Hacker News new | past | comments | ask | show | jobs | submit login
UnGoogled Chromium: Chromium with enhanced privacy, control and transparency (github.com/eloston)
688 points by kawera on Sept 25, 2016 | hide | past | favorite | 423 comments

Great start. Although I think we need to reverse the trend of Chrome becoming the single browser web developers use. The amount of sites that unnecessarily[0] work only in Chrome is growing daily. And that's not even counting browser extensions. I think this, more than anything else, will determine if Chrome becomes the "Internet Explorer"[1] of this decade or not.

Skipping testing in IE is one thing. Skipping testing in Firefox is a sin.

[0] Unnecessarily, because cross-browser compatibility isn't hard, simply include CSS prefixes besides -webkit and use standardized JS APIs.

[1] Internet Explorer, a term for a closed-source browser that creates non-standard APIs that developers jump on, forcing either users to use that browser, or other browsers to implement the non-standard APIs too.

The thing about "Internet Explorer", is that using IE Edge, I often run into websites that demand I "Upgrade" to Chrome and won't let me use them.

Fudging the user agent however, allows that website to work perfectly fine.

Not testing in IE is one thing. Presenting an nonintrusive message warning you don't test in IE is another. Paying money to advertise your website, then, when I click your link, greeting me with a condescending "IE Users are idiots" type message that doesn't let me proceed, doesn't make me buy your product.

For a few months now, Bank of America's site has been including a giant alert at the top suggesting that I use a supported browser, such as Firefox, Chrome, or IE. ... Except I'm already using Firefox. I'm not customizing the user agent or anything.

Maybe their regex checks for Firefox on Windows and you're on some other OS?

The dumbest user agent based browser detection mechanism I ever encountered was one that a major grocery store chain had in place on their website. At the time, I was running Linux on a desktop computer which had an ARMv7 processor.

I visited their website and was, like in a lot of cases where they assume ARMv7 means I must be using a mobile device, redirected to the mobile site.

That's not the stupid part, though (just annoying). These guys took it one step further and had their mobile website decide that I was in fact not on mobile, and then they proceeded to throw me into a redirect loop between the desktop and mobile site. Talk about messing up with browser detection.

I wrote an e-mail to report the issue to the people in charge of the site, and you know what they tell me? Oh, "we forwarded your message to our web developers but they said that this doesn't happen". Wow, ok, "this doesn't happen". Guess I must be hallucinating, then? Well, jokes on them 'cause if they hire people who break their website so that I can't check the opening hours, guess where I'll be shopping? Not at their store, that's for sure.

Glorious. I guess that the mobile dev team is separate from the desktop dev team, and uses a different mobile browser regex.

Oh, that's probably it. I'm on Linux.

(Though the problem also happens on OS X.)

Add this to the fact that Edge is still the only browser on Windows that's suitable for use on a device with a touchscreen, and it's downright insulting.

I have Chrome on my Surface. I choose to use Edge instead because Chrome is unusable without my Type Cover plugged in, and I'm not doing that while laying on the couch.

Hey Google, want me to use Chrome on my Surface? Then give me the Android version of Chrome running in a container. Phone UI, please.

If you ask me, insulting is having a desktop OS pretending to also work on tablets and releasing that to consumers. You can't blame companies for not releasing apps that can work in tablet mode. It takes time, because that's basically like developing for a whole new OS. And Microsoft could do it because they are the ones developing the freaking OS.

I very specifically got my Surface for a road trip where I needed a device that would be a fully-functional laptop in my hotel room but would be comfortable for reading comic books (and other things) on while sitting in the back seat of a car for hours on end.

Windows tablets were my only option. An Android tablet (or an iPad) might work fine in the car, but it would make a terrible laptop in the hotel room, and a conventional laptop would be unusable in the car.

After my road trip, my Surface found continued use as my couch computer, effectively replacing my phone. Honestly, as long as I have a web browser that works I don't need much else. Edge works; it might be more minimalistic than I like, but the vast majority of what I want to do with a computer on my couch is satisfied by Edge. Oh, and the Facebook app for Windows 10 is awesome. It's everything I've wanted out of the Android app, which has been a constant disappointment for me.

I once had to fix TogetherJS where the proceed button was broken:


Clue: what is the problem with this code?

I also run into websites that force me to spoof the user agent string just to gain access. Intuit is one offender.

Intuit doesn't seem to do this anymore, though they definitely did for years. I've used mint, quick books online, and TurboTax on chrome and Firefox on Linux without issue.

It shouldn't matter what browser you're using, that's the point of having web standards. I can understand not wanting to support certain users that use whatever browser you don't want to support, but a visible, non-intrusive and dismissible warning at the top should be enough. Otherwise, making radical decisions based on the User-Agent defeats the whole point of having web standards.

To be fair, that notification is for the benefit of the everyone. Users are too lazy/ignorant to switch browsers. The notification pushes them over the edge and prompts them to switch. They get a more secure and overall better browser.

On the other side, developers can spend more time developing features instead of fixing IE compatibility bugs.

The notification pushes them over the edge and prompts them to switch.

Pun intended? But seriously, whenever I see one of these browser-blockers (and it seems Opera gets hit too), I just leave the site and never come back. Chances are, your site is not unique and I'll find what I need somewhere else.

developers can spend more time developing features

IMHO, those are "features" which no one really cares about. Stop messing around with fancy CSS and JS, spend the time developing a simple site that almost naturally works in IE too.

> IMHO, those are "features" which no one really cares about. Stop messing around with fancy CSS and JS, spend the time developing a simple site that almost naturally works in IE too.

I agree that targeting of Edge browsers is ridiculous since it's keep current, on the other hand for IE and if the site is non-commercial/personal (commercial sites should really try to be compatible on as many browsers as they can) I don't really blame them if they're wanting to use modern web standards. Microsoft has abandoned feature updates to IE, and sadly only made Edge available to W10 users.

Flexbox in CSS is one example. It was made to simplify the creation of page layouts and content flow and includes various features that were sought-after for a long-time that require hacky or more complex solutions otherwise. The majority of its bugs, or just plain missing features are found in IE10-11 (and absent completely in earlier versions). Either creators design the site to entirely compensate for IE and loose that flexibility (pun not intended), find some Javascript polyfill that actually works/fixes such bugs, or just present some message to users for unsupported browsers (not that it needs to necessarily block the page though). It's just one of several useful features that make things far easier but lacks full/partial/any support in IE.

It's really not. If developers would code to the standards with minimal tweaks there's absolutely no reason someone couldn't write a site without those spammy notifications to downgrade to chrome.

So much this. While on Firefox, Google only pulls that on you once, they constantly reoffer it to Edge users on a nearly weekly basis. And recently, they actually made the bar bigger and more obtrusive.

I filed an issue on the Chromium bug tracker, they assigned someone to look into it, and of course, nothing has been said since.

> While on Firefox, Google only pulls that on you once

To this day, and for years, I continue to receive these messages from Google sites informing me to upgrade to Chrome. I've even had them pop-up on Chromium.

I actually put in a ublock rule to filter out that message because I was so tired of seeing it all the time. Definitely not a one-time thing.

That's because it's not a Chromium bug. You should file feedback with the product you're using, most (all?) Google products have a way of doing this.

I am pretty sure the only way to send feedback to the Chrome team, other than the Chromium bug tracker (which is pretty much the same people), is to send feedback from within Chrome.

Obviously, I don't have Chrome, since my issue is them pestering me to install Chrome. Which I'm not going to do.

On the other hand, if Google wants to prevent their reputation from sinking to the level of "install the Ask Toolbar", one of the Googlers on the Chromium bug tracker will see that it is dealt with.

Just to clarify, the product you should be reporting this on is Google Search, or whatever site you're trying to use the browser on that's giving you the annoying reminder. Not the browser itself.

Chromium != Google. Here it's Google that is pushing Chrome.

I work on Firefox compatability for a major website, and while obviously I agree that we need to stop building websites that only work in Chrome, it isn't always as easy as you suggest.

A large web app is almost guaranteed to run into one of Firefox's many long-open bugs. But the biggest reason in my experience is performance. Gecko's rendering engine is poorly-optimized, to the point where I regularly see a DOM modification take 10ms in Chrome (easily within a single frame) and 1000ms in Firefox (locks the UI and causes the page to flash white).

If you can isolate that DOM performance bottleneck or point me to a live example, I'm happy to pare it down to a minimal test case and make sure it gets fixed.

(We have some enormous architectural changes inbound which should help, but I'd still love to make sure we have a test to prevent regressing)

unfortunately for Firefox, performance issues are a case of death by a thousand cuts.

Here's a product that I'm working on


In Chrome it's buttery smooth on any decent computer made in the past 5 or 6 years. In Firefox it's usable on a powerful computer, but notably worse than Chrome.

On an under powered laptop Chrome is still very usable, not quite 60fps, but probably 30-40fps on moderately complex designs.

Firefox is a choppy mess on low end hardware.

This is a recurring issue with Firefox. It's just ok for regular web browsing, and it's a hot mess for any web app that needs to do any moderately taxing DOM manipulation.

As much as I love Firefox, it's just leagues behind Chrome in regard to performance.

That's a pretty niche issue though, Firefox is much faster web browsing and uses far less resources than Chrome.

Impressive app.

Thanks :)

So long as my web browser is competitive when web browsing I'm happy.

The single largest issue is https://bugzilla.mozilla.org/show_bug.cgi?id=1159042, but as another comment mentioned, there are many different cases that trigger performance bottlenecks.

I agree completely, I only use Chrome and only open FF when I'm about to push a feature or if QA kicks something back. In the same way I don't use a production size DB locally when writing new code (but need to test performance after the feature is complete) I don't use a slower browser in my day to day development because why would I? It would be like given the choice between two computers to work on choosing the slower of the two.

Slightly tangential, but on the topic of browser extensions: the Chrome extension API served as the basis for Mozilla's somewhat recent Web Extension API [0]. Many, if not most, Chrome extensions can run in Firefox out of the box right now (there's even a Firefox extension that lets you install these from the Chrome Store [1]). This has been an incredible development for anybody doing cross browser extension development (which has otherwise been a fair bit more complicated than simply including "CSS prefixes besides -webkit").

Having different browsers compete on things like this and then having the better technology become standardized and implemented in multiple browsers seems like a fairly positive outcome.

[0] https://wiki.mozilla.org/WebExtensions

[1] https://addons.mozilla.org/en-US/firefox/addon/chrome-store-...

"Web Extension API" is exactly the issue at stake here. Chrome develops a new API for extensions. Everyone jumps on it. Firefox abandons it's powerful (although insecure) extension API, and re-writes it to follow Chrome's. There's a lot of marketing-speak around the reasons FF did that, but it really boils down to: Chrome is winning in the extension ecosystem, let's make them all compatible with FF too. At the loss of the entire existing extension catalog.

Firefox's extension system was powerful but there was next to no chance that XUL based UI was ever going to be adopted in the other major browsers. I'm sure that tapping in to the Chrome extension ecosystem was a big factor in the decision but I would argue that the Chrome extension API was also a far better suited candidate for cross browser standardization.

Firefox's extension system was arguably too powerful. Back when I ran Firefox, I regularly ran into extensions that conflicted because they monkeypatched the same parts of the browser UI.

Microsoft Edge is also adopting a Chrome-compatible WebExtension API:


Firefox intends to keep many of the powerful feature in its version of the extension API. The previous API was powerful because it let addons reach in to the guts of Firefox's UI and tweak whatever they wanted. This meant that some parts of the browser were frozen from being changed, and extensions broke every release. There was no public-private distinction. It seems like the plan is to add most of the capabilities that were used by the old addons in the new API, so most of the useful Firefox-only addons should still work.

Another reason is Servo.

> simply include CSS prefixes besides -webkit and use standardized JS APIs.

You mean like when I spent 30 minutes figuring out that text area in chrome is counting new line as 1 letter and firefox is counting it as two ?

You mean the other way around, right? At least for purposes of maxlength....

They should both count it as one now, for what it's worth.

> Skipping testing in IE is one thing. Skipping testing in Firefox is a sin

By most measures, an equal or larger number of people use IE than Firefox.

Removing Google's binary blobs is mitigating one issue, but replacing it with an entire binary blog from an anonymous github user might be introducing new ones.

On that note - can you tell us more about the project? ie. if you plan on keeping this updated long terms (i've watched a lot of promising chromium forks fade after an initial big splash), what your plans are, if you'll you accept contributions, how the binary distributions are built so we can verify the checksums, if you can tag the Chromium releases from Google so they can be verified, etc.

I've had the idea of a chromium fork with privacy enhancements in the back of my mind for a while now (turns out a lot of people have) specifically to replace Tor Browser and/or have a lighter browser (without canvas, webgl, webrtc etc.) with better defaults (ie. no hardware access, location, notifications, cookies, history, etc.) for opening links, private browsing etc[1].

This may be a good base to work on - assuming you want to go beyond just "de-googlify"

[1] I think there is a real need for an alternate browser that is lightweight[2] and has stricter privacy and security controls - with proper user segregation (ie. you really don't want to open random links from social media in the same browser session as where you're logging into your primary accounts).

[2] ie. do to Chrome/Firefox what Firefox originally did to Netscape - and Chrome would be the better foundation to work on

> a lighter browser (without canvas, webgl, webrtc etc.)

Please do not do this. Webgl and Webrtc are fundamental technologies needed to efficiently do basic activities like process an image or send sound data to another user.

I am all for a "lighter" browser, by removing UI, removing dev tools, etc. Get rid of the stuff that's not required to make a web page work well. But WebGL and WebRTC are cornerstone technologies for the web to thrive. WebRTC is critical for allowing open source software to thrive in particular (allows apps that don't need a central server) and WebGL is critical in particular for web software to compete in the AR/VR age. We need 100% browser support on these two APIs, and we need it yesterday.

I realize these technologies are not currently doing anything for you. I sympathize. But we need them in browsers now so that we can use them in 10 years.

Please, please, please jetsam other parts of the ship before you cut those features.

>Please do not do this. Webgl and Webrtc are fundamental technologies needed to efficiently do basic activities like process an image or send sound data to another user.

>fundamental technologies

>basic activities

>process an image or send sound data to another user.

We must live in different worlds, those are not "basic" or "fundamental" to me. I'm not sure I've ever used either.

>the AR/VR age

You're overstating how important these technologies are. Maybe in 10 years but only time will tell.

IPFS already has a peer-to-peer chat room that can share messages, files, and streaming videos without a central server. This means users have a way to share content without worrying that it could fall into the wrong hands or be censored by big entities like corporations or governments. And it all depends on tech like WebRTC.

That kind of infrastructure is crucial to the freedom of information and therefore the freedom of global citizens. You will not realize we need it until it's too late.

The revolution will not be televised, it will not be in your news feed, it will happen in the streets and in the minds of citizens, and we need to prepare ourselves with the proper tools for that time, because it is coming sooner than you think.

I would be interesting to make a browser where these things are by default unloaded plugins with the ability to detect when they are needed. Then the best of both worlds are present... no? Some people wish they didn't have to pay the costs for these things because they never use them.

I think you would like Beaker Browser (https://github.com/pfrazee/beaker) that comes with out-of-the-box support for normal HTTP, Dat and IPFS

What cost do you think is being paid that would be mitigated by the complexity of a plugin system?

You are misunderstanding. WebRTC itself already needs a central server.

Also, what you described is certainly a good thing. But I'm pretty sure it doesn't _have to_ be done in a browser.

I'm sorry that you've never used them, but I most certainly have for various projects. I can't use - much less recommend - any product that breaks stuff that I've built both personally and professionally.

>removing dev tools

Hold your horses! The introduction of dev tools was one of the best things to happen to browsers. Removing them would take away opportunity from a lot of people in learning web development, and would also lead to websites having more bugs.

My mom doesn't need dev tools preinstalled in her browser. Though I doubt removing them would make the browser faster/leaner.

Is there something particular about your mom I should take away here? Or moms in general? Or women? Or older people?

My mom, like yours, would have no use for dev tools -- because she's just not interested. And neither would my brother, but my grandma would have loved learning about this stuff if she had lived long enough, and my kids have discovered this "secret hacker mode" all on their own and are delighted.

Chill out. My mom is the most common non-technical person I deal with. No need or reason to assume sexism, ageism, motherism, or any other isms. The only take away from my comment should have been "Hey, non technical people don't need developer extensions".

Yeah, but you will need it when your mom calls you asking for help with some broken website she is trying to use :)

Really? Do you commonly debug random websites for your mom?

Yes, I do that more often than not. Specially during that time of the year when you need to do the tax declaration and use the utterly broken government websites. One common problem that I have to fix is that the Brazilian government likes to issue their own SSL certificates which are not accepted by any browser, therefore I keep the requests tab open and look for any Ajax requests that was blocked due to SSL errors.

You can hardly see source in Chrome without the dev tools. The Ctrl+U "functionality" just generates huge HTML document (a table filled with spans to highlight syntax) and it is very slow on large websites (both generating it and rendering I'd assume).

The CTRL-U is just the HTML part of the page. Not the CSS, images, or the other stuff.

Source HTML even, so whatever javascript changed is not there.

But for fun and laughs I saved js-generated source of a pretty big web page, opened it, and then pressed CTRL-U. It took 50 seconds to generate and render the source view. No wonder...

> document.getElementsByTagName('*').length

< 956632

(should be fun to go deeper and save this html, and then go ctrl+u on that)

edit: Tried it and it's been choking on the next "level" for the past 9 minutes. The tab is at over 1.5GB memory, I'm going to kill it.

I'm using Chrome and pressed Ctrl-U. Nothing happened. What was supposed to happen?

Usually, a new tab opens whose address is "view-source:$URL_OF_PREV_PAGE". Obviously, it's not terribly hard to replicate by hand, but that's weird. As has been said since the days of old, "it worked on my machine".

That's nothing to do with Chrome though, that's how the HTML is.

But the idea to generate that huge HTML by javascript to display source is weird. Especially when it takes half a minute for a big web page.

I'd actually like a 'light' web browser, made for nothing else than 'web browsing'...

Some time ago I tried Lynx and I liked the idea, It was waay simpler that I'd like, but in the other hand I feel that interfaces made for web are always crippled compared with desktop interfaces (from G docs vs MS office, up to clara.io compared to blender).

For web browsing I think that something between a browser and Lynx is something that I would use, most of the time I am interested in the content more than the aesthetics or the pixel perfect alignment of visuals... and if I was interested in an application (that requires the newest tech in browsers) most of the time there is a better tool for desktop.

> I realize these technologies are not currently doing anything for you. I sympathize. But we need them in browsers now so that we can use them in 10 years.

6 years ago many people didn't even knew what web browsers were (What is a Browser? https://www.youtube.com/watch?v=o4MwTvtyrUQ)

I don't see a problem with this - most browsers with "other" or reduced functionality are niche products at best. They're relative cheap to provide and they don't affect the greater web itself.

If you get right down to it, what you need to make a web page work is HTML. That's it - WebGL and WebRTC are interesting, but the web isn't going to die if one browser doesn't include them. Lynx still works fine without them, after all.

I'm seeing a lot of alarmism from people who I'm guessing have vested interest in those products, completely forgetting that Chrome, Firefox, Explorer and Safari (in no particular order) are what drive the current state of the modern browser.

Two years ago a Chrome dev commented on these points[1] and claimed that Chrome "does not spy on you" and that the only binary blobs are codecs and a PDF reader, not any other secret browser code. He/she states the fear is misplaced and unwarranted. Any thoughts on this?

[1] https://www.reddit.com/r/chrome/comments/1xsxjv/best_browser...

That kind of browser sounds useful, more so particulary on mobile devices Chrome/Android/Google is incredibly 'sticky' in that it tries to quietly log you in all the damn time.

In what sense? I’m using Chrome Beta on Android, and I don’t recall being prompted to log in. Perhaps there was such a prompt during initial setup, but it has never tried to log me in quietly since.

On a fresh Android, at first boot, it will ask you if you want to sync stuff. I always choose 'no'.

I then proceed onto the settings app, into 'accounts'. There, I tap 'Google' and lo and behold: App-data, Calendar, Contacts, Google Fit Data and People details are all ticked to sync.

I turn them off.

Then I open the default browser. It logs me into Google, by default. I have to explicitly tell it not to.

Google really really wants users to be logged in. That is my experience anyway.

And exactly mine, I flashes a ROM with pico Google apps, installed FF so chrome doesn't exist on my phone at all.

> and/or have a lighter browser (without canvas, webgl, webrtc etc.) with better defaults (ie. no hardware access, location, notifications, cookies, history, etc.) for opening links, private browsing etc

We are building one [1]. Contributions are welcome! In the meanwhile, the ungoogled-chromium project in combination with uMatrix is I think a great way to transition away from Chromium.

[1] https://github.com/UprootLabs/gngr

"Anonymous github user" part is very true. I am not about to install random binaries from the internet. I wish there was reputable org behind the builds. I'll stick with google binaries unless somebody knows a good alternative.

Down the thread somebody mentioned Iridium project. That looks way more trustworthy https://iridiumbrowser.de

What are your thoughts or impression of OPERA? It has private browsing etc.

They really restructured their whole browser several years ago specifically to switch to the chromium platform. I apologize I didn't mean to butt in I was just curious.

You might want to check out - https://ffprofile.com/ Creates a Firefox profile with the settings you want.

Hey guys, I'm the developer. I was really surprised to see the number of stars on GitHub suddenly skyrocket, and I think I found why. Thank you all for your interest in my project!

Feel free to make an issue (for questions, suggestions, or bug reports) or a pull request anytime. I might respond to a few more comments here before calling it a day.

> Disable JavaScript dialog boxes from showing when a page closes (onbeforeunload events) Bypasses the annoying dialog boxes that spawn when a page is being closed

That seemed pretty random, and not related to the ultimate goal of the project. Are there other normal features that are disabled, that don't relate to Google at all?

I like that feature, it's often more useful than not.

Good work!

BTW, how easy is it to add FF + noscript type of features to chrome?

--- Only enable JS on whitelist websites - all others are default disable unless user explicitly temporary or permanently enable it.

It is in the settings for Chrome.

Settings->Advanced->Privacy->Content: Cookies->Keep until quit + exceptions you choose. Javascript->Deny all + exceptions you choose.

When you browse there is a little icon in the address bar to whitelist a site. It is a bit of a pain at first but it makes things a lot safer. When you go incognito it will forget which sites you whitelisted at session end, so you are not enabling a site forever.

I can also recommend the EFF Privacy Badger and the Cross Domain Request Filter extensions. CDRF needs to be updated to work in whitelist mode instead of blacklist mode, but it is still pretty cool. I also like Poper Blocker, but their telemetry mode is wrong.

I'd really like an in-browser firewall which also blocked extensions by default. Something with an inspectable rule set.

See also: Whitelist Manager, comes with source code.




https://chrome.google.com/webstore/detail/whitelist-manager/... https://github.com/unindented/whitelist-manager

For people as conciuous as this, I highly recommend uMatrix. It is a switchboard that easily lets you control anything (from initial request to frames) per domain.

uMatrix is fantastic, though it has a relatively steep initial learning curve.

Great project! If you could look into making ARM/raspbian build available I would be superhappy..

I would like to ask you some questions about the project, what is the best method to contact you?

Is there a decent alternative to Chrome on Android? I am absolutely, nauseatingly sick of ads on mobile. Almost every news website I visit fills the browser with full screen ads that are infuriatingly difficult to close, change the scrolling behavior and viewport in an entirely unusable way, or try to launch Google Play Store links in the background. It's so annoying, and definitely to the point of being one of my top ten frustrations in life.

The last time I used Firefox on mobile, it didn't integrate well with the phone UI. It felt clunky, the fonts were bad, and the viewport was wrong on many websites.

I feel like Mozilla would do the most good in the world by spending more effort on a mobile browser. Mobile Chrome is flat out disgusting and abhorrent, but I haven't found anything else that's remotely as performant. It just sucks that Google refuses to allow extensions to protect their ad revenue.

Are there any good alternative browsers that block shitty, intrusive, and entirely irrelevant mobile ads? Are they open source?

I use Firefox on Android, with uBlock Origin plugin.

It's not perfect. There are deviations from the usual "Material Design" UI standards. Some sites don't render properly. It's slower. But it's worth it to me.

A user agent switcher helps too. Google intentionally hobble their own websites (can't access search tools, for example) if you use Firefox, but changing the user agent made things work well for me. YMMV of course, but I used the "Android Phone" setting in the "Phony" extension for years and had far fewer problems than I had using a Firefox user agent.

>Google intentionally hobble their own websites (can't access search tools, for example) if you use Firefox

Do you have more information on this?

Open Google Search in firefox mobile, and try to add a search filter.

I recently switched to Firefox on Android as well, specifically for uBlock Origin support, which has significantly improved browsing overall. Only issue I have is that default apps won't open for links. Otherwise I've been very happy with it.

As I have only just learned higher up on this page, FF has an Android button in the URL bar to switch from, for example, a Youtube page to the Youtube native application. I was missing this too!

Unfortunately, that button doesn't appear until the site is fully loaded, so if you really want to load YouTube in the app, you sit there staring at your screen for two or three seconds, angry at FF for not just doing what you want and opening the site in the native app. For those of us in rural areas with crap connections, it can be five or ten seconds for Firefox to get to a state that it decides the site is fully loaded and let you leave the app.

I tried using FF on Android for a while. If I saw a page with a link to a YouTube video, the fastest way for me to watch the video was 1) Copy the link to the clipboard. 2) Open Chrome and paste it in 3) Click the link.

Lots of apps are bad actors like this - Facebook, Twitter, etc. In those cases, when you click a link in a post or tweet, you go there in their own built-in browser, trying to keep you in their app. But, they give you the ability to turn it off. It's in the app settings if you look.

Firefox doesn't have this. You have to wait until the page is fully loaded, and then decide if it's worth your trouble to open it in the native app now. Most of the time it isn't, it would have been faster in the native app, but you're there now, so eh. For YouTube, it usually is. But it's just so hair-pullingly frustrating.

I use Firefox with uBlock as well and it works. Very rarely do I have problems.

If your main concern are annoying ads, you can try BlockThis [0] which block ads with DNS or use their DNS in your WiFi configuration.

Also you can setup your own ad blocker DNS server with [1] PiHole (works on any linux machine)

Another option is [2]NetGuard firewall with a host file

There're options, nobody likes ads

P.S. All these projects are open source.

[0] https://block-this.com/ [1] https://pi-hole.net/ [2] https://github.com/M66B/NetGuard/blob/master/ADBLOCKING.md

If you're rooted you can download AdAway from F-Droid. It uses the hosts file so it blocks ads in more than just the browser. Occasionally, an ad gets through but overall I've found it to be very effective.

Netguard [1] is a loopback firewall (installs as a local VPN) that doubles as an adblocker if you install the version from github [2]. I installed from the play store and used the IAP to contribute to development before swapping to the github version (the version on the play store can't block ads [3] due to it being a ToS violation)

Note that one of the recent updates [4] introduces ads for the free version. But not if you buy any of the pro features. Seems a fair trade, plus it's open source (which makes me slightly happier about routing all network traffic through it)

[1] https://play.google.com/store/apps/details?id=eu.faircode.ne... [2] https://github.com/M66B/NetGuard/releases [3] https://github.com/M66B/NetGuard/blob/master/ADBLOCKING.md [4] https://github.com/M66B/NetGuard/releases/tag/2.45

Not a true answer to your question, but ... stop visiting those sites? Hopefully the site operators keep some metrics on how intrusive ads affect their bounce rate. Whenever I end up on a site that pops up a full-screen overlay, 9/10 times the link I followed did not sound interesting enough for me to tolerate the ad, and I hit the back button. There is so much more to read.

I'm using Opera. It has an integrated ad blocker. I also use a 4Mb hosts file to block ads and malware domains, but you need to root your phone in order to install that.

Lightning on f-droid.

I really like Firefox with uBlock origin.

Firefox UI and performance on desktop has been pretty meh for me lately. But on mobile Android, chrome is terrible and awkward to use. I feel like everything it does is both slow and the opposite of what I expect. Firefox with uBlock origin on mobile has been a really enjoyable experience. On the other hand, I'll starting to like Firefox developer edition on desktop.

"Googlification" has been my main reason for avoiding chrom{e,ium} until now. This could become my main browser.

IMHO Chrome has a better track record than Firefox when it comes to security issues, but Firefox has better privacy.

Have you tried Brave? I've been using it on the side and it's speedy and constantly improving.

Not OP, but I tried it some time ago, haven't checked back on it since. How is it privacy-wise, comparable to FF?

No, Firefox (same as any of the big four) does not block ads or trackers by default. Brave does. We also have no-script and fingerprinting protection, currently opt-in by site (but we hope to engineer f.p. to on by default).

Blocking 3rd party ads and trackers really speeds things up!

Isn't privacy a moot point when firefox's security history has been much worse than chrome?


This probably got downvoted for snark, but it's true. The worst Chrome might do is help Google target ads better (if you don't change the defaults).

The worst Firefox might do is get your machine pwned.

> The worst Chrome might do is help Google target ads better (if you don't change the defaults).

Chrome is the one running any x86 binary the website presents it with, only trying to run a static verification that it won't do anything evil.

Chrome is far more at risk of pwning you (and NaCl sandbox breakouts have been quite common).

You mean "the website" which is accessed over HTTPS and more likely than not has its key pinned internally?

Point is, Chrome falls every year at Pwn2Own just like every other browser, but only Firefox has been excluded because it's too easy.

> You mean "the website" which is accessed over HTTPS and more likely than not has its key pinned internally?

Any website can run NaCl code, you realize that? Even TIDAL uses it on its site for native playback.

Even pages only accessed over HTTP.

something seems off about that

Looking through the previous year's results, it doesn't seem like firefox has done especially poorly?

And as noted in https://redd.it/45epd7, firefox multiprocess is sandboxed, and it does have security features that other browsers don't have

so... IMO it doesn't seem like the reason given is quite genuine?

> Replace many web domains in the source code with non-existent alternatives ending in qjz9zk (known as domain substitution)

How does this play with the HSTS preload list? That'd be quite the baby to throw out with the bathwater.

edit: well, I don't see anything like "transport_security_state_static.json" in this list here, so maybe it's fine: https://github.com/Eloston/ungoogled-chromium/blob/master/re...

edit2: The preload list seems to be excluded from domain substitution explicitly. Yay! https://github.com/Eloston/ungoogled-chromium/blob/4bbfff447...

It's unfortunate that valuable and useful privacy enhancements were combined with "wishlist"-level changes like "disable the tab close event in Javascript".

While many may not like the uses of that event, it taints what otherwise could have been a "purely about privacy" fork of Chromium with non-privacy opinions.

Yes, I've realized this and made an issue for this: https://github.com/Eloston/ungoogled-chromium/issues/38

If you have the computing resources, you can easily take out the patch that does the "wishlist" changes you don't want.

Neat! Thank you for considering it.

Is there a browser build or plugin extension that has a separate cookie jar for each tab that follows the tab?

My ideal browser has zero persistence and each tab maintains its own cookies. Links opened as new tabs would share the parent's cookie jar, but separate tabs loaded to the same page could both be logged in at the same time.

Keep in mind that cookies are just one of the many "storage backends" that websites can potentially use to track you.

There are stealth techniques such as browser cache hits, browser configuration fingerprinting, and even system clock drift, that can track you beyond cookies.

You would need a separate browser profile or even a separate OS for each tab (see Qubes OS) to be on the safe side.

I think you'll love ghost browser ;) https://ghostbrowser.com/

Sounded good, so I typed in an email address on their registration form. Then:

> Create an Account Password (You will use this to log in to the browser to activate it)

Uhm, no.

From their page:

> Each group of tabs, separated by color, is its own browsing session with its own cookie jar


> Log in to one web site with many accounts simultaneously


> Use with Mac OS X or Windows


Would need a Linux build as well (actually that's the only one I need). Otherwise, looks cool though and will be keeping an eye on it. Thanks for sharing!

Looks interesting but I wouldn't trust a closed source browser.

All I get is 403.

Interesting, I can open that page in Chrome, but when I go to open it with Vivaldi, I get a 403.

Firefox is working on Container Tabs feature and similarly Brave has Partitioned Tabs feature.

I remember when Chrome launched. It was extremely zippy, felt fast and lean and had a clean interface. Adoption had yet to take off.

Those days it was all technical, google was perceived first as technically proficient and their agenda was to produce a fast and efficient browser. Many people could and did align with that.

Now there are too many question marks about Google's motives and agendas and Chrome does not feel like a technical achievement, it feels burdened by all these agendas.

Firefox is supposed to be the default go to when in doubt but why do you need such a large coporation to develop a fast and lean browser and here too there appears to be conflicting actions and agendas.

Now more than ever we need clean open source projects with no agendas but because of growing complexity its becoming increasingly impossible for small groups to do, and I think we have not evolved open source structures to deal with this yet.

Tangentially related, but I'm curious why non-Firefox and non-Chromium browsers don't get more love.

Started trying out alternative browsers a while ago--vimb, dwb, and luakit--and enjoyed their snappiness and customizability.

Recently, however, I discovered uzbl and fell in love. It feels like everthing a shell for the web should be.

I am unsure whether I should be worried about security pr something though. Would love to hear others' input!

Reminds me of "Iron"

> a freeware web browser, and an implementation of Chromium by SRWare of Germany. It primarily aims to eliminate usage tracking and other privacy-compromising functionality that the Google Chrome browser includes. (https://en.wikipedia.org/wiki/SRWare_Iron)

First released 8 years ago: https://www.srware.net/en/software_srware_iron.php

This is awesome.

One of my biggest gripes with Chrome is the inability to stop a rogue site from playing audio (on top of the music I'm listening to in another tab). CNN is one of the worst, as soon as I find the freaking video on the page and try to pause/mute it, the video controls slide away. Why can't Chrome allow me to just turn off audio on that tab? I have assumed Google doesn't give us that because it will interfere with their advertising or something.

(maybe there is an extension that will help? I haven't found one)

> Why can't Chrome allow me to just turn off audio on that tab

Well this feature is built into Chrome. Just right click the rogue tab and click "Mute Tab"

Or click the audio icon on the tab that appears when the tab is playing audio.

Is this browser expecting me to use TOR? Welcome and extensions pages on new tab pages wants me to go to http://www.9oo91e.qjz9zk/ domain.

I'm not finding anything about that in repo readme page. This looks odd and suspicious. Because it's even blocks requests there -> http://imgur.com/a/UnMu8

That isn't a tor URL. I assume it's simply a lazy way of stopping requests to google services by replacing the domains with invalid ones.

Edit: see https://github.com/Eloston/ungoogled-chromium/blob/8dd86477d...

Yes, it is a lazy way of stopping requests. I also modified Iridium's "trk" scheme code to pick up domains ending in qjz9zk so I can notify the user.

Could probably make use of the .invalid TLD for this. Should definitely result in less confusion, and it provides something a bit more searchable if people are concerned

    - doubleclick([A-Za-z\-]*)\.net#60u613cl1c4\1.qjz9zk
    + doubleclick([A-Za-z\-]*)\.net#doubleclick\1.g.invalid

Does qjz9zk have any significance? It seems a little elaborate for a fake domain :)

It seems like the developer mashed the keyboard.

Great, the released binaries also seem to be compiled with proprietary_codecs=true, that means H264 videos are working (by default Chromium is not compiled with this flag).

Just as a post about Googles next generic Whatsapp-clone (with x-size-larger emojis) will get some 500+ upvotes, so too will a post like this get upwards of 200 votes.

The HN community really is polarized ( or so it seems ) about these data-harvesting companies and issues like privacy/transparency.

My thought then, is which group is larger here (privacy-aware vs. GooAppFace )

well there was a privacy bait-and-switch with Allo, wasn't there?


I haven't seen a discussion with that many downvotes in a long, long time. Downvotes for no apparent reason.

Either there are a lot of Google employees here on HN, or a lot of Google fanboys. Or both.

Very cool work. The Chromium source isn't easy to go through. I'm glad that it's open source though.

On a purely utilitarian note: does this have auto-update functionality?

The readme refers to "Google Host Detector" in the (original) Chromium source. Does anyone know the purpose of that?

This patch https://github.com/Eloston/ungoogled-chromium/blob/master/re... seems to contain the details of what is removed. Most of it seems innocuous enough, except the tracking (?) headers appended on some Google sites.

How is this different from Iridium browser?

Correct me if I'm wrong, but doesn't this remove Safe Browsing? Not a good idea.

Yeah, seems like it: https://github.com/Eloston/ungoogled-chromium/blob/master/re... and https://github.com/Eloston/ungoogled-chromium/commit/9163f6e... and https://github.com/Eloston/ungoogled-chromium/blob/master/re...

That is a very bad idea. I sympathize with the idea of the project, but please think twice before meddling in security things. See https://news.ycombinator.com/item?id=9779990

I filed an issue to explain the risks: https://github.com/Eloston/ungoogled-chromium/issues/50

I have no interest in my urls being sent to google for "security checking" (I am aware of the hashing)

Then you can disable SafeBrowsing in Chromium's settings. My point is that disabling it without warning users about the risks of doing so is a bad idea. If you make an informed decision to disable it, I won't try to stop you.

Then run your own safe browsing list.

Connecting to a foreign company in a country that directly threatened you with invasion and relying on that for webbrowsing is not acceptable.

Well and how would I go about that? Your suggestion doesn't make any sense because it's not viable.

There's a setting to disable SafeBrowsing in Chromium, too. You can just disable that. But force-disabling it is dangerous.

I'm not sure what your point you're trying to make with the invasion comment.

> I'm not sure what your point you're trying to make with the invasion comment.

My argument is that browsers aren’t just used in private use, but also in governments, in military companies, etc.

If you rely on anything phoning home to a company that’s in the country of a potential enemy, that’s a very stupid idea. (And thanks to the Den Hague Invasion Act of 2001, even Europe knows the US doesn’t give a fuck about allies)

> Well and how would I go about that? Your suggestion doesn't make any sense because it's not viable.

Well, ask Google. It’d be viable if they had intended for an actual safety infrastructure, and published the required information to self host, and not just another way to phone home.

On Linux Mint I get

Error:Dependency is not satisfiable:libavcodec-ffmpeg56(>=7.2.4)|libavcodec-ffmped-extra56(>=7:2.4)

Suggestion -

The repo does not provide install instructions. For a highly not tech privacy enthusiast, I find it difficult to install for linux.

Never try to install a package intended for Debian or Ubuntu on another distribution that just happens to use .deb files, unless you have experience dealing with package dependency issues and similar problems. Either use a package intended for the distribution, or use a binary, or build from source.

That looks like a version of libavcodec specific to one version of Ubuntu; that package will never work on Debian, another version of Ubuntu, or most non-Debian distributions.

Ha! This is one of the reasons* Chrome ships with its own copy of ffmpeg which this fork decided was a bad thing.

* the other being security updates for ffmpeg

It's a bad thing for Linux platforms, which should use the system version of ffmpeg; however, that's something much easier to solve when you're actually the Linux distribution, rather than a third party.

Note that many of the changes in this fork come from the Debian packaging of Chromium.

IMO Google is in a better position to deal with ffmpeg security updates than Debian is. Google is spending a lot of effort into fuzz testing ffmpeg[1] and other components of Chrome and also rolls out updates very quickly.

I'd expect the distro ffmpeg to not need as much updating if you're only using it for local media that you trust. But Chrome's ffmpeg has to decode media from untrusted sources so it's important that security bugs get fixed ASAP.

[1] https://security.googleblog.com/2014/01/ffmpeg-and-thousand-...

Can't wait for Flatpak or Snappy to make end-user binary distribution a breeze

I can, they're not really all that great as an alternative.

Use a better distro with a better packaging mechanism. Instead of inventing something new, use something that already exists.

Yes, technological process often comes from not inventing something new. I don't have strong opinions on snappy aside from the name being silly, but taking anti-NIH to the extreme is not how we advance the industry.

It's not extreme at all. All you have to do is install a distro with a good packaging system. Arch is wonderful, and I've heard good things about Void and Gentoo.

Imagine a package system where you could ask to download node.js, and you'll get the latest version. And that's it.

Better yet, imagine having to build a package from source and installing it. You could do it by hand, leaving orphan files all over your system. Or you could write a PKGBUILD that handles installing dependencies, building, and packaging, all in one go.

That's what running Arch feels like. Being able to install fresh popular packages, and being able to easily package your own. Try it sometime.

> It's not extreme at all. All you have to do is install a distro with a good packaging system. Arch is wonderful, and I've heard good things about Void and Gentoo.

Depends what you classify as criteria for a "good packaging system". Arch didn't even sign their packages until a few years ago, and the build system for their packages is not very good IMO. What makes Arch great is the fact that they have a large library of very up to date packages. Personally (though I'm biased) I like openSUSE's package manager (zypper). It's an enterprise-grade package manager that supports things like patterns and can differentiate between security updates and regular updates. It also supports delta RPMs for patching.

> Better yet, imagine having to build a package from source and installing it. You could do it by hand, leaving orphan files all over your system. Or you could write a PKGBUILD that handles installing dependencies, building, and packaging, all in one go.

rpmbuild has this. And there's also OBS (the open build system) which was originally written by the openSUSE community but supports many other distributions (including Arch as well as Fedora, Debian and the other usual suspects).

Right. I'm not advocating for one particular distro. I'm just advocating that people stop using distros with bad package management.

Thanks for the list of other stuff to check out, by the way.

FWIW, I do agree that snappy is the wrong solution to the problem. The correct solution is backing proper package managers. So I think we're in agreement. :P

There's literally nothing special about arch or pacman. It's just like any other package manager with newer packages.

You're right. It's just that the people who manage packages for those distros are actually sane. I can't believe people are still on kernel 4.4, or nodejs 0.10, or whatever.

Although there is something special about the PKGBUILD ports system. Here's how a well-behaved open source package is built: https://git.archlinux.org/svntogit/community.git/tree/trunk/.... And here's how Arch Linux's kernel is built: https://git.archlinux.org/svntogit/packages.git/tree/trunk/P...

It's pretty fantastic. And it means that if a package isn't available in the repos or on the AUR, you can package it yourself in less than an hour.

For what its worth, Linux Mint is generally considered a Frakendebian and pretty bad. I used to use it until I did a bit of reading in to debian distros and Mint's practices. It made me sad.

https://lwn.net/Articles/676664/ https://wiki.debian.org/DontBreakDebian

The nice compromise that I've found is Ubuntu Mate, which seems to do away with Ubuntu's Bloat and Unity crapness, but still maintaining a Debian distro that operates properly (everything comes upstream from Ubuntu repo's)

Just something to consider. People might have some other opinions on Mint which would be good to hear too.

I didn't think the project needed one. After all, I explicitely stated the distribution and version that the binaries are for. If you're looking for a statically-linked Linux binary, that will come in the future: https://github.com/Eloston/ungoogled-chromium/issues/41

There's a huge discussion in this thread on tabs being slow, which made me wonder: is it necessary for browsers to have tabs?

Windows desktop apps work great without tabs. Could life be better without tabs?

There was a time when browsers had no tabs at all. I remember clearly Internet Explorer 6 had no tabs and Microsoft added it in version 7 to catch up with other browsers.

You must be in your 20s or younger :-D

I wonder how https://twitter.com/taviso feels about yet another Chromium fork

My only issue is that GotoMeeting doesn't work with Chromium, only with Chrome. Otherwise I would already have removed Chrome a long time ago.

The GoToMeeting web client works in Chromium on Arch for me. Perhaps it's worth another go?

I retry GoToMeeting wtih Chromium from time to time, using Debian/Testing just to be sure it isn't too old. Still, no luck. Most parts of the page do work, but there is no audio.

I dont use Chromium because I dont trust Google, but I use Vivaldi but not sure how much Googlization is in it for spying.

Do extensions work with this build of the browser? I cannot seem to install Privacy Badger from the Chrome webstore.

For those who want to take up a challenge - fork a version of Chrome Android with extension (aka AdBlock) support.

Is geolocation still using Google Location Service or has that been replaced with a different provider?

+1 Will be my new default when home. Does it support uBlock Origin?

Yes. I use uBlock Origin with it daily.

While I applaud the effort that's gone into this, I urge people to consider (and use and contribute to!) Firefox. It's one of the last truly open-source browsers - both in terms of source code visibility (which Chrome(ium) has), and in terms of being able to contribute (which Chrome(ium) has not).

Why do you say that it's not easy to contribute to Chromium? Also the "last truly open-source" browser is hyperbolic given that Chromium is both open-source and is also developed in the open[1][2][3]. If anything over the past few years it has become more open-source as many components have been upstreamed (e.g. pdfium, android/ios stuff, etc.)

[1] Chromium bug tracker: https://bugs.chromium.org/p/chromium/issues/list [2] Chromium code reviews: https://codereview.chromium.org/ [3] Chromium development mailing lists: https://www.chromium.org/developers/technical-discussion-gro...

It doesn't matter if it's open source - it's an issue of trust. Firefox has never secretly downloaded binary blobs in the background which listen to my microphone without my permission or knowledge.[1] Chromium lost all my trust that day, even if none of my private conversations/data made it to Google that particular time.

[1] https://bugs.chromium.org/p/chromium/issues/detail?id=500922

If anything, the whole Sponsored Tiles push (https://twitter.com/dherman76/status/433320156496789504 https://blog.mozilla.org/advancingcontent/2014/02/11/publish...) and attempts to justify ads in the browser as "user-enhancing" made me very wary of Firefox. Moreso than Chromium.

Why? From what I’ve read, it was completely harmless. I smell FUD :-)

A subset of the tiles are paid advertisements. "Completely harmless" depends on your point of view. Personally, if I have a choice, I'll opt for the browser that doesn't show me "sponsored content" on first boot, just out of principle.

IIRC, the sponsored tiles only appeared on new installations and they weren’t targeting the user (i.e. the user’s privacy wasn’t compromised). I dunno, I remember reading about this and thinking how meaningless it really is and how grotesque the negative response is.

People overreact. When I saw that, I sighed and went on with my day. I consider unsolicited advertisements an unconditional negative, and for Mozilla to say that they included them because they think I'd like to see them is mildly offensive. I've got some similes in mind, but they all seem too over-dramatic.

Mozilla's done a few other things that I mildly dislike, and they tend to clump together in my mind. Nothing that's a big deal, but enough that I usually keep a copy of Pale Moon on the machines I use most often.

I think it's only fair to tell people when they've been downvoted.

I downvoted you because that smug sarcastic smiley really set my teeth on edge.

Whoops! My intention with that smiley was to not appear negative :-) (I do think it’s FUD.)

Seeing the suggested plugins pushed onto you on a special first page of "Add-ons" include Ad-Block Plus definitely made me worry about the death of the old, free, Firefox.

The fact that it had the ability to listen to audio shouldn't be the issue, since it wouldn't do that unless you explicitly enabled it. Your grammar is kind of ambiguous there. Certainly it was downloaded without permission, but it wasn't listening without permission.

Any web page can listen to your microphone if you allow it to, and the code for it can be downloaded without your consent, even if you have JavaScript disabled, if it's embedded in the HTML code.

> even if you have JavaScript disabled, if it's embedded in the HTML code.

how so?

I think the point is that if you disable JavaScript, inline JavaScript is still downloaded.

> which listen to my microphone without my permission

This part is inaccurate. See: https://bugs.chromium.org/p/chromium/issues/detail?id=500922...

> You don't have to take my word for it. Starting and stopping the hotword module is controlled by some open source code in Chromium itself [3], so while you cannot see the code inside the module, you can trust that it is not actually going to run unless you opt in.


> I hope this explanation is satisfactory. I am closing this as WontFix because it is already an opt-in feature, and Debian has already removed the component in their distribution of Chromium [2].

I've read the comments on that bug thread and I really struggle to see anything sinister that doesn't require several visits to the tinfoil haberdashery. There are problems around governance, communication and lack of respect for the priorities of the OSS community - but to see this as a failed attempt to listen to the conversations of Chromium users without their consent strikes me as verging on conspiracy thinking.

Firefox downloads OpenH.264 blobs and are working on supporting EME blobs.

That gets into the entire H.264 licensing issue. It's a trade-off between open source and wanting to support H.264 HTML5 video. (instead of just webm) :-/

The source you link to explicitly says that it does not listen to your microphone without your permission or knowledge:

> First and foremost, while we do download the hotword module on startup, we do not activate it unless you opt in to hotwording. If you go into "chrome://settings", you will see a checkbox "Enable "Ok Google" to start a voice search". This should be unchecked by default, and if you do not check it, the hotword module will not be started.

Except it does bind into the microphone and consumes audio stream using standard OS APIs, it just doesnt propagate it further .. as far as we know.

It certainly matters with respect to the point that the top level commenter was making.

They fired a founder for retroactive wrongthink (post ex facto). That's pretty disturbing. Hard to trust someone like that.

Meanwhile, Google doesn't return results for guns in the shopping section. So I get to search a bunch of sites and call people like i'm on astalavista in 1998.

Sad Truth: both companies inject a brand of exclusionary (read: discriminatory) politics into their products. I don't trust either.

Eich resigned because his political views made it difficult for him to continue doing his job.

He wasn't imprisoned, nothing was done to him with the force of law. He just had/has unpopular views and accepted the consequences of holding those views.

I struggle to see how the world could be arranged such that we could all hold forth with controversial views, but such that there was never a consequence to holding those views. What would that world look like?

> Eich resigned because his political views made it difficult for him to continue doing his job.

This is a very disingenuous way of describing it. More proper way to describe it would be that a group of political activists put pressure on Mozilla to fire Eich because of his political views, for political reasons, and Mozilla as organization caved. There was no instance of Eich's views ever influencing anything on his job, and no single instance or evidence of any problem with his job. It was a political decision that being friends with political activists is better than keeping Eich.

For me, that ruins the trust in the organization. If they are ready to sacrifice their own top management, would they really stand up for me as a user if that would cost them anything? I don't think so.

> He just had/has unpopular views and accepted the consequences of holding those views.

And now Mozilla has to accept consequences of being the organization which will fire you because you hold unpopular political views. As a person who holds plenty of unpopular views (different from Eich's but still largely unpopular) I want to do as little as possible with such organization.

"There was no instance of Eich's views ever influencing anything on his job, and no single instance or evidence of any problem with his job."

I don't know if that's true. I don't know how many gay folks work for Mozilla, but I'm 100% it's a non-zero number. They might have had a real problem with his donating to Prop 8. I couldn't say whether they did, being neither gay nor a mozilla employee, but I could imagine it might make them uncomfortable, just from the conversations I had with my gay friends when gay marriage was becoming a thing. Given that, I kinda think your confidence that there was "no single instance" of a problem is probably misplaced.

"Mozilla has to accept consequences of being the organization which will fire you because you hold unpopular political views."

Mozilla didn't fire him. He resigned of his own volition, as I and many others have pointed out. You're free to want as little to do as possible with that organization, or with any organization, but usually when I boycott something it's for real stuff, not stuff I just made up in my head. Different strokes for different folks, I guess.

"He resigned of his own volition..."

Yeah, I'm sure he just up and decided to resign with zero pressure from political insiders and the flash mob causing outrage. That's probably what happened.

I for one commend Eich, for putting on his big boy pants and owning the consequences of his actions.

He held an unpopular view, acted on it, and people weren't happy with him. Far better to step down and let the organization right itself, than to try and hold onto his position and his retrograde views simultaneously. Shows real class.

> He held an unpopular view, acted on it, and people weren't happy with him.

Isn't this the plot to every dystopian story ever told ("conform, or else")?

As a lefty, I understand the motivation, but disagree with it- it will never work; you will never change a persons values (positive or negative) via public shaming, all you will do is force the 'undesirable attitudes' underground. As a member of a 'disadvantaged minority', I'd rather have bigotry out in the open and act accordingly. If Trump has as a silver lining, it is dragging all the latent bigotry into the light.

edit: I always like to compare Mozilla to Dropbox. In the immediate aftermath of Eich being forced out, the same boycott mob tried to pressure Dropbox into removing Condoleezza Rice from its board for being a 'war criminal'. In contrast, Dropbox's board didn't blink- they called the bluff and showed unequivocal support for Ms. Rice with a firm "No" and that was the end of it.

Yeah, this resonates with me a lot.

I think humans are meta and that when censorship occurs like this it only empowers the people it's trying to silence. Meaning that while Brandon Eich may personally have had negative impact, I honestly don't think in terms of public opinion that this incident had a positive impact on gay rights. Instead, it's cited as an example of how the 'regressive left' is silencing conservative views, it strengthens their resolve.

I think a large part of it is due to the internet. Meaning, in the past this likely wouldn't have been seen by nearly as many people, and they wouldn't have the ability or impetus to truly impact the individual.

Given the relative ease of denigrating him, plus acting from a place of moral authority(depending on your views...) this is the result. And the 'justice' felt good too, because it was 'right'.

I think about this a _lot_. I can feel the racial tensions even in my neighborhood, it's never felt this fractious before and I honestly believe the perceived(and in many cases very real) levels of censorship are a major contributing factor.

Racism/Sexism/Homophobia - I firmly believe that the majority of individuals can see the immoral and in many cases plain stupid aspects of these. I also firmly believe that a part of developing a healthy moral framework involves 'testing/bouncing off' offensive beliefs between one another so that we can rationalize and come to the conclusions ourselves, not being able to freely 'play' stifles growth.

All the silence does is make people want to go home and release their angst online, we end up with extremely polarized communities where these specific local instances of injustice from both sides are used to justify/re-enforce a narrative. The end result(or perhaps the ongoing/developing and hopefully not escalating) is things like actual white supremacists on /pol/ and #KillAllWhites etc. on Twitter.

I have so much more I could say about this really.

Not all dystopian stories are about non-comformity, and many, many non-dystopian stories involve social pressure or censure.

Social pressure (conform or face consequences) is one of the basic parts of the human experience, so this is unsurprising.

I too like how Trump is pulling a lot of hidden bigotry back out into the open; it gives me a chance to talk with my well-meaning but ignorant lefty friends about how racism really is still prevalent, and a problem.

But it isn't enough just to show it's there, the point is to top up our sense that those attitudes are unacceptable and don't belong in civil society, and that we all still need to keep working on getting those ideas out of the discourse, and so on.

But getting bigoted ideas out of civil society? Well, we're back to social pressure ("conform to my vision of the world where bigotry is no longer a thing").

If, by the way, you think bigoted ideas do belong in civil society, then we probably won't get any further than that.

>I for one commend Eich, for putting on his big boy pants and owning the consequences of his actions.

You might as well commend Soviet dissidents for "putting on their big boy pants and owning the consequences of their actions" when the KGB marched them off to the Gulag. The fact that someone bows to bullying pressure doesn't make the bullying pressure OK.

There was nothing in Mozilla that needed to be "righted" with respect to Eich, except, as it turned out, cowardice and spinelessness. Of course, working for organization that throws you under the bus on the first sigh somebody on twitter is cross with you is no picnic either, so maybe Eich is better of for this.

The only way this will work is if you keep pretending he had no say in the matter. He resigned. Get over it.

By "say" you mean that if he wanted, he could've stayed and Mozilla as an organization would support him and he wouldn't have any trouble? Yeah right.

Of course he would have had trouble, enough that he felt like he had to go. But this was a personal issue between him and his colleagues. Comparing it into company-wide discrimination is not helpful. You're comparing a matter of policy (company-wide discrimination) with a matter of personal politics (can't work with this guy because we don't agree with him, plus he's using my added value as a way to attack my way of life).

The end results are the same but the mechanism isn't. Could his colleagues have been more accommodating of his views ? Maybe. But they didn't. That's a personal problem that comes from a large cultural clash.

> But this was a personal issue between him and his colleagues.

No it wasn't "personal issue". There was no personal issues with Eich, no evidence of anybody having personal beef with him - either because of sexual orientation issues or any other - was ever documented. It was a purely political issue, namely - political pressure to punish Eich for holding a particular viewpoint, completely unrelated to his job performance.

> Comparing it into company-wide discrimination is not helpful.

There was neither wide nor narrow discrimination. There wasn't any. Discrimination was not the issue. Thoughtcrime on Eich's part was.

> can't work with this guy because we don't agree with him

If you can't work with people that disagree with you, you should work as a lighthouse watcher, ranger in a remote mountainous region, hermit or another profession that puts you out of contact with people. People should not have to lose jobs because you disagree with them.

> Could his colleagues have been more accommodating of his views ? Maybe.

Nobody asked his colleagues to be "accommodating" to anything. The only thing was to have minimum decency to not throw out a person because he committed a thoughtcrime. That proved to high a bar for Mozilla. Thus they organization will now have to live with infamy of what they did. It takes years to build trust, it takes one case like this to destroy it.

> That's a personal problem that comes from a large cultural clash.

There was no "clash". Eich did not "clash" with anybody. There was a campaign of personal destruction, which run him out of the job, and which in eyes of many - including me - branded Mozilla as organization which is cowardly, disloyal to their loyal workers, and easily manipulated by hate mobs.

>I could imagine it might make them (gay employees) uncomfortable,

Nobody likes being uncomfortable, perhaps having gay employees made Eich uncomfortable too. But I don't remember hearing about him forcing anyone out of the company or discriminating against anyone under any circumstance.

To prevent his employees from feeling uncomfortable should the government allow Eich to stop hiring gay employees?

> To prevent his employees from feeling uncomfortable should the government allow Eich to stop hiring gay employees?

Oh god, don't give the US Supreme Court any ideas >_>

They already think corporations are people with religious rights, and that discrimination is a thing of the past. This wouldn't be much of a stretch for them at this point.

( You can already refuse to hire gay people (as well as outright fire them) in most states; but Mozilla is headquartered in a state where you can't. If anyone is interested, here is the map: https://mic.com/articles/121496/one-map-shows-where-you-can-... )

> They already think corporations are people with religious rights

No they don't. They think people, when organizing into corporations, do not lose their rights just because they did something together.

Example: you have freedom of speech, and US Constitution and US laws recognize that.

You can print a newspaper and freedom of speech protects you. Now, printing a newspaper is hard. So you ask a bunch of people to help you, and you call these people together "The New York Times Corporation". Is printing the newspaper together still covered as your free speech?

The US Supreme Court thinks yes, it is. I think they are completely correct. To think otherwise would be to say people have free speech right, but only to the point where it actually matters - where they can speak so powerfully and loudly that the government and other people in power have to listen.

In our modern world it is virtually impossible to achieve it without organizing - and so by pretending that after organizing people lose their rights that they had before would be to rob the First Amendment of its meaning and turn it into a sham, when you can only speak freely when it does not matter.

Exactly, you don't know if that's true.

From my personal experience talking to actual mozilla employees and reading blog posts by mozilla employees, that statement looks pretty true. Even LGBT employees supported him through the ordeal. Yes mozilla the company had some problems with it's policies, but from what I've heard directly from insiders, Eich was partnering with the LGBT people to solve their problems and never acted in and discriminatory manner against them. Loosing him hurt their cause and the company.

Please do some research on what actually happened instead of blindly jumping on the popular bandwagon.

Of course there were employees who were unhappy when they learned about his donation. In fact they were quite surprised because of how professionally he did his job.

But I have never heard of any thing he's ever done to act in a discriminatory manner on the job. I have heard of cases where he actually protected such people and helped improve things internally.

> I don't know how many gay folks work for Mozilla...They might have had a real problem with his donating to Prop 8

Does that mean CEOs/management should be forced to resign for donating to the Trump campaign if some of their employees are Mexican immigrants or Muslim?

So you're saying that Trump's policies are discriminatory against specific groups of people?

Based on that premise, sure.

I'm not sure why you're talking about "be forced to resign".

Eich resigned voluntarily, according to Eich and the Mozilla board (i.e. every involved party). No one forced him.

Which type of founder would voluntarily resign from the CEO position at his own company? (esp. a project like Mozilla) Eich resigned under huge pressure after the media broke the story and ran with it for days.

I started an internship at Mozilla right when Eich got fired, and the vast majority of people I talked had the same reaction: "Yeah, his donation isn't bad in itself, but the way he dealt with this polemic shows he's a bad as a CEO" (which does not convince me at all... since, you know, nobody is ready to deal with that type of pressure from the media, unless you're a politician with a PR team).

Bottom-line: As a CTO, he had a lot of engineers reporting to him, many of which were LGBTQ, and Mozilla is known for being one of the most pro-LGBTQ companies out there. He would have most likely been a great CEO to Mozilla, and a donation done personally cannot possibly be a valid reason for asking him to resign (the media, a tiny minority of people at Mozilla).

No. A C level officer is part of the public face of the organization. If one can't handle the binding of their personal life to that face, they should step down.

Great, that's what happened and now FF is in worst shape than ever. Anecdotally, I used to love FF but for the first time since the first released version of FF it is not my default browser anymore. Too much issues, I could not handle my frustration anymore. The silver lining may be Servo, I don't know, but at least I don't see a bright future with this current code base.

> They might have had a real problem with his donating to Prop 8.

So what? I might have a problem with my boss' watch or suit or the shows he likes or the newspapers she reads. Who cares? I'm not marrying him/her, I'm working with him/her. It's irrelevant for the work.

There's no single piece of evidence Eich did in any way impede, discriminate against, was hostile to or in any other way hurt any gay - or straight, for that matter - employee, while working for Mozilla. If there were a shred of evidence, it would be unearthed and paraded by now. It wasn't. Conclusion is it doesn't exist. That's what I am talking about "no single instance". I don't claim nobody ever disagreed with him on anything, because a) that's impossible and b) nobody cares, disagreement is completely normal.

> but I could imagine it might make them uncomfortable,

The idea that everybody should behave in a way that makes absolutely everybody else comfortable and never do anything that could cause slightest discomfort to anybody is one of the most stupid ideas that ever come out of American college campuses. Fortunately, even its proponents don't actually believe in it - they are completely fine causing their opponents maximum discomfort. It's only their own comfort that they aim to protect. Which is fine - but I see no reason why their comfort is more important than everybody else.

Of course, some people - including ones working for Mozilla - may hate Eich's views. So what? If you have views, somebody would eventually hate them. And some would love them. And most wouldn't care.

> Mozilla didn't fire him

Technically, no. Effectively, yes. There are more ways to fire a person than yell "You're FIRED!!!!" to his face. This "his own volition" is a pile of bull, just like saying "oh, your honor, this guy handed his wallet to me on his own volition, and the gun in my hand has really nothing to do with the case, let's forget about it. The guy even said "please take my wallet and let me go!" which I obliged to do. So I don't see what all the fuss is about, it's clearly a voluntary transaction."

> but usually when I boycott something it's for real stuff, not stuff I just made up in my head.

I remain grateful to you for this short, but instructive story about your life. It was very educational, truly a people interest story.

> There was no instance of Eich's views ever influencing anything on his job, and no single instance or evidence of any problem with his job.

Maybe not direct instance. But if I were at Mozilla, I would have resigned because of him.

I mean, Eich was giving money to people campaigning for removing civil rights from people based on their sexual orientation. That's not a small thing - if it was race instead of sexuality, would you be okay with it? White Power CEO?

That's your choice to make.

That said, most rational people can identify an opinion they disagree with without resorting to threatening the livelihood of the person espousing it.

The man made a $1,000 donation to support a view he believed in. He did nothing illegal or wrong and pledged promoting equality at Mozilla.

He then had a large concerted smear campaign run against him, with major sites threatening to block Firefox access unless Mozilla took action.

We have no way to know if you'd actually quit if you were in this situation; more likely you simply disagree with this view and see this as the easiest way to justify this situation as 'right'.

I disagree with Brandon Eich on this point, but I also disagree with how Mozilla and members of the LGBT community handled this.

The way this played out, and what it represents, introduces a chilling effect on honest political discussion/participation for anyone with opinions that might be considered offensive.

It sets a very bad precedent.

You can phrase it however you want and make it seem as innocent as you can. But you can't hide from the fact that he donated to a proposition that would curtail the rights of someone based on their sexual preference.

He made his choice and that stood against everything Mozilla stands for (freedom, privacy, etc etc). As a result of him making his choice he faced s lot of pressure, quite rightfully, and then he decided to step down. His choice.

You can speculate as much as you like about the ins and outs of it but it's just that. Speculation.

I don't think it is innocent; I think it's overtly offensive to many, including some of my best friends.

I also don't think this is a good precedent to set.

Yes, in this case it's all good and virtuous, but there is now an amorphously defined line for what you can or can't support politically.

So you think that if the programer has the wrong political views, his loops and arrays stink?

No, that would be akin to thinking someone who is gay shouldn't have the same rights as someone who is straight. Although not quite as bad as that since political views are chosen.

Anyone who holds such discriminatory views should recognise that it will reduce their ability as a team player; it may not be enough to justify them losing their job, but it definitely counts as a negative against their skillset.

Go back and purge all their commits for wrongthink. We can fix the bugs later. That way we can remove the unspoken name from the contributors list and shame them for eternity.

>"we need good people first then good code will come later"

- paraphrased from a node.js zealot

He wasn't working as a programmer.

He was the head of the company. The figurehead.

My problem is that the law isn't enforced evenly. Either you are allowed to discriminate based on race/creed/sexuality/politics or you aren't. As it stands, the BBC can discriminate like this:

>A range of British Broadcasting Corporation (BBC) television departments, programmes, and radio stations are currently offering highly desirable, paid internships, but white people are prohibited from applying.


Positive discrimination has been endlessly debated but to wheel it out here without even bothering to acknowledge the nuances of the debate is a touch lazy and intellectually ham-fisted, surely?

And to use the Daily Express to support any your point is going to reflect fairly poorly on your stance for anyone that is aware of it's reputation.

Also - are we talking about the US or the UK here? Mixing the two situations together in a single discussion is going to make a murky issue even murkier.

I'm not sure how "whites aren't accepted" is positive in any sane meaning of the word. For me, the situation is very clear - either you say "discrimination on racial basis is prohibited" and then "whites can't apply" must be prohibited too, or you say "discrimination on racial basis is OK, as long as it's against right class of people" - and then this should be in the open, not "can't discriminate".

The BBC is complying with the law. The law is not being enforced unevenly, because there's no enforcement action required there.

> Either you are allowed to discriminate based on race/creed/sexuality/politics or you aren't.

That's not what the law says. http://www.legislation.gov.uk/ukpga/2010/15/contents

The Equality Act allows people to discriminate if it's a proportionate way to achieve a legitimate aim.


He resigned, stating that it's because he "couldn't manage effectively". Basically: the staff didn't respect him.

As I said elsewhere, if you can't get yourself out of a situation like that, you probably don't have the chops to be CEO of the organisation anyway.

Women resign everyday "because they can't manage effectively" when, if fact, it's harassment.

You could justify any discrimination with "he quit, that was his choice". Today the discrimination is against someone who held a political opinion some day in his past. Or should I say "in his/her/its/Apachehelicopter" past as to not assume their gender and not condemn my future ability to be CEO?

He is not a woman and he is not a part of an historically discriminated against group. You're making a huge false equivalence that ignores one simple thing: he resigned BECAUSE he was found to support discriminatory policies. If the problem is discrimination then he was part of the problem. Women who resigned because they are harassed are victims of discrimination. Men who resign because they SUPPORT discrimination are not in the same bag.

Being discreminated against for being a supporter of discrimination is not "wrong", same as it isn't ethically wrong to give the death penalty to murderers. The argument against the death penalty is we make too many mistakes, not that it's somehow wrong to sentence people to the death when they are responsible for murder.

The crime begets the punishment. Women have committed no crime, but Eich was clearly guilty.

>historically discriminated against group

So when does reparations end? Is there some objective condition that can be met where we can all agree to stop trying to prop certain groups up while discouraging others?

I personally don't think that's possible. We would spend the rest of time trying to correct perceived wrongs done to categories of people for hundreds of years. It's far more sane to simply agree to NOT discriminate based on race/gender/creed/religion/politics OR say that it is fair play to do so.

What I'm trying to say is that I agree with you. Eich didn't, which is why I can't defend him. He agreed with discrimination.

They end when we have full equality.

Wait, you're yelling "huge false equivalence" and then compare supporting what was a popular political viewpoint (Even Obama and the majority of California voters supported it back when Eich made the donation) to being as objectively wrong as murder?

What kind of self-reinforcing social bubble have you created that makes you think those two are equivalent? You say "crime" and "was clearly guilty" for actions that are explicitly protected under the law. Do you know what crime is?

Discriminating against a group of people is objectively wrong, unless you disagree with the Universal Declaration of Human Rights

> he resigned BECAUSE he was found to support discriminatory policies

This is false. He resigned because he was a target of personal destruction campaign, and received no support from people who he had to work with/for. The was attacked by political activists and his organization threw him under the bus.

> Women who resigned because they are harassed are victims of discrimination

He was harassed plenty. Of course, not the same harassment - not of sexual kind - but it didn't make his environment less hostile, wasn't less related to work performance or wasn't less personally painful and hurtful. The only difference is that you think it's OK to harass him - because he deserved it for committing the thoughtcrime.

> The crime begets the punishment.

Here we get to the point. Disagreeing with the orthodoxy is the crime, and be happy your punishment is only losing your job and not the room 101. We get it, believe me.

He didn't commit thoughtcrime. He supported discrimination against a group of people, which is a violation of their Human Right to be treated equally.

Therefore he supported the violation of human rights. People didn't like it, and he had to resign because he couldn't work anymore. That's it.

If you don't think violation of Human Rights and/or supporting it is a problem you can get behind Eich all you want.

> Or should I say "in his/her/its/Apachehelicopter" past

You may think that's funny, but it does a disservice to your argument.

Pay attention: I said "... under the present circumstances, I cannot be an effective leader." (https://blog.mozilla.org/press/2014/04/faq-on-ceo-resignatio...).

I did not say "the staff doesn't respect me". That would have been a lie.

Why don't you comment on things that you know about directly, or even just on reliable testimony?

It's called reading between the lines. "I cannot be an effective leader" is pretty vague and given your prior support which was then publicised by Mozilla staff, it's pretty easy to imagine that they did not respect you.

First you misquote me and add your own words against me not justified by facts in evidence. Now you say it is just "reading between the lines."

Reading between your lines, I see malice and mendacity. Have you a better excuse?

I remember a blog post by @tofumatt, flip-flopping from pro- before to con- after I left. That is neither "staff" (plural) nor "Basically: the staff didn't respect him" evidence. It's a post from one person, who was not inside the room with C-level and board members, which assumed the worst: that I couldn't figure out how to lie my way through the crisis, so clearly didn't merit CEO. I can produce multiple others who supported me all the way from appointment to well past exit, including @christi3k and @lsblakk.

But really, what's your point? You weren't even at Mozilla, whether on the outside of the C-suite or on the inside. To assert "Basically, ..." as you did stinks of malice and mendacity. There's a five letter word for someone who assumes the worst about out-group members in advance of facts, who finds it "pretty easy to imagine" the worst of adversaries. It starts with "B" and ends with "T".


Yes, excuse -- you need one to account for making stuff up ("the staff didn't respect him") based on nothing but your own irrational animus, aka bigotry.

Don't change the subject. Blathering in five paragraphs about irrelevancies does not justify your bogus and malicious assertion.

Here is a free clue that might help you understand things, or not: in my personal experience apart from Mozilla, both at past jobs and from reading the news, when someone exits under duress at high level, a statement of few, vague, and neutral-sounding words is often part of the deal.


You made a false statement about me. Have the decency to admit it instead of doubling down.

Obviously I didn't get appointed CEO with a plan to leave Mozilla as quickly as I did. This does not mean I was "forced". I resigned, I've said this many times on HN and of course, at the time, on my blog and in a message to Mozilla employees. That my sole official statement is open to interpretation is industry-standard, and its being vague does not give you license to make stuff up.

No "staff" made my prior "pilicital donations" more widely known. Tim Chevalier had already quit Mozilla in 2013 (see https://tim.dreamwidth.org/1832202.html). Your typo and the easily falsified reference to Tim demonstrate that you are phoning it in. Up your game or give it a rest.

From my perspective You were the victim of a witch-hunt on a slow news day. Followed by a focused campaign against Mozilla by a dedicated group of troll-activists who knew where to put the most pressure via third parties. They knew how to make themselves appear larger than they really were.

It's happened a few times since then but none were as successful as the attack on you. (Dropbox, Donglegate, Crockford, Palmer Luckey etc.)

The troll's success with Mozilla has led them to attack other open source projects as well with small, loud mobs shaking down various projects on GitHub for fealty through codes of conduct and inane commits removing or editing things they perceive as offensive.

I really dislike this trend in the tech industry. Software ought to be apolitical. There shouldn't be a conservative browser and a liberal one. Being a libertarian leaning conservative I run up against this kind of left wing xenophobia all the time. I worry it's only a matter of time before it happens to me as well.

I hope this hasn't destroyed your career prospects for the future. Have you had trouble finding work since the incident?

By the way I'm sorry for initially saying you were fired from Mozilla. A more nuanced description was warranted.

Thanks for the kind words. Have you tried https://brave.com/ yet?

Just installed it. Seems like a great idea to me.

>I struggle to see how the world could be arranged such that we could all hold forth with controversial views, but such that there was never a consequence to holding those views. What would that world look like?

It's called not talking politics or religion at work. Or not discriminating against someone because of something unrelated to their job. There is zero conflict of interest between Eich supporting prop 8 and heading the Mozilla foundation. Same as there is zero conflict of interest for Palmer Luckey supporting the leading candidate in the presidential election.

There are limits to that kind of tolerance, though. You shouldn't care what politicians your coworker likes. You shouldn't care what religion your coworker follows.

You should care if your coworker is neo-nazi or if he is supporting Islamic State or Westboro Baptist Church.

The only diagreement is whether Eich was closer to the former or the latter. I can perfectly imagine people whose rights he wanted to take away to think he's the latter.

You have no evidence he is closer to the former and all this is is justification for cultural Marxism.

The only thing that an individual should be judged on at work is actions/comments/etc. made at work.

If you'd like to argue otherwise I'd hope you at least have something more formally define-able than 'he was trending towards being a neo-nazi'. I'd also expect you to be able to point to an authority for defining these ideological limits other than the currently loosely defined group-think.

Please answer these few scenarios:

-Should someone believing and actively promoting pro-life stances(outside of work) be fired?

-Should a casual narcotics user on weekends be fired once it's found out he/she uses?

-Should someone be fired for having a confederate flag hanging in their living room? What if they're black?

Nobody black would hang a confederate flag in their living room.

Ironically I asked that the because the black people living in the apartment next to me do have a confederate flag in their living room(among _many_ others).

They also scream white power around the campfire when drunk though so perhaps not typical.

If you can't draw an objective and distinct line in plain English between where it is acceptable to discriminate and where it is not you shouldn't draw one at all.

> I can perfectly imagine people whose rights he wanted to take away to think he's the latter.

I can perfectly imagine any number of anti-democratic, politically obsessive people who would think that way, yes. They are certainly welcome to hold that view, but if the rest of us want to maintain a cordial and pluralistic society instead of one of constant political warfare and discrimination, we need to oppose those people at every turn.

You can't police people's thoughts/feelings.

Those people both exercised their freedom of speech (via donations).

Freedom of speech is not freedom from the consequences of such speech.

>You can't police people's thoughts/feelings.

Cheers, Of course not.

>Freedom of speech is not freedom from the consequences of such speech.

Fair point. Riddle me this:

Should we force a baptist cake company to bake a cake for a gay wedding, force a Jewish bakery to bake a swastika cake, and force a Nazi bakery to bake a Jewish cake?

If not one. Why should we force one and not the others?

If you think the government should force nothing on any baker I agree with you.

>Those people both exercised their freedom of speech (via donations).

Which people? As far as I know there wasn't any actual fallout beyond saber rattling.

> Which people?

Reich and the guy from oculus who supported the trump group.

> Riddle me this

What is a "cake for a gay wedding" compared to any other kind of wedding cake? Is there same-sex marzipan I'm not aware of?

A baker refusing to bake a cake for someone because they're gay/Jewish is discrimination, and bigotry/racism (religious discrimination if you consider Judaism purely a religion and not an ethnicity/race)

Refusing to bake a cake for neonazis would also be discrimination. Refusing to bake a cake of a swastika isn't exactly the same thing - a swastika is imagery associated with one of the greatest war crimes of recorded history.

Also, you're in the wrong direction anyway. A business refusing service isn't the same as a consumer refusing to use a business.

>Also, you're in the wrong direction anyway. A business refusing service isn't the same as a consumer refusing to use a business.

I'm trying to establish an objective rule for what kinds of discrimination you believe should be legal. You described each situation but you didn't actually make a value judgement (which was the whole point of the question).

A company refusing/rescinding service/employment to a person because of who they are/what they believe is discrimination.

A company refusing to produce a specific item for a person because they feel it is inappropriate is not discrimination unless they're providing the same thing to other people.

A person refusing to support a company because of the actions of its staff/owners/etc is not discrimination.

Being gay/black/female/disabled/etc isn't a choice, therefore I don't believe businesses should be able to discriminate on that basis. Being a neo-nazi, a racist, a nudist, a hippy, a Michael Jackson fan, etc are choices, therefore it doesn't make sense for the government to make laws protecting such groups imo.

>being a neo-nazi, a racist, a nudist, a hippy, a Michael Jackson fan, etc are choices,

I'm not so sure. Maybe they were brought up that way. You can't choose your parents or your religion in that respect. Muslims have a choice to be Muslim or not, should it be OK to discriminate against them too?

I personally think we live in a deterministic universe and free will is a farce. A serial killer is, ultimately, the product of biological and environmental forces that were out of his control.

That said, we still need to draw the line somewhere if we want our laws to be effective. And the universally intuitive place to draw it is between biology and environment. The result is that environmentally unlucky individuals will get screwed so the rest of society can flourish. So yeah, if you had racist parents who brainwashed you with neo-nazi doctrine, I'm fully okay with the government not requiring that you be accepted by society.

Religions are a touchy subject for many, but I don't personally believe they should enjoy any special protections. And I say that as an atheist who'd be highly discriminated against by many, many people.

Cheers for a great discussion. Here's to hoping we don't get fired for it.

Cheers! I'm self-employed, and hopefully I'll be able to remain that way so that won't become a risk for me :)

This is an attempt to reframe the argument and is relevant to Eich how? Was he brought up in an anti-gay cult? He's an adult, stop trying to claim he has no responsibility.

I sincerely think we just started getting philosophical and forgot we were talking about Eich.

> I struggle to see how the world could be arranged such that we could all hold forth with controversial views, but such that there was never a consequence to holding those views. What would that world look like?

It would be a much less divided and angry place.

One of my most important life lessons was to learn how to argue in support of positions that I strongly oppose or dislike.

If I only seek to deeply understand things that I support or agree with, then I will struggle to communicate with people from different cultures, or from people that have backgrounds that differ to my own.

This does not require that I agree with things that I oppose or dislike, but it does require that I understand why people disagree with me. Never have I found the answer to be "they are ignorant idiots and/or outright horrible people"

Making it a point to do this has helped me to develop a more nuanced view of the world, and has been essential as a manager, as I can not effectively communicate with the people that work with me unless I am willing to try and deeply understand them.

Effective management requires dealing with all manner of politics, and it helps build bridges and find mutually acceptable solutions when you can speak to both sides in their own language.

So you want a view where everyone with a controversial view to loose their job? And who decides what a controversial view is, or if it is or is not controversial enough to lose their job?

In the end, I don't think one's views outside of the workplace should necessarily relate to their work performance. Eich was close to a public figure, that doesn't make the witch-hunt any better.

I don't want a world where "everyone with a controversial view" loses their job, but neither do I want one where no view is controversial enough to incur consequences.

If I had a coworker who habitually made racist statements, for example, and I liked my job, I'd want them to lose their job. That kind of work environment would be quite unpleasant for me and probably a lot of other people.

To generalize, I have no problem saying I want to live in a world where employers feel comfortable firing racists who openly air those kind of distasteful remarks. (I didn't say, "I think all racists should be unemployed," mind you.)

What constitutes "controversial enough to merit consequences" and what those consequences would be (i.e. the world as we now have it), that, I think, there'll never be a single set of rules. It'll always be up to contemporary society, the employer, etc.

Thought experiment: I think excessive welfare does more harm than good. Should I politically screen my employees to ensure that they don't hold views that contradict mine?

If those views make them less good at their job, or less good a fit for your company, sure - why not? In fact, if I were a potential employee I would want to know that you held those opinions because I would prefer to not work for you; everyone wins.

No, because screening your employees is an action on your part. Mozilla took no action against Eich; he chose to resign himself. He could have elected to stay on, instead choosing to accept all of the consequences his views may or may not have for the company.

The equivalent situation in your case is having your views on welfare known and your employees (and anybody else transacting with your company) deciding whether or not they want to associate with you. Others' views on welfare would not be a valid reason to fire or refuse to hire them.

>Mozilla took no action against Eich; he chose to resign himself. He could have elected to stay on, instead choosing to accept all of the consequences his views may or may not have for the company.

That is a very convenient interpretation of how things went down. They forced him to resign.


said it best:

>... a group of political activists put pressure on Mozilla to fire Eich because of his political views, for political reasons, and Mozilla as organization caved. There was no instance of Eich's views ever influencing anything on his job, and no single instance or evidence of any problem with his job. It was a political decision that being friends with political activists is better than keeping Eich.

>The equivalent situation in your case is having your views on welfare known and your employees (and anybody else transacting with your company) deciding whether or not they want to associate with you. Others' views on welfare would not be a valid reason to fire or refuse to hire them.

It certainly would be a valid reason to not hire them if I had to fear them ousting me from my company for holding opinions unpalatable to them.

That is disingenuous. Eich was forced to resign in a way that would be called "constructive dismissal" in some jurisdictions.

Funny how at the same time, those spouting this tired refrain scream bloody murder when this logic is applied to themselves rather than the usual punching bags.

"Never" is a strawman, but I imagine that would be a world where academia doesn't feel a need to protect its students from ideas, and where people of different viewpoints can work alongside each other instead of shaming groupthink into existence.

Because according to @the_moviebob "there is (almost) no such thing as a bad tactic - only bad TARGETS".

AKA the ends justify the means.

I think there also needs to be a highlighted difference between an open source product, and an open source repository which is NOT the product which is distributed.

Chromium is open source, but the supported product where the developer cares about the quality of the experience is Chrome. Android is much the same, where the platform almost all apps and services target requires Google Play.

I can't expect Google to properly address my needs in either of these open source offerings, because the actual users are almost exclusively using the proprietary version.

When Google looks at what the browser needs to do, it can either make the solution proprietary or open source, and then just tell the open source users that it's unavailable unless they switch to Chrome. (See things like browser syncing, or Google Cast support.) But when Firefox implements such features, they have to do so in an open way, which is why you can run your own Firefox Sync Server.

Both sync[1] and cast[2] are present in Chromium. If you're referring to the recent fiasco about cast not working in Chromium, that was a bug in M54. And guess what, it wasn't working in Chrome either!

I'd encourage you to read this document[3] detailing the differences between Chrome and Chromium instead of speculating.

[1] https://www.chromium.org/developers/design-documents/sync [2] https://codereview.chromium.org/2347503002 [3] https://chromium.googlesource.com/chromium/src/+/master/docs...

Not to mention when you visit YouTube or any other site they spam the annoying adverts to use chrome. Fuq that. If we want to download another browser we will.

Reporting issues to both Chromium and Firefox is a pain in the ass. Valid issues will be closed for arbitrary reasons (Chromium, mostly) or are ignored for months/years despite making parts of the browser unusable.

Contributing to either feels like a waste of time.

I second this opinion.

I think Chrome has a lot of interesting parts from a technological perspective. However, I think Firefox as an organization has done more for JavaScript and that community as far as fostering an open environment than any other browser maker. So providing a good browser plus fostering and growing the development community are both great things.

Another advantage is that it is not tied to some large conglomerate that is now engaged in questionable practices. That you need to rip entire parts of the code base out in this manner. This sort of thing has never been a concern with Firefox.

In general I think people ought to look at Google much more skeptically than they used to and all of the technologies that they push for. They all in some way push their agenda forward.

> In general I think people ought to look at Google much more skeptically than they used to and all of the technologies that they push for. They all in some way push their agenda forward.

I've been skeptical of Google for a long time, and quit using them as much as possible since they rolled out "Don't be evil." Talk about telegraphing the punch.

It's funny how corporate marketing works. For a long time I used to really love their products and their processes. Maybe it was when they got rid of "don't be evil" but at some point they started turning into just another corporation.

A corporation with a ton of resources and a ton of people's information. Anyway I don't want to go into a rant but lately everything they do even the open source stuff is just to further their agenda and seldom to help the community.

As far as I remember, it was around when Google+ came out.

Google started as a technology company for nerds. Remember when Google broke all "rules" when their website was a simple image, input, and two buttons?

Then they were into open standards, tech innovation, and where the company was run by engineers, and not media people (see Yahoo).

The result was a focus on UX and not design.

Unfortunately, around when Google+ came out, they decided they're done with that, and became a "company for the masses".

XMPP integration - dead Open Source apps - dead

They're back to bloat (just JS instead of animated GIFs and Flash), "beauty" over "UX", closed source apps (remember when most apps put out by Google were open source? Remember the shock that Picasso wasn't?)

>remember when most apps put out by Google were open source?

Most still are. Look at their github. They release an insane amount of OS code.



The only thing they really don't open source are web services (Gmail, search) - probably both for competitive reasons but also because it ties in too deeply with their infrastructure.

Chromium and Android being their two largest projects are OS though, and thousands of tools and libraries that they've built. Also TensorFlow, their newest machine learning library.

"Don't be evil" was and still is in the Google code of conduct. Source: https://abc.xyz/investor/other/google-code-of-conduct.html

Their actions don't really follow that concept and haven't for a while


Maybe I'm stretching a bit, but Snowden was the nail in the coffin. Even if you are American, it is very hard to define evil in a such a way to defend their participation in PRISM.

That code of conduct just make it worse they were caught red handed, and I can very much understand people who completely lost their trust in the company.

I was not aware of any voluntary cooperation with the NSA on the part of Google - indeed, the NSA rather famously hacked Google's internal fiber links. If Google was handing them data, why would they need to do that?

Chromium is Free Software as well.

Mozilla is not a club of like-minded hackers that try to keep the web livable anymore. They're a large company now with corporate salaries and expensive furniture and a prime real estate office that values advertisers over users. Firefox is their money maker.

Chromium is a Free Software version derived from a proprietary browser. The people who made that happen must have had an idealistic motivation, or otherwise it wouldn't exist.

Both browsers are libre license-wise, which is a good thing, but in my opinion Chromium is less likely to be used as a marketing stick against users, since the marketing stick version of Chromium already exist. As such using the Chromium browser is preferable for me, since the intentions behind it are likely to be more in line with a free Internet in spite of its proprietary origin.

> Free Software version derived from a proprietary browser

Chrome is based on Chromium, not the other way around. It's also pretty much Chrome with changed branding and no built-in Flash (thank god!)

Thinking that google leaves Chromium alone or that it's somehow independent is naive.

I'm afraid that's my clumsy phrasing.

1st Chrome release: 2008-09-02

1st Chromium release: Dec 17th, 2012

So even though current Chrome might be based on Chromium, Chromium was initially derived from Chrome.

That means somewhere down the line someone at Google must have suggested making a free version, probably out of enthusiasm for open source, and even though it buys Google little, the project was okay'ed.

I have no illusions about Chromium being independent, but as things are, Chromium development, in my opinion, is less commercially driven than Firefox development in spite of being a Google-driven project, allowing it to better serve its users with regards to freedom and the open web.

The main danger of Google's involvement is if Chromium would somehow outpace Chrome deployments, and them pulling the plug, but that's still very far away. And even then, due to its libre license, everything is far from lost.

> 1st Chrome release: 2008-09-02

> 1st Chromium release: Dec 17th, 2012

> So even though current Chrome might be based on Chromium, Chromium was initially derived from Chrome.

Not sure where you got that second date, but Chromium was definitely released the same day as Chrome: http://arstechnica.com/information-technology/2008/09/google...

https://www.chromium.org/developers/calendar "previous release information"

but obviously, I stand corrected.

There would be some truth to this if Chromium had a large non-Google developer community leading it along an independent course from Chrome.

But that is, quite frankly, not the case.

I agree with your claim, but I don't think it is a good idea to claim that Chromium is not "truly open-source" because (you claim) it is hard to contribute. This may cause more confusion about what "open source" really means. In fact, it's perfectly OK for open-source software to refuse outside contributions altogether! (Aka the "cathedral" model, see https://en.wikipedia.org/wiki/The_Cathedral_and_the_Bazaar#....)

In other words, open-source software maintainers are under no obligation to accept outside contributions. The only freedom you are guaranteed in this respect is the freedom to start a fork.

I use Firefox on my phone. I am more comfortable with it for privacy reasons. It's a pretty nice browser outside of that.

However I'm using a pretty beefy phone whereas when I used my Moto G it wasn't quite the best browser in terms of resources however a lot has changed since then. (Like Chrome no longer having tabs integrated into the task manager. That feature was great for devices with not too much RAM and horribly buggy firmware that would unload apps prematurely. It's also very convenient to use. Maybe could have used a little bit more refinement.)

Also it's the only browser that supports my dusty old PCs. So I tend to use it on those as well.

Thanks Firefox devs.

I loved the integrated tabs.. having to drag down (oops, not fast enough, try again) then a click and a swipe to close the tap instead of click/swipe alone... also it's just nasty after getting used to it... it's why I wish VS Code would go back to the pre-tab behavior, it was just so much better once you got used to it.

I find that firefox is a little funky on Android though... the integration with lastpass is weird, have to copy/paste, at least site identification works now, there have been a few other oddities too... I notice a lot of sites improperly detect a lack of video support, or it may just be format that's the problem.

I tend to like/use chrome and prefer it... but I do think there's been some weird behavior in/from google... just finding out about chrome apps being killed off irks me to no end, considering it's the first actually decent write once run everywhere option. I'm guessing the recent hangouts change was because of this, as they'll likely move to electron on the desktop.

I'm glad Firefox is still an option though... I also appreciate what they've done to further the platform... Though I do chuckle a bit of how much easier web components, and even react might have come in if e4x had been implemented in other browsers.

Personally I prefer Firefox on my Android, because it has plugins, like HTTPS Everywhere and uBlock Origin, without which a mobile browser is IMHO unusable.

I also like the quick sharing actions, remembering the last 3 apps used for sharing. And the local search in your history it does, avoiding roundtrips to the search engine. Although to be fair this functionality appears to work better on the desktop.

> the integration with lastpass is weird

On Android the defacto standard for password managers is to use custom keyboards. Ironically, the custom keyboard I found most usable for this purpose has been Keepass2Android [1], precisely because if it loses focus it still remembers the last account selected and I've tried both Lastpass and 1Password. Along with KeeWeb on my desktop, it's way better than Lastpass imho and free.

[1] https://play.google.com/store/apps/details?id=keepass2androi...

Thanks for the link to Keepass2Android.

I agree on much you write about Firefox but unfortunately the only sane browser to use on mobile is one that automatically reflows text on zoom. The only one I know is Opera and I can't understand why no other browser implements this feature. Any other browser forces me to endlessly scroll horizontally and not zooming means that some text can be too small to read.

I tried these addons but none of them worked for me, they appear to do nothing.

* https://addons.mozilla.org/en-US/android/addon/fit-text-to-w...

* https://addons.mozilla.org/en-US/android/addon/android-text-...

Yep, support for older computers is a huge plus. My 2008 iMac is nearly half a dozen Mac OS versions behind, but I can still get the latest version of Firefox. Safari and Chrome stopped updating years ago. From a security perspective, it's Firefox all the way.

I also happen to use Firefox as my daily driver on my main laptop, largely due to the Tree Style Tabs addon, which I have not seen a decent substitute for on Chrome/Safari.

From a security perspective wouldn't you be better served by having an up to date OS?

If I could reliably run a newer OS on an 8-year-old iMac, I would. But since I can't—and because the only thing I use the machine for is web browsing—the relevant question is which browser will be the safest.

Thanks for not throwing working hardware away. I imagine you would not be happy with Linux on your iMac?

I haven't used Linux since college, and I don't have enough time to get back up to speed. Good point though, and politely phrased.

El Capitan runs on mid 2007 and newer iMacs, no?

Compatible ≠ runs well. My iMac was not top-of-the-line, and I could see from how newer OSes ran on my other machines that it would be sluggish on the iMac.

Yes, Sierra is the first one that is not compatible.

>horribly buggy firmware that would unload apps prematurely

Offtopic, but I'm uncomfortable with the trend of calling a perfectly normal Linux OS, running on perfectly normal read-write solid-state storage, "firmware" just because the device manufacturer chose not to give you root. It encourages you to regard it as a static device that happens to need some software (like a CD-ROM drive), rather than an internet-connected fully general purpose computer "owned" by someone else. Ubuntu doesn't become "firmware" because I padlocked the case and locked the root account, and neither should Android.

While I agree that people should pay more attention to Firefox, it is possible for anyone to contribute to Chromium, and many people do.

I would love to. But as a recent and former Firefox user, the performance just wasn't there. Both Edge and Chrome are significantly faster. I'm hoping electrolysis helps greatly in this regard. I'll be happy to switch back.

Just out of curiosity, what are you using the browser for that one is noticeably slower than the other?

Just general web browsing. The big hindrance was that combined thread for UI and rendering. For example, the old version of Google+ had an average page load time of twelve seconds. During that time, Firefox's entire UI would seize (Windows would mark it as "Not responding" until the page load completed.) You couldn't even go look at another tab or something in the meantime.

Chrome just feels considerably faster.

Page transitions, time to render, fast JS engine. Firefox just feels clunky in comparison, sadly.

Last time I tried using Firefox i didn't liked it.

But last week I completely moved from Chromium to Firefox.

I didn't miss Chromium.

Are you running the multiprocess Firefox build? The speed improvements with that version are insane.

If only Firefox used a native GUI on the mac. I really don't like Safari. But I also value consistency: https://www.jwz.org/blog/2012/04/why-i-use-safari-instead-of....

Warning, the first time my browser hit this link, it redirected to a NSFW image rant about HN. The second time it worked though. I suggest one copies and pastes the link to avoid sending the referrer.

Hmm, interesting. I forgot jwz hates hackers news. However, I can't reproduce "the problem". I can click on it just fine. I don't think I am using any extension that blocks the referrer.

In any case, I can't edit my old post. Sorry!

Edit: ok, I can reproduce in an incognito window.

This is not SFW image!

That is jws's website (not an image), a site I expect every HN member to be aware of.

Since I work on Chromium, I kind of care about this... We're still an open source project. We still take a lot of external contributions, as far as I know.

Can you point to concrete cases where Chromium has not taken contributions (without giving a good reason, that is)?

It's probably hard to point out a specific case, but I think the biggest objection is that most Chromium developers have a tight connection with Google (if not employees anyway). They have mostly incentive to keep their employer happy. Google keeps the shareholders happy and they just want more money. (At the cost of privacy or open standards for example). Now this may be a simplified view, since this may apply to any company. However, Mozilla has some core principles they really try to stick to.

It's a simplified view :)

The team works really hard both on privacy and on open standards. But let's set that aside for a moment: There are many other companies contributing as well. (Opera, Samsung, Intel pop out when I just browse through the commit logs, but I'm sure I'm missing more).

And you as an individual, are free to contribute as well. We welcome OSS devs who want to help make Chrome better. Send me a ping if you ever get stuck, should you choose to contribute.

Yes, the project does not accept all changes. We can't, and no OSS project can. Some don't make sense ("Render all text blinking!" ;), some don't work for what the general idea for Chromium is ("Let's remove JS!"). But in general, the team tries to be accommodating when somebody wants to land a change.

I can understand when people say "Hey, Mozilla aligns more with what I want, I'll contribute there". It's awesome. You should work on something you believe in, and I'm glad you've found a project that works for you.

But Chromium is certainly happy to accept contributions, contrary to what the OP said.

Firefox is unacceptably slugging and jittery on a brand new 27 inch iMac. Laughably slow and jittery. I would switch but it's just too slow and unresponsive.

Opera, I would use but I don't trust the chinese parent company.

try Vivaldi, its run by ex Opera CEO. Pretty much like new Opera minus chinese/ad company.

Have you ever tried contributing to Firefox from outside Mozilla Corp? My experience was not positive.

Could you please tell me more about your experience?

The core Firefox / Gecko repos can be a bit conservative and slow to accept patches, but subprojects like Firefox Accounts / Sync, Devtools, Rust / Servo, browser.html, TestPilot, etc. tend have much lower friction while still affecting the direction of Firefox.

As an example, we recently replaced the JavaScript debugger with one written in HTML instead of XUL, using React, etc. All on GitHub and super accessible to outside contributions: https://github.com/devtools-html/debugger.html

I mean, just look at the recent "3rd Generation bug" story here on HN, a bug which was originally reported by a man who is deceased, and is now affecting his grandchildren. There are plenty of 10-15 year-old bugs on Bugzilla. And we all know how Mozilla is fond of pulling the "advocacy" card and locking bug reports. "To the forums with you!" they say--where discussions can be ignored and deleted even more easily.

On the recent discussion here about the Session Saver code, one Mozilla dev said that it needs rearchitecting, but that the issue is "manpower." I don't understand how a company that rakes in hundreds of millions of dollars per year can't afford to rewrite a problematic component--they had the manpower to write the bad design in the first place. Can they not afford to hire another programmer or two? Even now that they've cancelled FxOS? Where is the money going?

And generally Mozilla is taking Firefox in a direction that loyal users--who have used Firefox for nearly two decades now!--do not want. Mozilla is chasing Chrome users, rather than maintaining Firefox's useful, unique features. They just don't get it: if people wanted to use Chrome, they'd use Chrome. If they turn Firefox into Chrome, there'll be no reason to use Firefox instead of Chrome.

The handwriting is on the wall. Mozilla is no longer focused on making the best, most user-empowering browser. They are chasing ghosts, and when the money runs out...

Yes, Firefox has some old bugs, because it's a large and old piece of software. But that's entirely separate from whether it's easy to contribute to.

Sorry, I think you missed my point. Mozilla often does not handle bug reports well. This discourages users from participating. "Contribution" encompasses more than just submitting patches.

People who loved Phoenix/Firebird/Firefox lost their browser when 2.0 came out. I still trusted the project then, but in hindsight it's clear that was the turning point. They got too feature-hungry and changed too much at once, adding tons of bloat in the process. There's no well-supported multi-platform lightweight open-source browser now. Just doesn't exist. I'm hoping Servo's allowed to fill that niche at least for a while, but I'm not holding my breath.

qutebrowser? its mainly hotkey centric (vim-ish specifically) but its pretty nice

> There are plenty of 10-15 year-old bugs on Bugzilla

How does this make it hard to contribute to Firefox? It just means that there's no guarantee that your bug will get fixed immediately?

Which ... is true for basically any open source product out there. And many closed source ones too.

I mean, yeah, it's disheartening to see your bug not get fixed. And as someone who is contributing by filing bugs and triaging, that isn't any fun. But, again, this is pretty standard for many open source projects.

> they had the manpower to write the bad design in the first place

That's not how software works. Software evolves over time, and requirements themselves change, leading to bad architecture. The session save stuff used to be json based probably because folks didn't/couldn't have that many tabs open for it to matter, but it does now.

> On the recent discussion here about the Session Saver code, one Mozilla dev said that it needs rearchitecting, but that the issue is "manpower."

This, again, has nothing to do with contributing? If anything the dev offered to mentor someone who wanted to work on it. There's activity on that bug, too, which shouldn't discourage contribution.

Bugs don't exist in a vacuum. There are priorities. And there are people who know enough to tackle the bug, who may have different priorities; you can't just randomly assign someone to a bug.

If you listened to everyone who said "you should make X your highest priority", nothing would get done.

> rather than maintaining Firefox's useful, unique features.

Example of this? I suppose you're talking about extensions here (that's the only example I can think of). There's a reason behind the direction Firefox is taking with extensions; the old extension model sucked. There was no API there, addons just reached in and tinkered with Firefox code. This means that improving Firefox by rearchitecting things was hard, for example addons were a big pain point for the electrolysis project that made firefox multiprocess. You were complaining about bad design before, this is an incredibly bad design (may have made sense at the time, but doesn't now). Fixing this involves replacing it with an API. The best direction to go in here is probably to have a standardised base for the API, which is Web Extensions. Firefox isn't planning on sticking to Chrome's feature set; it intends to make the API handle many of the needs of existing extensions. So Firefox still intends to maintain this unique feature, just in a different way.

I worked on Mozilla related tech for about eight years, mostly niche open source browsers. I couldn't even get patches that fixed known bugs that lost Firefox user data accepted. Important decisions seemed to take place in closed meetings, on closed wikis, on private IRC networks. Eventually I gave up. The Mozilla culture was insular rather than open. The further I've been from MoCo the happier I've been.

It's been a few years now, perhaps things are better? I'm not interested in returning to that world to find out.

I just wish Firefox for Android played nice with other apps. I mean, I like that it has AdBlock, but no, Firefox, I don't want to open that YouTube link in Firefox.

Firefox includes the android app button in the URL bar for easily switching from Firefox.

I know. But I want to open it in the YouTube app in part because I live in a rural area with DSL. The YouTube app opens much faster. But that icon in the URL bar doesn't appear until the page is completely loaded. So it doesn't speed up the experience at all for me. I get to wait for the entire site to load in Firefox, then I get to wait for YouTube again once I click the button.

Wow, thanks for the tip. I've been using Firefox on Android for years and never noticed that. I've immediately tried it out and it works fantastic. One more reason to keep on using Firefox!

For me the idea of Firefox is nice. The problem is that Safari or Chrome are far superior in my opinion. I just checked out the dev tools of Firefox again and (again, in my opinion) nowadays Safari has the best dev tools and since I already bought in the apple eco system I don't mind sharing any info with them. Not so much with Google.

My problem with using Firefox is the extensions. Though one of my faves is Firefox exclusive(Yes, Downthemall!), but some of the other useful extensions(like Google Dictionary and it's alternatives for Firefox are crap) are not available for Firefox and that often pulls me back to chrome after some time.

For me its the opposite, vimperator is a lot better than vimium.

No good reason to run that instead of Firefox. It looks like their main motivation to fork was to preserve XUL and XPCOM, but since Firefox doesn't plan to keep those, almost no addons will continue using them; every maintained addon will update to work with current Firefox. And using an unmaintained addon is dangerous.

>every maintained addon will update to work with current Firefox

Those that can be will be, but I imagine entire categories, scores and scores of addons will be abandoned. So much of what people expect from Firefox addons is going away with no replacement in favor of basically light javascript web apps.

Which is the point of the switch: dramatically reduce addon functionality in the interest of safety / security.

Except for Mozilla's policy of trying to making Firefox race Chrome to be the best browser for the lowest common denominator. You can't even edit your addons in Firefox anymore. They have to be signed by Mozilla.

> And using an unmaintained addon is dangerous.

And this is the kind of thinking I'm talking about. Firefore/Chrome/etc are all about protecting tech ignorants from themselves rather than allowing adept users to do what they want.

> And this is the kind of thinking I'm talking about.

The kind of thinking that says "security-sensitive software with no active maintenance and regular updates is a security hole waiting to happen"?

Letting users install and run unmaintained software is dangerous. They'll get exploited. (And they'll blame the browser for that, and rightfully so.)

You can still do what you want; it's entirely possible to install local untrusted addons. You just have to poke some settings that are intentionally hidden from most end users, to make it somewhat more likely that users doing so understand the implications. And similarly, you can make your addon available to others willing to go through the same steps. They'll balk at doing so, and rightfully so.

> it's entirely possible to install local untrusted addons. You just have to poke some settings that are intentionally hidden from most end users

It's possible to install unsigned addons in ESR, developer and unbranded builds of Firefox. It's no longer possible to install them in the regular release or beta versions. The hidden setting was disabled in Firefox 48.

I don't get this. I mean, it's ok to have an option to install untrusted code off by default. It's even OK to bury it somewhere in "advanced settings". But after that, I think you're done your due diligence in protecting me from myself, and anything beyond that is impeding, not protecting.

>Letting users install and run unmaintained software is dangerous.

Which is... exactly what Windows and Linux still do, rightly.

>And they'll blame the browser for that, and rightfully so.

Not at all rightfully so. Moreover the supposed security gain from this is absurd. So a user can't accidentally install a malicious extension... but they can install malicious software. Which, being that it has full access to the system, could patch Firefox if it liked to disable the signing check.

I won't use a browser which implements restrictive code signing practices.

> And using an unmaintained addon is dangerous.

Who says the addons have to be unmaintained?


And look man, a lot of addons don't need to be "maintained," they just keep working. An addon that adds a button to the UI or something like that--it doesn't need to be constantly churned. Something like NoScript and ad-blocking addons need more attention, but a lot of very useful addons that let users customize their browser will continue working as long as the underlying APIs do.

So please lay off the scary language. Better be careful, when the Pale Moon comes out, addons become "dangerous"! :P

I've been using Pale Moon for a few years now and really like it. Faster than Firefox, many of the obnoxious elements of the new UI pared down or stripped out, and binary-compatible with almost all Firefox extensions. Give it a shot and see if you like it.

One of the last? There's exactly two big ones, chromium and firefox. (Vivaldi looks promising but it's not quite there yet.)

chrome (the binary from google) is not open source, it bundles a ton of closed source code.

Firefox violates user privacy since years by allowing long term tracking cookies to be saved by default without asking the user.

Millions of Firefox users lost their privacy without ever being asked about that with the help of Firefox default settings.

This long term collaboration with privacy-destroying ad tracking companies disqualifies Firefox as a privacy tool.

BTW, yes, this post carries an unusual view of things, but no illegal content - do you believe unusual views should be censored?

> Firefox violates user privacy since years by allowing long term tracking cookies to be saved by default without asking the user.

This statement doesn't make sense. All cookies can be tracking cookies and for example all session cookies are tracking cookies by definition.

Assuming for the sake of argument that you're referring to third-party tracking cookies, such as those from Google Analytics, or Facebook, this is the default because it's how the web has always worked. And maybe changing this default is reasonable, much like how browsers started blocking popups at some point, but it's debatable if such actions should be taken or would benefit users.

First of all, blocking third-party cookies by default might break web pages. But even more problematic is that this restriction can be bypassed, as to turn a third-party cookie into a first-party cookie publishers only need to inject some extra Javascript. Also meet http://samy.pl/evercookie/ - In other words, if you really want privacy, blocking third-party cookies isn't enough.

Also Firefox is the only browser that does block trackers in Private Mode, without any plugins needed, a setting that you can also enable to be active all the time: https://developer.mozilla.org/en-US/Firefox/Privacy/Tracking....

> Millions of Firefox users lost their privacy without ever being asked about that with the help of Firefox default settings.

This statement is factually not true, as it implies that blocking cookies has been the default and thus users had privacy to lose.

> This long term collaboration with privacy-destroying ad tracking companies disqualifies Firefox as a privacy tool.

Out of curiosity, when was the last time you contributed to the Mozilla organization? And if not, then you must have a better idea of how they should make a living, developing software in the open such that people can use it for free. They need a business model and nothing they did thus far had privacy implications for me. If you have a concrete example, I'd love to hear it.

> BTW, yes, this post carries an unusual view of things, but no illegal content - do you believe unusual views should be censored?

It's not an unusual view, it's just a silly one and silly views are quite common.

Denying facts and calling me silly are both not convincing arguments. I will ask you to repeat that insult when we meet in meatspace one day.

About your fact denial: Firefox does save cookies forever by default without asking users for permission about that, what enables tracking them forever. This is the opposite of proactive privacy.

This is factually true. It is not possible to "untrue" this fact. Everybody can check it.

What makes it even worse is that Mozilla is positioning itself as a "privacy aware" organisation, effectively brainwashing non-technical users with false claims about "privacy awareness".

You're building a straw man. I never denied that Firefox doesn't block cookies, I only questioned whether that makes sense to do by default. Go over that text and read it again.

> I will ask you to repeat that insult when we meet in meatspace one day.

That was not a personal insult, I was just criticizing your ideas. However I'll gladly meet with you and if I think you're stupid, I'll say so in your face.

Unfortunately for everyone that cares about security, using Firefox (or Safari or old IE) is a colossal mistake since it's orders of magnitude easier to exploit (with almost no serious anti-exploitation mitigations) than Chrome.

Spidermonkey in particular (Firefox's Javascript engine) is laughably bad when it comes to vulnerabilities. This is also the reason why the Servo browser that some folks think will be a lot more secure (due to Rust) is mostly smoke & mirrors. They're planning to keep using Spidermonkey there too!

> Spidermonkey in particular (Firefox's Javascript engine) is laughably bad when it comes to vulnerabilities.

This is the first I've heard this claim. Do you have data showing this?

JS engines, from my point of view, regularly have all sorts of memory safety issues. No particular JS engine stands out relative to the others.

> This is also the reason why the Servo browser that some folks think will be a lot more secure (due to Rust) is mostly smoke & mirrors. They're planning to keep using Spidermonkey there too!

Smoke and mirrors? Servo has sandboxing, which is already implemented (and which I maintain). There's a night and day difference between that and an unsandboxed browser.

The goal of Servo's architecture is to, first, achieve a best-in-class sandboxing story and then, afterward, to advance the state of the art by reducing attack surface. We aren't going to reduce the memory safety attack surface to zero. But it's very much feasible to reduce it so far down that attackers don't even look at layout/DOM/etc. code for memory safety issues the way they do today when searching for browser holes. The return on investment when looking for memory safety holes in memory-safe languages just isn't there.

Firefox is much less secure than other modern browsers. And Chrome is indeed very secure. But I think it's incorrect to say that it's "orders of magnitude" more secure than Safari. This hasn't been true since Safari introduced multiprocess and sandboxing. Safari and Edge are closer to Chrome in security level than they are to Firefox. That's why pwn2own doesn't even include Firefox in the competition any more but does include Safari and Edge.

Agreed on Safari/Edge but note that I didn't use the words "very secure" to describe Chrome in isolation.

How can something that gets publicly exploited year after year by _teenagers_ (1)(2) be called "very secure" ?

The grim reality is that we never had a browser than can be called even remotely secure. Major factors for that are the implementation languages (C++ and C) and the vast attack surface. It's disheartening to see this trend continue.

(1) http://www.tomsguide.com/us/pwn2own-browsers-2015,news-20680...

(2) http://blog.trendmicro.com/pwn2own-day-2-event-wrap/

> Major factors for that are the implementation languages (C++ and C) and the vast attack surface. It's disheartening to see this trend continue.

You realize that there's only one browser which is starting to adopt alternative implementation languages, and it's not Chrome, right?

How can something that gets publicly exploited year after year by _teenagers_ (1)(2) be called "very secure" ?

You're underestimating teenagers.

I guess I was grading on a curve when I said "very secure".

I tend to agree with you: Firefox is definitely more user-focused than Chrome or Chromium.

However, Firefox's user-centric development model has been declining for years now as Mozilla has grown and become accustomed to raking in hundreds of millions of dollars per year. Mozilla has been actively imitating Chrome for some time now. It is becoming less unique.

Mozilla's future plans for Firefox continue to make it less like Firefox and more like Chromium. The coming changes to the addon APIs, deprecation of XPCOM/XUL, etc, will probably erase any useful distinction between Firefox and Chrome. Electrolysis, while nice in theory (because who isn't tired of the janky Firefox UI), will also probably erase Firefox's advantage in memory usage.

It saddens me to say it, but Firefox needs to die and be reborn--the Phoenix needs to rise again from the ashes. Perhaps this has already happened in a sense with Pale Moon, although Pale Moon isn't even in Debian, so using it requires extra effort.

But it won't really happen (Firefox dying/forking) until Mozilla hits rock bottom. Only when they are forced to confront their bloated bureaucracy and their lack of user-focus will any real change happen. It will require (near)bankruptcy, leadership change and many layoffs. And who knows if Firefox would even survive; it's so enormous and complex, would anyone pick up the pieces? Would a community effort even be able to?

Anyway, we won't have to wait long to find out. The way Mozilla's going, I'd be surprised if they still exist in their current form in 3 years. Sad, but hey, Netscape died to give birth to Firefox, so maybe Mozilla's death will give birth to...Phoenix? (Can we use that name now, after all these years?)

XUL failed... and while I really appreciate what XUL (and even XULrunner) offered, nobody really used it much in practice. XPCOM while interesting wasn't very widely used either... Neither got traction outside the Mozilla sphere of software dev.

I would actually love to see some more work on creating consistent extension APIs so that a single add-on is easier to write against the big 4. I know that FF is caving in favor of more Chrome like models in some places... In general it's sometimes because they are better models, and some because they are chasing chrome.

In some ways Chrome actually is better in terms of UX... in others (configuration in particular) FF has been better. Mozilla has never been just Firefox though. They are an important part of web development... And I'm glad they're out there... I do think some people are holding onto how things were for the sake of resisting change, and likewise some are changing for the sake of.

It's not just "the voice" of the community... it's millions of voices screaming for different things, and those stearing paying attention to the majority for most of them.

> XUL failed... and while I really appreciate what XUL (and even XULrunner) offered, nobody really used it much in practice. XPCOM while interesting wasn't very widely used either... Neither got traction outside the Mozilla sphere of software dev.

Whether it "failed" is entirely a matter of perspective. From my perspective it has been a wild success, providing a flexible, powerful foundation for Firefox and Thunderbird, as well as some other projects. It enabled Firefox to be the most powerful, customizable browser by empowering extension developers to meet users' needs.

So, no, it has not failed. What has happened is that a new generation of Mozilla developers has arisen who are not enamored with the old code. They don't want to work on it; they want to make something new and shiny, users and extension developers be damned.

Just like all the OS vendors went for flat UI in a mindless herd mentality, so Mozilla is following Google and mindlessly imitating Chrome--first in UI, now in architecture. Then in 5-10 years (if Mozilla is still around), another generation of programmers will come up and want to throw out that baby as well. Meanwhile, browsing web pages will still be browsing web pages, and users will have to waste time on useless churn.

> It's not just "the voice" of the community... it's millions of voices screaming for different things, and those stearing paying attention to the majority for most of them.

Firefox did not dethrone IE by paying attention to a majority of screaming voices. It led the way with a vision of empowering users to take control of their web browser, going against the commercial, corporate grain.

Mozilla is no longer leading, but following, chasing, like a jilted lover who pines, "Please, don't go with Chrome, come back, I can be like Chrome too!" What they don't understand is that, if they act like Chrome, there will be no reason to go with Firefox.

What will attract users is a strong, unique browser that knows what it wants to be, that takes care of and empowers its users--in contrast to a browser project dominated by an enormous corporation which profits from exploiting its users. Only when Mozilla groks this will it turn around and reverse its decline.

Don't get me wrong, I really liked and wanted to like XUL... XULRunner was awesome when it came out (what a decade+ before electron?). However, everything outside of Mozilla's org that's used it is pretty much stale, dead or unsupported.

Firefox didn't dethrone IE alone, iirc, Firefox didn't even exceed IE usage until after Chrome came out, and even then only because Chrome ate further into IE's share and subsequently passed Firefox as well. Chrome was successful in part because of marketing, but in part because it was such a nicer browser experience. I still don't get why Firefox still has a separate search bar, when the address bar works for searches.

I'm not a Chrome apologist either, I'm frustrated with their decisions to remove browser scripts and make user installed extensions much harder to work with, the confusing nag notice at every startup is irritating to say the very least. I do find the UI much nicer to work with, though I wish it had nearly the advanced controls that FF offers.

That said, most people don't want or need to dig that far into their browser.. they want something to check facebook, watch youtube and send emails.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact