Microsoft Edge (Chromium) Beta
Vivaldi (Same thread as Opera)
Loved that part.
It demonstrates that support for Google Analytics is not unanimous within Mozilla, and even if someone removes it from a product page that action is detected by others and reversed.
Privacy aware users should block this sort of thing at their router using a hosts file, or Pi-hole, which is far more effective than calling companies out on Twitter and hoping for the best.
Privacy aware users should take all resonable steps to protect their on privacy, but it is also appropriate to call out Mozilla.
Mozilla (and advocates) promote Firefox as the privacy conscious browser while Mozilla repeatedly takes actions that would appear to go against that claim.
> In this new era of looking for premium service opportunities I suspect there will be value in having metrics of some kind.
Mozilla is either stupid or ill-intentioned. It's 2019 so they've lost the benefit of the doubt for me.
Part of their (written) agreement with Google is that none of the analytics data generated from Mozilla properties will contribute towards Google's tracking database.
"Mozilla has a legal contract with Google that prevents them from using our Google Analytics data for mining or from sharing it with third parties, among other privacy-protecting provisions."
"Mozilla went through a year long legal discussion with GA before we would ever implement it on our websites. GA had to provide how and what they stored and we would only sign a contract with them if they allowed Mozilla to opt-out of Google using the data for mining and 3rd parties."
"Mozilla went through a year long legal discussion with GA."
I wonder why. Implementing some basic analytics on a few pages shouldn't be that hard.
I believe this to be a lazy and ignorant opinion, and I think you are hoping no one will call you out for this.
"Google has proved time and time against they cannot be trusted with privacy". This is a contract between two businesses, which carries legal weight (and in some countries, carries more legal weight than just contract law), so could you source for me perhaps 2-3 (you said "time and time again", so 2-3 should be quite easy!) of your most iconic times that Google openly violated contract terms with major organizations regarding privacy controls?
Broke the law.
If Google has a culture of "grab all the data, and use it in whatever way you can figure out to make money,"—and they do—then the real question is if they even have the institutional capability to not accidentally use this data the same way they use all the other data they have.
I don't want to be a broken record of "this opinion sounds lazy and under-researched and I'm calling you out" but.....
* Google was cleared of wrongdoing under the Wire Tap Act after an investigation by federal law enforcement
* The wifi data capture was a 20% time engineer project which rolled out unintentionally, was never commingled with other data, and was destroyed without being used
* The DoJ and Federal Court of Appeals disagree on the details and the Supreme Court of the United States refused a petition to clarify any parts, so any assertion that they "Broke the law" is either ignorant or malicious, IMO, because to summarize a situation where law enforcement said "No law breaking " and an Appeals court said "Maybe law breaking" as "Law Breaking" can't be considered a rational and intellectual attempt at understanding
Some of the procedures were put in place after the wifi scanning incident.
And that's not to say bad things can't still happen. One thing that sounded particularly bad about the now-cancelled Dragonfly project was that they were allegedly avoiding privacy review. This project was being kept secret from the rest of the company because it's not how things are usually done.
So, my guess as an ex-Googler is that they can guard it and probably will, at least under normal conditions.
At least in the US they weren't breaking any laws. I'm not saying they would never break any laws for financial gain, just that most of the breaches in privacy aren't technically illegal (thus the need for privacy laws)
It’s like the Snowden revelations didn’t happen. I am pretty sure US intelligence agencies have access to your Firefox GA analytics.
Plus, the amount of data that they get from Mozilla must be tiny compared to the amount of data that they collect through their search engine: it's only data on mozilla.org, not data of everyone that uses the browser at all times. It is not wise to risk a lawsuit over it.
> I wonder why. Implementing some basic analytics on a few pages shouldn't be that hard.
Maybe defining a contract to prevent use of Mozilla data without loopholes is harder.
There's surely no way to tell what they do with the data at the other end? It's Google and their serf, Mozilla, I can't imagine it's wholesome.
Do you have you any basis for this assertion?
My bank argues the same way and uses Google Analytics to track their visitors, including inside the online banking system. Fine, so they trust Google to honor agreements and not connect profiles, but I'd still prefer Google to simply not know when and how often I'm logging in to check my account balance.
It's good that Mozilla goes the extra mile to get a custom contract, but I believe that most people aren't expecting a self-proclaimed privacy champion to use an anti-privacy-service by one of the largest corporate enemies of privacy. Explicit opt-in would be the right thing to do here.
Privacy isn't a zero sum game, there can be improvements.
If Google is not going enough, Mozilla shouldn't use Google for analytics on the add-ons page when there are plenty of other options and an opportunity to do something valuable by building a site-private analytics product as part of their core mission of protecting the web.
I'm not sure that would still be the case if the decision were being made today, and would quietly hope not, but I guess we can charitably say that the reason now is "inertia".
Personally, I think they may have underestimated (or failed to fully predict) the anti-google, pro-privacy sentiment in the wings, and it's clear even from this thread and the issues on bugzilla that it's probably cost them enough privacy-capital at this stage to have justified the extra work required to self-host.
But hindsight is 20-20. There are sunk costs now which also must play into the decisions.
Or maybe the "anti-google, pro-privacy sentiment" isn't really all that big. Could be a relatively small but vocal set of people.
The same argument applies to the whole of Firefox. It's more work and it's a lesser product. If Firefox can be a better product, than Mozilla Analytics could be too.
At this point it's clear that Mozilla is a business (with well paid management and staff) like Google that is using Privacy as a promo like Google used Don't Be Evil.
Mozilla might be better in practice today, but it's not on a principled foundation. It looks like a Google Lite - Firefox vs Chrome, Rust vs Go, etc.
There is Matomo (formerly Piwik): https://matomo.org/
This misrepresents the ability of a contract.
No law can prevent a thing, no written agreement can prevent cheating. Law can only set out that such cheating might be illegal in the sense that it can be argued in court that penalties should apply.
We can be a little more charitable in not demanding legalese from someone who was casually paraphrasing somebody else, given the context (a bug report).
Mozilla make open source, they're not open like a publicly accountable body, are they?
Open companies was probably a bad term to use because it might imply something beyond most/all(?) of their products being developed in the open, but I think the point stands well enough regardless.
I won't edit now, but please read my original "open" as "open source".
This is asinine stuff. Contract law is one of the oldest parts of the legal system and contracts are protected. Violating contract terms leads to a discussion of damages. It's not about illegal contracts, it's about liability and damages.
If you trust Google to always uphold its contract, than by the same logic you should trust the government to never abuse your encryption keys.
But we don't, because insider access is (eventually) outsider access. Bits don't have color.
This is like saying criminal law doesn't prevent crime, which again under some literalist and pointless definition sure a murderer isn't physically prevented from murder by a law, but the punishment of murderers does prevent many people from becoming murderers.
Similarly, contract law influences the behavior of people who agree to them by establishing damages and liabilities for various situations, and these incentives influence and control normal actors in predictable ways. A summary of the influences and controls on normal actors in contract negotiation could be "contracts prevent things".
My contract with my ISP prevents me from reselling my bandwidth to my neighbors. It doesn't physically prevent me, but it establishes a liability for me that I want to avoid.
My contract with my car insurance company prevents me from working for Uber. It doesn't physically prevent me from clicking Sign Up in the Uber app, but it establishes limits on my coverage such that I would be driving illegally if I were to continue, and I want to avoid that, so the contract prevents me from doing it.
Let's not be naive. The Big Brother agenda of Google didn't happen in a vacuum. They have government support and protection from some factions of our intelligence agencies to this day (although, perhaps not for much longer). The whole original concept of "Google" as a search engine (and tracking app) was originally a program of DARPA (same for Facebook - originally called "LifeLog"). Do you really think they cut all ties with the government when they went public? Neither Google or Facebook are what they appear to be.
"Privacy" in the sense that it pertains to selling your info to advertisers is just a sideshow; i.e. not the real problem.
No, being found in a court of law to have done so does, but when the contract terms are easy to violate without the other party being aware it is especially inaccurate to portray this as the violation itself leading to this result.
This is disingenuous. They basically locked themselves out of China voluntarily many years ago. They're really scary otherwise and I agree with you, but don't lessen your point by including exaggerations, in my opinion.
Do they really think people are that naive?
(I really hate the "first-run experience" of a lot of "modern" apps these days. I don't need to be told "thanks for using our product" or anything similar, I'm already using your product --- just shut up and let me use it!)
And if it's relevant Tor Browser
Of course there's ungoogled-chromium, but I had some issues building that recently.
I suppose this is because they put it behind another layer of privacy agreements and terms of service. This is an improvement from the last time I tried it. They also added confirmation that a website is actually open to receiving tokens now, that's nice as well.
If Brave wasn't Chrome-based, I would've tried it. Sadly, the world seems to be converging on Google's One True Browser Engine and I don't want to support that.
What happens when there is no internet connection on first launch?
What if there is no DNS?
Does the program keep trying on every launch?
Does the program have hard-coded IP addresses or an internal DNS client?
First launch: 0 bytes.
The note at the top of surf's page about the lack of tabs is missing some context, surf is composable, so if you want tabs, it comes with a script to use tabbed. Each window (or tab) runs in it's own process (skipping some details). It's also easy to enable/disable JS (per process) out of the box with it's keybindings.
You have to have Apple hardware to run Safari.
Many guides to creating Hackintosh setups hinge on having at least one existing Mac. The only saving grace for KVM is that people have developed tools to download macOS directly from the Mac App Store CDN and deal with the DMG image.
Since you’ve been doing this for a while, perhaps you’ve simply forgotten that running macOS natively on VMware outside macOS actually requires patching? Granted, there is a tool for this that is pretty popular and easy to use. But it’s still required when running without hacks.
Finally, where are you getting your installation media? Apple only allows downloads of macOS installation media via the Mac App Store.
I suspect you may possibly be referring to using pre-configured Hackintosh VMs that use EFI emulation and FakeSMC instead of running natively. Frankly, I just don’t trust OS images from random sketchy third parties.
Notice that you'll find cloud providers offering Linux and Windows, but almost never MacOS virtual machines.
Google Chrome https://threadreaderapp.com/jonathansampson/status/116549320...
Microsoft Edge (Chromium) Beta https://threadreaderapp.com/jonathansampson/status/116613869...
Vivaldi (Same thread as Opera) https://threadreaderapp.com/jonathansampson/status/116535815...
Mozilla Firefox https://threadreaderapp.com/jonathansampson/status/116585889...
Google Chrome: https://threader.app/thread/1165493206441779200
Microsoft Edge: https://threader.app/thread/1166138692509065218
Vivaldi (Same thread as Opera): https://threader.app/thread/1165353213308129281
I wasn't promoting one over the other - just unaware alternatives existed.
Also didn't know it had ads, because all ads are blocked in my browser.
That sounds like a contradiction. If he uses ads it's so that his development gets supported this way.
1. The developers try to make up a reason to create another coin for something, that doesn't need a coin;
2. The relationship between the browser and the coin is not cryptographically strong and will never be — it's impossible to prevent fraud when their system is just a program that checks for certain condition (an ad viewed) and communicates to its backend, instructing it to give some address a coin.
3. The developers created a billion of tokens out of thin air and now try to give it some value. And traders do believe that it has some value.
I personally don't tolerate shitcoins even the slightest. Thus, I see Brave as nothing, but a browser engine with a content filter and a shitcoin embedded.
However, to me Brave is the least-worse browser because at least it has a step inside the territory of blockchain-based browsing. It's the first browser that will add an integrated wallet by default (mainstream will never accept using the weird developer-centric MetaMask extension).
You can also easily enable and disable Brave Ads while still contributing (though you'd need to fund your browser wallet)
For a while they would take BAT "donations" for any website, and would just keep them unless the site owner signed up to receive them. This stopped a few months ago.
The whole monetization model of replacing a site's ads with their own is questionable.
The whole BAT thing seems like a scam, they offer ways to buy them but no way to sell them.
Really anything that uses a cryptocurrency for funding has that "con stink".
Just to be more concise, they are not exactly "replacing" ads on the site. The built-in adblocker remove all ads irrelevant of the sites and if you enable Brave Ads (the coin thing, opt in), you get up to 5 per hour (configurable) OS native notification. The notification contains a text ad with a link. Even if you don't click on the notification, you get the coin.
Always a good sign that they don’t.
(Hell, they'll likely offer you an option to consent or proceed without consent to receive reduced experience.)
"We value your privacy"
Click "Options" or whatever. Almost everything seems turned of (I guess it is an attempted dark pattern where they want me to believe it is off by default.)
Click "Third parties". See an somewhat complete list of shady "mainstream" tracker companies - or so I hope -there are literally hundreds of companies on that list, I counted by copying and pasting into a spreadsheet :-]
So much for valuing my privacy. Then again I guess it can be read to mean they value taking our privacy away.
On windows they modify the PE header of the exe, and adds extra information to a certificate table at the end of the file, without affecting the signature of the file. (Last 4 bytes of the file gives the size of the payload, giving you the offset to start reading a string that starts with OPR followed by a base64 encoded string, which contains a checksum and a json object. The json object contains country of origin, http_referrer of the download, a timestamp, UTM-parameters seen on the referrer, the user agent and a uuid assigned to the download. This uuid is kept for the life time of the browser install.)
On mac, the process is a bit different, but there they use appledouble (._-meta files) to modify the zip-file on the fly while downloading including the same type of data.
If you liked Opera, try Vivaldi. It's made by some ex-opera people, reminds me of good old Opera 6.
So, if any, they are tracking less data in that data blob after they changed ownership.
(I worked on this feature at Opera back in the days)
I have the Chrome engine, without all the Google trackers. And the best customizable experience (vertical tabs à la Firefox Tree Style Tab).
Dropped Google Chrome and Firefox.
It is a great way to not have to resign every app but also allow for a “one click” install experience
a privacy catastrophe
Native applications can access the web in less restricted ways than websites.
Native applications have more access to your local machine than websites.
Websites for the win!
What we need is a user friendly browser.
We need proper automatic sandboxing of native apps, restricting file, network and resource access without prior permission from the user.
My money is on the Browser. Because it has proven (via survival of the fittest) that it is the best platform for the modern age. It has what, 100% market share? Everybody I know can use websites.
Even if one of the desktop or mobile operating systems adds sufficient sandboxing in the future, I would not want to develop applications for it. Because it would restrict my creation to the people who use that one platform. And it would give the power to censor it or mingle with it to the platform operator.
But that's exactly what's happening with browsers. Suddenly, Google wants to raze ad blocking, and everyone else follows. All the good points for browsers are restrictions and standardisations, which are fully present in exemplary containers. I don't see how you can get vendor locked-in via docker or kubernetes, I can see how webkit and DRM can.
Every release gets a bit more of that, regardless how many feel about the store or UWP API in general.
Hell, personal firewalls provide a better sandbox solution, at least for network access, even if that is not really their intended function.
Be that as it may, I think good privacy laws and holding software manufacturers accountable is part of a solution. That software more and more behaves like worms regarding to user data is a more recent development.
WinUI is also the official replacement for MFC, which triggered the rewritte of some UWP components into C++/WinRT from .NET Native.
Windows store supports side loading since Windows 8.1, and MSIX packages have replaced APPX and MSI as the future of Windows package formats.
Win32 APIs are frozen in amber since Windows 7.
I am not interested in side loading anything. I have just no interest to use an API that is abused to promote a proprietary store and an OS because I only see disadvantages in that. UWP may have changed by now, but for me it is too late. I have switched to other technologies and are pretty happy with them. If windows continues to be SaaS, I will not develop for it. Even if its legacy might continue for a few decades.
If the primary form of deployment is a store, I could as well use Apple. Although their store isn't really shining on Mac OS as well. I believe there are good reasons for that.
Windows as a platform had many advantages, but it seems to me that MS threw that away to emulate others. A futile strategy in my opinion.
> Beginning in macOS 10.15, notarization is required by default for all software.
Taken from https://developer.apple.com/documentation/security/notarizin...
Web, iOS, watchOS, iPadOS, Android, ChromeOS all use some form of sandboxing.
So unless your alternatives are the 1% GNU/Linux desktop market, sandboxes are here to stay.
ChromeOS supports android apps, but yes, I would state that iOS, chromeOS and android are really bad operating systems.
"Linux for Chromebooks: Secure Development"
> Learn how Linux for Chromebooks (Crostini) gives you a secure sandbox for development. Through a variety of demos, this talk will explain the architecture underlying Linux for Chromebooks and the design decisions that keep it easy to use.
"Adopting the Arm Memory Tagging Extension in Android"
"Improving Stability with Private C/C++ Symbol Restrictions in Android N"
"Android NDK Native APIs"
That was press articles done by journalists without any clue what UWP is all about, and equate UWP with Windows Phone.
The BUILD 2019 sessions are freely available to anyone that cares to actually learn what the current state of Windows development actually looks like.
It’s a bit annoying initially but it’s nice knowing that the system will put control back into my hands whenever apps try to do something shady.
Linux apps supports permission management in flatpak, but the packaging can be a big headache.
Oh, evil golden cages, right?
Same actually goes for most programs I use.
It's the browsers that have the habit of sharing sensitive information with the outside world, not other apps.
I'm talking desktop software. Mobile seems to have a lot more privacy invading apps.
The browser is the OS.
The website is the application.
Browser and os can both track your history.
An application / a website can not.
You might think websites can via tracking scripts connecting to third parties. But applications can connect to third parties even easier. As a user, you have even less power to prevent that.
A native app might be able to violate my privacy. But an OS that can do so is much more dangerous. The reason is the volume of data that can be collected by the gatekeeper.
What we need is a user friendly browser
The next step would be for some open source initiative to do the work and de-google Firefox completely. If that fork of Firefox gains traction, it might bring Mozilla on the right track so they drop their ties with Google to survive.
No, that's wrong.
How about the browser is an application, and the website is ... a website?
Of course, that does rely on having better security models and software installation and update systems in our desktop OSes, and particularly in the case of Windows, they are running at full speed in the opposite direction lately. :-(
Yes, but there are no practical alternatives. No matter how inefficient it is, there is nothing to replace it. And the gatekeepers of the devices on which the browsers run won't let anything else replace it unless they are the ones controlling it.
> Where has the idea of personal computing shared by a whole generation gone?
I would say it was eaten by profit seeking corporations.
Let's say you are small startup, which core business it not IT related, and you want to distribute an app your customers/partners. Are you gonna hire one person to write app for each platform? And how many platforms are you going to support?
There are quite a few cross-platform frameworks in a number of different domains.
It's not exactly rocket science.
So then you only need to provide url to the users of your app, and they are ready to use it.
With distributing binaries it is much more complex story. And that's why projects using Electron get more and more popular, because they at least take part of this complexity away.
...no they don't. They're literally distributed the exact same was as native applications. They're developed differently, saving the developer time (theoretically), but they're distributed in the same old download-and-install (or just download and run) way that applications have been since forever.
They don't solve all of the problems, but they do solve two important ones.
1. The runtime is the same on all platform
2. They build installable binary packages for you
So only 2 is about distribution , and it is not a trivial task. If you have to make Installer for windows, DMG for macos and let's say deb and rpm for Linux.
I have a small opensource tool that I make, and I would say that building the installer for all the platforms have taken probably 20% of all the development time, and if you count in also the desktop integration code( like Explorer context menu for Windows) it's way more.
The reason people post stuff to twitter is because they have an addiction to the gamification of social media like/share statistics.
Basically, what if doing something different would have impacted the reach of the discussion to the point where none of us would have heard about it. Is that better?
Sure, all requests are now sent to one location, including (!!) extension (Tor, https everywhere, etc) downloads used by brave. What about the possibility of the brave folks modifying those extensions to suit their needs? If I am needing to trust Tor, I'm going to download Tor from the appropriate location, not from brave. Based on the language he used reviewing other browsers, I suspect if that behavior was seen on anything other than brave the prognosis would be different.
To your question, Brave couldn't get away with modifying extensions on the fly. This would cause integrity checks on the client to fail. Not to mention, the code to do this would have to land in our public repos on GitHub, where we would quickly be tarred and feathered.
If you're capable of running the Tor browser, we encourage you to do so. Brave isn't as good as the Tor browser if you're smart enough to use the later. That said, if you need a browser that can also make non-Tor connections, etc., then Brave is probably more ideal.
Put it in your twitter bio. Just "working @brave". If I'm reading your opinion on software its helpful to know I'm reading the opinion of someone employed by a competitor without needing to dig through other parts of your twitter account.
Here's a screenshot of both accounts side-by-side, compare and contrast:
Obviously, if this original review were to come from Brave or a Brave-employee directly, it probably would have been taken differently than coming from a "grass-roots" individual, hence the intentional deception on his part.
Twitter explicitly allows one to have multiple accounts as long as you use them for different purposes; in this instance, it's very difficult to see what purpose this Brave-less account has (other than intentionally misleading the public by hiding the Brave affiliation whilst still talking about browsers).
Side question: I use Brave on Android and have noticed that scrolling through the comments here on HN can be a bit finicky.
The first swipe tends to sometimes scroll the contents of a comment (not the page) up or down by a couple of pixels, then the next swipe with finger starting in same comment will let me scroll the page.
Just thought I'd mention it as I love Brave and am hoping this can be improved. Haven't noticed it on other mobile browsers. Cheers!
(Samsung S10 5G international version.)
What is the status of reproducible builds for the Brave browser?
In other words, being able to verify that the source code that is included in the build of Brave that Brave distributes, is the same as the source code we can view publicly.
If you're not familiar what reproducible builds are, I suggest you examine the following article:
Mozilla, however, is different, in that all builds are posted to ftp.mozilla.org, in a versioned manner, and kept there for a while, which, at least in theory, makes it easier to verify or analyse the builds.
What is the situation with Brave? Can I download a version released a few months ago? As it is, the browser is not only not really versioned (at least in the binary form), but there's not even a way to disable it from automatically updating itself. Self-modifying code, where the user has no control over the channel under which the modifications are pushed, is inherently insecure from the reproducibility's perspective.
May I ask what you mean by "if you're capable of running the Tor browser" and "if you're smart enough to use the later (sic)"? Is it about the person knowing that it even exists? I use Tor Browser sometimes, and it's no different from using any other browser (except for some differences in network speed and the fact that it isolates every tab). I don't see what specific capability or smartness is required to use it.
I'm confused about this? Tor browser installation isn't any different from any other major browser, presumably including Brave. There's no skill required to operate it that you don't need for Chrome.
Brave is relatively less trackable than most default browsers.
I was not able to quickly confirm your affiliation (bio was first place I looked). Not disclosing this more prominently felt icky.
(Disclosure: I am a user & fan of Brave)
The threads aren't hit pieces; they were the curious musing of a software engineer and browser builder. And it's worth noting that I spend time yesterday working with Mozilla on their telemetry bugs; so I'm not her to throw mud. Somebody else posted my thread here, and caused it to blow up. Don't lay that on me
Given that this did end up reaching a broader audience than your twitter following (it is a public forum), my feedback would be that it was too hard to tell that you were directly affiliated with Brave, and that it would feel much classier to disclose this clearly in your bio (just "eng @brave" or something, or even a top-level reply to your primary thread if you don't want to modify your bio).
Perhaps I'm less eagle-eyed or adept than most twitter users, but I actively suspected you were affiliated, looked for clues that you were, and could not find them. Given that it wasn't your intent to hide anything, but can accidentally give an impression that you are, it might go over better to be more proactive in disclosure.
Again, the thread itself was successful in achieving the tone of "just the curious musings of a software engineer", was great content, and IMO still reads well with knowledge of your horse in the race.
Your trust for privacy has to go somewhere - do you trust the megacorp with antitrust investigations and hundreds of perpetually pending lawsuits, or "Brave Software, Inc"? Security as well. Password sync is coming - surely brave software, who controls that one domain "brave.com" and the entire process of install, update, and password sync, has security procedures that rival Google and Mozilla in preventing unauthorized or malicious code deploys.
How would I know? Is that code on GitHub? If not, why not? That would certainly give your words a lot more weight.
Also, to my knowledge there has never been a leak of Chrome sync data since the feature was first introduced in 2012.
And the password sync thing was related to the server that runs sync - it's E2EE, but Brave controls the update process and could very well deploy a malicious update that exfiltrates sync data or leaves it open to attacks.
That's why my point is about where you place your trust - if you're not up to the task of building your own browser (or at least auditing and building chromium yourself) and running your own sync software, you have to trust someone; oftentimes this means giving up privacy (Google) or giving up security (Again, choosing Brave isn't really giving up the security of your sync data, you're just now trusting a company that might not have the same security procedures and amount of resources dedicated to audits).
We ought to expect more from Mozilla on this.
What you're advocating is for Mozilla to become a walled-garden, just like Brave and Chrome are.
Since when is a walled-garden a good thing?
If you trust Mozilla more than you trust Google, I think it follows that you should also trust their decision that NOT proxying and going directly to Google.com for this data is acceptable.
Would I be the only one to find it fishy for someone to post such reviews for your competitors whilst pretending that you're an individual not on a payroll from Brave? Why should Mozilla proxy requests to Google through their own servers like Brave does? And the better question: Why IS Brave MITM proxying requests to Google and other services?
BTW, having multiple Twitter accounts is not against the rules if each account is for a separate purpose, but for someone working in the browser industry to be having two separate accounts where they write about browsers on each one, all whilst hiding their affiliation and pretending to be an unaffiliated individual on one of them?! Seriously?
Keep in mind that Brave and Chrome are the ultimate privacy violators, as it's not possible to disable autoupdates on either one; Brave developers repeatedly (see https://github.com/brave/browser-laptop/issues/1877) disregarded community's complaints about this issue (ironically, going against https://brendaneich.com/2014/01/trust-but-verify/); so, you're basically running a self-modifying binary, whether you like it or not. Any review anyone does is kinda meaningless, because there aren't any versions per se, and it can do whatever the hell it wants the next day, without any public record of what it did yesterday. With Mozilla, there's a public ftp directory with all the versions at `ftp.mozilla.org` — haven't seen anything like that for neither Brave nor Chrome.
In fact, many folks used various official guides from Google to disable Chrome from autoupdating itself, e.g., because the newer versions broke font support or other system-level features, only to find such officially-sanctioned settings completely ignored down the line.
How about doing a review of how much it costs in roaming fees to have Chrome/Brave download updates without your permission whilst you're travelling? Or how many hosts Brave does MITM to without any good reason?
"The tab discussing the importance of Privacy loads in the background, bringing along with it the Google Tag Manager and Google Analytics. Hello, Google."
The irony is palpable
Mozilla has a custom contract protecting your privacy while using google's software:
This does nothing to affect my faith in Mozilla's privacy practices, especially since GA is baked into the extensions page and cannot be disabled, even by installing extensions.
Writing an analytics backend is not a trivial thing, and more stuff like that means less resources for Firefox development. It's far more sensible to do what they did, which was negotiate a contract with those who know what they're doing.
It's a practical problem. On the one hand, you have people turned off by the perception of Mozilla betraying its principles. On the other hand, you have resources to be directed to substitute the analytics backend. The right thing to do would be to pick an option that maximizes the amount of resources available for Firefox development/Mozilla's mission.
My impression is that building and maintaining an analytics backend consistent with their mission would not require that much of resources, so the balance would fall in favor of doing it. But maybe (probably?) I'm wrong about this, and it's better to stick with Google for now.