the extra code debt only because they were 100% convinced users wanted these extensions and not because they received a sizable donation from their partner to have it installed and on the toolbar by default with no way to completely remove it unlike every other extension.
Telefonica has nothing to do with the Pocket extension, they just (as far as I know) run the rendezvous servers that support the Hello feature.
Mozilla wanted to ship a WebRTC implementation, but it's not much use having webcam and microphone input unless you can send them to other people, and in this age of NAT and firewalls, that needs a rendezvous server. Mozilla had already had fruitful business interactions with Telefonica with FirefoxOS, and a telco seems like a reasonable choice for hosting a long-uptime network service...
In exchange for donating server hosting, Telefonica gets to display their logo in the Hello UI. I don't know if they also shelled out money in addition to hosting a service, but 80% of Hello's code is Firefox platform stuff (VP8 encoding and decoding, etc.) not Telefonica stuff.
The huge problem with today's generation; they want everything and they want it now and they want it free. How dare they make money somehow because the same person complaining about the pocket and hello integration would also not pay anything for the browser.
Parsing and loading an add-on would increase startup time. If you haven't put in your Pocket credentials, it's a single "if" statement that has to be evaluated. Having Pocket installed is the common case and the one that should be optimized for.
Are you worried that data will go to Pocket even if you don't log in?
> Having Pocket installed is the common case and the one that should be optimized for.
This statement is utterly wrong. Pocket has 14,000,000 users. Firefox has between 125,000,000 and 150,000,000 users. Assuming every single Pocket user is also a Firefox user, you're now optimizing for 10% of your users. This is clearly stupid.
It's also incorrect to claim that parsing and loading an addon would increase startup time. It's already loading the Pocket button; moving that code into an addon would not affect startup time at all. What it would do is allow users to disable or remove the Pocket integration -- which of course Pocket is paying Mozilla to prevent.
Don't pretend this is a technical decision. It is a business transaction.
You can strip it from the code, its not too hard. The issue is with the release cycle, an having to modify the code each time. I wish they would just make a build without the crapware bundled.
And I’d have to write a patchset and maintain it to get rid of it.
It’s as if my browser had a copy of Wolfenstein3D integrated.
Funny easteregg, but just a waste of development and testing time, and a waste of storage space.
Every line of code costs time and money in testing.
And here it costs me time every few days to fix new issues that were introduced when the code changed, to update my .patch, reapply it, recompile, repackage. Every few days. All the time.
And when the regression with Gtk3.14 -> 3.18 regarding Drag-and-Drop is still not fixed, but they have time and money to implement, test and bugfix this, sorry, but then I am seriously out of options for running a stable, customizable no-bullshit browser.
It's a bug in e10s mode, which is still a beta feature that you need to enable! If you want a stable browser, WTH are you enabling opt-in, explicitly unstable features?
Okay, then which version of Firefox supports a single tab crashing without the whole browser crashing with me not having to enable e10s?
Because I have enough of Firefox Stable with just recommended settings completely hanging up or crashing every time it encounters flash or similar things.
Flash already runs in a different process, even without e10s enabled.
Dunno why your Firefox is crashing every time it encounters Flash or similar media, but I can assure you that's not a common experience. Maybe try enabling click-to-play?
I filed a bug report for that, too, and it discovered multiple gaping holes in the sandbox, which, luckily, only allowed null pointer dereferencing (so no RCE problems, but still DoS)
I can easily submit a patch to remove pocket and place about:reader more prominently.
Is it going to get accepted into Firefox? No. Just like the last 5 times people tried to do this.
What I currently do is constantly keeping my patch up to date and recompiling Firefox for my Desktop and Laptop (ARCH and Kubuntu) every night based on the current source from the latest trunk release.
But it’s not nearly worth the effort to do this when the browser could easily accept one of the many patches people have written by now to get rid of pocket as part of the system and to move it into an addon.
Same with the ad-ridden new tab page. Put that stuff into an addon and allow me to uninstall it.
Expose the EME DRM feature as plugin on the plugins page, and allow me to uninstall it (I do not know if this is yet the case, I haven’t checked).
I don’t want to have to maintain a huge patchset just to run my browser.
I already have to hack-fix bugs like the before mentioned drag-and-drop bug myself (or downgrade to Gtk3.14).
I find it hard to believe that someone with significant karma on HN doesn't understand surveillance-as-a-business-model. Just being a yet another Service As A Software Substitute[1] is bad enough, but in this case these rent-seekers are exploiting user ignorance (it's a "dark pattern"). Firefox has always been a local app, with remote features requiring the user to opt-in to an extension. The distinction between Mozilla "only providing a button" and the actual feature that loads from the remote SaaSS only exists for people that understand these technologies.
Mozilla is being especially hypocritical with the integration of these features. During their previous projects (e.g. Australis) Mozilla pushed a lot of previously-integrated features into extensions. This caused problems for a LOT of people, but I reluctantly supported it because a minimal core with most features as plugins is generally a good design. For them to turn around an integrate a plugin that baits people into using spyware is outrageous - and somewhat suspicious.
That button needs to be removed because it's an attractive nuisance[2].
>This caused problems for a LOT of people, but I reluctantly supported it because a minimal core with most features as plugins is generally a good design. For them to turn around an integrate a plugin that baits people into using spyware is outrageous - and somewhat suspicious.
Bah. It's basically a lightweight extension, and will soon get packaged as one. It's not integrated into the core, which means the main anti-bloat principles are still upheld.
And it's not like it hides the process of making an account. If you want to sync things, you need a server. Not suspicious.
Sync was useful in it's original form that was encrypted entirely client-side. With the recent(-ish) changes, Sync should be considered spyware (or at least having the potential to be hijacked into spyware).
But does making this stuff uninstallable and difficult to disable really make them that much additional money? Seems like a poorly negotiated deal if that was really part of it.
That's like saying that bookmarks are disabled by default because the bookmark code does nothing until you interact with the browser, eg click the star or type in the "awesomebar".
If it's in the default UI it's not disabled, disabled means you have to take steps outside the expected workflow to enable it.
Dramatisation follows ...
"Oh, this rock I put in the middle of the floor, don't worry it's disabled; if you don't kick it or fall on it then it can't hurt you. Sure, putting it there makes you likely to trip on it; requires you to move it if you don't want to.
What's that? The company name on the side, oh that's just the company that asked us to put the rock here. Yeah, we're totally honouring our roots and keeping with minimalism aren't we!
No, no, it's not an advert - many of our users like having this rock here.
Next week we're going to scatter marbles on the floor, each one says 'drink more Koke', aren't we just being awesome.
Ha, do you remember when you had to choose for yourself which junk to clutter your office up with."