
Waterfox browser - rolph
https://en.wikipedia.org/wiki/Waterfox
======
cmroanirgo
Previous Comments:
[https://news.ycombinator.com/item?id=20047170](https://news.ycombinator.com/item?id=20047170)
(Just over a month ago)

------
user17843
I have observed a big anti-waterfox and anti-fork atmosphere in the Firefox
Community. I don't think the criticism of Waterfox is honest, because the
browser has been doing exceptionally well (always including critical bugs) for
a one-man project and every Firefox Fork should be welcomed.

The official response by Mozilla has always been to avoid ALL forks and ALL
old versions like the plaque. I know why Mozilla wants to suppress them, but
the community shouldn't. Waterfox is basically the result of the decision by
Mozilla to abandon a part of their most loyal userbase.

In theory a diverse set of browsers actually increases security due to the
lack of attack surfaces with which you can target a wide audience.

Because basically all attacks that you have to fear from normal browsing as an
average user are actually non-targeted attacks, and those attacks usually
focus on a large user-base, in order to be financially viable. Also a script-
blocker is probably the only thing needed to reduce attack surface to
basically zero for non-targeted attacks.

The security argument is actually the only case one can make against Waterfox.
While it is partially valid, there are many other reasons why people use a
browser, which is exactly why Waterfox has so many users. Not everyone wants
to focus on high level and mostly theoretical security.

By the way, the founder of Waterfox has published an alpha-version based on
Firefox 86 ESR.

~~~
TAForObvReasons
Also worth mentioning IceCat:
[https://www.gnu.org/software/gnuzilla/](https://www.gnu.org/software/gnuzilla/)

> GNU IceCat is the GNU version of the Firefox browser. Its main advantage is
> an ethical one: it is entirely free software. While the Firefox source code
> from the Mozilla project is free software, they distribute and recommend
> non-free software as plug-ins and addons.

EDIT: removed a clause about the relationship with IceWeasel, thanks for the
historical context @quadrangle and @war1025

~~~
quadrangle
> IceCat, formerly IceWeasel

Nope. IceWeasel was a Debian rebranding of Firefox which has been
discontinued. GNU IceCat was always GNU IceCat and was not formerly IceWeasel.

(I still upvoted your mention of IceCat here)

------
jusob
The project started as a 64-bit version for Windows (was supposed to be
faster). Then, when Firefox changed the add-on framework, it became the
"Firefox" version you can use to keep all your old add-ons working. They are
merging all relevant security issues quickly, as well as bug fixes.

~~~
ChrisSD
If people just wanted to use the old addon system then all that requires is
changing a few options when building Firefox (in official Firefox builds, only
moz can deploy such addons). So keeping up with security updates shouldn't be
hard at all if that's the only difference.

Of course the old type of addons may break from time to time as the browser's
internals change but that was always a problem with the old addon system.

~~~
majewsky
If I understand [1] correctly, the XUL code that those old addons use as an
interface into the browser is nearly gone. And that's the entire point of
deprecating the old addons: to be able to refactor Firefox internals away from
XUL towards pure HTML/CSS/JS-based UI.

[1] [https://bgrins.github.io/xbl-
analysis/graph/](https://bgrins.github.io/xbl-analysis/graph/)

------
notatoad
yes, the browser that claims to improve your privacy by being 12 versions out
of date compared to firefox stable.

~~~
mirimir
As jusob noted, "They are merging all relevant security issues quickly, as
well as bug fixes." So why does "12 versions out of date" matter?

The advantage of Waterfox is more freedom to use extensions that increase
privacy and security. And sure, also extensions that totally pwn you. But
that's just how it is, when you have autonomy.

I'm not arguing, however, that the Waterfox approach is best. Tor browser adds
lots of great stuff to increase privacy and security, and they stay ~up to
date with Firefox releases.

~~~
jcranmer
> As jusob noted, "They are merging all relevant security issues quickly, as
> well as bug fixes." So why does "12 versions out of date" matter?

If you're retaining code that has since been ripped out upstream, that means
that there are no security fixes for you to uptake, but you still contain the
same potential for security issues. This isn't an idle concern--the NSA used
an exploit in code that was ripped out of Firefox to attack the Tor Browser,
which was (at the time) stuck on an older version that retained code generally
known to be much more poorly secured (E4X, specifically).

Security is also orthogonal to privacy concerns. For privacy, what matters
most is how similar or dissimilar you are to the normal crowd. Using an
unorthodox web browser that is observably different from the mainstream
browsers is going to reduce your privacy more than any actual benefit you get
from extra features.

~~~
mirimir
That's a good point. So Tor Project's approach, starting from the latest
release, is overall better.

I still miss some old extensions, though. Especially RefControl, which let me
supply a site's root as referer to it. Smart Referer just drops referer, with
some whitelist exceptions where sites break. RefControl never broke sites.

------
redder2
I do not get why ppl are so obsessed about this legacy extensions, by now
there is almost a extension for everything and I do not need that much
consolidation of the UI.

Tab mix plus is basically now a light extension that just points you to
about:config setting that are more then enough for me. The most important
setting for me is to open all popups in tabs.

Also Mozilla has deprecated that old APIs for security purposes! Maintaining
it with a small team of volunteers or some little donations is not gonna cut
it. I am not "Anti" everything its just that I do not see the point of this AT
ALL.

// Ok its not even a team its a one man project, makes it even worse. And
isn't ESR now also build on a version without the old APIs? If not already
that day will come and especially then the using it will be a big security
risk.

------
noodlesUK
What extensions are people using that they’re so dependent on that haven’t
been able to migrate to webextensions? Genuinely curious. I used to use an old
version of Firefox in order to use vimperator, but since tridactyl became
available, I have been on Firefox stable.

~~~
CamJN
LinkLocationBar, panorama tab groups, websocket inspector, none of which have
working replacements in webextentions.

~~~
yoasif_
> panorama tab groups

How about [https://addons.mozilla.org/en-US/firefox/addon/panorama-
tab-...](https://addons.mozilla.org/en-US/firefox/addon/panorama-tab-groups/)
?

------
NikolaeVarius
I find it funny that their site more or less contradicts itself.

[https://www.waterfox.net/](https://www.waterfox.net/)

> No Telemetry Waterfox does not collect ANY telemetry, meaning you don't have
> to worry about any tracking or usage information about what you do inside
> YOUR browser.

> Limited Data Collection The only thing that Waterfox sends back is your OS
> and browser version to check for updates.

[https://www.waterfox.net/about/](https://www.waterfox.net/about/)

> absolutely no data or telemetry is sent back to Mozilla or the Waterfox
> project.

~~~
2bitencryption
I mean, of course the browser knows its own version, this is totally not
dependent on user data. And you already give away your OS when you download
it, right? Of course it knows what OS it's executing on.

I honestly think that can still be truthfully called "No data or telemetry."

> "You don't have to worry about any tracking or usage information about what
> you do inside YOUR browser"

That still holds up, if all it sends is info the browser already knows about
itself.

~~~
mrob
It's still telemetry. It's irrelevant what the browser "knows about itself",
because the browser is not the organization receiving the data. You do not
automatically "give away your OS" when you download. User agent strings can be
set to whatever you like, and you can run the software on a different system
from the one used to download it. If the Waterfox developers want to track
usage they should request the user's permission, like Debian does with their
opt-in Popularity Contest software.

~~~
mirimir
Well, Debian knows whether you're using x86 or x64.

Also, do we know whether Waterfox gets a custom OS report, or just uses the
user agent string?

------
squarefoot
Using it right now, since probably a year or so. Does the job fine and so far
I found no compatibility issues with FF extensions I use.

