

Firefox upgraded my browser from 3.6 to 12 without asking and my consent - przemoc

I closed my Fx 3.6.xx and when I opened it, I saw some progressbox about Fx being updated, next was wizard with questions about extensions and in the end I got Fx 12! No one asked me about this switch. I was purposedly keeping that version.<p>Am I the only one cursing Firefox engineers right now?
======
quarterto
Yes. Yes you are.

Seriously, 3.6 came out two and a half years ago. What possible reason could
you have to keep it? Do you _want_ to get malware?

Edit: downvotes? It's a legitimate question.

~~~
antidoh
Maybe because you're ignoring his legitimate statement: "No one asked me about
this switch. _I was purposedly keeping that version_."

~~~
azakai
Was the update option turned off?

If not, I would expect that after multiple notices which were sent to FF
3.5/3.6 users about their browser being EOL'd, it would autoupdate to a
supported version.

If yes, then this might be a bug. Which would explain the oddity of why FF12
showed up here (and not FF14 stable or FF10 ESR).

------
melling
Finally. What is taking Mozilla so long to upgrade 3.6 users? This push was
suppose to happen months ago for people who didn't set the flag.

Btw, the current version is 14. You're still behind.

------
bpatrianakos
As of the time of this comment a lot of people are missing the point which is
about respecting the user's choice not to upgrade.

To answer the question though, I'd say maybe not the only one but you're
probably part of an incredibly small minority. If you had the update feature
off and this happened then it's certainly not right but if it was on and you
received many notices already then you had plenty of time to turn that feature
off.

I'd ask what reason anyone would have to keep such an old version though? I do
understand its a choice but outside of some really narrow edge cases I can't
really see a good reason to keep 3.6.

This raises so,e very interesting questions though if in fact you had the
update feature explicitly turned off. We all can agree that updating your
browser even somewhat regularly is great for both users and developers but
respecting the users choices is also almost a duty that software developers
have. To me this is a gray area. Considering how old and outdated FF3.6 is and
that web standards change so rapidly and have a lot since 3.6 was it a good
call for Mozilla to pull the trigger and upgrade users of ancient FF versions
or is it more important to respect the user's choice?

I think they made the right call. We think of using a particular browser at
version X as a choice but in reality the majority of people do not choose
this. They get whatever came out at the time and then never think of it again.
For most users their inaction when it comes to upgrading isn't really a
conscious choice to stay at the version they have but instead just a side
effect of not knowing enough to be able to choose to upgrade or not having the
time to be bothered by the prompt and clicking "No" on whatever comes up (I
can see that especially applying to Windows users as there seems to be a
prompt popping up every other second). At a certain point there are so few
reasons not to upgrade that it makes sense to do it for the user
automatically. Even if a user, somehow, some way, is using an old version of
FF for testing a website in development or has somehow gotten into a situation
like many corporate IE users face where certain websites or apps can only be
access with version X it's very reasonable to assume these people know they
have an edge case and would take steps to either only run the browser on an
intranet or private network or, for developers, only run it on one machine on
a _local_ server and not connected to the wider web.

In the end I feel for you and I understand it sucks but really there's not
much reason at all for anyone not in that situation to be outraged or care
much that a version of FF so out of date is being auto updated without
permission. And I say that in the nicest way possible.

------
ojiikun
If you are concerned about stability of a release with regards to
compatibility, why weren't you using the ESR?

<https://www.mozilla.org/en-US/firefox/organizations/faq/>

Unlike 3.6, it gets security-only updates for a well-defined period of time.

------
wensing
I'm an upgrade laggard, I feel your pain. All of the comments saying that you
have no right to complain can be summarized as "If I don't understand why
someone is doing something, they must be wrong."

I guess we've entered the age when browser choices have become moral
decisions. Why it shouldn't be your own choice as to what browser version you
run is beyond me.

~~~
hugh4life
"I guess we've entered the age when browser choices have become moral
decisions."

Yes, it is immoral to waste web developers time by holding onto an old
browser.

~~~
azakai
Old and unsupported browsers are also exploitable, and exploiting a machine
doesn't just hurt the person who owns it, since the machine is then used to
spam all the rest of us.

------
calvin
I can't speak to why they upgraded without asking you. However, 3.6 has been
end-of-lifed and will no longer receive security updates. You'll be much
better off using the Extended Support Release.

Mozilla doesn't make it easy to find the ESR download page. It's here:

<https://www.mozilla.org/en-US/firefox/organizations/all.html>

~~~
jamesbritt
That's a really helpful link. I had not idea there even was such a thing.
Thanks.

~~~
calvin
It's targeted primarily at enterprises and only gets updated (aside from
security patches) every 7 releases (42 weeks).

------
jamesbritt
I don't know about cursing any engineers, but I'm running a 3.something
version for Firefox because I have a set of plug-ins that work, and have
failed to work in later versions, and I get to do what I want in a way that
I'm happy with.

If there's some overwhelming reason it would be in my own best interest to
stop using 3.x I'm certainly interested to hear about it.

The number of sites that appear to take advantage of more current FF features
is, for me, minuscule, and I can visit the site in Chrome or something if
needed.

~~~
mkmcdonald
You've been misled into thinking that you _need_ features X, Y and Z. Web
pages can be functional without flashy new features.

Your browser is your choice, and we as developers need to respect that.

~~~
jamesbritt
Well, to be fair, some new things _are_ pretty cool. I'd love to have both the
latest cool stuff _and_ be able to run every add-on I've ever liked since
Mozilla 1.0.

I know that's just not going to happen, so I made a choice. I'll do without
certain things in order to keep other things.

I'm just occasionally concerned that I'm overlooking some serious downside
(e.g. FF 3.x can be made to set my Linux machine on fire or whatever).

Mostly the only thing I notice is that WebGL demos don't work. Not really a
big deal for me. I can run those on Chrome or something.

------
hugh4life
"Am I the only one cursing Firefox engineers right now?"

Why don't you try thinking about the web designers? Firefox 3.6 is at about
.75% of internet users now. You all need to move on.

[http://getclicky.com/marketshare/global/web-
browsers/firefox...](http://getclicky.com/marketshare/global/web-
browsers/firefox/)

~~~
wensing
If it's <1% of internet users, most web designers will have already moved on.
The only ones that haven't will be the ones where this user is a customer and
he is unable to use a different browser. Then that developer is being paid to
support his ancient technology and if he doesn't like doing so he can start a
startup and make his own decisions and figure out how to pay his own salary.
:)

------
thanosbaskous
The comments here about przemoc's choice in browser are surprisingly critical
and vitriolic. S/he claims to be purposely keeping that version, and so
presumably has some good reason - specific plugins, specific version testing
for an internal web application, etc. Even if przemoc didn't have what you
would consider a good reason, it should be his or her choice to keep that
browser version and the onus is on us as web developers to encourage him (in
positive ways) to upgrade - through better web applications that require new
features, better communicating the reasons for upgrading, etc.

Believe me when I say that I understand the frustrations that come from having
to support outdated browsers - I used to develop a web application for the
financial industry, where as of a year or two ago a significant portion of
traffic still came from IE6-locked machines in large financial institutions -
but browser choice is not the issue here.

The issue as I see it is that the software that przemoc was running did not
behave as he or she wanted and expected it to behave. That means that the
software had a design problem (poor or misleading auto-update setting design),
a communication problem (didn't inform him or maybe mislead him about the
default update behavior) or a bug (updated despite a setting telling it not
to).

There isn't enough information in the original post to determine if the last
one (auto-update occurring despite being turned off) is what happened here -
I'd like to learn more. It would be worrying (and I'd argue an insecure
design) if the software were even capable of self-updating with that setting
turned off.

~~~
mkmcdonald
> [...] the onus is on us as web developers to encourage [him/her] (in
> positive ways) to upgrade - through better web applications that require new
> features, better communicating the reasons for upgrading, etc.

I disagree. The onus is on those peddling the product (i.e. marketers) to sell
its worth to users.

> Believe me when I say that I understand the frustrations that come from
> having to support outdated browsers

I read about “frustration” when referring to older browsers a lot. That has
led me to question just how much people learn about supporting those browsers.
Shouldn't supporting browser X become trivial once a certain amount of
experience is accrued? Or do we just hunt and peck until a page ostensibly
works?

> There isn't enough information in the original post to determine if the last
> one (auto-update occurring despite being turned off) is what happened here -
> I'd like to learn more. It would be worrying (and I'd argue an insecure
> design) if the software were even capable of self-updating with that setting
> turned off.

As someone who tests every whole number version of Firefox (1-14), I have
experience with the force-fed updates. Imagine my frustration when viewing the
version information (via Help > About) led to the browser paving over my
existing installation. I really don't want to have to tinker with the settings
for fourteen separate programs.

Conversely, Opera 8+ will ask before updating. Though this happens every time
I open the program, I can easily decline and continue with my business. This
is how to respect users.

Chrome is far worse, as it forbids the existence of an older build, even after
the newer build is uninstalled.

------
bherms
While many people may be bemoaning the choice of Mozilla to update without
consent, I suggest looking at it from a different perspective...

Many browser updates are largely brought about due to a few things, but
security is generally a large matter when these upgrades get pushed. Yes, you
may have kept a certain version for a reason (you don't want to change, you
like the way it looks, etc), but let's focus on the other side of this with a
short analogy. Say you go out and buy a new fire alarm and install it at your
house. The fire alarm is there to help protect you from dying in a fire.
Later, the manufacturing company realizes there are some minor design flaws
which put you at risk of, well, dying in a fire. Most would argue that it is
not only the duty and obligation of the company to replace (or upgrade) the
alarm, but that it may even be right to legally mandate that they do. If the
company came to you and said that there were some major flaws and they wanted
to upgrade you, I doubt anyone would whine that they like the way the current
model looks and want to pass.

However, when a browser does it, everyone bitches about it. The updates are
there for many reasons, not just security. Generally speaking, however,
browser updates not only benefit your own security, but also help make the web
a better place for everyone, whether it be by better standards adherence,
improved usability tools, or who knows what else.

One of the big reasons that this becomes a problem is that people dislike
change, but on a larger scale, they dislike change of something they don't
understand. Browsers, computers, the web, etc are very abstracted away from
people to a point that most don't know anything about the way the tools they
use on a daily basis work. When those tools change, it appears like some
corporate robot is changing it to hurt them because they don't understand the
reasons these things NEED to be updated. There isn't enough transparency on
WHY the changes happen (there are in the changelogs, but try to get your
mother to read or understand that) and understanding of the base layers and it
makes it very hard for people to understand.

I think one step forward here is to present users with a laymans explanation
on why they need to update their browser. Telling them "We need to update your
browser because we've discovered a potential problem where someone could
possibly steal your credit card number while making purchases" is a lot more
straightforward than this: <http://www.mozilla.org/en-
US/firefox/13.0.1/releasenotes/>

~~~
nocman
Your analogy is flawed.

To make it complete, the fictional fire alarm company would not come to you at
all. While at your house originally installing the fire alarm, they would grab
the key to your house from where it hangs by the door, make a copy (without
your knowledge), then hang it back on the wall. Later, when the defect in the
alarm was discovered, they would use that copy of the key to let themselves in
to your house while you were at work. Then they would replace the fire alarm
without your consent or your knowledge of them doing so (well, of course,
until you returned from work and figured out what happened when you were gone
-- assuming that you noticed the new alarm).

I don't have a problem with companies and other development organizations
updating their software. In fact, I _encourage_ them to do so (especially in
the case of security issues). However, I _do_ have a problem with said
companies/organizations making such updates without first informing me that
they are doing so, and getting my consent to do so _before_ performing the
update.

It's not your computer. It's _my_ computer. I paid for it. I get to control
it. Period. If I am subject to security vulnerabilities because of the browser
version I'm using, that is my responsibility.

I detest software where automatic updates are turned on by default, without
ever presenting the user the option of turning them off (without having to go
hunt down said option after the program is installed). Automatic updates have
ramifications. They can screw up working installations. I get tired of having
to go and disable automatic updates from applications, browsers, java runtimes
(and that stupid Java system tray icon in Windows).

I'm not against being _able_ to turn on automatic updates. There are plenty of
users who don't want to fool with it, and that's their business. I just think
users should be given the choice up front. We shouldn't have to go looking for
it after installation. I am still mildly irritated by having an option for
automatic updates being checked on by default at installation time, but I
could live with that irritation if all applications were explicitly giving
users the option then. However, the trend of late seems to be updates turned
on automatically, without even informing the user that there _are_ automatic
updates.

I like to know when software is being installed on my computer. I want to be
asked before it is installed.

~~~
bherms
Understandable... One other thing to keep in mind also is that you're using
free software when it comes to Firefox. If someone wants to give me something
for free with the requirement that it automatically updates to both keep me
secure and push the web forward, I'm all for it. Given that the majority of
users don't know what the hell they're even using, I think it makes sense to
turn on auto updates for the average user, while the power users like us dig
deeper to turn it off.

edit: also, to nitpick your analogy amendment of my fictional alarm company
copying a key without your knowledge, I don't think opening software and
having it "fix itself" automatically is anything akin to having a person steal
a key to your house and enter it without your knowledge... However, I do agree
my analogy was a bit flawed and that the reality is somewhere in between both
of our views.

~~~
nocman
I figured the "yeah but it's free software" thing would be part of the
comeback. My response is that Firefox being free is completely irrelevant to
my point. I'm the owner of the computer. You should never install anything on
my computer without my consent. And yes, I think it is bad for you to do that
with an average user also. I, as a user, downloaded Firefox 3.x (or whatever
version) and installed it. I expect Firefox 3.x to be the one that is running
after I install it. I _don't_ have a problem with the installation program
putting up a dialog that says "We'd like to keep this software up to date. May
we turn on automatic updates for this software? (yes/no)". As I said in my
previous post, I can even begrudgingly live with the "Yes" option being
checked by default. To me, it is the fact that all of this is done by default
_without ever asking me about it_ that is bad bad bad. The user should be
told. A simple explanation is not difficult, and most users who would go to
the trouble of installing something should be able to understand a reasonably
well-written explanation. And even if only 40% of them do, it is still better
that the option be given. If they don't want to be bothered with it, they are
most likely going to just take the defaults anyway.

As to the nitpick about the analogy -- of _course_ it isn't the same level of
severity. It's an analogy. Installing a fire alarm system can't be compared to
installing Firefox on my computer either. One takes hours, the other takes
only minutes. I wasn't trying to say that breaking and entering was equivalent
to covertly installing program updates without user consent. I was merely
trying to complete the analogy (perhaps remote wireless fire alarm firmware
updates without homeowner consent would have been a better choice -- but I
didn't think of that possibility until just now. :-D )

The semi-amusing part about this whole discussion is the reason that I'm
replying again. I'd installed Firefox on one of the machines in my house a
while back, and I forgot to turn off the automatic updates. Started up Firefox
only to have it apply the update it had automatically downloaded without my
knowledge. Grrrrrrr. Sorry, this just rubs me the wrong way, and I don't like
Firefox running a background service to install updates either (also an option
that I didn't chose).

------
AndrewDucker
Well, if you insist on reverting back to a browser that will never have any
security updates ever again, here are some useful tips for preventing it
updating itself: [http://support.mozilla.org/en-
US/questions/931530#answer-349...](http://support.mozilla.org/en-
US/questions/931530#answer-349946)

------
simonster
Would you curse the Firefox engineers more or less if they didn't try to
upgrade you to a newer version of Firefox and, through their inaction, allowed
your computer to be exploited via a security vulnerability in Firefox that has
long since been fixed in modern Firefox versions?

~~~
AznHisoka
Yes, I would curse them both ways. I'm sure the engineers get enough
appreciation from other people :)

------
p_sherman
You're the type of person who runs IE6.

~~~
mkmcdonald
Browser elitism benefits no one. The user is left insulted, and the developer
strokes their own ego.

~~~
p_sherman
I was merely pointing out the fact that it is the running of a 3 year old
browser that benefits no one and debilitates the web.

------
wildmXranat
Dude, I'm sorry but you're on your own. Mozilla needed to do this a long time
ago and believe me, it's for the greater general good.

------
zachshallbetter
Fortunately you can use firefox portable to test older versions if needed.

[http://portableapps.com/apps/internet/firefox_portable/local...](http://portableapps.com/apps/internet/firefox_portable/localization#legacy36)

------
mjn
For most users it seems fine, but as someone with an interest in researching
historical software, I do find some of this stuff a bit troubling, unless
there's a way to turn it off. It's getting harder to install and use old
versions of software, without resorting to running things in carefully
controlled snapshotted sandboxes.

Also a problem with games, which sometimes _significantly_ change gameplay
with patches. You used to be able to archive the original binaries and then
also archive each incremental patch, but auto-updates (and other things such
as DLC) are making that all tricky.

------
brunolazzaro
I don't think that's a bad thing, look at it this way: \- Most sites will look
and work better now. \- New browser with new functionality. \- It's 2012, it
was time to get upgraded. \- I was warned:
[http://www.computerworlduk.com/news/applications/3354678/moz...](http://www.computerworlduk.com/news/applications/3354678/mozilla-
auto-upgrade-to-kill-firefox-36-in-security-drive/)

------
webwanderings
I am irked by the fact that Firefox added a doodle to its Home tab which is
using my local resource to host the GIF image. I am fine with doodles but
there shouldn't be a doodle on my browser without my consent, let alone the
image is running from my hard drive.

------
dredmorbius
Similar line: FF doesn't support older versions of Mac OS X (can't say the
specific version, but iMac would be the case I'm aware of).

Hardware vendor won't provide OS upgrades, SW vendor won't provide app
upgrades. So user is stuck on FF 3.6.

------
Apreche
Chrome updates everyone all the time without asking. It just happens.
Mozilla's big mistake is that they tell the user that the update has occurred.
It should happen without you even realizing it.

------
vonskippy
I feel your pain.

Once when I took a short break someone ran into my shop and painted all the
beads of my abacus florescent pink.

What were they thinking?

