Hacker News new | past | comments | ask | show | jobs | submit login
Chrome is Not the Standard (chriskrycho.com)
807 points by chriskrycho on Dec 21, 2017 | hide | past | favorite | 451 comments

developers grouse about the other browser makers who are “holding the web back.”

Indeed, perhaps "holding the web back" is a good thing if it means websites will be more accessible overall, to even less common browsers like NetSurf, Dillo, and all the other text-based ones. IMHO the "feature war/race" between the major browser vendors has had an overall negative effect, as if all sites somehow need to turn into ridiculously bloated web apps instead of the simple and far more accessible hyperlinked collection of pages they once were. Keeping the browser choices diverse is a good thing, even if it means they will all display things slightly differently --- just find the lowest-common-denominator and emphasise the content, the stuff that people visiting sites really care about.

There's been some other related discussion on this topic recently:



>developers grouse about the other browser makers who are “holding the web back.”

Oh get off my lawn! Anyone to complains about Chrome vs. FF Quantum vs MS Edge doesn't know or remember the dark of days of IE 5 and IE 6. The lowest common denominator these days is exponentially better than it has ever been.

Slight tangent, but I was happy to see the other day the Google hangouts works on Firefox again (I don't know if that is coincidence or related to the Quantum release or if Google finally decided to support WebRTC).

doesn't know or remember the dark of days of IE 5 and IE 6.

I remember that when IE6 was first released it was the fastest, most reliable, most standards compliant and feature rich browser. That's why it took over the corporate world. It was the Chrome of its day, if you will. How did that work out?

They released a good product, but weren't prepared to keep it up-to-date with the expectations that a de-facto industry standard should be able to handle.

The web kept on moving after IE6 was released - XHR, jQuery, and later on HTML5 and CSS3. Being a browser entirely developed and maintained by a private corporation subject to the shareholders priorities more than the Acid3 test results, Microsoft decided to ignore the calls to adhere to the new standards for as long as it could, and started developing its own internal awful standards to patch the lack of adherence to the W3C standards (ActiveX, VBScript, Silverlight...).

When Microsoft realized that a privately held company alone couldn't win a fight on your-own-propretary-standards Vs. what the rest of the world wants, it was too late. IE had become an unmaintainable patched monolith that had seen its market share drop from 90% to 20%, losing to the new rivals. They had to basically trash the old code and start from scratch with Edge to still be vaguely competitive.

Microsoft's story taught us that you can't push for your own standards while ignoring what the community wants and expect to survive for a long time. Google seems to have learned that lesson over these years (that's why Chrome still dominates the market), but if they start favoring their internal corporate priorities over the most pristine standard adherence, they might drift into the Microsoft case ad well.

For the record, the concept of XHR/AJAX originated at Microsoft, although it was not originally called that, and was first implemented in IE5.


Ditto for DOM Storage --- before the W3C, IE5 had userData.

The main issue with IE6 was that it was Windows only, making life miserable for those not using Windows. Chrome is on Linux and OSX as well. So there isn't really the "I can't access this site because I don't use Windows" problem that was a real problem then. Even if your favorite browser is Firefox, Edge, or Safari, you can still have Chrome on your system for Chrome-only sites.

… so the main issue is that Chrome is Chrome only so "I can't access this site because I don't use Chrome". Maybe a bit better than being Windows only, but not that much, in my opinion. I don't want Chrome on my system.

I was with you right up until the last sentence. However there are a few - though admittedly niche - platforms that Firefox has been ported to but which Chromium has not.

There was an incentive for MS to hold the web back, which isn't there now, although there's an incentive for Google to wall it up.

> I remember that when IE6 was first released it was the fastest, most reliable, most standards compliant and feature rich browser. That's why it took over the corporate world.

Most companies run Windows by default, that's why IE took over the corporate world.

Most companies run Windows by default, that's why IE took over the corporate world.

Netscape's plan was to so totally abstract the underlying OS that it didn't matter what it was.

I think there may even be a chicken and egg situation going on - for some reason, media websites such as CNN are pushing giant rich media content objects at us like videos, which obviously are meaningless to a text browser. Even webdev blogs are being posted with big GIFs every paragraph or two.

I'm not sure why content creators are feeling the need to go multi-media - perhaps it's getting harder and harder to tell who your audience is, or segment your audience, or maybe the "smearing" of society is causing an audience for a given topic (ES6 development, say) to have so many different desires it's impossible to create content on the subject without annoying some portion of them (either by having plain HTML and CSS for your blog post with no helpful GIFs, or a bunch of GIFs that piss off people in text browsers or slow connections).

> I'm not sure why content creators are feeling the need to go multi-media

I was around for BBSes and the early public internet, and I do appreciate text interfaces... that said, I've always felt there was something quite magical about graphics and audio. The web allows the author quite a bit of freedom in this regard, so it ends up pretty chaotic and uneven.

I find that graphics help to get a point across quickly, even for folks who are very comfortable with tons of text (most people in the world really aren't, and the language you prefer is likely not their first anyway so it's quite a bit of work for them)

It can be misused just like anything else, and tastes can be subjective. It's nice, then, that web browsers being at their core agents for the user, you can also get a fair bit of control on what you want to block by default, or have animations be click-to-play, and so on, which override the author's design.

They go multi-media for preroll ads. These are contextually more resistant against adblockers, and bring in more revenue.

Even on my iPhone I can’t browse CNN while simultaneously listening to music or the radio (iPlayer). Even though the videos are silent until clicked, they still take over the audio. Gets me every time!

What would a better experience be on iOS? I personally wouldn’t find mixing the audio and having to pause one or open a per-app volume mixer control panel to be a better implementation.

Play them with no sound by default if you are already listening to something.

Not sure, but to have this happen even for silent videos seems particularly annoying

From what I know, even "silent" videos can have an audio stream, which just happens to have all its samples decode to 0 (or nearly 0.)

Videos embedded into a webpage have a "muted" boolean attribute, so the nice behavior would be to not pause the music player when muted video starts playing.

Back when going multimedia was very primitive and was clearly just a shiny feature with no direct benefit to anyone other than for the creators to partake in new world, I'd have agreed with your statement. In the current situation of muted Facebook videos being a major form of (dis)information distribution, everyone can point to all-encompassing multimedia communication as a potentially extremely lucrative medium. Therefore there shouldn't be any surprise as to the prevalence of that type of content.

This leads to some perverse incentives, though...I have started to see like-farming "tag your friends" pages will post a video of a static image, overlaid with a subtle movement effect like falling snow, undoubtedly because someone realized they'll get more eyeballs from the all-knowing News Feed algorithm if their content is video.

"For some reason"

I think we should probably expect the Cable News Network to traffic heavily in video, yes?

If you've ever watched History or The Learning Channel, you might not expect much anymore.

Or if you're still a subscriber of American Telephone & Telegraph's services.

I find myself thinking of a line regarding early computer games development.

About how whenever game devs got a new toy to play with (faster CPU, better audio, etc etc) for years the games released would be heavy on bling and lite on content.

I suspect something similar happens in other parts of the computing world, and the web has long since hit its tech equivalent of "eternal september". Meaning that these days there are so many new "toys" coming into the web world that people can't help include them into whatever they are making, even if it makes little to no sense to do so in the long run.

i really wish the standards bodies would make a concerted push for a solid advance in CSS (flexbox and css grids are pushing that way but are relatively complex), so that we could get rid of DIV-itis. it's like the TABLE-itis of the past, but two letters shorter (i'm exaggerating, but still...). that would not only clean up the html but make both learning and development faster.

they should also really advance basic web functionality, like making contenteditable more flexible to build text editors on top of, and adding more (and more stylable) form controls (e.g., a good date-time picker, a true omni/combo box, etc). forms are all over most websites, so let's make those faster and less error prone to develop without a bunch of extraneous javascript handlers or resorting to formidable js frameworks.

in short, let's keep the learning curve shallow for web development--that's what made it great in the first place.

CSS Working group person here.

We're trying. Grid (also Flexbox, but mainly grid) should be a large part of the solution, as it significantly reduces the need for divs that are just there for layout purposes. display:content should also help disconnecting your markup needs from your styling needs somewhat (go shout at browsers if it's not coming fast enough). We've also recently decided to add multiple borders, so that you don't need to add a bunch of nested divs just to have nested borders.

The last piece of the puzzle would probably be to be able create boxes (or trees of boxes) without markup, and inject content from the DOM into these boxes. That would be fantastically useful, and has been explored before, but it turns out it is a really hard problem. The first attempt at this is css-regions, which ended up being rejected, in part by Google (because they thought the complexity needed for the implementation was excessive), in part by Mozilla (because they thought the design didn't fit well with how everything else works and would break in too many cases. Also, complexity).

A more modest attempt has been outlined here https://drafts.csswg.org/css-overflow-4/#fragmentation but it is still only an early draft, and solving that isn't trivial either.

the problem is css is tied to and gets it's hierarchy from the html elements. In order to truly separate style and layout from content you need a separate hierarchy and that would be a huge change


XML had it right with XSLT. It stands for Extensible Stylesheet Language Transformations. Because the language was clearly defined from the start for data not presentation the need for structure transformation was apparent.

There’s absolutely no reason why HTML5 shouldn’t reinvent something similar. Make it much simpler, just reuse the existing Web Template spec, which simply defines new elements with slots and selectors.


[ was super long so I moved it: https://ipfs.io/ipfs/QmQUszZRdHfdVUZwvQL2tK12XrW54TdJJqXEkm1... ]

More complicated transformations, like the toc here (arguably not that complicated but whatever), are better handled by user Javascript. Because let’s be honest XSLT like transforms are too hard.

Not immediately obvious is the fact that browsers could simply replace and rerun Javascript on page navigation, instead of rebuilding the entire page, if the templates match.

There are in fact many optimizations possible with this scheme. You could mark some regions that share a template as shadow DOM etc.


You can also provide polyfill for this TODAY using Service Workers. It’s not that crazy.

You could use XSLT which was supported by Firefox and IE over 10 years ago.

> flexbox and css grids are pushing that way but are relatively complex

Can you describe a concrete solution that is less complex than flexbox while still managing to achieve its goals?

> means websites will be more accessible overall, to even less common browsers

Not to mention more accessible to people with disabilities. A forum like wc3 needs to make sure that new features works for everyone and all use cases. Call me judgmental, but I doubt that Chrome developers have the will or ability to foresee all such cases when whipping up cool new features.

In fairness: modern web browsers and platforms are wildly better for users with impairments than the historical baseline, and the accessibility story for many kinds of hot new shiny-shiny is to straightforwardly ignore the content.

I mean... at least in it's prototypical form new kinds of multimedia content, previously unavailable, can continue to be unavailable without degrading the existing content. To the degree that blind people, for example, want to enjoy VRML2020 it's not unreasonable to wait a few release cycles for specialized support and have that content ignored until such a time.

General accessibility of content, ie a preference for flash over HTML, is a content provider issue, not a browser issue.

Also: the Chrome team builds the browser that runs most of the web clients on the world (and soon in history)... it's been a leader in accessibility and standardization for years. Judge as we will, they're better positioned than most to analyze consequences and the market, and have a notable track record.

People investing money in the web are the ones who want to turn it into another sales vehicle.

I'm not sure but I suspect the DOM is the reason small browser implementations can't catch up. I think over the years specifying interactions with JavaScript and CSS have led to ambiguities in the standard and undefined behavior.

The difficulty of implementing the Web platform comes from many things, from the difficulty of implementing JS to the complexity of the DOM to how subtle CSS is to complex, far-reaching APIs like ServiceWorker and WebGL to unspecified behavior depended on by sites. There is no one reason.

I will say that the DOM is one of the better-specified areas of the Web platform. CSS 2.1, for example, is significantly worse. And the table layout specifications are in a miserable state (one of the reasons why it drives me crazy when people suggest going back to table layout for "simplicity").

Chrome is not the standard, BUT WebKit is!

About 90% of all users worldwide use a WebKit(/Blink/KHTML) based browser on all platforms (and mobile is a lot bigger than desktop).

Firefox/Servo, M$ IE/Edge, Dillo, Link, etc are minor browsers, I hope sites will continue to work almost okay with them too.

For traditional enterprise the new IE6 is IE11, it's still going strong in Win7-Win10. You can thank M$ that they forked IE11 trident engine and named it Edge instead of IE12. And IE11 is supported until at least 2020.

"Safari ships new features on a much slower cadence, but they’re usually solid and always perform incredibly well"

Well, clearly this person doesn't have much experience with web development... The webengine in iOS is the biggest pile of crap I've ever worked with since IE6.

"Oh? You want to click this? OK, let's wait for 300 ms just in case you want to double tap to scroll!"

"We finally fixed it, no more delay on clicks! Yo Apple, the delay is still there if it runs as standalone, good job..!"

"OK, you've added the page to the home screen, now, if you click another URL on the same domain you definitely want it opened in the browser, right? Good guess Apple, that's why I added it.."

"Wait, are you saying that if you switch to another app and back again to the standalone site you don't want us to reload the URL that's added to the home screen? You would prefer us to let you continue where you left off, what!?!?"

"Oh, so you think momentum scrolling is a good idea? Too bad, we don't support it on elements that overflow, but we do have it elsewhere, have fun! PS we do have an experimental flag to enable it, but then I sure hope you're not using animations with gpu acceleration, cause then we have som nice race condition bugs in store for you, so who knows if scroll will work or not.."

Seriously, iOS is the worst of them. Sure Firefox and Chrome often has experimental features with bugs, but both of them are much more "solid" when it comes to features you'll actually use in production.

Safari on iOS is the IE6 of today.

Given this it's really a shame that Apple does not allow other browser engines on iOS. Would be a prime opportunity for competition to raise the overall quality level.

To be honest, I'm starting to think that Apple is doing this on purpose to earn more money.

They are forcing many developers to create native apps instead by locking down iOS and not allowing any decent web engines. Why? Then all payments would have to go through Apple so they can take a cut. Developers must also purchase hardware from Apple to create and test it.

Apple is a real asshole! "We have users, and if you want to make an app for our users then you have to purchase a MacBook, an iPhone, license to publish and allow us to take x% of all income."

And those who does this helps apple sell more hardware and make the problem bigger.

Sure, this might not be the reason even though it adds a lot of income to Apple.

The only other possible reason is that the people working on the web engine for iOS are useless people compared to all other teams working on browsers.

Long ago we had messages to those who used IE6. What we need now are messages that tell people to throw their iPhone in the thrash, cause it's not like they can use a proper browser...

Given this it's really a shame that Apple does not allow other browser engines on iOS. Would be a prime opportunity for competition to raise the overall quality level.

WebKit is a core part of iOS; lots of APIs use it for lots of things. You just can't swap it out for something else without breaking things.

Lets not forget the security and power usage issues as well; the last thing iPhone users would want is a rendering engine that wasn't optimized for the hardware and software draining their batteries.

Didn't MS also say that IE is a core part of Windows?

Microsoft lied and said that Windows wouldn’t work without IE, to justify bundling it with Windows after they signed a decent decree with the US government forbidding them from using their natural monopoly in operating systems as leverage in other markets.

WebKit is used by several Apple apps—Mail, iTunes, App Store, Calendar, etc—and thousands of 3rd party apps.

But the problem is not to stop them from shipping webkit with ios, but to allow other browsers to use their own engines. Do you imagine what would happened if every browser on Windows had to use trident for rendering?

Microsoft ended up with 'n' version of xp, which had all shortcuts to IE hidden, and a prompt asking you which browser you want to install and use after installation.

That was during windows XP wasn't it? I'm sure things have changed since those times.

You don't have to remove the buggy web engine. The problem is that Apple doesn't allow anyone to create another web engine for iOS. Apple locks users to a really bad browser with no possibility for users to change it.

Looks like a case for anti trust, just like microsoft had with IE.

Looks like a case for anti trust, just like microsoft had with IE.

You must be new around here. ;-)

Microsoft used their natural monopoly in operating systems (Windows has 95% marketshare) to force OEMs (HP, Compaq, etc.) to bundle IE with their machines and not Netscape Navigator. Microsoft threaten to cancel their Windows licenses.

And later, it decided, against its decent decree with the US government, to bundle IE with Windows, claiming Windows wouldn't function without IE, which was a lie.

Perhaps you're not aware that natural monopolies are themselves not illegal; it's using that monopoly to force the market to do things it ordinarily wouldn't in some other area.

So… no, there are no antitrust issues regarding web engines on iOS. And of course, Google, Mozilla and others have browsers on the App Store that use WebKit anyway, so it would be hard to make the case they're being harmed…

Why? iOS has by most measures less than 50% of the market.

Even with a low market share Apple could still theoretically be engaging in practices that are anti-consumer, such as disallowing the use of other browser engines.

Though, afaik, Apple does not stoop to the levels of Amazon, who removed the Twitch app from Roku platform for absolutely no reason other than to line their pockets with more cash.

Anti-trust is there for cases where society thinks

1) the free market doesn’t work because it is too hard for competition to enter an existing market or for existing competition to dethrone a market leader.


2) the big player(s) take (too much) advantage of their position by engaging in ‘anti-consumer’ practices.

Given the existence of Android, Apple isn’t in position 1. So, do you think (2) alone is sufficient for taking legal action? The common thinking is that the market will take care of it by by bankrupting the company doing it.

Android doesn't run iOS apps.

Apple has a monopoly on OSes that run iOS apps, OSes that run on iPhones, phones that run iOS and on App Stores that can install iOS apps.

They abuse all of them (e.g. the Webkit-only issue for iOS, monopoly pricing on iPhones, censorship in App Store).

Conversely e.g. Google has none of these monopolies except for the monopoly in running perfectly apps that require Google Play Services.

> Apple has a monopoly on OSes that run iOS apps, OSes that run on iPhones, phones that run iOS and on App Stores that can install iOS apps.

You could also say that Samsung has a monopoly of smartphones with "SAMSUNG" printed on them.

Aren’t anticompetitive and anti-consumer two completely separate things?

Yes, but I would say that anti-competitive behavior is inherently anti-consumer, as the consumer does not benefit from it - and Apple preventing other browser engines is both

Before they purchased it?

Nah, after - to make it a "Fire TV Exclusive" app


1) iOS is not a monopoly.

2) Apple has legitimate technical reasons for not allowing other browser engines (well specifically the JS part). Intent matters.

I think this thread is full of people who want Apple be considered a monopoly more than care about whether they actually are.

Thinking what the law should be, doesn't change what it actually is.

Ding ding ding!

> Apple has legitimate technical reasons for not allowing other browser engines (well specifically the JS part). Intent matters.

Oh please... source?

Efficient javascript needs to be JIT'ed, but that means your app needs to be granted API access to map writeable memory as executable, which is a security risk they are not willing to grant third party developers. So a third party browser/js engine will likely be quite slow. I guess this would give users of a bad impression of iOS perfomance as a whole then, if other browser engines were allowed and became popular?

If other browser engines became very popular it says something about how bad/limited the default offering is. It usually takes a lot of work before people switch away from defaults. People continued to use IE for years for example

Chrome as the sole advertisement on the most valuable piece of web real estate in the universe might have been a factor too.

It's not a security risk (assuming a properly engineered OS).

All OSes have bugs, and the XNU kernel certainly has had its share, so removing the ability to execute arbitrary code definitively makes exploitation of buffer overflows etc in 3rd party apps much harder.

Restricting the JS engine but allowing other browser engines to tie into it so you could leverage different browser's rendering and CSS features would be a step up and would sidestep much of the problem.

Remote execution of code is a very popular attack vector.

Apple can negate this almost entirely by controlling JavascriptCore and WebKit and ensuring that their security models e.g. sandbox are tight and well tested. Leaving that up to third parties who may not be so vigilant compromises the security of the entire device.

1) JavaScript allows for arbitrary code execution

2) Apple’s App Store policies disallow the user from executing arbitrary code

I think you can figure this out yourself.

These are excuses, not valid technical reasons.

Here here. The author clearly hasn't worked with Apple's implementation of Audio Context either. Granted the bar is pretty low compared to Chrome, but wow! What a mess. Safari consistently has latency and bit rate issues when playing even the smallest files.

Actually it’s “hear hear”. This comment has been up for 3 hours already, I’m surprised I’m the first word nazi to correct it :)

If we're being pedantic, there ought to be a comma between those "hears". :)

"Hear, hear" on a comment about Audio Context? ;-)

I disagree. The IE6 of today is IE11, not Safari. Just look caniuse.come for practically any modern feature. It either requires you to pollute your code base with polyfills or doesn't work at all. Every day bring another fun barrier. Today it was Promises (https://caniuse.com/#search=promise), tomorrow, I am sure, it'll be something else.

Except IE11 is 4 years old and no longer has any feature development. Use Edge.

Nearly all IE11 visits to my sites are from Windows 7 and 8.

What really sucks is that Apple has TENS OF BILLIONS of dollars in cash, and yet can't be bothered to throw a billion at fixing iOS, iOS safari and MacOS bugs.

Its quality really went downhill. I really loved the "it just works" stuff of Apple Past. And I loved the intuitive, skeumorphic interfaces.

Now it's all crap and HIDDEN MODES - something Apple always spoke against in its UX manuals. It's sad day that Google and Microsoft have better design than Apple now, and Apple copied them.

Steve Jobs would have never let this happen. He would have a whole department funded with several billion dollars just to make Apple products the most user friendly on the planet. And he would have Siri be a Star-Trek-like voice platform by now.

Agreed. Equally frustrating is how inconsistent the UX is in iOS. Editing an alarm is strange and there's no "Delete All" option unless you ask Siri, force touch works on some buttons and objects but with no indication of it, redundant notification settings, sloppily organized Settings menu, etc.

And the worst: Endless "back" button/swiping on the News app.

What reduction in bug rate should we expect for each, day, $100M invested?

Back in time, Microsoft invested heavily in program analysis to fix those hideous BSODs due to broken third-party drivers. It was very successful.

Apple's problem is simpler as they own the code, and bugs are likely to come from understaffed engineering.

Apple's self-contained platform, huge sums of money, and massive upgrade adoption rates would make it very easy for them to ship modern software. They for some reason choose not to

iOS and OSX isn't modern software ?

I am curious about the qualities an operating system needs to be deemed "modern".

I personally love iOS and macOS and use them both daily. Though there are facets of both that I think could easily be improved given Apple's position.

Off the top of my head -

A. Slow development cycles on Safari (they're getting better, but still) while simultaneously blocking competitors on iOS

B. A number of embarrassing security failures on macOS recently

C. A lack of focus on macOS (Probably the cause of B)

I can't tell you how many more meters per second you will get if you push harder on the gas... But I can tell you that pushing harder on the gas is likely to get you where you're going quicker.

Do we really need to discuss exact m/s before you're willing to push harder on the frickin gas?

"Measure twice, cut once."

I discovered that having an onScroll event handler on a div with overflow and -webkit-overflow-scrolling: touch resulted into weird visual artifacts under certain conditions. And no, I don't want to override native scroll (which is often a bad idea), I want to react to the scroll.

Based on this you either never had to work with IE6 compatibility, or you have a really bad memory.

Not least most of what you mention (other than the 300ms delay) is OS level anyhow.

I worked with IE6 both as it became the defacto standard browser everywhere, and for the years it took Mozilla Phoenix^wFirebird^wFirefox to take hold as the defining force, and then Chrome coming to dominate.

When IE6 came out it was kind of a breath of fresh air... it allowed for a lot of things, and the v4 browsers finally fell off the map. IE 5.0.0 had some hideous bugs on stamped CDs (Office 2000, Windows 2000) that I had to work around for a couple years. IE6 corrected many of them.

Now as things progressed, IE6 became a boat anchor for a long time.. and IE7/8/9 though relatively current at release fell behind very quickly. IE10-11 were also rans in my opinion, and I'm glad most people get to ignore them now.

Nothing compares to dealing with IE4 + NN4 issues... it was truly painful and I'll take what we have today over either. Most people aren't dealing with most of the newer browser features... but for those that are, it can be bad. Safari is the worst actor in the bunch, and they are emphatically not rock solid on that front.

People do forget that IE was legitimately a good browser for quite a while - starting around IE3 it really did quite well. Plus I'll take IE4 + NN4 issues vs IE6/7/8 issues in 20-freaking-14 (or beyond, argh). IE9 at least fixed a lot.

At least the early IE vs NN stuff was fast to change and interesting. IE6 issues were the exact opposite :(

The real explorer issue was that xp refused to die for the longest time. When those browser came out they were kinda fine in context, they got lot of hate a decade later when the world moved onto new standard but you still had 10%+ users living in the past

Well that and they refused to update it for 5 years AND refused to EoL it for 7.

It was entirely due to MS’s negligence, not just XP.

Most of your complaints are related to how iOS handles web apps that you've saved to the home screen, which is a feature that is completely orthogonal to Apple's rendering engine.

I agree that iOS home screen apps are in a pretty bad state, but Google is also discontinuing Chrome Apps and that doesn't make Chrome a worse HTML renderer.

Oh so you want a large canvas on an iPad? No, F you. That might impact performance so we restrict it.

Some of the iPads have a very limited amount of memory e.g. 1GB.

I think users would be expecting Apple to curtail your ability to crash or hang the browser.

I can crash the mobile safari just fine all is needed is lot of overflowing images in a transformed div

What I really hate is that when safari shits itself the message to the user is “there was a problem with the web page so it was reloaded” so we get old iphone users complaining to us when their lame browser crashed.

That and iframes getting resized to full height ignoring css directives completely... we have a lot of our codebase that are workaround just for ios

Exactly. I find Safari extremely unpleasant to use in many cases. Firefox Beta on Android at least makes me feel much better.

This also shows that the architecture of the web is wrong, i.e. to have the browser vendor in control rather than the developers.

I switched to Firefox, and I was blown away to find that Google Meet (the new Hangouts) does not work. You just get the message "Meet doesn't work on your browser".

I'm also impressed at how many of my job's internal websites don't work. This doesn't bug me as much, but it's obvious the devs who created them didn't even do a sanity check in Firefox.

I don't know how much of Google's thinking is "this will move users to Chrome" and how much is "we can't be bothered to make it work there", but it has helped me in my attempts to move away from Google services. I was a big fan of Hangouts and once upon a time used it as pretty much my main mode of online communication (and made many friends aware that such an app exists on their phone). But now that I can no longer rely on it working, I have disabled that part of Gmail and haven't opened the mobile app in months either.

Yeah the old Hangouts doesn't either.

There's been some recent movement on this https://twitter.com/tsahil/status/943471207692763136

What happens if you lie about your user agent?

It started working from yesterday (at least on Firefox nightly). I found it accidentally. Can you please try again today and see if it works?

I wish the author discussed the fact that Apple doesn't allow any other browsers to target the iOS platform. Chrome / Firefox are forced to be thin wrappers against the webkit engine instead of bringing their own technology.

No other platform has policies like this and it greatly impacts the web platform and changes the dynamic of web standards in a way no other browser developer could.

>No other platform has policies like this

MS has a similar restriction on their App Store. Browsers are only allowed to use the MS rendering engine.

Also plenty of feature phones only allow use of the integrated browser. You might think that’s an unrelated issue, but it’s not. From a regulatory perspective, how do you differentiate between those, feature phones that allow a limited range of installable apps, games consoles with game offerings controlled by the console vendor, and the App Stores? There are even children’s educational toys with downloadable apps.

Vendor control of software access on their platform is actualy everywhere and some platforms like games consoles are defined by the concept so completely we often don’t even notice it. Dont like the games offered by Sony? Buy a Switch or an XBox. Don’t like the software offered by Apple? Buy an Android. But you don’t get to tell people which of these platforms they can or can’t choose.

Just like Google has on ChromeOS.

What do I change the browser being managed by ChromeOS?

On a Chromebook, open the play store and download an alternative browser. It is that easy. Or sideload an apk if you've decided to opt-out of the play store.

When it comes to an alternative engine, Firefox on Android is Gecko-based rather than being based on Chromium. You can install this on a Chromebook. If you need any more help understanding, please let me know.

All other platforms allow you to install apps from outside of the store though.

But they don’t all allow you to install apps that have not been approved by the vendor and comply with vendor policies, which is what is actually relevant

You can install any windows installer, or any deb file, or any apk, you want, without OS checking anything. Only iOS does not allow you to install apps not approved by vendor

This is an important point, but it's ancillary to what I'm getting at here. (And, contrary to sibling comment, I'm well aware that "Chrome on iOS" is just a wrapper around the Webkit view.) There's an important role of competition, and I sometimes do wish that Apple allowed alternative implementations. On the other hand, alternative implementations are also alternative vectors for security holes, and one of Apple's primary business differentiators at this point is "security and privacy"—so I'm also sympathetic to the reasons they don't allow other implementations on their system.

Two points:

1. Today we have 4 browser implementors. Only one of them doesn't also own an operating system (FF). We lost opera year or two ago. I would argue that a significant factor in this shrinking landscape is the fact that Apple has locked away ~10% of the market forever (and this 10% is not a random sampling - it includes many high value customers). Sure implementing a browser is technically challenging - my argument is that Apple's policy has altered the environment in such a way that there is no longer any reward for overcoming that challenge unless you have an operating system or some other large interest that requires you to make a browser. This will have effects on the web as a platform for years to come.

2. Security is a core principle for all browser implementors - due to the nature of a browser you won't get far without it. Privacy is a can of worms - all implementors will pay lip service to it. Whether or not they deliver on it is another topic entirely. A blanket ban on browser development in the name of security is heavy handed. Browser implementors love security and would gladly follow any procedures and policies the platform chooses to enforce. Apple's kill switches give them more than enough leverage to protect users from bad security actors. Now privacy, given that WKWebviews apis allow developers today to evaluate arbitrary JavaScript and monitor the users navigation Apple has already trusted developers to respect user privacy. A browser implementor wouldn't have much more ability to damage user expectation of privacy as a normal app developer already does.

Looking at the facts I cannot help but come to the conclusion that Apple's policies and actions are hurting the web in a way the no other browser implementor could.

I don't see it any different than what Google is doing with Chrome, specially with ChromeOS.

You can always install other os along with other browser on a chromebook. You can install whatever engine you want on android.

With ios you cannot do anything, you're just stuck with safari.

Installing other OS is by definition not ChromeOS anymore.

Replacing chrome in chromeOS would make it not chromeOS too. But you can use chromium instead of chrome if you want, and nothing stops you from developing same OS with different browser and installing it on Chromebook. With iOS it is safari and no way to go around it.

1. Today we have 4 browser implementors. Only one of them doesn't also own an operating system (FF). We lost opera year or two ago. I would argue that a significant factor in this shrinking landscape is the fact that Apple has locked away ~10% of the market forever (and this 10% is not a random sampling - it includes many high value customers). Sure implementing a browser is technically challenging - my argument is that Apple's policy has altered the environment in such a way that there is no longer any reward for overcoming that challenge unless you have an operating system or some other large interest that requires you to make a browser. This will have effects on the web as a platform for years to come.

You are wrong. I get you’re making a political argument because you have something against Apple, but what you’re suggesting is just wrong on the merits.

Apple’s global iPhone marketshare is around 15%; it’s 35-40% in the US.

When the W3C was going to shove XHTML 2 down our throats, where you had to have perfectly conforming XML markup to have a valid webpage, Apple helped form with Mozilla and Opera, the WHATWG that lead to HTML5 and web standards that made sense.

It was Apple that said no to shipping Flash on the iPhone, which was the beginning of the end for proprietary media plugins.

You seemed to forget about the ecosystem of open source developers that have lead the charge on implementing new open standards; Igalia was obviously able to work with Apple (and Google) to implement CSS Grid: https://blogs.igalia.com/mrego/2017/03/16/css-grid-layout-is...

Much of the variable font spec is based on Apple’s TrueType GX technology from the 1990s: https://atadistance.net/2016/09/20/truetype-gx-model-lives-o...

Sure, they were behind on several important technologies, but they’ve made a ton of progress this past year or so. I created a Service Worker in the latest Safari Tech Preview that shipped two days ago: https://webkit.org/blog/8042/release-notes-for-safari-techno...

You also might want to check the feature list; you might be surprised: https://webkit.org/status/

Apple is a convenient target for a lot of things; I get that, but I can’t see how anything you’ve said holds up when we take an objective look at things.

Security is a core principle for all browser implementors - due to the nature of a browser you won't get far without it. Privacy is a can of worms - all implementors will pay lip service to it. Whether or not they deliver on it is another topic entirely. A blanket ban on browser development in the name of security is heavy handed.

As I mentioned previously (https://news.ycombinator.com/item?id=15985884) WebKit is a core part of the iOS operating system and is tied into a bunch of things, including Apple’s brand.

In addition to all of the technical, security and privacy issues, there’s also user experience, especially with something as core as the browser on a mobile platform.

We’ve already seen that Google can’t be trusted on iOS--it was fined $22.5 million by the FTC for essentially bypassing Apple’s iOS platform privacy features not that long ago: https://www.ftc.gov/news-events/press-releases/2012/08/googl...

90% of Google’s revenue comes from advertising, so why would Apple and its users want Google’s browser to have low-level access to its operating system?

If Google could run Chrome natively on iOS (instead of using WebKit), would it be free to disregard Apple’s Intelligent Tracking Prevention feature (https://webkit.org/blog/7675/intelligent-tracking-prevention...), which uses machine learning to stop cross-site tracking via 3rd-party cookies?

Everything is a trade-off when it comes to technology; I’m fine with Google and some of the other companies deciding which privacy features they will or won’t use.

BTW, my new favorite iOS browser is Brave (https://itunes.apple.com/app/brave-web-browser/id1052879175?...), which by default blocks all ads, trackers and fingerprinting methods by default. Not loading all of that crap makes it run really fast.

And if we’re lucky, we’ll be able to pay content creators with the Basic Attention Token (BAT), based on Ethereum’s ERC20 token standard, in 3-6 months.

If this catches on, it could impact Google; lets see if they allow it on the Play store, especially after payments are implemented.

Clearly there can be browser innovation without giving in to companies like Google who don’t respect users’ privacy.

> No other platform has policies like this

The Windows store has the same policy and by proxy all Windows S machines.

So then the trend is that platform owners are the only allowed browser implementors on the their platform?

Platform owners' interests and public rationalizations aside, is this in the best interest of the web and its users?

Not sure, but Microsoft seems inclined to lean that way, since even on Android, where they have a choice, they elected to use Chromium for Edge.

No other platform has policies like this and it greatly impacts the web platform and changes the dynamic of web standards in a way no other browser developer could.

Wow, that's quite a stretch. I monitor web standards pretty closely and I haven't found this to be the case.

I have seen many threads on Github and mailing lists with Google, Apple, Mozilla and Microsoft actually communicating with each other on how to implement web standards in a cross-browser way.

Here's a good example: https://github.com/w3c/csswg-drafts/pull/1817

Me too, but from the brief mention of Chrome being faster on Android than iOS in the article, I'm afraid the author actually believes that there is such a thing as Chrome for iOS.

If it makes you feel any better there's some of us that left iOS for this exact reason. I don't like Apple telling me what I can and can't do with my computer.

Windows Store like many others already mentioned, and ChromeOS come to mind.

I’m definitely seeing several sites lately that require me to use a particular browser, lest I see blank elements or “buttons” that infuriatingly do nothing when I click them except in certain browsers.

It’s not consistent though. Usually switching to Safari is what works but sometimes I must use Firefox. On one government site it seemed the only working combo was to use an iPad, as no desktop browser worked on my Mac.

My latest gripe has to be log-in screens though (Google is guilty): forms are as old as the web and I resent that I can’t even log in anymore because your Unnecessarily Fancy Form just doesn’t work on all browsers!?

Try changing macOS' safari's useragent to safari on ipad next time.

Its also handy to get efficient video from sites stil serving flash to desktops.

> On one government site it seemed the only working combo was to use an iPad, as no desktop browser worked on my Mac.

Did you try using IE? I find some state government sites still work best on IE10/IE11

They had a Mac, so probably not.

"Safari ships new features on a much slower cadence, but they’re usually solid and always perform incredibly well."

I really don't agree at all with this, Safari is the new Internet explorer ...


Chrome is the new IE.

Chrome ships new features fast, and some of them are very cool. Because of course! "Embrace, extend, extinguish" doesn't work unless the "extend" part is full of shiny, delicious candy. And platform makers can make lots and lots of shiny candy when freed from pesky things like standards.

It's hard to believe we're having this discussion again. Did we learn nothing from Internet Explorer 6? IE6 damn near ruined the web because it had 95% market share, was objectively terrible, and it encouraged lock-in with its nonstandard behavior and "convenient" proprietary features.

Now, of course Chrome isn't terrible like IE6. And that's both good and dangerous ...because Microsoft might have "won" if IE6 was any good at all. Luckily, IE6 was so terrible that Mozilla was able to win back a sizeable enough portion of the web with a far superior product, and FF's market share was big enough that people had to start paying attention to web standards again.

No such savior in the form of a "far superior product" is likely to exist this time around. Chrome's pretty darn nice, and as long as it doesn't suck as bad as IE6, we'll never see a direct competitor that eclipses Chrome in the way that FF1.0 surpassed the god-awful IE6.

That means we, the developers, are the only thing between an open web and a dangerous Google monoculture. Support web standards, not proprietary lock-in. Develop for the web, not for Chrome. Stick to the standards and it's pretty easy. And fun.

Chrome is 100% the IE.

They blatantly ignore standards, the most obvious of which is their treatment of autocomplete=off in forms[1]. They broke the ability to disable autocomplete, and since then have been intentionally breaking workarounds people find to actually turn off autocomplete. This has been a major pain in the butt at work.

Before you yell at me about password managers or whatever, we don't use this on our login form: We make an app that collects some sensitive data that it is very pointless to autocomplete, and we've had user complaints about this very issue, but there's nothing we can do about it because Google unilaterally decided they know better than us.

[1]: https://stackoverflow.com/a/22694173 (make sure to read the comments!)

> They blatantly ignore standards, the most obvious of which is their treatment of autocomplete=off in forms[1]. They broke the ability to disable autocomplete, and since then have been intentionally breaking workarounds people find to actually turn off autocomplete. This has been a major pain in the butt at work.

My solution to that is simple. I have a microservice that tells my services how to get autocomplete=off automatically. This microservice determines the required values and ids by scraping the search box on google.com every hour, and extracting the values of the tag matching input[name=q].

That way I can fully automate autocomplete=off, and ensure it works.

That is filthy, and I absolutely love it.

Indeed it is, but sometimes it’s necessary. I absolutely only use it for search boxes where I provide custom history for previous entries, and custom suggestions. Without autocomplete=off, these are horrible to use.

And this was the only way I could figure out that would guarantee that it would be disabled, even after browser updates.

FWIW, the HTML spec says that the autocomplete=off means either 1) the input shouldn't be autofilled or 2) the input is for sensitive information. It doesn't require handling it only as the first case.


> "When an element's autofill field name is "off", the user agent should not remember the control's data, and should not offer past values to the user."

Seems pretty clear to me. The only exception I see is:

> "A user agent may allow the user to override an element's autofill field name, e.g. to change it from "off" to "on" to allow values to be remembered and prefilled despite the page author's objections, or to always "off", never remembering values."

But that's user-initiated action, not something the browser should do for every field just because it feels like it.

Maybe we can split the difference. Chrome == IE because of breaking standards, and Safari == IE because it is so far behind on supporting standards.

Also, both Chrome OS and iOS, both have integrated their browser into their OS and don't allow competition from other browsers on their platforms.

Is that a fair assessment?

Yeah I think it's a totally fair assessment.

And it's right to be wary of Apple. They have many of the same negative incentives as Microsoft had: if the web outshines their proprietary app platforms, then what good are those platforms?

However, out of the two behaviors ("embrace and extend" versus "slow standards adoption") I think that Chrome's "embrace and extend" is the one that's actually a threat - and to me, that's what really made IE dangerous: it was a threat to the web.

Safari's pace of standards adoption is merely annoying. I'm a developer too; I get it -- I want to use the cool new shit! But Safari's not going to break the web in the way that propietary browser lock-in could break it.

I agree that Google's Chrome tactics can be perceived as evil, I won't discount that, because it causes issues when you are forced to use a particular browser.

But if your client only runs iOS for their entire business, you can't even complain about Chrome to them. And if their browser doesn't support something as simple as offline html5 features properly, and you need this, across multiple platforms (cause they have a few laptops too). Then you can't use a browser based platform. Or if you do, you have to live with many compromises.

This is how I see Apple working. If the market didn't force them to upgrade Safari, I think they never would. They'd just say "browsers are for html, and the Apple App Store is for everything else".

But my client just wanted their stupid form to work offline. At least Chrome can do this, their adding of extra stuff doesn't _limit_ what is possible.

And I don't think many of these features are "new and shiny", I think they are fundamental to the web now. If they were new and shiny only, then Firefox would have had it's ass handed to it by the big-boys. But instead, we see MS and Apple falling behind a simple non-profit in the web standards support area.

Remember, Apple has more money in the bank than any company ever in the history of the world. It's a choice they are making not keeping up with web standards.

So the question has to be asked, what benefit does Apple get from keeping web standards very low on it's locked down platform? (any answer besides forcing devs into their store?)

Sounds a little paranoid, especially since Service Workers are on by default in the latest Safari Technology Preview: https://webkit.org/blog/8042/release-notes-for-safari-techno....

You might want to check the WebKit status page; you might be pleasantly surprised: https://webkit.org/status/.

When Safari has complete support for PWAs in 2018, you guys will have to come up with a new Apple conspiracy against the web. ;-)

Until just last month, Firefox was pretty damn slow compared to Safari and Chrome but they got a pass from the HN crowd.

I suspect Tim Cook isn’t losing sleep about PWAs vs. native apps. It’s win-win for Apple either way.

Thanks for the link to the webkit status.

When do you suppose this will end up in the Safari in iOS 10? I suspect never. Since my clients literally have thousands (maybe 10s of thousands) invested in devices that will never get any updates past iOS 10, they are forced into a hardware upgrade because Apple won't allow 3rd party browsers on their devices, and tie their browser version to their OS version.

If you see another way around this, I'd really like to know.

When do you suppose this will end up in the Safari in iOS 10? I suspect never. Since my clients literally have thousands (maybe 10s of thousands) invested in devices that will never get any updates past iOS 10, they are forced into a hardware upgrade because Apple won't allow 3rd party browsers on their devices, and tie their browser version to their OS version.

I obviously don't know your situation, but the newest iPad where iOS 10.x is its last operating system is the 4th gen iPad, which was introduced October 2012 and was discontinued October 2014. It shipped with iOS 6, so it's been through 4 major upgrades.

You make not like it, but that's about the general lifetime of computing devices today regarding their upgradeability. It's not like there are 5-year old Android tablets running the latest operating systems from Google either.

Apple’s modus operandi has been the same for the 10 years of iOS devices: all of the new features go into the latest version; the previous version only gets security updates and they don’t back-port those features to the previous operating system.

Mobile Safari 11 uses APIs and frameworks (like the machine learning for Intelligent Tracking Prevention) that only exist in iOS 11, which is why it won’t be ported to iOS 10.

In most mainstream work/production environments, 3-4 years is the useful lifetime for computers and the iPad is a computer. I did this for a living at MIT; I dealt with these exact issues for 14 years.

I get that it's convenient to blame Apple for not allowing 3rd-party web engines on iOS, but that's really the cover story, right?

The key issue here: iOS 10 was the last version to run on 32-bit A6 processors, which is what your iPads have. iPhones and iPads with 64-bit A7s (and newer) can run iOS 11. Unfortunately, you got caught in this hardware transition.

If these iPads are mission-critical for something, then there should have been some device lifecycle planning when the project started so you wouldn’t end up in a situation like the one you’re in.

BTW, both Google and Firefox stopped supporting 32-bit operating systems years ago, so even if iOS allowed 3rd-party browsers, you still wouldn’t have the option of running something that had today’s latest features like Service Worker anyway…

>It's not like there are 5-year old Android tablets running the latest operating systems from Google either.

Yah, you have a point with the hardware being old and 32bit, I am not an Apple guy by nature, so I have older hardware.

My issue is not with the OS, it's that I am blocked from installing specific software on that OS. Imagine if Windows didn't allow Chrome to be installed, everyone would be up in arms.

Why is Apple getting a pass in their regard?

>Imagine if Windows didn't allow Chrome to be installed, everyone would be up in arms.

No pun intended, but this isn’t an apples-to-apples comparison—you can’t compare a desktop operating system to one that runs on phones and tablets.

I’m a web developer—I have the release, beta and canary (nightly) of Chrome and Firefox in addition to Safari and Safari Tech Preview on my iMac, which is no big deal on macOS or any other desktop operating system.

It’s very different on phones and tablets, which are closer to embedded operating systems.

This also enables Apple and others to lockdown security in ways which would be unacceptable for a desktop operating system. Given the unrelenting hacking from the kid down the street to nation states—China, N. Korea, Russia, Iran—more security isn’t a bad thing.

Apple isn’t getting a pass—at least not from normals.

It’s the supposedly aggrieved and paranoid libertarian techies’ narrative that Apple is getting away with something and their rights are being impinged upon.

Sure, I can accept that generally speaking there is a difference between phone/tablet and desktop. But how about Android vs iOS. I can install Firefox on Android, but not on iOS. (It "looks" like FF, but it's Safari with a skin, same with Chrome.)

Can you offer a valid explanation on why it's technically not possible for a real Firefox browser to work in iOS, but works fine on Android?

Short answer: Google and Apple have different priorities when it comes to security, privacy, performance and power consumption. Same thing with Mozilla but to a lesser degree.

It’s also not accurate to say Firefox and Chrome are just “skins” over Safari. Sure, they have to use WebKit via various system APIs but they also add their own features, some of which Safari doesn’t have like support for Google Assistant and a built-in QR code scanner for starters.

Heck, Google Chrome on iOS supports the Payment Request API while Safari doesn’t, which means there are web platform features Google implemented that WebKit doesn’t have. Why are you complaining again? ;-)

Same for Brave, which does lots of things Safari doesn’t.

Remember, Chrome and WebKit share a common ancestral codebase; the vast majority of a site’s HTML and CSS renders exactly the same anyway, so it’s not like Google or users like you are actually missing out on anything of substance other than some misplaced sense of being restricted from shooting yourselves in the foot because you can’t use a browser engine that’s slower and consumes more power than what Apple ships—ditto for Mozilla.

For the overwhelming majority of the browsing anyone does, it makes no difference. It’s just a manufactured grevence of a vocal minority of Apple critics.

I think you are dodging the central claim against Apple, they prohibit competition on their platform. If Microsoft or Google did this, they'd be accused of anticompetitive behavoir, or being a monopoloy.

In fact, MS actually did this with IE vs Netscape. Maybe you are too young to know or remember this. It's just astonishing that anyone could ignore the parralels.

Also, I asked if there was any "technical reasons" Apple couldn't allow real Firefox in iOS, and you ignored that. I suspect because you know the answer is "no". So, then it's purely for marketing reasons.

Please explain how it's better for end users to have only one choice of browser? If you want to say they already do, then you do not understand how browsers work. And if you want, I can do some googling for you to show you why FF and Chrome on iOS are _not_ any different at the core level than mobile Safari.

In fact, MS actually did this with IE vs Netscape. Maybe you are too young to know or remember this. It's just astonishing that anyone could ignore the parralels.

I was doing IT at MIT when the Microsoft/Netscape thing went down—I’m not new to any of this.

This is going to be my last response on this topic, since this has devolved into a political and ideological thing——I can’t help you with that.

This post sums it up for me [1]: I think this thread is full of people who want Apple be considered a monopoly more than care about whether they actually are.

I think you are dodging the central claim against Apple, they prohibit competition on their platform. If Microsoft or Google did this, they'd be accused of anticompetitive behavoir, or being a monopoloy.


Again, this is an ideological argument, not a technical or legal argument.

They aren’t prohibiting competition——there are over two million apps on the App Store[2], including ones by every company that is considered a competitor like Microsoft, Google, Mozilla and others.

But here is a legal position: there’s nothing illegal about determining what they will and will not allow in their App Store and what they will and will not allow on their platform, especially when the companies agree to it when they sign the contract with Apple.

It’s only tech ideologues and free software zealots that think that their rights are being violated because Apple doesn’t permit other web rendering engines other than WebKit. There’s no legitimate technical or legal argument that can be made that users are somehow suffering due to this.

If that’s your deal, that’s fine; but don’t act like it’s the same thing as Microsoft/Netscape because it’s not.

Please read the history of that case on Wikipedia: https://en.wikipedia.org/wiki/United_States_v._Microsoft_Cor....

I wrote about why this isn’t like Microsoft, IE and Netscape in the thread [3].

Here’s the simplest way to make this plain:

* Microsoft had 95% of the desktop operating system market back in the day. Apple has around 20% of the global cell phone market[4]

* Microsoft was accused (after signing a decent decree with the US government saying it wouldn’t do this) of using its natural monopoly in operating systems to affect emerging markets, such as the browser market

* Apple doesn’t have a monopoly——natural or otherwise; it hasn’t been under investigation by the Federal Trade Commission or the Department of Justice——Microsoft was

* Apple has direct competitors on the App Store in every category it has apps and services for: maps, music players and services, camera, file sharing

* Google makes more money from iOS than it does from Android [5],[6]

Last thing: like it or not, Safari is the fastest and most energy efficient browser engine that could exist on iOS because unless you’re Apple, there’s no way for a 3rd party to have the information of the firmware, custom processors, GPUs, etc. that would be required to do what Apple is already doing with WebKit.

It’s not like the HTML, CSS and Javascript rendering is significantly different than what the other engines do, so there’s no compelling technical reason that there should be 3rd party engines, other than to satisfy their critics and zealots.

There might be some there there if Google and Mozilla boycotted iOS because they weren’t allowed to use their rendering engines and otherwise made a big deal about this. Because they must be on the most profitable mobile platform in the world, they’re admitting that they’re okay with the situation as it is, even if you guys are not.

So in reality, your issue is with Mozilla and Google, who’ve left you guys hanging and don’t have your back on this.

Time to let it go.

[1]: https://news.ycombinator.com/item?id=15983379

[2]: https://www.statista.com/statistics/276623/number-of-apps-av...

[3]: https://news.ycombinator.com/item?id=15985922

[4]: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&c...

[5]: http://bgr.com/2015/05/27/iphone-vs-android-advertising-goog...

[6]: https://gizmodo.com/5897457/google-makes-four-times-more-mon...

I know you have a lot of reasons to say this doesn't matter, but why is it a real world problem then for a lot of people? Are these people imagining the issues with Apple products and their browser?

Does Firefox suck up battery so bad on Android that it couldn't possibly be written to run on iOS properly? (technical issue, not ideology) Your arguments are not technically sound. I never mentioned "rights", you did. I merely pointed out that if others copied Apple, they'd be accused of violating rights. (not an issue for me personally)

You present red herrings and twisted some of my comments, but you are right, it's not worth continuing, as neither of us can change anything.

Same applies to Google, lets not forget that the bad experience of web apps over Android native ones, meant that now it is also possible to use Android native apps on ChromeOS and that they took the effort to implement something like Java Web Start (Instant Apps) for Android.

I mostly agree. Chrome worries me for a lot of reasons and I don't trust google at all.

Their goals are less outwardly evil than 1990s-era Microsoft, and that makes me think they have a much better chance at succeeding.

I don't know how "understand everything there is to know about everyone" is substantially less evil, especially when entirely avoiding Google is effectively impossible.

I should have picked a better word! "Outwardly" probably wasn't the right word there. Google is less... bald-facedly evil, perhaps? Less overtly evil?

Microsoft's hardline "screw the open web, and buy a Windows and Office license every n years while we ensure we have no competitors by any means necessary" modus operandi in the 1990s was just so blatantly unfriendly.

Google's course is more... stealthy.

Yeah, I won't defend Microsoft. I was honestly convinced for several years that we were descending into a dark age of computing.

No and I think your opinion is harmful.

IE literally refused to implement standards, rendered broken dom elements, allowed for proprietary native extensions and had many different apis for them. They had 90% of the market share and no other viable platforms. This meant developers built things which exploited these broken features causing huge compatibility issues when they aren’t (every other browser).

A simple lack of features didn’t make IE... IE. Safari is a pain in the ass but it sure as fuck ain’t no internet explorer.

I think Chrome is propagating lazy developers who think everyone uses their browser. Which means things only work in Chrome and no where else. It’s not as bad as the IE situation yet and hopefully it won’t be with Firefox kicking ass again.

Apple is doing similar stuff by refusing to implement the payment request API and instead implementing their proprietary Apple Pay API. So you can use one API to target Chrome and Firefox and another for Safari. This is starting to sound a bit like IE. They were invited to join the working group for Payment Request and decided not to take part.

The Payment Request API is supported in the Safari Technical Preview and enabled by default since Release 44.

https://webkit.org/status/#feature-payment-request https://developer.apple.com/safari/technology-preview/releas...

You can argue that they're not implementing $thing-you-like but lets be real; you can't compare IE to anything if you don't include the market share.

IE was harmful because it had such incredible market share and could do what it wanted with that.

And Apple has a major mobile market share, that HAS to use safari. If I could get away with not supporting safari, I definitely would.

Then you are not a proponent of an Open web, you are a lazy developer.

Apple hasn’t had an monopoly antitrust suit against them for it. Different story, different times.

> IE literally refused to implement standards

Chrome doesn’t implement asm.js (EDIT: I had previously written WebAssembly, but that was a typo), concurrent JS, or autocomplete=off, or the GeoLocation API via HTTP, etc.

> allowed for proprietary native extensions and had many different apis

NaCl, PNaCl. Try running http://earth.google.com/ in a browser other than Chrome. Or the Google Hangouts Video Chat.

> They had 90% of the market share and no other viable platforms

Chrome has reached > 67% of the global market

> This meant developers built things which exploited these broken features causing huge compatibility issues when they aren’t (every other browser).

See above mentioned Google Earth, Google Hangouts, the early releases of Google Inbox, Google Allo, and WhatsApp Web, as well as the early releases of Signal Web.

> It’s not as bad as the IE situation yet

See above why it is just as bad as the IE situation.

Oh, and "IE was preinstalled" – Chrome runs malicious, misleading advertisements everywhere to get users to install Chrome, and when that wasn’t enough, they started paying companies to secretly install Chrome with their installer (same as what the Ask Toolbar, or BonzaiBuddy did – except, now it’s Google offering 30 million EUR to VLC to include it, and that project denying it and publishing that info).

> Chrome doesn’t implement WebAssembly > NaCl, PNaCl.

It does, and both of which are being deprecated and removed in favor of WebAssembly.

At least your point about Google using underhanded tricks to get Chrome in the hands of users is accurate.

Thanks, I meant asm.js instead.

Fair enough, but mind that asm.js is itself being deprecated too, WebAssembly is meant to replace it.

It was as cool experiment by Mozilla for sure, but it's in the same boat as the cool experiments by Chrome: not picked up by other browsers.

Chrome is implementing a standard that pretty much all other modern browsers are also implementing. For example, service workers - implemented by Chrome initially and pretty heavily integrated into Android/PWAs - but Firefox and Safari are also shipping this feature currently. And also most features, such as service workers, can be effectively used with progressive enhancement, still providing a working experience to the user when they are using an older browser. Most sites I've seen that say "Must be used in Chrome" or whatever really have no reason to do that. There is more nuance to the progression of the modern web platform than the OP article gives off.

Sorry, the op is right. Safari IS the new IE.

Service workers is one of the most egregious failures on their part. And I believe it's been done on purpose. With service workers you get full control over building your JS based app, something Apple does not want, they want everyone to got through their store.

Considering that the only way (moving forward) to create an offline JS app now is through service workers, and Apple is just starting to get it working, _maybe_ for the next version of Safari.


What does this mean? It means that it may take one or two more _years_ of _hardware_ updates to get iOS users able to use a javascript feature in their browser.

As far as I know, iOS and Safari are knitted together like MS did to Windows and IE. Try and get a new version of Safari that doesn't match with the version of iOS you are running.

I could go on about the state of local storage and other HTML5 debacles on Safari, but it's total loser and I am only going to make myself upset.

According to this article Service Workers is on by default in the latest Safari Tech Preview: https://9to5mac.com/2017/12/20/safari-preview-46-service-wor...

Yah, I keep tabs on that stuff. But most of my clients actually use Apple hardware for a few years now, and even if this update goes out tomorrow, and all iOS 11 users get it. iOS 10 users and below are out in the cold, and that accounts for 99% of my users.

And you know what it's like trying to use a feature even when 70% of users can take advantage of it, it's still a no-go. So Apple totally blew it on this one.

MS Edge appears to be further along than Apple...

Apple has unusually high adoption (compared to Android) for new versions of their OS, I am not too worried. You can ship a service worker and it will not degrade the experience for users on older browsers.

I have a 3rd gen iPad right here, I can't upgrade to iOS 11. So, it's a forced _hardware_ upgrade to get a browser update. That's just insane.

Since Service Workers were enabled in STP as of a couple of days ago, the next upgrade to Safari in a few months will likely have it—it’s not 1-2 years away as you suggested.

I’m pretty sure I’ll be running PWAs on my iPhone 5s the first half of 2018.

This is the dream, but I doubt Apple will offer any kind of proper home-screen integration like there is on Android. I can only hope tho

Part of what’s required is Web Manifest and that’s on the WebKit roadmap: https://webkit.org/status/#?search=manifest

I respectfully disagree, for one simple reason.

IE literally refused to implement standards, rendered broken dom elements, allowed for proprietary native extensions and had many different apis for them. They had 90% of the market share and no other viable platforms.

All of those things are true of iOS Safari as well, except that on iOS you literally can't use any other engine so 100% of the browsers on Apple phones and tablets are restricted by whatever limitations or flaws Safari brings.

I sometimes feel like Chrome is the new Internet Explorer too! There have been a number of GSuite features from Google that don't work on Firefox. Google Hangouts for one! Also on that list was U2F auth and some others. Here we have Google products that only work on the Google browser. What does that sound like? Maybe Microsoft and all their ActiveX IE shenanigans in the past!

The moral of the story, which I think the article highlighted very well, is that the web platform is based on standards. Build to the standards. If you don't like the standards, advocate for new ones! It's hard work but it's how we got where we are and how we will continue to have a web 100 years from now.

That is backwards. Nearly everything in the web platform began as a proprietary extension, including JavaScript and XHR. Standardizing something that has never been used in real life is a bad idea. Convincing the other browser vendors to implement your new idea is usually impossible. So insisting that only standards ever be used would result in no progress at all.

U2F isn't a Google product.

Virtually all new major browser features are built according to standards, proposals, or explicit extensions platforms. See https://www.w3.org/TR/, where it's very easy to map recent browser features to standards or healthy proposals. Your proselytizing would be more appropriate in Redmond, Washington in 2007.

I'm not sure what gives you the impression that successful standards are developed in a vacuum. You're right that some are, but most of those are terrible technologies that were designed by the "hard work" you think got us where we are today.

The rest -- the good ones -- are battle-tested through gradual deployment and iterative improvement, eventually emerging nearly unrecognizable from their original vision, but genuinely useful and usable.

Only then does the "hard work" of advocacy begin.

> U2F isn't a Google product.

The point is that U2F on Google logins only works in Chrome. Firefox supports U2F, but Google's implementation only works with Chrome.

As far as I know, Firefox does not implement U2F exactly (one of the reasons support for it isn't enabled by default): https://twitter.com/jamespugjones/status/931324766782332928

> As far as I know, Firefox does not implement U2F exactly (one of the reasons support for it isn't enabled by default): https://twitter.com/jamespugjones/status/931324766782332928

Sort of. It's true that Firefox doesn't enable U2F by default (yet), but that's actually unrelated to the reasons that it doesn't work on Google domains. The real reason that Google's U2F only works in Chrome is that they rely on non-standard implementation details: https://twitter.com/ManishEarth/status/931534674224062464

For contrast, you can use U2F on Fastmail and Github in Firefox, because they don't rely on non-standard behavior.

>Google Hangouts for one!

I believe this now works on FF, according to an HN post yesterday.

>If you don't like the standards, advocate for new ones!

I think the problem with this is it means that I can't provide something useful until the standards body updates, which could be a cadence of years. In that timeframe, a competitor will break the standard.

Hangouts calls didn't work for me today on FF. Possibly fixed on beta channel?

This would really help me switch.

YouTube seems to be broken on Edge half the time. I don’t think they even test for it.

Hangouts uses a plugin. It's not using web standards. So using it as an example of breaking standards is really silly.

Ah. You mean like ActiveX?

Every major browser vendor has a proprietary extensions platform. It's a good thing; it enables innovation and solution-building without needing to leave the web platform entirely.

Chrome, Firefox, and Edge have Native Messaging. Safari's extensions platform uses "native APIs and familiar web technologies."

Yes, like ActiveX.

In short, nobody is breaking web standards, because they didn't submit their changes to a standards body. Because it's not standardized, it doesn't count as breaking standards.

Now, if they did submit to a standards body, and it got approved, it would be standardized. Therefore, it doesn't count as breaking standards.

Hey, if you want every browser to be identical, that's your right. I happen to think that competition among browsers is a good thing, and that means that they'll always be at least a little bit different. Shouldn't it matter which browser you use?

No major browser vendor (in the modern era, at least) wants to break interoperability -- that's the bright line that separates innovation from fragmentation -- and you'll find that each works hard to stay on the right side of that line, often slowing their rate of innovation to do so.

(And no, saying extensions platforms don't count isn't just language-lawyering, as I think you're trying to suggest. Most extensions platforms, particularly ActiveX and old-style Firefox add-ons, are deeply dependent on the host OS or the specific user agent's implementation, or else they operate in contexts that just don't make sense in the web's origin-based security model. I wouldn't go so far as to say it would be impossible to standardize an extensions platform, but standardizing one would necessarily give rise to a separate platform (the extension to the extensions platform) that was host-OS-specific or user-agent-specific. As I said earlier, there are legitimate needs to get stuff done that can't and shouldn't be done on the web, but that don't require abandoning all web technologies. Maybe you're right that the intent of ActiveX was to kill the web. That doesn't mean that it didn't also solve real problems that the web couldn't solve at the time and still can't today.)

> Shouldn't it matter which browser you use?

Yes, in terms of performance, user interface preferences, features like bookmark syncing, and so on.

But visiting any page should work in any browser. If proprietary extensions get used, then the pages are no longer able to interoperate. You now have a proprietary ecosystem.

If these proprietary extensions catch on, now you're back to the bad old "best viewed in IE6" days.

I'm not sure you're considering the fact that the web ecosystem itself is in competition with other platforms. The counter to your "If proprietary extensions get used" hypothetical is that if they don't get used, the world moves on, getting the job done with fully proprietary and/or platform-specific solutions -- Windows applications, Android apps, etc.

People don't sit back, put their needs on hold, and wait for the web platform to develop and implement new standards. They use available tools. Would you advise them to leave the web ecosystem entirely? Or use the lesser evil of extensions platforms, thereby solving their urgent problems and indirectly providing long-term direction to the web platform's evolution?

There are exactly three situations:

1) Browsers start the standardization process immediately. There's no proprietary extensions, and things remain interoperable.

2) Browsers add proprietary extensions. Nobody uses them, and they burn money on engineering time.

3) Browsers add proprietary extensions. These extensions get used. Interoperability goes out the window.

> Would you advise them to leave the web ecosystem entirely?

Yes, I think so.

Ehh, I use Safari as my main browser (it feels more "native" than Chrome & FF, has seemingly lower CPU usage than Chrome, and is WAY better for the battery), and I rarely suffer for it. Once in a while there is a site that does something fancy that requires Chrome, but it is rare.

Precisely this. It’s not that the WebKit/Safari team doesn’t implement new features/standards (they usually do), it’s just on a different schedule.

I don’t know anybody on the Safari team but I suspect that they prioritize very differently than the Chrome team does. One is all about impressing web developers with the latest and greatest where the other is more interested in having resource efficient implementations.

Same experience here. Safari is my daily driver for casual browsing because it feels smoothest and integrates well with the OS, iPhone, etc. The only times I can remember it being a problem are when I see a bleeding edge tech demo posted somewhere like HN.

flexbox isn't a bleeding edge technology, and it's supposed to work properly on safari, but it really doesn't. Annoying as hell, and garbage on their organization to be honest.

I just Googled a few flexbox demos and had no issues viewing them or playing with them on Safari. Care to share an example that fails on Safari?

Also seems it's been supported for a while?


Have you submitted a bug report about it?

There have been bug reports submitted for years. Still not fixed.

Caniuse reports some issues with < v10, but nothing currently?

This doesn't really refute what the author is saying; the main thrust behind the website and the blog post the site references is that Safari doesn't adopt new features Chrome does, which is basically the exact thing which the author of the article we're commenting on is saying is a bad position to take.

I have no horse in this race, since I like Safari when I'm on Apple products and I will happily use Chrome or Firefox or IE/Edge depending on what's available, but I agree with the author of the primary article here; we shouldn't put one browser up on a pedestal just because of release cycles or cool projects it does and let it dictate how the web should look and behave.

That's a fairly uninformative site. It makes a claim and does nothing to back it up.

Having just spent more time fixing quirks in an HTML layout in iOS Safari than I had to in IE 9, I wholeheartedly agree with you.

Yet, what Safari is, is competition. Also let's not forget that it gave the world WebKit and broke us free from the trap that was Flash.

>> Also let's not forget that it gave the world WebKit

And let's not forget that WebKit started as a fork of KHTML and KJS.

As an example, anyone remember the glaring indexedDB and flexbox bugs in Safari?!

That's my issue. I've basically learned (as a developer) to not use any new features in Safari until the version after they come out.

IndexedDB was broken so badly it literally wouldn't work, flexbox is much better now, but I wouldn't have called it "supported" by safari for a while, and now while their WebRTC APIs work, they are really flakey and have a lot of extra "restrictions" tacked on that aren't really explained anywhere (like they won't work in a WebView, or if the page is bookmarked on the homescreen).

I like what they are trying to do, and I absolutely think there is a place for a browser that is fast, low resource usage, and more stable, even if it means it's single platform, slower to add features, and doesn't have as many customization options. But Safari is falling short of their goals while still having those downsides and on one platform is the only browser that is allowed.

Anyone who says this doesn't remember what made IE notorious back in the day.

None of the browsers now are anything like that.

Apple's approach with Safari is exactly what the author of the linked article said; they are slower to implement standards. When they do, I usually have no problems with them at all.

Standards are irrelevant to pragmatism. De facto standards are what is important.

By virture of sheer popularity, Chrome is the de facto standard. And if they have provided anything that becomes useful or popular, then by virtue of popularity of that feature in what is already the post popular browser, makes that feature part of the de facto standard.

The post is just pedantic whining about how something isn't according to the written word in some document written some years ago by a bunch of people that the average user of the standard does not even know.

I understand the value of standardization. Everything should be standardized. But what the standard should be is completely another question. I would say that all enhancements/popular features should be standard. At least that way, we'll have more people happier, rather than follow the least common denominator approach where there is a compromise that leaves no one happy.

Not only did I not whine about something in a written document, I never once mentioned WHATWG or anything other standards body. (That was intentional.) I explicitly call out the vendors and their mutual implementations. The "standard" I care about is the truly living standard of what every browser implements. The point here is that the _de facto_ standard is not Chrome, and if it were that'd be a bad thing. (We've been there before; it was a bad thing.)

Every browser has never implemented exactly the same things in exactly the same ways, and never will. There will always, at least, be bugs.

A "de facto standard" of "what browsers implement" is no standard at all. This is why standards matter. "What the actually existing software implements" is what you have when you _don't have standards_.

The vendor-dominated, standard-changes-every-day WHATWG "living standard" is relevant to the situation here, I think, even if you'd rather it not be. If it's a living standard that's always changing, and it's specifically changing based on _what software does_... then Chrome doing something seems like as much of a standard as anything. It may or may not be added to the standard the next day, but the standard seems to encourage people to use things that aren't in it yet.

The WHATWG process, if I understand it right, specifically requires (at least) two browser vendors to implement a thing _before_ it's added to the standard. Yes, two is more than one. But not a lot more. :)

Every browser has never implemented exactly the same things in exactly the same ways, and never will.

Igalia implemented CSS Grid for both Blink and WebKit: https://blogs.igalia.com/mrego/2017/03/16/css-grid-layout-is...

And remember, Blink is a fork of WebKit, so they're not very different. So it can be done and we need more of this.

They're also working on some other stuff for Apple and Google. Never say never.

The practical upshot of what you're saying is that the browser vendor with the biggest market share can do whatever the heck they want, and everybody else can either reverse-engineer it or eat dirt.

I'd tell you why you're so spectacularly wrong, but since we've already lived through the nightmare you're currently endorsing... instead I'll simply refer you to the 1990s and early 2000s.

You don't want that.

Depends on who your target audience is.

Germany for example uses 38.22% Chrome and 31.11% Firefox on Desktops. No way you can speak about a de facto standard here.

I, as an end user, don't know about industry standards for screws, magnet strips or pipelines either, but that doesn't make them less important.

We already tried giving a commercial company free reign in this regard, with Microsoft and it's Internet Explorer, and it did not end well. I see no reason to try this again.

Standards also just make it easier for new players to enter the browser market, instead of having to reverse engineer how Google does stuff, so Standards even help with competition.

I will happily discuss current shortcomings of the W3C and standardization process in general, but we shouldn't repeat the past.

Same could be said for IE, but then Microsoft isn't a HN darling so it gets bashed, while Google gets praised for doing exactly the same.

Oh yes. The same could be said about IE. In fact, I personally have no problems with IE implementing new features. The problem with IE was never that it was standards-incompliant. Heck, they were the de facto standard and there software used even today that won't run on anything but IE.

The problem with IE was that it was a shitty bloated browser. And to be honest, nothing shook its dominance before Chrome. Not even Firefox.

Chrome isn't the de facto standard, it doesn't have complete dominance of the web yet so you also have to support, at the very least, Safari.

No, it doesn't have complete dominance. But it has more share than all the other players combined. https://www.w3counter.com/globalstats.php

That is a dominating position making it the de facto standard, even if not absolute.

It's interesting that the author chose PWA's as their example.

The "Progressive" in Progressive Web Application means that web sites progressively become more app-like as they use certain APIs like Service Workers, but it also means that PWAs progressively become more app-like on browsers that support those APIs.

A site can go all-in on the PWA-related APIs and cause absolutely no degradation in experience on browsers like Safari. Safari doesn't support Service Workers, ignores parts of the manifest, doesn't allow PWA installation? It's fine, your app is just a normal website on Safari.

Yep, and this is one reason I like the PWA design a lot. It's very web-y in the best ways.

Which is part of why the "Safari is holding back the web b/c no PWA!" response perplexes me. Even independent of the fact that they were in fact getting there – just not as fast as people wanted! – progressive enhancement is still a thing.

Safari has definitely been holding back PWAs though, because they're the gatekeeper of feature on iOS.

I've personally had meetings with teams would would love to adopt PWAs over their existing native apps, but can't due to Safari. I'm excited that it looks like that will change very soon!

I like Chrome but lately I've spent almost all my time in Firefox Developer Edition. When I use Chrome it's to verify that it behaves the same way on more than one Javascript engine.

I switched to FF Developer Edition a little over a year ago, and I have caught several bugs that went unnoticed by my Chrome using colleagues.

How were they unnoticed in Chrome?

Chrome seems to have a tenancy to paper over some bugs and not report them back to the user (even in the console). It's the main reason none of our devs use Chrome for primary development anymore (it's not worth the extra dev time when QA fails on all other browsers) and it's just used during QA.

I decided to give Firefox Developer Edition a try a few weeks ago. Been pretty happy with it, with no plans to switch back.

At what point does the dominant market leader become the standard, though? Chrome currently has roughly 60% market share in both desktop and mobile. No other browsers are forced to comply, but web developers will prioritize targeting the platform where their users are. We see this today where tons of things are broken on the long tail of older versions of IE, and developers largely ignore them.

I'm not saying that I like one company controlling the web, but when you're a small company developing software for the web, Chrome IS the standard.

If web developers refuse to treat it that way, the web stays healthier overall. Consider this post an argument for why we shouldn't let any single browser have that kind of dominance. (I'd say the same it if were Firefox, Safari, or Edge in this spot.)

When you have dominance, and most of your users want to use Chrome, as developers you will tend to use Chrome to compare to other browsers. “I wish Firefox has this feature” kind of statement.

This is natural. Whether it is urban architecture to medical practice, someone’s idea dominated the rest, and we use the dominant one as reference and as a tool for comparison.

This is called competition.

This isn't new, though.

I think people forgive Google for more because they like them. IE did exactly the same thing before Chrome and was roundly (and rightly) admonished for it.

In fairness, Chrome's proposals do seem to be designed with the open web in mind - at least insofar as being items that other projects could reasonably be expected to implement in their engines if they chose to do so.

There's nothing so egregious as IE's DirectX-filters-embedded-in-CSS nonsense - or shudder ActiveX - but it's still not great for the open web as a whole.

NaCl was as bad as ActiveX but less successful, thank God.

Was it though?

I wasn't a fan of NaCl, and WebAssembly (for example) is a much better fit for an open web, but it was at least platform agnostic (if support was provided by the vendor) and ran in a reasonably strict sandbox. ActiveX was neither of these things.

All that said, having any one browser be the standard is as terrible for the open web now as it was in IE's heyday. Just because Chrome is less awful doesn't solve the single-vendor problem.

"If support was provided by the vendor" is a big if... Google was well aware of this inherent flaw but pushed NaCl regardless while at the same time promising for years that PNaCl would eventually solve all problems. PNaCl never really materialized, I think, and it feels like Google was throwing a smokescreen there to boost support and mindshare for NaCl.

Man, this is 2002 all over again with everyone treating IE6 as if it were the standard.

I know they screwed up recently with the Mr. Robot malware, but I think it's really important for developers to get behind Firefox again. As the American government fails to provide any sort of check on its behemoth corporations (Apple, Google, and Microsoft) and to protect consumer privacy, Firefox is basically the last contender for real consumer protection standing.

I’ve found a lot of people are quite naively idealistic around browser development. The rendering, JS engines in Firefox and Chrome are state-of-the-art and take small armies to build and maintain. Mozilla has to strike a balance between revenue seeking and consumer protection seeking behavior that I would imagine is quite difficult to maintain.

Lots of people here additionally are up in arms their incredibly specific workflow was upheaveled by a movement to webextensions planned like 2 years in advance. Browser engines don’t have the luxury of being vim and supporting every environment and config.

> Lots of people here additionally are up in arms their incredibly specific workflow was upheaveled by a movement to webextensions planned like 2 years in advance.

They're up in arms because of an upheaval which prevents anyone from restoring their workflow: the new extensions API simply does not allow the extensibility the new extensions API allowed. Some of the changes are arbitrary (e.g. it's not possible to rebind C-n).

The move to Quantum is awesome, but the permanent loss of functionality is not.

Likewise, the security reversion in the Sync protocol is another unforced error.

I wouldn't call it permanent. It'll just take time to build up the WebExtensions API set more, which there should be more breathing room to do with 57 finally out the door.

The change to the Sync security model happened in response to years of user feedback about the usability of the system as it was.

> The change to the Sync security model happened in response to years of user feedback about the usability of the system as it was.

They should have improved default usability while still preserving their previously-unmatched security level. Yes, the old system didn't do what novices expected, and yes they should have gotten a default system which would. But experts should still be able to use a truly-secure system.

It's currently impossible to use the Sync system securely: even if one ran one's own Accounts server remotely, then an attacker would still be able to inject malicious JavaScript into the signin page. Accounts should never have been usable from within a web page; they should always have been isolated to the browser chrome.

> revenue seeking

Then what the hell did I donate money to them for? I thought their whole thing was they were for "people, not profit." I don't want my technology to make money off of me in any way I'm not aware of.

Mozilla Foundation employee here! You probably donated through https://donate.mozilla.org, so I thank you earnestly for that! With that donation you're supporting our work to protect the health of the internet, fueling the movement to keep the web decentralized, open and free. Some of the projects we've worked on include http://privacynotincluded.org/ and our advocacy campaigns like https://advocacy.mozilla.org/en-US/net-neutrality. We also sponsor a whole host of fellows doing deeper dives on things like the dangers of Aadhaar in India and Tech Policy in Washington D.C. (https://foundation.mozilla.org/opportunity/2017-tech-policy-...). You can learn more at https://foundation.mozilla.org/about/

Besides, it looks like the amount of cash that Mozilla got for stuff like Pocket or Mr Robot is tiny compared to their other sources of revenue. It doesn't seem something worth to taint their brandname and ethos for.

If you rule out Firefox, there's hardly any viable option for a modern, feature-complete and freedom-respecting browser. Chromium is OK, but those suspicious blobs don't look very appealing.

For me the most shocking part is that the FSF has a Firefox ESR fork, IceCat, which is hardly maintained and goes 2 versions behind mainline. They don't even bother patching CVEs...

For the record, Mozilla didn't get any money for the Mr. Robot tie-in: it was supposed to be part of a mutual cross-promotion campaign. I don't think the original Pocket integration was paid, either, though my memory there is hazy. Either way Mozilla now owns Pocket anyway.

Mozilla never directly received money for the Pocket placement, however they did get a piece of any premium sign-ups made via the Firefox integration.

Thanks for the clarification.

You probably donated money to the Mozilla Foundation, which owns the Mozilla Corporation. The Corporation is not a nonprofit, in the sense that it's taxed, although that is not the same thing as saying their goal is profit.

> Lots of people here additionally are up in arms their incredibly specific workflow was upheaveled by a movement to webextensions planned like 2 years in advance.

Maybe their incredibly specific workflow involves a piece of multi-million dollar equipment and updating to a new API involves reflashing its firmware for some crazy reason. (alternately, 100 $200 pieces of equipment in hard-to-reach places that must be manually reflashed.)

2 years may be roughly the maximum attention span of a software project, but 5 years seems like a better number for bedrock systems like web browser.

I don't mean to trivialize what goes into Firefox, just that backwards compatibility is a big deal and most software companies don't take it seriously enough.

If Mozilla didn't take backwards compatibility seriously then the JS and layout engines in Firefox could be a whooole lot simpler than they are now...

Really, the point of WebExtensions is to establish a well-defined, maintainable API set that can be kept backwards-compatible going forward. Swaths of legacy extensions were already breaking with every release as internal APIs changed. The old system made the e10s (multiprocess) roll-out inordinately more painful and slower than it would have been with WebExtensions, for example.

Did Mozilla claim to offer support for their product for that period of time? Why would an embedded developer take a dependency on a third party product that does not have a guaranteed support cycle greater than the life of the device?

Perhaps a multi-million dollar piece of equipment shouldn't depend on a third party to maintain legacy protocols. If such R&D could be put into an embedded device, then a little bit of R&D could be put into a proper REST interface so that it could be properly maintained in the future.

That's very... specific?

Sounds like a lifecycle management failure. Hope this is a good learning opportunity for next time!

Just because it was planned 2 years in advance doesn't make it any less meaningful. And there were a lot of "incredibly specific workflows" that xul extensions allowed that webextensions won't. Will you deny millions of people each their own incredibly specific workflow if there's one singular ecosystem that mozilla has to maintain, to accommodate them all?

I would say yes, since web browsers should prioritise performance and security of their primary use case which is accessing the web. In my opinion extensions are just a nice add-on, not the reason browsers exist in the first place. Most developers understand from their own experience that backwards compatibility while admirable can be very costly to maintain forever.

>>I’ve found a lot of people are quite naively idealistic around browser development.

So it is naive to hold a Non-Profit to their foundational mission statement and goal? Their Manfeisto?

Mozilla is not, or rather used to not be, just a For-Profit Software firm making a browser. They were a Non-Profit Foundation started to advance ideological and philosophical ideas, namely Open Web Standards and Access for all.

It seems like you are perfectly find with Losing the Mozilla Foundation, and replacing it with Mozilla Corporation the software developers that make a commercial browser.

Maybe FireFox 60 should just go closed source and charge $40 a download

We need to balance "holding them accountable" and "being realistic". Mozilla cannot compete against Google without funding from somewhere. As far as I know, this is a fact. So the question, to me, becomes "what kind of funding is acceptable?"

And I suspect this is where we completely differ - because while Mozilla has made some mistakes, I am not nearly as enraged as some of the other commenters I've seen have been.

I think Mozilla has been doing a great job, with a few notable hiccups.

Please tell me how Safari or Apple in general works against consumer privacy protection?

This is yet again a too-simplistic view of things that seems very common with Americans.

Some big companies do unethical things, and you translate that to "all big companies hate consumers and want to eat their children"

Please tell me how Safari or Apple in general works against consumer privacy protection?

Safari is pretty good at privacy protection. Apple doesn't really have an interest in collecting your data and they have a history of implementing features improving privacy (cross-site tracking protection, build-in adblock API, etc.).

The problem is that Safari is only available to the wealthiest in the world.

Not technically Safari but https://webkitgtk.org is a thing and WebKit itself is open source: https://github.com/WebKit/webkit

“”” WebKit is a cross-platform web browser engine. On iOS and macOS, it powers Safari, Mail, iBooks, and many other applications. “””

Midori is also based on WebKit: http://midori-browser.org

AFAIK Safari does not provide more privacy protections than WebKit.

Some of Safari’s privacy protection (Intelligent Tracking Prevention: https://webkit.org/blog/7675/intelligent-tracking-prevention...) uses APIs in iOS and macOS that aren’t part of WebKit.


“””In the recent history of management ideas, few have had a more profound — or pernicious — effect than the one that says corporations should be run in a manner that “maximizes shareholder value.””””


Also related, Tim Cook in a shareholder meeting after a proposal to remove environmental policies/focus: "We do things because they are right and just and that is who we are. That’s who we are as a company. I don’t…when I think about human rights, I don’t think about an ROI. When I think about making our products accessible for the people that can’t see or to help a kid with autism, I don’t think about a bloody ROI, and by the same token, I don’t think about helping our environment from an ROI point of view. ... If you only want me to make things, make decisions that have a clear ROI, then you should get out of the stock"


They didn't just screw up once . They've screwed up many times over the years with many projects and attempts that run counter to the core values that Mozilla claims to uphold. Bryan Lunduke articulated this very well: https://www.youtube.com/watch?v=qMALm1VthGY

At this point Mozilla has to prove to us that they are worthy of our usage

I don't really understand this attitude. Mozilla doesn't need to be everything I ever wanted from a browser in order to get my support. It only needs to be better than Google.

Are all these people sticking with Chrome because Mozilla is not holding up to its values really think Google is better at taking care of our freedom?!

Mozilla is fighting an uphill battle, but that doesn't give them a free pass. The Pocket, Cliqz, and Mr. Robot controversies undermine Mozilla's core message. Whether or not they are simply failures of marketing and branding doesn't change the fact that they hurt the company. That being said, a lot of people will never know about these issues so the damage is not catastrophic.

I would also argue that "just being better than X" was shown not to be effective in the last US Presidential election.

Am I the only one looking at this and thinking that the so-called controversies are absurdly tame in comparison with the outcry associated with them?

They're missteps, not trust breakers. Quantum was a massive step in the right direction. The Mr. Robot Easter Egg was non-malicious poor execution. I don't think it's a free pass to just contextualize how small their missteps have been in the grand scheme of things.

I think you are wrong about them not being "trust breakers" and right about them being fairly tame.

The reason the response seems outsized is because of the breach of trust involved, much more so than the technical impacts.

Quantum is great, and I just like a lot of the UX decisions Firefox makes. But a major reason for my support of Mozilla is their stated mission. And regularly making bumbling moves that overtly compromise that stated mission makes you start to question their commitment to it. Is it really their mission, or is it just a thing it is good for them to keep saying? POSIWID and all that.

Of the named examples, you can only somewhat reasonably make the argument that it goes against the mission for Cliqz. The rest did not negatively impact making the internet a global public resource, accessible to all.

I’m afraid that the current environment means outcry is always around the corner. I’m rooting for Mozilla but I’d like it if they could learn to avoid drawing negative attention.

Despite the non-maliciousness of the easter egg, I do think the act of just installing an extension into a browser could be viewed as a trust-breaker. I think the other "controversies" are overblown, but them remotely installing an extension like that doesn't sit right with me.

But that's only because it's called an extension. Nobody is up in arms about Mozilla "just installing" about:mozilla.

Chrome doesn't magically revert privacy or search engine settings in updates, but Firefox apparently does. To quote from https://drewdevault.com/2017/12/16/Firefox-is-on-a-slippery-... :

> Not only are these experiments enabled by default, but updates have been known to re-enable it if you turn it off.

Chrome has some troubling defaults but Google never decided to flip the default search engine or turn on any phone-home feature once it has been turned off. Even though they had/have the power to do so, they know people won't trust Chrome if they ever tried to do that. In my book that's more trustworthy than a vendor that decides to use updates to surreptitiously enable features that users disabled.

While that may be true, defaults matter too. Even as a privacy conscious techie it's possible to forget the X different settings one must change with each new install or device.

And for some dissidents or researchers those defaults could be life or career ending.

I don't think that it can be argued that Chrome is privacy-friendly. There are dark patterns built into the browser.

Prove it or show code! This statements sounds like a conspiracy theory.

Exactly. I ran the beta and when it became the release version, I changed my update channel to "release." It has not reverted any settings I've made.

I also had the Shield stuff turned off (my choice), and it hasn't been reverted, nor did the Mr. Robot extension ever show up. I agree, though, that that was a Bad Idea.

If you delete Chrome's shitty preset search engines, it adds them back with every update.

> I don't really understand this attitude. Mozilla doesn't need to be everything I ever wanted from a browser in order to get my support.

Having a Mozilla option is good, but when Mozilla screws up it needs to get a clear indication that it did. I think folks saying "down with Mozilla" do not really mean this 100%; but they do want Mozilla to know that it seriously screwed up in their view. And we should not treat it as a shrinking violet -- it is not a tiny startup; it is a large corporation with funding in hundreds of millions.

> It only needs to be better than Google.

This, IMO, is setting the bar way too low. It should aim to do what the users want and consumer technology easily allows. If there is a big gap between those we should encourage new entrants, not entrench Mozilla as "the" alternative to pick-your-evil. My 2c.

These past episodes show that Mozilla can be tempted by money to go against their core values of user choice and privacy. Only in small ways so far, but trust is easy to lose.

If you don't like Google, you can always use Chromium or Brave. I trust them not to run marketing campaigns inside my browser.

> I trust them not to run marketing campaigns inside my browser.

Do you also trust them not to listen to your mic? I think debian had to have a discussion with them about that.

Google is transparent. I know what they are doing. I know why they are doing it.

Mozilla became a shady character. It engages in "it depends on a meaning of the word 'is'" speak.

Here's how Mozilla can get back into my graces - it needs to publicly FIRE whoever approved it and whoever advocated for this project.

> Google is transparent. I know what they are doing.

You do? Okay, I don't. Please, show me exactly how Google uses data they collect from their users. Every usage. Not just a few. And no "but they say they can use it for whatever they want!" - then we can talk about transparency.

Sure it is - it markets my information to advertisers via its own platform. It is my neighborhood drug dealer, and drug are pretty good - nicely packaged and no one fucks with me when i use its drug delivery service.

Mozilla is pretending to be a health store. But we are starting to see that they are also peddling drugs. Not Google drugs - drugs with security and drugs with delivery system and drugs that we are pretty sure how they work - but some other drugs, from shady producers using shady means.

Can you specify which "shady drugs" are these? Because I'm not seeing it. In this particular case, the addon was written by Mozilla employees, and was completely harmless. I don't think Mozilla did well - and I've said so in the original thread - but calling it shady compared to Google ads? That's laughable. DoubleClick is one of the largest malware distribution platforms in history.


Mr. Robot.

Google tells me - "Dude, for providing me your information you get gooodieeeees!"

Mozilla tells me - "We respect your privacy. "

In a micro-font : "except when we do things that you should not be concerned about"

Which of those violated your privacy?

It's a myth that Google literally sells your information to advertisers. It uses your information to show you advertisements which both it and its advertisers hopes are relevant and useful (so you will click on them). If you think about it, that business model essentially requires that the ads not be too annoying, because if they are, people will use ad blockers and the business model dies.

The really annoying ads which auto-play videos, block content, etc., tend to be served by companies who aren't taking the long view --- which is why Chrome is going to be adding adblocking for those ads that are ultra-annyoing early next year.

There's a pretty big difference between "using your information for marketing", and "marketing your information to advertisers". The second implies that your private information is getting divulged for a price, and that's simply not true.

There is less of a difference between those than there seems to be, there are a lot of interesting research papers and experiments regarding methods to create a feedback loop between targeting ads and then identifying those targeted.

If I narrowly target an ad and then I know you saw it, I now know all those things about you.

So, yes, they do not literally sell your information, there is one level of indirection there. And the amount of information that data brokers get their hands on tells me that it is very likely people are exporting this information regularly.

> it markets my information to advertisers

and what other uses?

That is the whole point. You know it does it, fair game. Mozilla is speaking one doing and doing shady things also.

my point was that people don't know the full scope and nature of what google does, so suggesting they're 'better' is comical.

I do not need to know a full scope of what Google does. Lets stipulate that they sell all the information. There, I now know the entire scope.

what makes you think that is the "entire scope"?

Lest we forget:

A third party company (funded by venture capital) created something called "Pocket", which allowed you to save any article you were reading to their service. Pocket had an extension that you could choose to download & enable on your Firefox browser.

For apparently no reason at all, in June 2015, Mozilla integrated the proprietary Pocket into their open source browser, not just as an optional extension but as part of the default installation. The only way to disable Pocket was to go into "about:config", as the option was not available in the "Extensions" toolbar. (Later, Mozilla Corporation purchased the company Pocket, though at the time Pocket was introduced as an inextricable part of Firefox, Pocket was a separate company.)

The Mr. Robot addon had some similarities with the Pocket fiasco:

1. it was pushed to users without their knowledge or consent

2. it was integration of a plugin for a private company into an open-source project

3. it was a decision by marketing, and not development

I am not quite sure how or when we can begin to trust Mozilla Firefox, and what they would need to do to regain that trust.

> The only way to disable Pocket was to go into "about:config", as the option was not available in the "Extensions" toolbar.

This isn't exactly correct. The Pocket integration did absolutely nothing at all until and unless you tried to use it. So by "disabling" it from about:config all you did was to remove the icon.

Sure, but until you do Firefox comes bundled with an ad for Pocket in the toolbar at all times.

Or until you right click the icon and remove it.

That isn't correct. Try the new mobile Firefox.

Buying Pocket signalled that if you can take the right Mozillan to lunch, you can get an early exit. That did not solve the problem.

It's still impossible to remove Pocket.

I think you misunderstood me. The Pocket integration in Firefox does literally nothing (not even a single network request) if you don't actively try to use it. So by "remove Pocket" or "disable Pocket" all you really mean is "hide the icon" because there really is no difference.

I get it, but the code is still there. What if Apache httpd came with a commercial module that was disabled by default but bundled with the base package? It’s not THAT bad compared to what some software companies do, but...why do it at all? Is Mozilla getting paid, similar to using !Google as the default search engine? If so, it’s more understandable. If not, what is the justification for not just making it a regular add-on?

Yes, the latest mobile Firefox does make network requests. When Firefox updated, I got a "recommended by Pocket" section full of ads and click bait. I do not want that.

And it's on about:blank just like when Chrome started capping up the blank page. I had to install a script to load an actual blank HTML page because about:blank isn't blank.

I turned on transparent proxying for HTTP and HTTPS the other day to see what requests FF was up to for its highlights on the supposedly blank page etc.

It's very chatty, annoyingly. Captive portal check on all requests that has to be disabled in about:config and a laundry list more. That config is scarily full of remote and telemetry based URLs also, but at least they are co figurable I guess.

An open source browser that just does what you want and no more seems like a dying hope.

yes, this is the part that bugs me.

they solved the privacy concern in a very awkward manner (via acquisition) but not the user choice concern. it is impossible to believe that pocket is so integrated into the codebase that it cannot live as a removable addon. it was an addonafter all. fwiw, firefox sync should also be a removable addon.

i am fine with mozilla installing these as removable addons at major version upgrades. i am not fine with silently side-loading and permanent non-removable integration. i need my tools to be secure, reliable and predictable.

I actually like the pocket integration: these days more than. >50% of what I read, I read though pocket. Anything interesting is saved to pocket and read there. Pocket really makes the Internet a lot more readable, and I applaud Mozilla for recognising that, and making that as easy as possible.

Regarding the I robot thing, I must be living under a rock, had not heard of it before today. Storm in a glass of water.

> For apparently no reason at all

Mozilla acquired Pocket in February: https://blog.mozilla.org/blog/2017/02/27/mozilla-acquires-po...

> The only way to disable Pocket was to go into "about:config"

All you had to do was remove it from the toolbar. Pocket is/was lazily loaded, it doesn't do anything if you're not using it.

Mozilla is in great parts its community, and so far, it has done a great job in keeping it in tow when it appeared to derail. The Mr. Robot thing has been retracted (although it was also largely portrayed as a privacy issue, which it wasn't), Pocket has been acquired, and the rest were mainly diversions that many people deem unnecessary but that aren't necessarily a threat to Mozilla's mission other than potentially distracting them.

So I think the project is relatively healthy, and in any case, still miles and miles ahead in terms of worthiness than every other major browser out there.

If Mozilla was serious about repairing trust, they would make user studies opt-in instead of opt-out. As it stands now, they are performing experiments on users by default.

When people say the Mr. Robot thing was a violation of privacy, I believe this is ultimately where they are coming from.

If your first line is also about the Mr. Robot thing: it was opt-in. Yes, the code was there, and it was listed as an extension (which reasonably caused people to think they caught a virus or something), but no code was actually being executed. You had to explicitly enable that yourself in about:config. (And because that is often not mentioned, it's portrayed as a privacy issue, which is a shame because it's inaccurate and damages trust more than it should.)

I do agree. FWIW, most software companies do A/B test on their users these days. Most people probably don’t notice, and that’s a bit the point; you don’t want test cells to be distracting, you want them to be valid measures.

Pocket and Looking Glass should have been regular add-ons available for people who want them (I’m an avid Pocket user and have had a paid sub with them in the past). Even with the Yahoo search deal, it would have been nice to have the first start go through a wizard that lets you choose Yahoo (as a default option), Google, Bing, or whatever else...though I guess they likely wouldn’t have been able to score as much funding from that arrangement (but that’s just an assumption).

I’m very happy that Mozilla exists and have some friends who have worked there, but I can’t say that 100% of their decisions value users and privacy above all else.

I'm not sure Bryan "Mozilla funds terrorists" Lunduke is a credible source, no matter how articulate he is.

I'm not familiar with Bryan Lunduke but that video was supposed to pass as any form of reporting then it was absolutely cringe-worthy. Lots of inflated controversy and hyperbolic statements.

Its ironic seeing a company making questionable decisions being reported by someone getting paid for questionable reporting.

Well, what can you do?

Mozilla has a very unique problem. It's most ardent and loyal users are technically savvy. They expect a high quality, privacy-respecting, ad-free product.

But, here's the catch, they will not pay for it. How does Mozilla survive?

Google finances Chrome through its Search/Ad business. Safari and IE costs are bundled in the cost of the devices/OS they are on.

How should Mozilla survive? Should they go the shareware route and have a paid copy for 20$ ?

They have to make money somehow.

As an outsider it makes me feel like Mozilla has a few people at the top capable of bypassing core company values, QA, QC, and lower management, to force whatever releases or products they want. And that these individuals routinely use this power to the detriment of Mozilla and the Internet at large.

That video ("Mozilla is Not Trustworthy") is remarkably inarticulate and inchoate all in pursuit of something we don't need to do in the first place -- trust Mozilla. And Mozilla certainly doesn't owe us.

Software freedom (the freedom to run, inspect, share, and modify published computer software) means we don't need to trust Mozilla's free software because we have permission to inspect the code to see what the software does, change the code if we don't like what the software does, distribute the improved software (or a verbatim copy at our choice) even commercially, and run the software anytime we wish for any reason. These principles place us in control of our computers to the extent we're willing and able to put in the work. We can even hire other people to do this work if we don't do the work ourselves.

Lunduke complained about incorporation and non-profit status but never articulated an argument explaining how these things are a problem. Around 7m53s he said this "doesn't make them [Mozilla] untrustworthy" leaving me wondering why this was brought up in the first place. He consistently mispronounced the word "Mozilla" as "Motzilla" (there's no "t" in their name), and directly contradicted his own thesis (around 6m30s) in neighboring sentences: "This is not an opinion on my part. I guess that my opinion is that they're not trustworthy based on these facts...". He did that again in his own ignorance of the terms "foundation" and "corporation" around 7m where he seemed to have a problem with the difference between what he read into the terms he didn't define versus what he described to be the case (thus vaguely complaining that Mozilla made money and published free software for hire). I think it comes down to not having a good argument to raise in the first place but feeling a need to say something about a situation he found irksome. But I think his disorganized view built on a non-issue is typical of the published reaction to this situation.

This entire kerfuffle comes off to me as manufacturing a controversy out of very little. The main beneficiaries of this indignance are the software proprietors -- organizations that make nonfree browsers you can't trust because you never really know what they're doing when those programs run.

It's telling that vanishingly little of the commentary on this situation brings people to understand what software freedom is or how its practical consequences read directly on this situation by explaining how the other programs to do the same job (mostly nonfree user-subjugating programs) are not alternatives at all because they don't respect a user's software freedom. It's not clear how this issue with Looking Glass (the Firefox add-on in question) rises to something more serious than a bungled PR effort and poor communication from Mozilla. Source code analysis shows that Looking Glass did nothing unless activated and that add-on was off by default; hardly something to get so worked up over and largely a purposefully-missed opportunity to teach people about software freedom.

There's no reason to limit this examination to web browsers. Justifying use of any nonfree browser in light of security problems hinges on trusting the proprietor (which you should never do) precisely because those programs are nonfree. Users don't have other information on which to make an informed decision and the information they have is inadequate to make an informed decision. These browsers are also published by known NSA partners. There's no good reason to defend switching to any nonfree program to do any job, particularly if you're going to have a discussion centered on privacy and security.

I see the lacking discussion on this topic as a consequence of pushing for "open source" instead of insisting on software freedom. Open source development methodology was founded to separate the ethics-based principles on which the free software movement is based (the free software movement is a social movement) from the practical outcome of software freedom -- lots of useful software -- while talking chiefly to businesses about the gratis programming labor those businesses can use. This approach purposefully skips past an ethical understanding of how to treat people with regard to computers. This approach requires talking at length about this situation without drawing users' attention to what software freedom is or how it matters. But there's no substance in that approach so proponents raise ill-formed non-issues (with a heavy dose of entitlement ("Mozilla has to prove to us that they are worthy of our usage") to make it seem like Mozilla has become a persistent problem instead of seeing a long-time free software publisher make a relatively minor communication mistake that posed no threat to Firefox users. Quite the contrary is the case: we can and should continue to run and build new programs on Mozilla's free software just as we do with any other free software. Thanking them for their work and not taking an entitled attitude is also right and proper.

I had the option disabled before they started pushing the Mr.Robot thingy ("Allow Firefox Developer Edition to send technical and interaction data to Mozilla")... You pretty much always had to disable a few things when you installed Firefox to preserve as much privacy as possible. I wish that they would change the defaults, but I will still be using Firefox for now.

I get your point but considering Mozilla gets all of its funding from those same corporations I'm not sure how true that is.

Ironically its attempts to diversifying funding sources always seems to piss off the community. For example the paid slots on the new tab page that were only shown in fresh installs.

Political issues aside, firefox is much less usable as a development tool than chrome.

When quantum came out I switched to dev edition to try it out, but I've had nothing but trouble. Page loads of local unbuilt code are 2-3x slower than chrome. Tabs crash with alarming regularity, especially after the most recent update. There is still no way to inspect websocket frames. Form inputs are black text on dark background with the dark theme of developer edition.

At least I can get CSS source maps working, which seems to be impossible in chrome these days. But really that's the only plus for a lot of negatives. I'd love to be using firefox instead of chrome, but after this most recent update I get several tab crashes a day and I've finally given up as it's become a hindrance to productivity. I wish it weren't so.

The Mr. Robot thing was not "malware". It was an easter egg, just like about:mozilla. You may say it was poor taste on Mozilla's part, since it was essentially a paid-for promotional tie-in with a TV show, and I would probably agree with you. But it did not damage anyone's computer, compromise any data or do anything that could put it on the "Malware" category.

Something similar that noone has complained about are the Android version names which are promotional tie-ins: Kit Kat and Oreo. Mozilla's biggest screw up IMO was failing to disclose properly what was going on.

> it was essentially a paid-for promotional tie-in

From what I recall, it wasn't paid-for either.

> we developed an unpaid collaboration to engage our users and viewers of the show in a new way

Source: https://blog.mozilla.org/firefox/update-looking-glass-add/

If they didn't get paid, why on earth did they do it?

Not all incentives are direct financial incentives. It's free marketing. It increases market penetration. It encourages people who only use Chrome to try Firefox.

It was absolutely the wrong thing to do, but it's not like they stood nothing to gain from it.

Is this based on any fact or is it hyperbole?

I don't thing that word means what you think it means.

I'm just asking. It seems like a question that has an actual answer. Someone did it. Someone knows why it happened.

Someone actually that it was fun and valuable. Shocking, I know.


Of all possible explanations, that is the one I suspect is most divorced from reality.

People who wanted to solve the Mr. Robot ARG/puzzle had to download Firefox to complete the part of it the add-on enabled.

I think it was the opposite of paid. They wanted to draw the Mr. Robot crowd to Firefox.

for the lulz?

Hackers gonna hack. In the “let’s build cool stuff because we can” way.

It seems they wanted press. Well, they got it...

and lost a lot of trust as a result.

They assumed their user base has dwindled to only the kind of anticorporate hacker wannabes that watch Mr. Robot.

Note that the advertisement was for a TV show _owned by a company that helped destroy net neutrality_: Comcast. How am I supposed to "Join Mozilla in defending it" (from mozilla.org) when they are going to work for their own enemies?

That's an interesting aspect I did not consider. (I had no idea it was a TV show owned by comcast)

>>Mozilla's biggest screw up IMO was failing to disclose properly what was going on.

That was not the only issue

1. Failure to Disclose it before distribution

2. Failure to Properly name or provide any support context to the Add In.

3. Using the "Studies" System designed to improve the technology and advance the web browser for this Adware "Easter egg" not really an Easter egg addin

4. Failure to Publicly Comment about it until a full 72 hours after concerns were raised

5. Deleting and Hiding Bug Reports about the Addin in Bugzilla

6. Failure to adequately respond, apologize, or explain why and how the Studies system was used to distribute this Adware, There blog post so far is woefully inadequate.

7. Failure to disclose what steps are being taken immediately to ensure the Studies system is not abused in this manner in the future

Should I go on? There were many many many failures here, which are compounded by the many other failures Mozilla has had over the last few years.

Then you can go back to chrome or chromium, both of which Google has pushed a binary plugin to that records voice in the past.

Debian had to raise a storm over it and turned into a compile-time only option to not get the microphone listening plugin on your chromium install.

Speaking for myself, I'm not going back to Chrome over this alone -- I'm pleased with how FF57 handles and enough of Mozilla's positive efforts over time that I'm unlikely to let this event define them if they take steps to make sure it's an anomaly.

But every one of these things seems like legit issues that I'd like to see made an anomaly, and it's conceivable that if Mozilla isn't able to make it crystal clear that they know how to make things go that way, Chrome might well be the right choice.

Fine, but that doesn't make the points in the comment you're replying to any less valid. That's... not how it works.

I never left FF, I have been using FF since the very first Beta Releases, I have been using Mozilla Browsers since before FF was even a concept

I support Mozilla on Ideological grounds and it is said they are dropping their Ideology in favor of a pure commercial company.

And enabling the "studies" thing without my permission, which they did.

The real problem imho is that Mozilla hired a wild fox to become its CEO. Before becoming responsible for guidance and stewardship of a free and open internet, the fox primarily spent its time chasing mice and sneaking into chicken coops.

"The Mr. Robot Malware?" You mean the extension that did literally nothing unless you turned it on in about:config? That's "malware?"

We should put it in proportion. Is Chrome worse, privacy-wise? Safari? Edge? Security-wise? Performance-wise? Cause it all ends up, like on large sum of + and -.

Sounds like it deliberately appeared to be malware, but wasn't. Which shows a strange and misguided sense of humor.

Which was consistent with Mr. Robot's tone and theme. I have to say, that like it or hate it, the show does hark back to days of programming yore, and I could totally see it seducing devs into doing foolish things like releasing an add on that looks like malware.

Mischievous easter eggs don't really belong in commercial software anymore (with very careful exception) but the allure still exists. I can't fault the dev team too harshly for this lapse of judgement, especially since it sounds from their blog post that they've taken the backlash to heart.

But if you've never seen the show all you saw was some sketchy extension appear in your extensions list with little to no explanation of why. Was my Mozilla account breached? Did some program installed on my computer auto-install an extension without me realizing? Am I sleep-installing extensions?

It was just weird and it freaked me out until I heard everyone else was losing their mind over it. I just really don't get what they were thinking.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact