
No Surprises (2009) - marcolinux
https://blog.mozilla.org/addons/2009/05/01/no-surprises/
======
criley2
Does "No Surprises" mean I won't find unwanted Firefox extensions pre-
installed by Mozilla that are impossible to remove and only serve to reduce
privacy by opening up new unwanted avenues to access my input and broadcast it
over third party non-mozilla private networks? Shouldn't I at least be able to
opt-out of a private video service running on a third party server that I have
no terms of use or privacy policy covering?

"All changes must be ‘opt-in’, meaning the user must take non-default action
to enact the change."

Right, just like I "opt-ed" in to Firefox Hello.

I can't even "opt out" of Firefox Hello!

"Uninstalling the add-on restores the user’s original settings if they were
changed.

I wish. Just goes to show that they're pushing an uneven playing field where
Firefox Extensions are auto-installed, can't be removed, and can break all the
rules. But hey, at least everyone ELSE can't break all the rules.

Funny that they won't even apply this philosophy to their own products and
services that they are forcing into user installations without an opt-in or
opt-out.

~~~
atopal
Firefox Hello _is_ opt-in. If you don't use it, it will just be a button in
your toolbar, it will do absolutely nothing before you opt-in, by making a
call.

As a bonus: You can make video calls without ever having to create an account.

~~~
criley2
>"Firefox Hello is opt-in. If you don't use it, it will just be a button in
your toolbar, "

Are you being serious right now?

Ok, how about this, We auto-install the Ask Toolbar on every single Firefox
installation, 100%, everyone gets the Toolbar.

But don't worry!

If you don't click on the Toolbar which automatically installs and appears in
your browser, you won't use it!

It's "Opt in"!

The funny part is, can you tell me how to uninstall Firefox Hello completely?

Mozilla's NO SURPRISES policy says I should be able to uninstall unwanted
extensions with no loss to my browser.

So, can you help me achieve NO SURPRISES by removing the surprising and
unwanted third party Hello feature?

~~~
atopal
Sorry, but mildly put, your definition of opt-in seems to be an unrealistic
one. If you think Mozilla should ask whether people want to have a change or
not for every single change, then that's your prerogative, it has nothing to
do with practical software development though.

~~~
criley2
My definition of opt-in is:

"Click INSTALL to install this third party software"

I did not realize that this community had become so adverse to traditional
software that asking a user before installing new software was now considered
"revising definitions" and weird.

That's all I want: To be asked before third party software is automatically
installed.

We used to call that adware/malware when a company bundled third party
software without permission.

Now I guess we call it normal.

------
Tepix
I consider the way they hid the "block third party cookies" option a surprise.
Mozilla is so dependent on Google and other companies' money, they can't be
completely trusted to offer the best privacy out of the box.

The fact that Safari has 3rd party cookies disabled by default whereas Firefox
hasn't... is both telling and sad.

~~~
stefanix
Just checked, got totally surprised. Firefox basically overwrote my previous
setting on third-party cookies. As you said the new checkbox is very much
hidden: [https://support.mozilla.org/en-US/kb/disable-third-party-
coo...](https://support.mozilla.org/en-US/kb/disable-third-party-cookies)

~~~
Programmatic
Look into RequestPolicy [Continued], it prevents those third party sites from
even loading data via a request in the first place. It's very nice having that
level of control if you find it to be worth the time to fiddle with a few
sites' request settings. I find that I prefer the simplicity in a site loaded
without a lot of third party BS (and often not even CSS for sites that use a
CDN for it).

------
AdmiralAsshat
Does this mean they'll be rolling back the Pocket integration?

~~~
JohnTHaller
This policy has zero to do with Pocket if you actually read it. It's about
changing the user's search engine and homepage. Unless of course you wanted to
get in a completely unrelated jab at Pocket again because reasons.

Get over Pocket. There's no closed source code included. The open source code
that integrates with Pocket is never executed due to lazy loading if you don't
specifically use Pocket. No money changed hands. It was implemented because
users had been asking for the functionality for years and Mozilla determined
that it made more sense to partner with the best in breed provider of the
service rather than reinvent the service and support it on an ongoing basis
themselves. You can right-click and remove it if you don't want it.

~~~
k-mcgrady
>> "No money changed hands."

Money changing hands would have been better. That would've been a valid
reason.

>> "best in breed provider of the service"

Or providers could have just created extensions. Now that Mozilla picked a
winner competition suffers.

------
mahouse
(2009)

~~~
tedunangst
The internet is a source of constant dynamic change and the flexibility to
adopt new synergies is essential to maintaining best in class shared
experiences.

~~~
codewithcheese
The marketing speak is strong with this one...

~~~
baseballmerpeak
I'm now one "synergy" away from a Buzzword Bingo.

------
specto
I guess this is a quip against Mozilla adding the 3rd party functionality?

~~~
bananaoomarang
Probably more thinking of Mozilla replacing default search with Yahoo, without
asking the user.

~~~
jacquesm
It's stuff like this that has an indirect effect that is much more serious
than the change itself.

Not all that long ago there was a thread here about 'why those bloody end
users don't keep their systems up-to-date'. Well, there you have it: because
they never _just_ get the fixes, they also get all kinds of other junk rammed
down their throats, if such an upgrade does not break their systems entirely.
And so the end-users get wise and stop updating their systems, resulting in
systems that are then wide open to malicious parties.

I feel that I'm pretty tech savvy and in spite of that I've got a hard time
clicking the 'upgrade' button next to my browser for that exact reason, it's a
toss-up if it will actually do something useful for me or if it will cause me
no end of misery to try to restore the situation back to working after a
failed update.

I'd need a couple of extra hands to count the number of times where an update
to an otherwise perfectly functioning system caused it to break and in some
cases that in turn led to a complete re-install.

In tech we even have a meme for that: "If it isn't obviously broken, don't fix
it!".

~~~
Programmatic
You raise an extremely good point that describes my feelings lately perfectly.

How do HN folks manage the inevitable change in and monetization of popular
and useful products?

I'm having serious heartburn consuming updated products (e.g. Win 10 and
FireFox). It seems that the forced dichotomy is Control, Ease of use, Features
within 3 years: Pick two. I had been really happy with my customized FireFox
and locked down Windows 7 from the control and usefulness standpoint but FF
has been taking liberties that parent notes and Windows has a "new direction"
than the standalone value they provided with Win 7. Now it feels like they're
yanking the rug out, and constantly evaluating the large amount of technology
I rely on is tiring.

~~~
batou
I'm right there now. I just simplified everything by going back and looking
for the technological singularity where everything just worked.

This is a really hard and uncomfortable thing after years of convenience along
the same lines of going back to CDs after using mp3s but it's worth it.

~~~
Programmatic
Hah. I actually am very happy with my music solution (for now). I buy CDs and
rip them with iTunes to MP3 on my media PC to a network drive, and then
manually sync my phone. I can play it on anything by opening a folder.

The UI is essentially put in CD, wait, have music, and sync phones
occasionally.

What is your current setup that you're happy with?

~~~
batou
My entire outlay is now a single laptop running CentOS 7, a desktop as a
backup machine if I kill the laptop, some earphones, a dumbphone and a USB
stick and USB mp3 player in the car. I rsync the USB stick for the car
periodically and that is it.

As for everything else, browser is Firefox still (ick) and the only services I
use are an IMAP box and domain.

I gave up music on my phone, contact sync, email on my phone, navigation,
everything. A simpler life seems to be better for me.

------
l1n
Might be better to change the link to the official policy:
[https://developer.mozilla.org/en-US/Add-
ons/AMO/Policy/Revie...](https://developer.mozilla.org/en-US/Add-
ons/AMO/Policy/Reviews#section-defaults)

------
feld
Sounds like FreeBSD's POLA

[https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/f...](https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/freebsd-
glossary.html#pola-glossary)

------
mrweasel
So Googles Safe Browsing will finally be opt-in?

~~~
eli
That seems like a poor example of something that should be opt-in. The people
who would benefit most from it seem the least likely to opt-in to optional
features.

~~~
mrweasel
True, but I would like to know that my non-Google browser contacts Googles
server every now and then. If the goal is "no surprises", then users should be
made aware of this feature and allowed to opt-in or out easily.

~~~
eli
It's pretty benign. I'm not sure "warning you about potential phishing sites"
is the sort of surprise they were trying to move away from. Would you consider
being warned of a revoked SSL certificate a surprise too?

~~~
mrweasel
>Would you consider being warned of a revoked SSL certificate a surprise too?

I suppose not, but it's not the feature I find surprising, it's that it's a
Google service in a browser I picked because it's not a Google product. Yeah,
I know, the SSL revoking is a service provided by each of the certificate
providers, so it's sort of the same thing.

Google search is in Firefox as well, but it's not surprising, it's kinda
obvious really. They could do so similar with the anti-phishing/malware thing.
On the phising site warning just write "This is a Google provided service,
click to opt-out".

------
emddudley
This is from 2009.

------
vdaniuk
This derogatory treatment of Mozilla by hivemind consensus emerging from
opinions of a vocal minority is a curious phenomena and a indicator of the
increasing ideological rift in open source community. It can be roughly
summarized as a conflict between deontological and consequentialist ethics.
User privacy, "meritocracy", freedom from DRM/EME, etc above all else vs
strategical trade-offs that strengthen competitive positions against Chrome,
Edge and Safari.

~~~
vetinari
How exactly destroying user's trust wrt privacy and including extensions no
one wanted does strategically strengthen against competition? I would say it
weakens Mozilla's position.

------
arca_vorago
So does that mean the WebRTC issues will be made visible to the average user?

------
eule
I was pretty surprised when tabs suddenly were on the top.

------
noja
Well, I didn't expect that.

------
LeoNatan25
Is that a surprise in your pocket, or are you just happy to throw away my
privacy?

~~~
drdaeman
Pocket is small stuff. A button on the taskbar that can be removed. Or
completely disabled in about:config. Surprising, but not much damage.

For me the Sync surprise was much more disappointing. They broke the feature
to the extent it became unusable for me any more (unless I spend some more
weekends trying to understand their poorly-documented proprietary protocol
mess, which is not how I'd like to spend time).

~~~
sirn
Unfortunately the View Pocket List menu entry in Bookmarks menu cannot easily
be removed. (It is there even with browser.pocket.enabled set to false).
Fortunately for me that I don't access the Bookmarks menu too often to be
annoyed by it.

~~~
gorhill
> Unfortunately the View Pocket List menu entry in Bookmarks menu cannot
> easily be removed.

It will be removed if you remove the Pocket icon using the (right-click)
contextual menu on the icon. The entry is not removed if you remove manually
using the `about:config` way.

Related bugzilla entry[1]:

> The normal/supported way to remove Pocket works fine: Right click the
> button, select "Remove from toolbar".

[1]
[https://bugzilla.mozilla.org/show_bug.cgi?id=1171569](https://bugzilla.mozilla.org/show_bug.cgi?id=1171569)

