Hacker News new | past | comments | ask | show | jobs | submit login
Firefox’s Fight for the Future of the Web (theguardian.com)
571 points by inception44 28 days ago | hide | past | web | favorite | 283 comments



The article once more reiterates the fact that Apple doesn't allow other browser engines. You cannot even fight, there is no future ;-) on iOS.


That's a convenient excuse on iOS, but Firefox is doing poorly on macOS, too, where no such restriction exists. According to the first statistics I found, Firefox is only about half as popular on the Mac as it in on Windows -- and it's still under 10% there, too.

Privacy-compromising systems aren't winning today because people seek out systems that compromise their privacy. They're winning because these companies focused on making the user interface good. Firefox will win big again when they stop talking about privacy and start making a UI that isn't lousy.

True, Apple is talking about privacy a lot these days, but they've been focusing on UX first for decades. You can't start with "here is an abstract principle that's good for you, and you should use our systems because of it". The Free Software Foundation tried that for years. It doesn't work.

Privacy is important, but it's a feature, not a product. You still need to have a great product.


> Privacy is important, but it's a feature, not a product. You still need to have a great product.

Do you consider Firefox to be a less-than-great product?

I use it as my main browser, from Windows 10. No complaints. I don't experience performance issues or UI issues. Chrome and Firefox are both solid browsers, on Windows at least.

Perhaps Firefox for Mac is a weaker product, and loses to Safari 'fair and square' on quality grounds?


>Perhaps Firefox for Mac is a weaker product, and loses to Safari 'fair and square' on quality grounds?

The current version of Firefox on macOS is a vast improvement over what Mozilla was shipping 6-12 months ago.

However, it still requires more RAM, doesn’t render as quickly and consumes more power than Safari, so there’s that. Also, Safari implemented anti-tracking features before Firefox did.


Firefox for Mac has been more or less unusable up until the most recent release where they actually started using the Core Animation libraries in macOS. Now it won’t drain all the battery in no time, and it’s actually quite snappy. I’ve tried to run Firefox so many times in the past, but eventually always go back to Safari because it’s more native, fast and unobtrusive.


> Firefox for Mac has been more or less unusable up until the most recent release

This is a gross exaggeration. I've been using firefox on MacOS for 3 years and it's worked fine the entire time.


The issue has been the power draw and heat on newer MacBooks with a Retina display.

Older Firefox versions are redrawing the entire window even if only a tiny portion of the window was changing.

With advent of high resolution windows, the amount of work needed to redraw the whole window for every frame became significant.

The last version of Firefox moved to breaking the window into large tiles and only redrawing the tiles that have changed.

This is still less optimized than Safari (which uses Core Animation to only redraw the items on the page that are changing) but it is still a large improvement over prior versions of Firefox if you have a high resolution display.


I've been using Firefox on a newer macbook with retina display for the past 2 years or so. I haven't experienced "more or less unusable" in that time.


I’ve been using Firefox on MacBook Pros for the last 9 years, and it’s worked fine.


I will say that the latest changes on nightly really feel like it is close enough to other browser to be a decent replacement


Yes, Firefox on the Mac is absolutely a less-than-great product, to put it mildly. That's why I called its UI "lousy".


Actually, Apple is giving privacy the product treatment: https://www.apple.com/privacy/


Why allow competition when they can simply claim to productize.


There are literally hundreds of apps on the App Store that compete with Apple’s own offerings, especially email clients, calendaring, productivity, etc.

So clearly it’s not about competition. Disney+ is being heavily promoted on the App Store, which is direct competitor to Apple’s TV+.

We’ve seen 3rd parties like Google and Facebook subvert iOS security before; if Mozilla gets low-level access, then so does Google and they can’t be trusted.


There are literally zero browser engines allowed on iOS, other than Safari/webkit, with a purposefully depleted feature set, to force developers and users to the app store.

It is astounding that overzealous Apple employees and fan boys will employ circuitous mental gymnastics to substantiate Apple policies, instead of simply allowing an open-market to thrive on iOS. It's as if open markets where consumers are allowed to choose works against Apple


What is this hope for a "thriving open market?" On Android, Chrome/Chromium engine has more than 99.5% marketshare.

Consumer choice is a red herring. So for that matter is Firefox, which Google has stomped out on Android. Apple's policy is 100% aimed at preventing Google from controlling the future of iOS.


Let’s not forget that Google had to pay the largest FTC fine for intentionally bypassing the security features on iOS; no wonder Apple doesn't allow low-level access to the operating system: https://www.ftc.gov/news-events/press-releases/2012/08/googl...


Consumer choice means that tomorrow if Android Chrome does something really unpopular, people can switch to Android Firefox. It is not a red herring.

Yes, giving users choice does mean loosening your control of your platform. I don't believe Apple thinks consumer choice would cause Google to control the future of iOS.


>There are literally zero browser engines allowed on iOS, other than Safari/webkit, with a purposefully depleted feature set, to force developers and users to the app store.

Apple is clearly moving towards a more secure set of operating systems and that starts by reducing the attack surface.

On macOS, Apple is deprecating kernel extensions; the boot partition on macOS Catalina is read-only so that it can’t be modified by malicious software: https://wccftech.com/macos-catalina-runs-on-dedicated-read-o...

Even Safari on iOS doesn’t support browser extensions.

>instead of simply allowing an open-market to thrive on iOS.

The App Store paid developers $34 billion in 2018; I would say the market is thriving: https://fortune.com/2019/01/28/apple-app-store-developer-ear...

>Safari/webkit, with a purposefully depleted feature set

Just checked html5test.com from my iPhone 7 running iOS 13.2.2; Safari scores 463 and Firefox 48 mobile scored 468 out of 555 points. And this is without enabling a bunch of experimental work-in-progress features: https://imgur.com/a/Y5NHwct

So there's no meaningful difference in capability of these browsers when it comes to features.

Of course, Safari is faster, requires less RAM and consumes less power, which should count for something on a mobile device.


This response literally proves fanboys and employees will offer circuitous logic to substantiate Apple. iOS Safari W3C non-compliance is well known, a little googling will lay out the (intentionally) missing features.

You go to lengths to defend Apple, but do not have the guts to let the consumer pick a Google/Mozilla alternative engine. What is Apple so scared of, if not a level playing field.

This is the same company that retroactively modified it's store policies to substantiate booting steam off the app store. Courage in the face of competition, not!!


I was a bit surprised to learn a year or two ago that the browser makers have pretty much divorced W3C:

https://en.m.wikipedia.org/wiki/WHATWG


>iOS Safari W3C non-compliance is well known, a little googling will lay out the (intentionally) missing features.

The illogic here is a little scary: Firefox and Safari on iOS basically have the same level of web standards compliance according to html5test.com, yet one is intentionally not implementing features?

No fanboyism; just the facts.


It's not that surprisingly that the one making the decisions about the browser engine is blamed, not the one forced to use the browser engine instead of their own, is it?


To be clear, the html5test.com numbers for Firefox are for Firefox on Android.


Quote:

  YOUR BROWSER SCORES
         491
  OUT OF 555 POINTS
  You are using Firefox Mobile 68.0 on Android 8.1.0
Not 468.


The numbers I quoted were from Firefox 48, not 68.


> >instead of simply allowing an open-market to thrive on iOS.

> The App Store paid developers $34 billion in 2018; I would say the market is thriving: https://fortune.com/2019/01/28/apple-app-store-developer-ear....

They said open market. Apple's closed market is thriving, but the open market doesn't exist on iOS.


browser extesions are a privacy feature. my browsing is much more private on Firefox with ublock origin then on no extension safari.

As for Safari using less power and ram on mobile there is no evidence that Firefox would uae more of either since Apple doesn't allow it to run. As far as we know if other browsers were allowed to run some might compete on power and ram.

As for security, chrome on desktop has a superior track record. The CVE list proves this, so by denying competition Apple denies users more secure browsers.


> As for Safari using less power and ram on mobile there is no evidence that Firefox would uae more of either since Apple doesn't allow it to run. As far as we know if other browsers were allowed to run some might compete on power and ram.

Firefox is slower, requires more RAM and uses more power on macOS now; it’s highly unlikely that essentially the same engine running on iOS would run significantly differently.

Of the mainstream browsers on macOS, Firefox has always been the slowest.


>browser extesions are a privacy feature. my browsing is much more private on Firefox with ublock origin then on no extension safari. All things being equal, you shouldn't have to rely on extensions in 2019 to protect your privacy.

The goal is to preserve privacy by default--no extensions required. The vast number of users don't install them or wouldn't know which ones to install.

Brave is secure out of the box and doesn't require extensions to protect your privacy: https://brave.com/features/

Safari also doesn't require extensions to protect your privacy: WebKit Tracking Prevention Policy—https://webkit.org/tracking-prevention-policy/

Apple first shipped Intelligent Tracking Prevention in June 2017, long before Firefox or any other browser had anything similar: https://webkit.org/blog/7675/intelligent-tracking-prevention...


I know this false based on all the ads I see in webpages in Safari that I don't see when in Firefox with UBlock Origin. Every ad I see was served by the ad company. Safari might be blocking cookies but it's not letting me block the ads which is all that's really needed to track.


Safari doesn’t block ads currently; that’s true.

Safari’s Intelligent Tracking Prevention stops the cross-site tracking, fingerprinting, etc. by ad companies.

The ability to block content is built-in to macOS and iOS for 3rd parties to use.


Regarding performance, here’s a detailed article on benchmarks for the various Javascript engines; Firefox is the slowest: https://webkit.org/blog/8685/introducing-the-jetstream-2-ben...


I'm trying to think of a UI difference in chrome or safari that is meaningful, can't come up with one. Can you elaborate?


You mean UI issues with Firefox, compared to Safari? Gosh, where to start?

- Standard keyboard shortcuts for text editing still don't work. That alone is a dealbreaker for me.

- The toolbar(s) don't look or work like standard toolbars. The standard toolbar editor is missing, too.

- Tabs don't look or act right, either. They're actually styled like Windows XP tabs.

- The scroll bars look good, but scrolling doesn't work the same as any other app. It hits a solid wall at either end.

- The preferences dialog is not a dialog, but a web browser tab (!), and its controls all look strange. They're not like standard OS controls or standard web controls. They're mostly just words floating on empty space, and some of them happen to be clickable. (It doesn't even have the advantage of being a webpage: the back button is enabled, but don't take me back to the last thing I was looking at here.) Some settings open a (custom, of course) dialog-in-a-tab, which is resizable, but if you resize it, the main scrollbar disappears, so you can't see the bottom of the dialog with the Cancel/OK buttons.

- It doesn't use the standard localization setting. It has its own, but half of Firefox doesn't even seem to use that, because even though my System Preferences is English, and my Firefox language preference is English, and even my Firefox content preference is English, it's showing half the UI in Japanese still. The context menu is half English and half Japanese!

- It's got a whole second menu (!) in the toolbar, with no way to hide it (see above: non-standard toolbars). The font, text alignment, highlight color, icons, and animation are all non-standard. Of course, it doesn't obey the system accessibility settings, either.

- Tree controls (e.g., in the History window) are non-standard, and standard keyboard shortcuts don't work here, either.

- It uses a (custom, of course) pop-over as an upgrade notification, which can't be dismissed by clicking outside them. Or dismissed permanently, like normal notifications.

The whole reason I use a Mac is for consistency. That's been its primary benefit since 1984. Instead of learning 10 completely different different programs, I just have to learn the common parts once. (Remember those keyboard overlays for the IBM PC we used so we didn't have to memorize which F-key meant "Save" in each different program?) In Firefox, everything is custom, and works differently than other apps. The keyboard, mouse, display, menus, windows, and controls are all weird. If I were OK with that, I'd switch back to Linux.


Yeah, it’s kind of depressing how much better it could be with just a touch of Cocoa; these shortcomings are readily apparent so it wouldn’t even take that much to improve it. I wonder if Mozilla could solve this by just hiring someone who’d focus on improving platform UI to the point where it was competitive with Chrome…


Even Chrome isn't competitive with Safari, UI-wise. It's plagued with many of the same issues as Firefox on macOS, last I checked.


Well, some of them. It's not great, but it's better than where Firefox is now.


Very slightly, if at all.

The settings page is still non-standard, the same for the scrolling, keybindings don't work in the usual macOS way (CMD+Q for instance quits only if you hold, which is baffling), the app updates itself in a non-obvious way, the top-bar is laggy when in fullscreen mode, and the list can go on and on.


> It doesn't use the standard localization setting. It has its own, but half of Firefox doesn't even seem to use that, because even though my System Preferences is English, and my Firefox language preference is English, and even my Firefox content preference is English, it's showing half the UI in Japanese still. The context menu is half English and half Japanese!

That sounds totally unexpected. Can you open a bug https://bugzilla.mozilla.org/enter_bug.cgi including the details from your about:support page?

Something sounds broken and I'd expect a fix.


i have way too many tabs open at all times, and chrome makes it way way easier to see what I have open and get to the tab I want quickly.(it just shows more tabs than Firefox, this is my main complaint) The top bar uses less vertical real estate and is just much cleaner overall. I can see more if not all of the url. Chromes next tab left, next tab right, and close tab, automatically map to the keyboard shortcut I set in macOS, and I still haven’t even found the menu option for next and previous tab in Firefox. (I’m sure it’s there and I just haven’t found it yet, but if it’s not there, that’s a deal breaker for me)

I very badly want to use Firefox as my main browser, and I have it installed and give it a go every now and then, but it’s just not all the way there yet for me.


The vertical space you can easily fix by opening the hamburguer menu > customize > density (bottom left) > compact. It then uses less space than chrome. You can also add/remove items from the top bar there, making your address bar larger if you want to.

The default hotkeys for next/prev tab are cmd+option+left/right arrow. I don't know how to change those...


i use ctrl-tab and ctrl-shift-tab for tabbing. easier 1-handed operation and closer to other "change context" shortcuts like next/prev window (cmd-~, cmd-shift-~) and select desktop/space (ctrl-1, ctrl-2, etc).


yeah, I'm muscle-memoried into cmd-' and cmd-; for tabbing right and left, I like using those keys, and this is across pretty much everything I use (I suppose chrome and terminals, mostly..). It's firefox, there's probably an extension for it, but that takes work to find and feels kludgy.

good to know about the density, thanks.


In the mac settings about keyboard/shortcuts, you can define program specific shortcuts; e.g. take the exact name from the firefox menu for the 'next tab' action and give the shortcut you want.


Right, so that's part of my gripe. in keyboad shortcuts, i've got global (all applications) shortcuts for select/show next/previous tab. Those dont map to firefox. Fine, but Firefox doesn't have a menu title for next tab, so setting a shortcut for a non-named function doesn't work. I've tried the documentation(https://support.mozilla.org/en-US/kb/keyboard-shortcuts-perf...), using "go one tab to the left" doesn't work. It's just way more effort to figure out than it needs to be for a browser in 2019.....


I apologize, you are completely right (was not on the Mac when I answered and mixed it up with Terminal and Finder).


Interesting, my complaint about Chrome's UI is that it doesn't support Tree Style Tabs (or an equivalent) so I can't have that many tabs open at once.


> According to the first statistics I found, Firefox is only about half as popular on the Mac as it in on Windows

Wich is not much of a surprise. If you educate your customer base to use one browser, many won't switch. See the lawsuits against Microsoft because of IE.


But Chrome is still #1 on the Mac, too. Most Mac users do download a third-party browser and use that rather than the built-in one. Just not Firefox.


If Apple allowed Firefox on iOS - real Firefox with the rendering engine and extensions and everything, just like Android - I probably would have switched already.

As it stands, I stay on Android mostly for Firefox.


Just curious, why does using “real Firefox” hold so much weight for you? Also, what steps have you taken to secure your device?

One reason I haven’t switched from iPhone is that I’m not confident in my ability to secure an Android, and I’d rather trust Apple than Google.


A big part of it is extensions, I have a handful of extensions that I use on a regular basis, and Firefox is the only mobile browser that actually supports extensions.

Another part of it is that I just trust Mozilla more. Both in terms of conflicts of interest, and just plain fixing bugs. For example, Safari on iPod touch has been unable to access the microphone for years, even though Safari on iPhones can.

I will concede your point about security. I think that iPhones are probably more secure than Androids. But, I feel that the security of my Android phone is sufficient for my needs.


Extensions don't get enough attention in this discussion. They're the main reason I prefer Firefox on Android. Anything that's missing or not to my liking, I can usually find an extension to provide or change. If something annoyed me enough and there wasn't an existing extension, I could look up the API docs and write one myself.


One big thing is that you can't change the default browser, so any time you click a link you end up on safari. In my experience (I tried iPhone for 2 weeks after my previous phone died, before returning it and switching back to Android) that makes installing a different browser effectively useless.

The rendering engine restriction is less obvious to the average user. And, frankly, if you don't trust Apple with your data then what are you doing using their network stack?


Extensions. On my Android phone I run LineageOS without gapps. I don’t install 3rd party applications, simply because the majority (in my experience) try to abuse your device in spite of limitations put in place by Apple/Google.


Sync of passwords, tabs, history, bookmarks, etc. as far as I know Firefox is the only browser which allows me to run my own sync server.


Is that not all possible with WebKit as the rendering engine? (In other words, doesn't Firefox on iOS already do all that?)


Yes Firefox on iOS does already do that.


How is it technically enforced though, I am curious. I mean, if I wrote an application that downloaded text files and rendered the text to the screen, I am sure that would be possible. If I wanted to add images to draw next to the text I am sure it is feasible. So how can one technically prohibit doing that? Implementation-wise, how is a web browser really that different from e.g. a video game?

Or is it only policy-enforced? Reviewers see something in an app that resembles a "browser" too much and take you down?


My guess would be that it's policy-enforced and what Apple really has problems with is not browsers as a concept (dynamically loading and rendering data) but rather the execution engine that websites usually use (JavaScript) and seeing that as a too-large-to-review area where they want to avoid having vulnerabilities in applications published on App Store.

Or it's a anti-competitive move disguised as a "avoid vulnerabilities" but in reality they just really want to make sure iOS users keep using the one and only browser (Safari).


Apple uses no Turing complete policy. So you also can't bundle a python or ruby interpreter in iOS. Its still anti-competitive but in a different area which is language and api. They are basically trying to push devs to use their native OS apis. PWA are also screwed up in Safari for a reason.


This is not true. There is for example the Pythonista IDE for iOS, which ships a full Python interpreter. https://omz-software.com/pythonista/


Is there an example of a non development/learning tool?


If I remember correctly there’s an exception for learning and development tools.


That’s surely absurdly difficult to test, and provably impossible to prove the negative (i.e. my app is not Turing complete.) Is a calculator app not Turing complete? What about Google Sheets?


As long as it uses Apple's WebView, it's OK. This was the case for Firefox, they had to ditch Gecko in favor of using Apple's webview for iOS.


Kivy bundles Python in iOS apps, and the apps are accepted on the App Store. Do you have a link for this policy?


That likely falls under the “educational” exemption: https://developer.apple.com/app-store/review/guidelines/#sof...


That's unlikely, Kivy is also used for commercial apps. Bundling interpreters is allowed, but you must not use them to execute arbitrary code, unless you do it for educational purposes. Kivy doesn't load remote code, so it's not affected by this policy.


Then apps using it must ship all of their Python code in the app bundle to meet the App Store Review Guidelines.


> So you also can't bundle a python or ruby interpreter in iOS.

You can if it’s for educational purposes.


Pythonista is a full(-ish) offline Python IDE and has been on the App Store for years.


interesting. But I can’t help but think by that logic Facebook should be too large to review.


Facebook does have code that dynamically compiles arbitrary input to machine code.

That's the part Apple is not allowing in third party apps.


> Facebook does have code that dynamically compiles arbitrary input to machine code.

Not outside of JavaScriptCore they don’t.


One cannot have writeable executable memory on iOS (apple can, we cannot).

Thus one cannot make a JIT compiler for js and thus pages are slow.

Game engines such as Unity use il2cpp to go from the C# stuff into C++ that can be statically compiled as running the C# as bytecode would be too slow without a jitter.


Ah, so it is all about the javascript engine? Ok I can see how that might put up some major technical barriers, but still it should be technically feasible to have the firefox rendering engine make use of the iOS javascript engine, no? Maybe it's not worth the effort of course. I am just trying to get a feel for what the barriers are.


Not via public apis. So cannot be placed into app store.


In addition to what the other replies said, feel free to eyeball the code required to embed SpiderMonkey in Firefox at https://github.com/mozilla/gecko-dev/tree/master/dom/binding.... It's rather large and complex.


This is not at all the code to embed SpiderMonkey in Firefox, those are the bindings from DOM APIs to the implementation of those APIs in Firefox. Above that, calling into this layer, is another layer that transforms JS calls into C++ calls (roughly).

The interface between SpiderMonkey and the rest of Firefox is here: https://searchfox.org/mozilla-central/source/js/src/jsapi.h.


I think that iOS JS engine is tied to WebView and it would be hard to re-use it with other rendering engine.


JavaScriptCore can be used can be used independently from the rest of WebKit, but I’d expect it to be slow.


> One cannot have writeable executable memory on iOS (apple can, we cannot).

Nitpick: you can but you cannot ship it via the App Store.


Apple as does not allow side-loading, so wouldn't a jailbreak be required?


Jailbreak, enterprise certificate, testflight, or a developer account would be required to sideload an app. You can technically sideload an app without a paid developer account, but the certificate only lasts seven days, at which point you'd have to reload the application.


> One cannot have writeable executable memory on iOS (apple can, we cannot).

> Thus one cannot make a JIT compiler for js and thus pages are slow.

Lack of JIT doesn't slow down pages much. I believe the difference is so small that it might even be possible to be faster without JIT for most pages, especially on low power devices, it's only computation heavy pages that are going to suffer and even then it's not like you can't optimize common patterns statically ahead of time.

It doesn't mean that it's a good idea to invest into it, you are still under Apple's mercy and they clearly don't want competing browser engines.


If I have understood correctly (I’m a C++ graphics programmer. So don’t know too much about what’s flashy in the web world) V8 only jits. As in it can only produce machine code and there is not even an option to run it as an interpreter.


V8 has a high performance, JIT-less interpreter that disables TurboFan and relies exclusively on Ignition: https://v8.dev/blog/jitless


> Lack of JIT doesn't slow down pages much.

So why do you think so many major companies invest such a huge amount of money in JS JITs? Google, Apple, Microsoft, Oracle, Mozilla all maintain JS JITs and spend what I guess is hundreds of millions of dollars a year on it.


A budget of $100M, with 50% devoted to salary and a median salary of $250K, would be 200 developers. I seriously doubt any of the companies you name are devoting even a quarter of that to JS JIT development. Yes, they each make significant investments, but let's not weaken the argument by indulging a penchant for hyperbole.


About 200 seems about right to me across all these companies. Have you worked on one of these teams?

> let's not weaken the argument by indulging a penchant for hyperbole

Please don’t be so dismissive and snide - there’s no need for that.


> About 200 seems about right to me across all these companies.

Then your initial estimate was way off, because you were suggesting multiple hundreds of millions and the average salary probably isn't that high.

> there’s no need for that

Honest argument wouldn't require such forceful correction.


I didn't say a hundred million per company.

> Honest argument wouldn't require such forceful correction.

Please try to tone it down.


I don't know the details first hand, so take this with a grain of salt, but this is what I remember from talking to engineers who explored this possibility over the years:

You can't ship a native JIT (execute native code from the heap), I think it's enforced automatically by the App Store. So shipping your own JavaScript engine is out.

You can't download and interpret third-party code, I think this is enforced by human reviews, so shipping your own Web rendering stack is out.

You can use your own network stack with WebKit on top, which would let you offer some value to users like more advanced ad/tracker blocking.


This is exactly what Chrome on iOS did: they embedded their own networking stack, but reused WebKit and JSC.


Thanks for the information. That part about disallowing third-party code interpreting is particularly painful to hear. They shut down any possibility of another browser. Could see that they do this for security reasons because a badly implemented interpreter could open up holes, but I'd imagine the sandbox is sufficient to allow at least interpreters.


Web content must be rendered through WebKit as per the App Store Review Guidelines (https://developer.apple.com/app-store/review/guidelines/). This is supposed to be enforced by App Store Review by inspection. In addition to this, there are technical reasons why your “browser” will be inferior to Apple’s web view performance-wise, mainly having to do with apps that generate code dynamically in-process needing entitlements that prevent submission to the review process.


Policy-enforced.

Mozilla ported the true Firefox to iOS many, many years ago and Apple just rejected it from the store.


I wonder why no antimonopolist issue was raised there by e.g. EU. Like they did for NFC in Germany - they forced all phones with NFC to be open to use by different apps, which might finally bring other pay solutions to iOS (or non NFC capable iphones to Germany).


The NFC issue isn't related to antitrust. If they thought they could make an antitrust case against Apple they would. But their market share is so low in Germany, and the EU, that they just passed a law instead (specifically an amendment to an anti-money laundering law). It remains to be seen if it's even constitutional.


It’s nowhere as good or fine-grained as uBlock origin, but I’m surprised no one ever seems to mention (or use?) Firefox Focus and it’s associated Safari content blocker. Seems to work really well for me on my iPad and iPhone, at least for general ad blocking.


Anti-trust? Or have the lawyers for Apple (and Google) found the legalese to prevent this possibility?


Apple is only a monopoly if the market is iOS devices so they're quick to point out the market is all mobile devices.

Google allows sideloading, and allows competitors on the play store


> they're quick to point out the market is all mobile devices.

It is not. The market is stores for Ios devices, Apple does have monopoly.


Technically I think you are free to build have other browser engines on iOS. However, JIT or other dynamically compiled code is not allowed because that's a security risk. You can't have a browser in 2019 with interpreted javascript.


> I think you are free to build have other browser engines on iOS

I believe this is false, see 2.5.6 and 4.7 of https://developer.apple.com/app-store/review/guidelines/

But they do allow Opera Mini, a 'browser' for iOS where rendering is done in the cloud.


But why is JavaScript JIT compilation tied to the rendering engine?


Yep. technically, Apple doesn't force Firefox to use WebKit. They could still use their Gecko WebRenderer and use Apple's JavaScriptCore to run page scripts. Same goes to Chrome: Blink + JSC instead of Blink + V8.

In practice in seems like both Chrome and Firefox have their renderers and JavaScript runtimes so tightly integrated that it's very hard to replace the later.


Elsewhere in this debate sharpneli says that there is no public API to call into JavaScriptCore and using non-public APIs violates the App Store rules. So that would explain it.


There is API to use JavaScriptCore in your apps: https://developer.apple.com/documentation/javascriptcore. No JIT, though, so it’s slow.


I think you mean that you can have interpreted javascript, just not JIT compilers. They don't allow you to mark memory as executable. That syscall is completely disabled on their systems.


It is not, moprotect (and mach_vm_protect) work just fine if you have the appropriate entitlements or have a way of getting around its checks.


I think the entitlements are not offered to apps such as firefox and those that are not Apple correct?


Some of them are, but they cannot be used with apps delivered on the App Store.


It can't be disabled because Safari and Webkit uses JIT for JavaScript. Probably it's enabled for apps signed by Apple.


True it is disabled if you aren't Apple.


Yes, however, even as a Firefox advocate, I think in this case it's actually a good thing, since the majority of people would probably switch to Chrome then, contributing to the Blink monoculture.


It's not a good thing, only a bad thing with a good side effect ;-)


You could run the browser on other machine and use VNC to access this from a iphone (or any other mobile device). While this is rather complicated and probably less reliable solution, the bonus points would be (almost) perfect isolation of the browser process.


It would be a lot more difficult than it sounds for Apple to allow 3rd party browsers and allow them to be good. Even on macOS now, Chrome depends on internal OS APIs which prevent it (or Electron apps) from being in the Mac App Store -- and for good reason, those things could break at any time. So in order to allow 3rd party browser engines that can compete with Safari in terms of performance etc they would need to make the APIs that are used to optimize them public.


If these non-public APIs are so useful it feels to me that Apple is acting in an anti-competitive manner. They're allowed to use them for their own applications but deny third-parties the right to sell in the "Store" if they use the APIs. Sounds a lot like MSFT in the 90's...


As Apple has reiterated, browser engines require low-level access and for security reasons, other rendering engines aren’t allowed.

You can see from Apple’s updates that keeping up with the vulnerabilities for WebKit and iOS, etc. is already keeping them plenty busy:

https://support.apple.com/kb/HT210725 https://support.apple.com/kb/HT210721 https://support.apple.com/kb/HT210624 https://support.apple.com/kb/HT210603


My point is this gets dramatically worse if every browser engine has low-level access to iOS.


I hope Firefox succeeds, as I like the idea of not concentrating yet more power in few hands, but, on OpenBSD, I use Iridium (Chromium derivative), so I see these benefits, and am wondering what Firefox would add for me, privacy- and security-wise: 1) Iridium doesn't send info to Google like Chrome does (or that is the idea);

2) It is easier (last I checked) than with Firefox to leave some config tabs open so I can quickly turn on/off javascript, images, and/or cookies for those sites where I need them (by exception list or temporary exception, and easy to manage it without a mouse once the tab is open; separately, I do change the search engine also, and create search keywords), and

3) OpenBSD adds pledge/unveil system calls from the browser, to prevent it from reading/writing files where it should not (plus I browse under a different user than I do other things with high confidence there will not be a privilege escalation; also they say the pledge/unveil support is easier to implement in Chrome/Iridium than in Firefox because of the cleaner separations of concerns in the code organization (my wording; though they have probably also put pledge/unveil in FF also for all I know),

4) Maybe the security of Chrome/Iridium benefits from Google's bug bounties, more than what Firefox has done (ie, the security track record of each, frequency of major holes over, say, the last 1-3 years). I don't really know but I'm glad they try.

Given those things, what are the remaining biggest reasons I might prefer Firefox? (I am aware of OBSD removing DNS-over-HTTP from Firefox, indicating that is a choice that should be made by the user at the system level instead).


> Given those things, what are the remaining biggest reasons I might prefer Firefox?

Iridium seems to be quite outdated - the latest release that's listed on the website is from April. Given that there have been multiple critical security issues fixed since then - with some of them allowing for arbitrary code execution (https://www.cisecurity.org/advisory/multiple-vulnerabilities...) - I personally would consider using Iridium too risky.


I currently limit its use to an account on my computer that doesn't do the things where I care as much about security (and limit JS use), and the pledge/unveil OBSD stuff prevent it from reading or writing in directories not explicitly named as allowed. Still, you make a good point and I plan to think about it.

Maybe the question is which is more risk: a local and limited compromise to a low-privilege account on OBSD, or sharing more info with Google (sounds like Google is the lower risk maybe -- hard to say...). (On the other hand, it is becoming easier to upgrade packages on OBSD between releases and so if Iridium started releasing more often it could take advantage of that--but that is just speculative.)


> 2) It is easier (last I checked) than with Firefox to leave some config tabs open so I can quickly turn on/off javascript, images, and/or cookies for those sites where I need them (by exception list or temporary exception, and easy to manage it without a mouse once the tab is open; separately, I do change the search engine also, and create search keywords), and

I wouldn't want to switch everything on/off manually. I use the uMatrix extension which allows you to enable disable cookies, images, Javascript, iframes, etc. for each domain separately, and configure the exceptions permanently or temporarily. I have JS disabled by default, and enable it only for trusted sites or temporarily. Even on the sites I trust, Google Analytics scripts, etc. are disabled.


Thanks. I have been avoiding extensions & plugins in browsers because of how they increase the attack surface (including some that get new maintainers) with perhaps less code review. That may or may not have a significant risk level in a given case, hard for me to say. But do you know if there is a way to make exeption lists for this things in FF w/o any extensions? (built-in in chrome, so that one aspect is convenient)


It's built in on chrome? Could you please share how?


I open a new tab, and with Alt-E then S bring up the Settings, scroll to the end and click Advanced. Then click Content Settings, and there are areas in there for images, javascript, and cookies where one can set permanent exceptions as well as on/off settings. I don't see it for iframes. Am I misunderstanding anything?


> what are the remaining biggest reasons I might prefer Firefox?

Neither Firefox nor Chromium let you reassign hotkeys without recompiling, and while Firefox's defaults could use some tweaking, Chromium's default keybindings are insane and counter-productive.

Of course, Mozilla's organization is in shambles atm so Firefox has been getting worse in many regards, even if its speed has caught up with Chrome.

> It is easier (last I checked) than with Firefox to leave some config tabs open

Not sure when you last checked, but about:config is its own tab.

Instead of changing the search engine, Firefox lets you define multiple search engines and choose between them with the cursor or tab key before searching.

> OpenBSD adds pledge/unveil system calls from the browser, to prevent it from reading/writing files where it should not

Anything this offers over Linux containers / AppArmor / SELinux+permissions on a theoretical level, implementation nonwithstanding? Also, most Linux distributions offer their own compiled version of Firefox, because ultimately it can be forked like Chromium, which really removes much of the differences you've described.

> Maybe the security of Chrome/Iridium benefits from Google's bug bounties, more than what Firefox has done

Maybe. But you can't really infer much from that data point. I don't have any citation on hand (one would be welcome) but AFIAK Firefox typically has had less major 0-days than Chrome in the past, due to Chromium team's "move fast, break things, and don't communicate" policy.


> Not sure when you last checked, but about:config is its own tab.

It was last I checked also, but felt awkward to use, and then you have to know what settings to look for, as opposed to having them in the UI (all can be easily overcome, but it is a little more work i think, maybe not enough to matter for some use cases or if I just forced myself to get used to it).

Is it possible to define ongoing exception lists there? How easy? And how many options to they allow for cookies (always, never, save until exit, ...)?

> Anything this offers over Linux containers / AppArmor / SELinux+permissions on a theoretical level, implementation nonwithstanding?

I don't know fully, but for any of those I definitely have to think more, as the user, and there is (probably?) more room for error due to complexity.

> I don't have any citation on hand (one would be welcome) but AFIAK Firefox typically has had less major 0-days than Chrome in the past, due to Chromium team's "move fast, break things, and don't communicate" policy.

Thanks for pointing that out.


about:preferences is a tab now, too. Cookie options could be maybe a wee bit more complex, however an addon will make up the difference.

> I don't know fully, but for any of those I definitely have to think more, as the user, and there is (probably?) more room for error due to complexity.

On a properly configured distribution, these things should all just work out of the box.

Honestly, barring the update frequency issues pointed out by another user, the OpenBSD Chromium experience is probably on par with the FF experience on major Linux distros.


Which Linux distributions configure any browsers (reliably, by default, without me having to know extra stuff) so that it cannot read or write files from any directories the user has access to (allowing, say, only /tmp and ~/Downloads and ~/.cache or the like), and so that if it makes inappropriate system calls (any except those on a whitelist) they fail?

As a longtime (and grateful) Debian user, I remain impressed with OpenBSD's relative lack of privilege escalation bugs in the base system, and "only 2 remote holes in the default install [since about 1996]": we can have different views of course but their constant auditing and general approach to correctness and security over adding features does make me feel better. :) Not trying to start a flamewar though (that would be bad; I fear I might be talking like a fanboy now...).

I appreciate your comment.


I certainly don't meant to claim that Linux is more secure than OpenBSD. OpenBSD's security is better in several respects. I'm just trying to keep this about the browsers themselves.


I'm glad to know about about:preferences as a tab for future ref.; thanks for the info!


You're still on Blink. Contributing to that monoculture is no win.


I think this is among the best reasons I've heard in this discussion to avoid Chrome. The other reasons to not use firefox (at least for me on OBSD for now, given that pledge/unveil support for FF are still in progress, and no way I know to use exception lists for images/cookies/javascript without an external plugin), might still outweigh it.


> 3) OpenBSD adds pledge/unveil system calls from the browser, to prevent it from reading/writing files where it should not (plus I browse under a different user than I do other things with high confidence there will not be a privilege escalation; also they say the pledge/unveil support is easier to implement in Chrome/Iridium than in Firefox because of the cleaner separations of concerns in the code organization (my wording; though they have probably also put pledge/unveil in FF also for all I know),

Just FTR, Firefox is adding pledge/unveil support for OpenBSD in version 72, see https://marc.info/?l=openbsd-ports&m=157325338020502&w=2


More I just saw, haven't read thoroughly yet: http://undeadly.org/cgi?action=article;sid=20191118055603


Good to know; thanks.


Tree Style Tab [1]. That is the main reason I am on Firefox. My screen is wider than it is tall, so I can make use of this by displaying the tabs on the side. It is 'tree style' which means that it is nested. This allows me to have child tabs of say, hn for reading all of the different articles. This can be easily collapsed, expanded or removed altogether.

1. https://addons.mozilla.org/en-US/firefox/addon/tree-style-ta...


I thought of another way to put a reason I am not quite moving to FF yet: If I change my habits around browser use, over to FF, then switch platforms, I again get DNS-over-HTTP (or DoH) which I think I don't want the browser to decide for me, preferring to make that decision at the user or system level as I have done with my non-expert use of DNSSEC on my desktop, which is at the system level. Sending all DNS queries to a single location is another concentration of power. Or, is DoH user-configurable in FF?

So, summarizing, pros/cons as I see them for my usage:

Iridium/Chromium pros:

- ability to create exception lists by domain for JS, images, cookies is built in in a way I know of, without adding plugins or extensions that might get less code review or bought by a malicious maintainer w/o my knowledge (maybe rare, but has been reported for some).

- if I switch platforms and continue with my current usage habits I am not forced into DoH (yet?).

- has pledge/unveil support (limiting risk today on a platform I trust more to do that right, with fewer privilege escalation bugs etc and less complexity/knowledge required than SELinux etc. (many fewer zero-days at the OS level).

Firefox pros:

- avoids mononoculture (a big one).

- Maybe has fewer zero-day bugs than Chromium or the older Iridium (at the user and application level only).

- will probably have OBSD pledge/unveil support in the next OBSD release or sooner.

- Does not send metrics (or other tracking) to Google in the current version (true? I actually don't know, I might have read some accusation that I didn't investigate)? (Does not apply when comparing to Iridium, but that seems to lag Chromium bugfixes by some months.)

I plan to think about weighting these for myself. Corrections welcome on whatever I have missed or forgotten. Thanks much for the discussion.


I see a problem, though I have no alternative to offer, with the current model of organizations.

It seems you are either for-profit, and then you have no ethics and do everything you can to centralize the world around you with no concern for users or their benefits. Or you're a not-for-profit foundation or the Internet Archive, where you do good things but are destined to be "poor".

Are there are any "shades" between those two organization models?


If you don't plan to be poor, then you need many paying customers.

For a browser, the customers could be either end users, corporations with many end users, or marketers who want to sell to the end users.

The latter case is Chrome, which works through a long chain of Google services.

The corporate case used to be IE, geared towards deep windows integration.

The case of the paying end users used to be the original Netscape. It did not work well for a number of reasons. Paying for a product when free-as-beer alternatives are available takes understanding, which is sorely lacking outside some segments of tech circles.

I personally buy Mozilla a figurative pizza by a yearly donation. I do it because I understand their importance and feel grateful for their products. If more people did that it would help, but most people who are to benefit from Mozilla's efforts are not technical.


> Or you're a not-for-profit foundation or the Internet Archive, where you do good things but are destined to be "poor".

Not necessarily. Wikipedia is actually pretty damn rich with a large war chest.[1]

[1] https://en.wikipedia.org/wiki/Wikipedia:Fundraising_statisti...


Wikipedia is the single greatest website on the Internet. That's what it takes for donations to keep you afloat. $100MM revenue? Google makes that in a day.

That aside, it's not entirely clear that Wikipedia can live off donations forever.[0]

[0] https://en.wikipedia.org/wiki/User:Guy_Macon/Wikipedia_has_C...


The article you link to points out that only a small part of what Wikipedia spends is directly used to keep the website up. Spending in 2008 was less than 5% of today, and the website was just fine.


> $100MM revenue? Google makes that in a day.

Almost as if one of them wants to squeeze out every penny they can, while the other one is... I don't know, a non-profit that wants to make something good for the world?

What amount of money do you expect a non-profit to make in a year in order for you to consider it as a successful non-profit?


Interestingly I was thinking about that article when I posted my comment. One takeaway is that Wikipedia shouldn't even be spending as much as they are.


Profit or non-profit doesn't really have anything to do with it. The issue is market power. Chrome has 70-80% market share according to this article. That's monopoly levels of market power and it's maintained through Android, which also has 80% market share.

It's up to regulators to restore some semblance of balance to the market. If the browser market were less concentrated and there was more equal distribution, it wouldn't really matter whether you were a non-profit or not. In fact the web would be better off with competing interests jockeying over each other.


There are many legal constructs that provide shades of gray. Mozilla itself is such an example, it's a for-profit corporation owned by a non-profit.

Additional examples: https://en.wikipedia.org/wiki/Public-benefit_corporation https://en.wikipedia.org/wiki/Social_purpose_corporation


this -- but, the categories lack detail.. a real systems diagram would quickly show a hundred influences and variables affecting both models. Without enumerating and advocating the position, rather skip to the important results .. there must be ENFORCEMENT on the Corporate, and SUSTINANCE for the not-for-Profit, to hope for any balanced future.


Co-ops.


[flagged]


You're getting downvoted, but it's true: the most conventional path for corporations to make money at large scales is to privatize profit while socializing externalities. This has been true for at least a half millenium and continues to be true today.


FWIW, it's got 2 points. It seems bizarre to me that that comment got flagged. Maybe the mention of religion?


> What about Elon Musk? He's making money, and arguably do good by humanity overall, eh?

I wonder what will happen when Musk would have to choose between money and the benefit of humanity.


It depends on his values and metaphysics.

In the Gita, Krishna says, "He who works for the fruits of his labor is a miser."


Firefox’s Fight for the Future of the Web, severely cramped by their complete economic dependency on Google and their inability to allocate their funds intelligently


But they get shouted down whenever they try to monetise independently, can't have it both ways.

Either more users start donating $5-10 a month (seems worth it to me given the time I spend with their product) or they take the Google money and deal with the conflict of interest best they can.

A Shuttelworth style billionaire benefactor would work as well, but I doubt one will come from the tech community as Firefox is working against the anti-privacy data collection model that made them (or their friends) rich.


This. Bear in mind that Mozilla is experimenting with different monetisation models, be it subs, donations, relying on Google for search as well as partnerships with companies such as Scroll (publisher content monetisation platforms).

Also, if you follow the discourse on anything published by Mozilla in the past 2-3 years—there's been a shift when it comes to how they speak about Googe. It's a marketing move, of course, but I think it's also a sign of the direction they are following.

I believe something will change here, for better, in the next couple of years. I'd sign for a Mozilla subscription if it included services such as better VPN, supporting those who cannot afford to pay directly, but pay with they data instead.

The move towards paid vs. non-paid services creates a risk that we'd end up with two types of internet users, with privacy being the currency of those who cannot afford an expensive mobile phone or a browser not trying to sell you things whether you want it or not.

The history of Guardian (in the past 5 years or so) shows that people are happy to pay for a valuable service just to allow the others to have access to it. Maybe I'm just being overly optimistic here, but I shudder every time I think about the alternatives.


The Guardian has gone downhill in the last few years, just like the rest of UK mainstream news reporting. They have rolled over to do whatever the Government wants not reporting - take Assange for example.

Their coverage is practically non-existent.

I used to buy The Guardian every day, then I subscribed digitally. And then when their reporting slid downhill, I stopped subscribing. I still read it - but block their data scraping scripts and all ads. They are not worth supporting IMO.


The more likely explanation is that people got tired of Assange's story and so the articles didn't get the clicks to justify covering them any more. The Guardian can get more clicks with a steady drip of vegan opinion pieces, stories laughing at Tories and the dreadfulness of brexit so that's what they'll do.

Same as the Telegraph will feed its readers "the glory of Boris", "forwards unto brexit" and "Good lord look what Corbyn said today, he's a dreadful little man isn't he?"

News organisations are slaves to their audiences and will just produce what their audiences want.


Pretty much. Click metrics like this might become the death of journalism. I used to read a lot of news but have stopped due to how every news paper became more and more about click bait and about appealing to the audience. Sure, I presume I too clicked on more news until I one day stopped reading entirely.


That's not a likely explanation when it comes to Assange. The Guardian has been terrible, and even its previous star reporter Glenn Greenwald (who won them a Pulitzer on the Snowden reporting) has been extremely critical. See for example https://theintercept.com/2019/01/02/five-weeks-after-the-gua...

Brought up again earlier this month: https://twitter.com/ggreenwald/status/1191681248453943296

That piece of fake news from the Guardian has been shared more than 25,000 times on Facebook.

I don't agree that honest reporting on Assange simply won't get clicks. But sensational fake news certainly does.


What makes you so sure it's fake news?

No-one really knows for sure whether or not that meeting took place.


Someone else said it already some time ago, but if Mozilla had just put the money they get from Google into a fund, they'd be able to develop browsers till the end of time. But they try to "innovate" and "re-invent the web" with WASM and also other completely unrelated ventures such as Rust, as nice as it may be (Rust not WASM that is).

Another aspect of the Mozilla Foundation is that they're basically acting as a fig leaf for the monopolist web Google has created in this decade, with Google financing them to prevent anti-trust investigations, and Mozilla also playing along with Google-financed WHATWG to white-wash "web standards" and prevent real and obvious innovations such as third-party script blocking, serving only Google's interests.

FF indeed does work against anti-privacy, and I'm applauding them for that, but OTOH FF also enables ad blockers. I've used uBlock just like most of you here, but ad blocking is also a factor turning the web into a privacy minefield. Eg. if you're indiscriminately block all ads whether targetted or not, there is no possible way to finance web content production; yet people also don't want to pay for content. So what people get is polarizing click-bait, propaganda, and low-quality content while content creators (other than some high-profile YouTubers maybe) can't earn a living.

We really should stop with "fighting for the future of the web" articles when the reality is that the web locks people into addictive behaviour, fake social interaction, and crap web frontends for oligopolist cloud-hosted services (completely antithetical to personal computing and site autonomy principles), and results into cultural loss due to the expectation that everything must always be available for free, all the time, a model only creating monopolies.


> Eg. if you're indiscriminately block all ads whether targetted or not

If the ad industry got together to design the most benign ad technology they can come up with (isolate from host site, no cookies, no js, no video, enforced by iframe security directives) then perhaps adblocking extensions could add an exception for this kind of ad, based on technological criteria, not a manually managed whitelist.

But such a thing does not exist and ads are so intransparent and deeply integrated into pages that one cannot tell, thus blunt hammers need to be applied until no ad is left standing.


Muy this. I wish I could upvote this comment twice.

I just want to add, part of the problem is that it now takes millions of dollars to make/maintain a web browser.

Oh, and also, how relevant is the "future of the web" in a world where 1/3 of humanity thinks Facebook is the web?


The reason that they get shouted down is because every time they have tried to make money in other ways it has been done in shady ways. Like giving away the browsing data of their German users to Cliqz (would probably have been illegal post-GDPR) or running guerilla marketing for Mr Robot in Shield Studies (which reduces the trust from people who enabled Shield to help Mozilla with studies).

Almost nobody complains about the them taking money from Yahoo and Google for higher placement in the search engine list. And if their other revenue streams had been as transparent I think people had been fine.


You can't call yourself a champion of privacy and then sell the browsing history of your users to a marketing company. It simply doesn't work that way.


What do you suggest Mozilla do instead?

Mozilla don't just fund the development of their own products they also fund research [1] and other projects [2].

[1] https://research.mozilla.org/research-grants/ [2] https://www.mozilla.org/en-US/grants/

In a perfect world Mozilla would be funded by donations. I donate to Mozilla but it's a pittance compared to what they get from Google.


I wouldn't suggest an alternative funding model as much as guess what will it be maybe a year or two from now. Key quote from the article:

> Mozilla has launched Monitor, a data-breach reporting service; Lockwise, a password manager; and Send, a privacy-focused alternative to services such as WeSendit. It’s also beta-testing a VPN (virtual private network) service, which it hopes to market to privacy-conscious users.

Once these web apps mature a bit, I expect to see them in a free tier + a premium behind the subscription (with the core browser of course remaining free). My hunch tells me that's why you'll see this front-and-centered if you open mozilla.org:

> Firefox is more than a browser. Meet our family of privacy-first products


I guess they can also add a messenger, news client, a calendar, and an address book and call it Firefox Communicator....


As long as it starts in less than 2 minutes and don't push Windows machine into trashing, why not?


I wouldn't mind switching to Mozilla VPN.


All of the non-research grants were in 2006-2013. Has Mozilla stopped this policy of semi-random funding of external projects?

Some of these grants surprised me. For example, $270,000 for the translation and accessibility of the USA presidential election of 2012.


Just imagine not being from the US, donating to Mozilla so they improve Firefox, and they instead spend the money on translating the USA presidential election.


Right now my parent is getting downvoted but I think that there's a great truth in this comment:

A lack of focus generally hurts an organizations legitimacy in the eyes of it's donors.

Increasing the quality of a countries national elections isn't a goal I'd immediately assume to be part of Mozillas mission, so I'd be disappointed about such a project.

They could go the more transparent route and create a second organization for funding things their management likes.

... but I assume that such an organization would probably have some funding problems.


I've heard that you can't even donate any money for Firefox. All donated money are going to other projects.


AFAIK there does not seem to be a way to donate to rust development for the same reasons.

Maybe Mozilla should allow donors to specify the project they'd like to contribute to?

That would give them additional feedback on how the community evaluates their programmatic direction.


Sort of similar reasons; while this is true, it’s also that we aren’t sure how we’d allocate that money if we got it. Discussions about a possible foundation for Rust are ongoing, and these kinds of questions are a big part of why that hasn’t happened yet.


Part of the reason for that, I think, is that Firefox development is done by the Corporation, rather than the Foundation. The Corporation's can have far bigger income streams (i.e. the search engine deal), so it makes sense to make that responsible for the development of Firefox - even though that means you cannot donate to it.


[flagged]


Just to be clear:

I didn't want to imply anything political and the given example of improving elections isn't really a left- or right wing thing.

It's just hard for donors to understand how such a project might relate to the Mozilla brand.

Just to give a (hopefully) completely nonpolitical example:

If they would start to collect art with donor money it would arguably delute their brand in a comparable manner.


Yes, this is the reason I would never donate to Mozilla. They do way too many unrelated things. I only donate to smaller more targeted projects.


Do you mean their MOSS grants? They gave $50,000 to Godot this year.

https://godotengine.org/article/godot-engine-awarded-50000-m...


> What do you suggest Mozilla do instead?

Mozilla should sell two products:

1) Storage a la iCloud

2) Payment processing a la Paypal

And for marketing purposes they should get into discovery of free/open web services, a la old school Yahoo.

As a web site builder, I don't want to have to manage credit cards. As a user, I don't want to have to trust random web sites with my credit card info. I also don't want to be redirected to Paypal, I just want a secure wallet that can be used on web sites with a drop in <paymentframe recipient="foo@bar.com" usd="8999" description="BonsaiThing Pro 1 year subscription" /> or similar.

As a web user, I want to be able to store my photos, downloads, music, documents, etc conveniently in a little cloud-synced folder. I want to be able to quickly give fine-grained access to different web apps to different parts of that space. Photo app wants to access my photos? Great. Github wants to access my repos? Fine. Photo app wants to access my repos? No.

And the discovery thing... There's a ton of free software out there. Mozilla basically has shut the door behind it. "Thanks for the install. Good luck finding other Free tools to use with it." They should be building a directory of other free software that can be used with Firefox. I should be able to use my Mozilla account to post reviews, to discuss new apps that are voted up, etc. That will allow enthusiasts to start engaging socially with the brand in a way that Mozilla (not Twitter or Apple or Facebook) can control the identities.

From there maybe there is some social identity service, but if it's just a way to engage the community—great. Like Hacker News is to YCombinator, Mozilla should provide a place for us to discuss and share web services.

If they want to get into search, that's great. Write a new shitty open source search engine that any web site can federate with. Use Google for now, but use that money to dig us out of the hole Google put us in.


I think storage is probably too costly to implement

But they can readily "become a PayPal" by bundling a digital ethereum wallet like metamask in the browser by default. Even if it's limited to max $50 / month, it could revolutionize the way we consume web content. And it also acts as an anonymous digital identity. Both ethereum and firefox enjoy trust by the community, that helps. But, we re more likely to see these from another browser like brave.


Could you explain a bit more? Why are you confident either would be profitable?

1) would be competing with google drive, onedrive and icloud, which are all funded by very big pockets and have other revenue sources. Furthermore, even dropbox has trouble competing with this.

2) Again competition by paypal, apple pay, google pay, ... . Also, banking business is quite far removed from what they are doing and hard to do while being a non-profit.


In both cases they’d have to bet on growing the Free Software pie. It would be the beginning of transitioning the company to trying to support the Open Web as an institution, supporting open source webservice developers on an equal tier with open source browser users.

No idea if that pie can realistically grown. But unlike their current strategy, it would be in line with their mission statement.


i like the gist of both of your ideas but i'm not sure they are feasible for firefox, since both are expensive services (in different ways) that are a bit outside the competency and mission of firefox.

i could see firefox providing hooks for 3rd parties to make those services easier to integrate however (and maybe charging a fee, e.g., to certify the 3rd party). that would fall squarely in their wheelhouse.


That’s the point though, to take on something with real cost (and real value), occupy the Open Source segment of that market, and then grow that segment.

Netscape was trying way back when. Mozilla probably has some PTSD from those days so I don’t have high hopes.

Someone else will eventually come in and be Mozilla on the services side. Might as well be Mozilla.


Integrate metamask by default in firefox before facebook pays them to integrate libra.


Integrating chunks of chromium code into gecko should massively reduce their maintenance costs. E.g spidermonkey is sub-par to v8 since so many years. If mozilla invested the money it invest into spidermonkey, into v8, the web would be faster for everyone. Should I repeat? The web would be faster for everyone. Nodejs servers too and also electron apps. We would also get new js features, faster. But mozilla doesn't seems to get the point of open source. They have a reinventing the wheel cognitive disease that is going to stay.


I, for one, am happy that there are multiple competing JavaScript engines. And that’s coming from someone who put in work to improve one you haven’t mentioned.


We don't need JS to get 2% more faster, the limits of those speed improvements were reached, web assembly combined with a compiled language could offer more speed.

I would like to see Firefox move faster in implementing good web APIs, like the lazy loading of images, push for HTML and CSS improvements(like let me customize the numeric text input arrows with css instead of forcing me to use a JS library) .

Maybe the Rust rewrite will make Firefox better achitected so you could have a node version based on Mozilla technologies or you could easily use the web assembly VM in your application without having to load the full Chrome code.


Wasn’t Netscape the case study of why you shouldn’t do a full rewrite?


AFAIK Firefox is not doing a full rewrite but incremental refactoring then attempting to swap components.

The unfortunate truth is that writing a browser is almost impossible because of the complexity, IMO we need a new version of the web that breaks compatibility, make everything strict(no longer ignore errors and guess a fix for them) no more 12 ways to center an element , for the legacy web we can use the existing engines


Write websites with Wasm, render UI with WebGL or something similar. Implement JavaScript as a compiler to Wasm (which runs on Wasmitself), implement HTML+CSS renderer as a library which runs on Wasm as well. So basically your browser need to implement Wasm and WebGL which sounds reasonable task. Well, that's simplification, of course, it need to implement some HTTP API like XMLHttpRequest, local storage API and so on, but it's manageable.

Here's an example of website written with Rust and rendering all UI to canvas: https://makepad.github.io/makepad/ it works right now and it's very fast and smooth.

IMO tech for next generation web apps is already here and it's great.


Implementing an html rendered that is compatible with all the css rules and it also implements all the extra workarounds that the current browser implement ( like handling illegal markup is not trivial) markup . I mean think about it, you hit invalid html markup and what do you do? You need to continue but now you need to check what Firefox or Chrome do for each case (missing end tags , P inside span, weird nesting of elements ) I would not want to implement a browser that is compatible with the current garbage.

There was also an article earlier this month or previous month from a Firefox developer about font/text rendering, in case you missed it rendering text in a way that works with all writing system is super hard.


Just compile Firefox or Chromium to Wasm and provide necessary adapters.

Well, I'm joking, of course, it's not that simple. But it should be possible in the end.


The point was to reimplement a browser. Imagine you want to make an ebook reader,this device needs not to eat too much batteries so you want to implement a basic css and html renderer not to re-skin Chrome.

Some ebook publishing platforms will perform checks and reject your epub(mobi or similar format) if is not respecting some strict rules, this makes it a pain if you have random html that works on web but you want to package it as epub because now you need to find all the bugs(or similar stupid DOM elements) and fix them as best you can.


Which is a lesson they learnt well. So they’re treating Servo as a research project, chunking it into libraries, and retrofitting those libraries into the Firefox mainline.


The point of opensource is to follow along with the leader?


It is to make synergies through code sharing. Let's fork the Linux kernel into a redundant implementation and take half kernel developers in order to slow down progress by a factor of two.


That's a bad comparison.

They're not forks. Firefox's is a separate implementation. The equivalent would be asking BSD to merge with Linux.


I suggest you take a look at Blink’s history ;)


The idea that Google would cut off Mozilla to advance Chrome seems to me at least rooted in a deep misunderstanding of how Google makes money.

Something like 75% or more of their revenue comes from AdWords - ads run against search. This is one of the most attractive streams for advertisers ever built. You have a prospect ready to buy (often) who is literally telling you in written software processable words what they want.

AdWords dwarfs all of Facebook in revenue, for context. It is the very foundation of Google. In a way, everything else they do is either support for AdWords or a side project.

The money they give to Firefox is not charity. It is to feed this cash cow. They have a similar arrangement with Apple for iPhone default search engine in mobile Safari. I would argue it is far far more valuable for Google to support Firefox in order to ensure search dominance than to waste that money to advance Chrome. Chrome exists to support AdWords not the other way around.


That money means that Firefox and Safari won't ship ad blocking by default because as soon as they do it, their users are worthless to Google, and Google will stop paying. It also means that their tracking prevention doesn't affect usage of first party cookies on other sites, increasing Google's and Facebook's advertising dominance.


Blocking AdWords — sponsored search results — is very different from blocking display ads. I would be surprised if most users found that sort of blocking desirable in the first place. Some might, and I would not be surprised if it were an option, but also very surprised if proportion of Firefox users blocking AdWords ever approached even 50%. Anyone who doesn’t block is still valuable to Google.


I'd like to point out that it's still not possible to support the Firefox browser with donations directly, in a crowdsourcing fashion. Donations to Mozilla Foundation don't go to Firefox which is supported only by search/sponsorship payouts from large corporations.


Part of the problem is that the web has become so complicated that making a new web browser requires such resources.

Imagine a world where two or three people working for a couple of months could come up with a new browser?


Mozilla is right to fight for a brighter future of the web!

First Internet was started as academic network with little to no advertisements. Then came the adtech model, personal data are sold for profit. News Papers does not fully get funded and totally free when they are founded by ads.

Thus we should fight to keep an open democratic internet where quality journalism gets paid by end users not ads.

I thinks its important with an free open Internet for our democracy to work.

We have to somehow get away from adtech and attentiontech towards a user funded internet. Attentiontech is were personal attention span is what corporations fight to keep. We should have content which is good for end users.


I don't understand what subscriptions vs adverts has to do with being more or less democratic.

I also don't understand how subscriptions are compatible with privacy.

There is currently no widely used facility for making anonymous electronic payments. If there was, then governments (including democratic ones) would crack down on it hard.

Journalism has always been funded through advertising.


Mozilla really has a big challenge. It is hard to compete with such powerful companies, creating a sustainable business with their mission without succumbing to ads or stopping to protect user privacy. It looks like an unfair game.

I like the Brave business model. I wish to have the same with Firefox.


Too bad they built Brave on Chromium instead of Firefox. Which of course given that the company is run by Mozilla co-founder Brendan Eich is a bit of a shame.

Firefox is showing that they are more than technically competent to keep up with Chromium and deliver great performance and functionality. With the work they are doing rewriting Firefox component by component in Rust, Google will have their work cut out keeping up in terms of performance using their C++ implementation. Competition is good.


It’s very easy to build a new browser on top of Chromium/Blink, which is why there are hundreds of Chromium-based browsers out there. In contrast, building on top of Firefox/Gecko, pretty damn hard. Even Firefox devs have admitted this.

All too often I hear sentiments like “too bad they built... on Chromium instead of Firefox”, as if it’s a moral choice. It’s not. It’s an informed technical choice. If you want to change that, you should contribute to Firefox instead of blaming other browser makers.


Somewhat relevant: Mozilla has been working for a while on a project that does supposedly make it relatively easy to build a browser on Android based on their engines: https://github.com/mozilla-mobile/android-components/


This is one aspect that is not often talked about.

If Gecko was easier to build on top of, it would get more adoption in other markets and promote the variety of engines that we sorely need. Mozilla doesn't only win by getting more Firefox market share.

Also not everything is lost. Chromium has a bunch of weird and custom build tooling that also makes it a pain to build on top. Anyone who has tried to package v8 can see that it's mainly catering for Chrome's needs.


>it would get more adoption in other markets and promote the variety of engines that we sorely need.

we don't need variety of engines, we need a non-pofit alternative to google that can throw a punch, which firefox is.

An engine is a technical undertaking (of enormous proportion), and there's essentially no need to have even more of them. If anything it'd just make building websites harder. The issue isn't with blink or gecko it's with Google's control over the browser space. If Firefox was built on blink and had 50% market share I'd be happier than having a hundred engines with 2%.


Strongly disagree with this. When you build on top of Blink you put yourself at Google's mercy: every Chromium knockoff from Opera to Brave or what have you now has to make a critical choice about whether to update their core to the new version that implements Manifest v3, or to keep their base on an insecure outdated version indefinitely.


> With the work they are doing rewriting Firefox component by component in Rust, Google will have their work cut out keeping up in terms of performance using their C++ implementation.

I would expect Blink’s C++ implementation to perform comparably; wouldn’t the main benefits would be security-related?


No, it is very hard to take a complex rendering engine written in C++ and make it multithreaded, secure, and thread safe (i.e. correct).

In theory you could do this in C++ of course but in practice, both Google and Mozilla have struggled with this for many years and both have still some major bottlenecks in their browser rendering pipeline that are effectively still single threaded and can end up blocking the main thread.

This the main reason Rust was invented (by Mozilla) and they've delivered a few component rewrites that leverage e.g. multiple cores. They've been shipping this bit by bit for the last two years (since the quantum release) and they're not done yet. E.g with the latest releases they've started to ship the new web render on some hardware/os combinations.

Faster is a simplistic notion that is hard to quantify but having a more smooth loading page, with less visible stuttering, and higher frame-rates for animation is sort of the main goal here. People also care about memory usage, energy drain on laptops, etc. If you look at all of this then it used to be the case that people went from Firefox to Chrome to improve the experience and you now have people moving the other way.


Mozilla tried to parallelize their CSS engine multiple times in C++, and failed. Rust’s guarantees made it possible to do so. There was a talk about it at a Rust conference called “The Story of Stylo”; I’m on my phone or I’d link you.


Following my curiosity, I found:

The Story of Stylo: Replacing Firefox's CSS engine with Rust

https://www.youtube.com/watch?v=Y6SSTRr2mFU

Woo, 9M lines of C/C++ to 85K lines of Rust..

Author's slides: https://www.joshmatthews.net/rbr17/


No, for the style system is 160K lines of C++ down to 85K lines of Rust. Still a great win!


Those numbers sound much more realistic, ~53% reduction in code size - and you're right, it's a great testament to Rust's conciseness!


Stability also improves when you have less bugs. And you get less memory leaks, what it a big worry for browsers.

But no, I do disagree. Rust is more expressive than C++ and much easier to debug. I expect the new Gecko development to be easier and faster than Chromium, what leads to more features.


> Too bad they built Brave on Chromium instead of Firefox

Weren't the initial versions of Brave based on Firefox? I rem reading it somewhere that they later had to move to Chromium for one reason or the other.


Brendan Eich:

> No real choice on mobile. On desktop we started in 2015 w/ Gecko, did full evaluation against chromium, latter won. No benefit in going back to Gecko (Firefox faces diff tradeoff but on back foot now breaking XUL addons). WebKit lineage + Chrome market power => de facto standard.

https://twitter.com/BrendanEich/status/950209816902774785

All publicly released versions are Chromium-based.

https://www.zdnet.com/article/brave-new-browser-eich-returns...


> Firefox is showing that they are more than technically competent to keep up with Chromium and deliver great performance and functionality.

Firefox's performance on android is atrocious.


They've reinplented their browser recently. Still in preview with extensions support in development. But it's faster than Chrome in a lot of cases.

https://play.google.com/store/apps/details?id=org.mozilla.fe...


Nobody would fork Firefox today, as they are just following Google reimplementing Chromium and as a consequence always behind and catching up, just burning resources. While they could fork Chromium themselves and focus instead on features that create an advantage and attract users.


While I agree that a lot of features from Chrome appear later in Firefox, I don't think it's true for the engine.

As an example, asm.js, the technology which became Web Assembly has been invented by Mozilla folks.


Firefox seems reluctant to innovate in the web though. You need to at least push for some change in order to see it. They 've barely wet their feet with that, very reluctantly and not with enthusiasm (like with Persona).


These articles always seem to elide over the WHATWG/W3C fight. Firefox and other browser vendors chose a living, implementable HTML spec over a consensus-based standards body (with its own deep problems), and now we lament the lack of alternatives. If you let browsers create the standards and change them unchecked, the natural conclusion is to own the entire stack for yourself.


It would seem that the Brave browser and Firefox share similar goals on privacy. It’s hard to navigate the differences in their perspectives on this, why would one choose one of these browsers over the other if concerned about online tracking?


Brave stops ads from tracking you but the browser itself records your browsing behavior and allows ads to use that anonymized data to target ads to you. Their marketing always mentions the former and never mentions the latter. The goal of Brave is to build a model for web advertising that pays the user but gives Brave the lion’s share; this essentially replaces the search engines and social networks as the nexus of web advertising with a browser.


the data stays in your computer though, doesnt travel to their servers. that's very significant

I 'm not sure Brave's model will work, but at least they are giving websites more options , which is more important imho than fighting for who will have the fastest rendering engine.


Firefox has more power user features and a robust plugin system. One of my must-have features for a browser is the ability to define search engine macros for the address bar, to quickly and directly search sites like Wikipedia, Twitter, YouTube, Google Image Search, IMDB, Metacritic, RottenTomatoes, etc. It's a lot faster to type command-L t whatever - to do a search of Twitter than navigating in any other way. So far, Brave doesn't have this as a user-definable option, so Firefox is my main browser across platforms.


Chrome seems to have this - that is, you define a domain+query string and a keyword that, when typed, indicated that it should be used on that domain query. Did Brave remove that feature?


Last time I tried using it, they did not have this feature enabled in their interface. There was a popular support request ticket to fix that, so this may have changed.


Brave still contributes to a chrome monoculture, and it still shows ads, so it has a different vision of privacy.


From the standpoint of privacy itself, I’m not sure how it’s different. The browser does not transmit any browsing behavior or history to any servers anywhere, which seems consistent with anyone’s vision of privacy.

That they figured out a way to still offer advertising despite this restriction, that’s just an orthogonal feature that doesn’t affect the stance of privacy.


It needs to fight for the present of the web, because it is getting worst.


Viva la Firefox :)


Not only does Firefox have to worry about Chrome and Safari, now there’s Brave on Mac/Windows/Linux/iOS/Android.

Brave is co-founded by Brendan Eich, who co-founded Mozilla. Brave is doing all the things Firefox should have done: create a new ecosystem for a secure and private web, while Mozilla is still taking millions from Google in exchange for making Google the default search engine.

Although the invasive ads are blocked by default, users can opt-in to privacy preserving ads and get paid in Basic Attention Token, which can be used to support the over 300,000 and growing registered content creators.

On the desktop, Brave has Tor, IPFS and WebTorrent built-in—no additional plugins needed.

Yes, it’s based on Chromium, which feeds into the monoculture narrative. But there’s the irony of the guy who started Firefox using Chrome’s engine to attempt to kill Google’s surveillance capitalism system.


> Macs remain a fairly open system, although the increasing focus on the Mac app store, which Firefox isn’t on, bodes ill for the browser’s future.

Why not put FF in App Store? I'd even pay for clean, no "integrations", version.


I suspect that it's because Firefox makes extensive use of "private" Apple APIs to be able to efficiently render on the platform, and Apple doesn't allow such uses for apps distributed through the app store. Similar issues apply to electron apps: https://news.ycombinator.com/item?id=21437255


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: