Hacker News new | past | comments | ask | show | jobs | submit login
Firefox is showing the way back to a world that’s private by default (theverge.com)
854 points by doener 4 months ago | hide | past | web | favorite | 330 comments



It's been 2-3 years since I switched back to Firefox ever since I cut around 90% of Google out of my life, sadly I still can't find a good search engine where I don't spend more than 5 mins trying different keywords to get the results google gives me.

Out of all the browsers I like that Mozilla were the first to point the finger to the elephant in the room while Microsoft, Google, Opera just turned a blind eye on privacy, although I don't think anyone expects much from Google these days.

Firefox has once again became my default browser on all my devices after like 6-8 years since I last used it. I guess as far as privacy concerns goes, if you are looking for a company/browser that will continue working on protecting you from trackers by default that'd be Mozilla.

Random observations that doesn't necessarily have anything to do with the topic: Firefox for windows is perfect. I actually think it's faster on Windows than on OSX for whatever reason. Playing videos, like using Netflix or Youtube is extremely sluggish on Firefox OSX, but is fine on Windows. I always end up using Safari if I want to watch a video on a higher resolution because the performance drags a lot on Firefox, especially it Netflix's overlay UI you can literally observe it's lagging behind but not in Safari.


In the past couple of years, search has reverted to late 90s levels of result quality. Google used to get you exactly what you wanted for close to 20 years. Now you have to cross reference several search engines to find something other than terrible blogspam and obvious advertisements disguised as reviews. Search seems primed for disruption again.

I appreciate DDG's privacy focus, but their results are often crap.


This is true. These days, Google does very poorly with the tail, and may not even index a lot of sites...definitely some older sites that are still up just drop out of the index, and cannot be found even with exact phrase searches.

If there was one open source project that I'd support would be an open search, but are there any serious, well funded efforts?




Try the semantic map of https://swisscows.ch/ While usually DDG is sufficient for my uses i'm noticing falling back more and more often to the swiss cows. This map thing really helps to separate that which is of interest to you, from unrelated things. Be it the same abbreviations used across different fields, names of persons or corporations across history, ...

I'd be very happy if DDG had that, since i'm so used to it. But it doesn't.

I think https://www.qwant.com/ had something very simialar many years ago, but now it's gone, or i'm mistaking it for some other prototype/beta which had that.


> Try the semantic map of https://swisscows.ch/

Was excited to try it more after an initial impression, but this is a no-go for me:

> 1. We promote moral values.

Which of course is code word for "We promote our values". Can't believe we're in 2020 and this is part of a pitch.


I didn't even notice that! OTOH doesn't everybody promote his values in some (hidden) way? At least they say so.

For me it is there, useful, and free to use.

Take it, or leave it, so to speak :-)


They block certain results because of that, and there is no option to disable that. That's a big no to me. How do I know what results do they consider moral enough to show me?


I always use Safe Search when using Google. I've never watched porn and don't plan to start now, so I appreciate that I know my results from this site will be SFW.


They cite “family values” and have an illustration of a heteronormative family on the “morals” page. Does that mean they filter gay-related results? Gay marriage related results? Would you prefer them to filter it?

I have no idea if they do, but it’s foolish to even cause such questions and disambiguation with your brief (which you inevitably do when you do “morals”)


Thank you for the link, the mapping of sub-topics looks interesting and promising. Reminds me of HotBot circa 1995.


I feel the same. Recently I started using Reddit for finding niche topics.


Interesting that I'm not alone in this.

I was recently searching for information on how Slot Machines are programmed. I had questions about the OS that they run, the languages used to program them, information about the random number generators, etc.

There was a reddit post by someone in the industry that answered some of those questions. Unfortunately, it's quite old.

That makes me think, maybe I should write up a blog post about this as I find the answers I'm looking for. I'm certainly not an expert, but the information in search engines is lacking or I'm searching for the wrong things.


The most niche things I search for are typically career-related, so software questions. I'd guess more than 9 out of 10 queries, the result that I am looking for (i.e. the result that helps me) is on stackoverflow, github, or some apache mailing list.

A search engine just for software, that crawls a whitelisted set of platforms and provides more relevant results (github's search is very poor, for example) would be perfect. Google seems to be the "best" at this right now, so while I use DDG to search most of the time, when I'm working I end up routing most of my queries to Google.

Somewhat tangential, but the word "niche" made me think about this.


you should build this! building a search engine today is no doubt an uphill battle, but the move toward more specialized platforms feels inevitable as there gets to be more and more of the web to index, search, and discover.


site:github.com | site:stackoverflow.com keyword


I use reddit for reviews of products. There's usually some subreddit for that company or line of devices.

Hard to tell what's authenticate or not in Amazon and even blog reviews found on Google.


I wonder how much of that is technology, and how much is actually inherent to the privacy.

Google collects your data to show you ads, but it also uses that to inform its search algorithm. Exactly how it does so is deliberately opaque, but it's no surprise that it knows that you probably mean the local restaurant rather than the one in Indiana by the same name -- and even that you mean that restaurant despite having mistyped it as the name of a different restaurant.

There is assuredly more to it than that, and it's not really a surprise that it can give you better search results if it knows who you are. Whether that's worth your privacy is up to you -- though many people don't really make that choice consciously.


I tend to blame the tech (or lack of indexing-resources) since often it's not finding something I'm sure exists despite plenty of exact keywords.

To use the restaurant example, I'd be putting in the city-name explicitly.


To me, the main source of the problem is that Google (and other search engines) began returning different results for different users:

https://www.theverge.com/2018/12/4/18124718/google-search-re...

So instead of returning a canonical list of the best results for a given subject, they use the copout that people want to see different things. IMHO this has led to problems like politicizing science to cover "both sides" when there is actually consensus. It's institutionalized ignorance.

I agree that search is primed for disruption though. The endgame for search is an artificial general intelligence (AGI) that acts as an oracle to answer any question put to it better than any human. Search is just a query over a very large search space, and is the basis for rational thought (or at least human memory). What we have today is more like a library of books where the user is forced to learn the categorization system and perform the librarian's job manually much of the time.


I've always thought that google had a conflicting business model - on the one hand search brings people in, but on the other it competes with ads. The better the search, the less useful the ads. Given this, google might be indirectly incentivized to only have search good enough to be better than competition, but not the best. Not saying they're actively doing that, but seems like something.


Try to use https://yandex.com/ (Russia) or https://beta.cliqz.com/ (Germany), results are much better than DDG.


Using Yandex for privacy reasons is quite possibly best joke I've ever heard.


Recommending Cliqz that is owned by Hubert Burda, a global media conglomerate which couldn’t care less about your privacy, and where every player is sorely focused on getting a bite of Google’s cake, is also hypocrisy.


I mostly agree, although I think that isn't totally clear yet. I only mentioned Yandex because they're the most egregious example. They are significantly worse than Google in user privacy and general evilness, which I don't think you can clearly say about Cliqz, if only because they haven't mattered enough to have the chance to abuse real users.


> In the past couple of years, search has reverted to late 90s levels of result quality.

The problem is that despite google doing that (I wouldn't be as hard as you, but there was definitely a decrease in quality), they're still SO far ahead of everyone else ...

Just goes to show exactly how far ahead of the competition they were all that time.


Bad DDG results are a myth at this point. It was true a couple of years ago. But they’ve improved a lot and last few months I rarely use google as a fallback.


I've also seen DDG improve over the years but there are still cases where I can't find some obvious things I'm looking for. Unfortunately I can't provide an example. Sorry.

In that case I fallback to Google which is usually helpful even though I have the feeling that it's getting less good.

In the end, my default search engine is becoming Wikipedia... (Mostly kidding, of course, even though I rely to Wikipedia for an increasing number of searches.)


It also sometimes "corrects" queries, forcing one to click to rerun the original query as intended. This very infuriating.


If you put the term in quotes, it disables the correcting of your term.

IMO, correction is a feature. I'm more likely to typo a search term (especially on mobile) than to actually be looking for something with a deliberate mispelling or strange set of letters/numbers.


I switched to DuckDuckgo a few months ago, and never looked back. The results used to be far inferior to Google's - but they seem to have caught up recently. If you haven't tried them out within the last couple of months, I strongly recommend that you give them a chance.


I switched to DuckDuckGo, made it maybe two weeks, and finally gave up and switched back to Google. Their search results are still vastly inferior to Google.


I'm still struggling. Out of principle I've set my default search engines (desktop/mobile) to DDG, but all too often I'm using the '!g' tag to get back to Google. Especially with programming-related queries I just don't get close to what I want in DDG. Google always seems to have the right information the first time. It's unfortunate, because I keep trying to use DDG as much as possible, but the quality just isn't there for me.


It may depend on your particular field of search. I have been using DDG for quite some time and pretty often I need to use !g due to the low quality of the results on DDG only to realize I'm presented with equally bad results from Google. It's possible that for my regular searches DDG is good enough, and the more targeted ones are just too difficult.


Somebody here taught me the !s bang. That sends you to startpage.com. startpage uses google's index but they don't store your data.


>they don't store your data

This might have changed because they've been bought by an ad company


Startpage was acquired by targeted ad company System1 in December 2018 (but neither company announced the acquisition until November 2019, for some reason).

https://restoreprivacy.com/startpage-system1-privacy-one-gro...


All true points, but I'd rather risk being tracked by a company that would be completely cratered even more than they've already been by being bought by Privacy One than just go straight to the devil himself, so I use the !s and just mentally treat it as if its a slightly better form of !g rather than before where startpage was all the benefits of Google search without most of the drawbacks.


Hi - Startpage person here. Just FYI: We don’t collect or share your personal information. The Startpage founders continue to run the company as before and they have control over the privacy components of Startpage. With this investment, we hope to further expand our privacy features & reach new users. You may have already seen some of these new initiatives taking place. 1) Unfiltered News Tab launched in November: https://www.startpage.com/blog/product-updates/launching-unp... 2) Privacy Please! Newsletter launched in last month: https://startpage.com/blog/company-updates/welcome-privacy-p... 3) We're pushing out more info via our blog & social than before, giving greater insight into: How we make money - https://startpage.com/blog/privacy-awareness/advertising-res... How we keep your search private - https://www.startpage.com/blog/privacy-awareness/how-does-st...


Can you give an example search that doesn't work for you?


I'm teaching Kleene's Recursion Theorem. This morning I tried "exercises for recursion theorem" in both. DDG's first page results were not useful, Google's were.



"ED survivor" is a tricky term to search for. Is "ed" an acronym or the name Ed? But still the first result gives you an instagram link about eating disorders and body dysphoria. Since you were trying to figure out what this term meant, I'm assuming you could figure this out from context.

I'll give you that the results aren't great[0] and that Google's results were __MUCH__ better here, but it did get you to the answer you wanted with the first link. Maybe we search different, but at least in my experience I don't frequently have results like this. Rarely do I reach for "!g" and usually when I do the searches are so niche that Google struggles too.

[0] https://imgur.com/a/HvFTGT1


Excuse me? I didn't get an answer in the first link; there wasn't something pointing me towards the answer in any of the results on the first result page.

Incidentally, nowadays I'm using DDG much more than back then. I don't know whether the search results improved or whether I calibrated myself so that I know better how to phrase my searches. I'm still using many !g, but only maybe half of the time.


No? I don't have a list handy, and I’m not the QA department for DDG. The point is - and yes, this is somewhat subjective - I found the quality of the results inferior to Google, and grudgingly switched back after a few weeks of disappointment.


You're certainly not alone, but I've had such a wildly different experience. I switched to duckduckgo primarily because I preferred the search results. The privacy aspect was just a bonus.

The only time I ever find myself using the !g escape hatch is when I'm searching something brand new (e.g. a breaking news story). Duckduckgo has a recency filter but it seems to take them a few days to ingest the content.


Same here. I'm still using duckduckgo on my private devices (phone and home laptop), at work I'm using google. I suppose the reason this works for me is at work I need GOOD results, thus google search there. At home I just need a search now and again, so duckduckgo is good enough for this.

So, my private life stays my private life with duckduckgo. And at work — I don't really care what google does to my "js shortest path algorithm"-kind-of results history.


Same. I'm about 70% DDG and 30% Google right now. Honestly, with "!g", I'm okay with it. Even though I don't get 100% privacy, its better than 0% privacy.


I switched to DuckDuckGo a number of years ago and while yes, their results have become better there are times in my line of work where I've had to use !g search item as Google still seems have to have the best results sometimes.

Granted this is maybe once or twice in 3 - 4 months I end up using !g prefix.


Another helpful thing that can be done with Firefox is to add google.com to a container. One of the things google does that I really dislike is personalized search. Having a container specified for it lets me use the browser more naturally without having to open a private session.


You can also configure firefox to never leave private mode—I can’t endorse this enough.


Do you know if there's a way to get it to work with containers? Often, I'll use a container to remain logged in to a site and white list its cookies. It'd be good if non-container pages were in private mode by default.


Have been using Ecosia and I have to do a `g` search pretty much daily. Though the use Bing underneath, so maybe it's worth giving DuckDuckGo a try


> I still can't find a good search engine where I don't spend more than 5 mins trying different keywords to get the results google gives me.

I always hear this but myself have never had problems with DDG. I'm curious what you search for.(am I the odd one?) Image search is TERRIBLE, but web search I have no issues with. I actually like how DDG works with programming questions, how it gives the SO result on the side.

Whenever I try Google I never end up getting better results. But that may be because I've been off them for years and so they can't provide any advantage.


It's.... a bit hard to define my current workspace. I do software development but a lot of that development is on legacy applications using some obscure API, perhaps a super old version of a known open source project that nobody uses anymore, or simply dealing with an application written two decades ago in C and I have to know specific things.... and I'd have to say searching on Google is just handy when it comes to this.

It's not easy to describe I guess. For my normal "John Doe" usage I have no problems using DDG. But when it comes to work where I need to narrow it down the best I can I guess Google will always come to the rescue (but not always, haha.... nothing like dealing with undocumented libraries).

I wish it was just language-specific behaviors at least I know there's always plenty to search on but... it's a little bit of everything.


I find image search on Google to be terrible due to whatever it is that Pinterest is doing. It is awful trying to find something and repeatedly stumbling into their crapfest.


Thats why I do my searches with -pinterest.com in the search.


big fat disclaimer: I'm about to start working at a competitor to DDG

However I've found that DDG has a really hard time when you have minor typos in your query, or when it includes really common words

When I type in semi-remembered song lyrics into Google, I'm usually able to find the song. I haven't had the same luck with DDG (one example of semi-remembered lyrics I tried to look up was "streetlight reflect piss streets". DDG doesn't give anything useful. If you add the word "lyrics" to the query, it gives you a list of maybe a dozen songs about lights and even some songs about urine, but not the one I was looking for. Even without adding the word lyrics, Google's first result is an infobox saying "Fat Cats, Bigga Fish|Song by The Coup", with the full lyrics and some links to listen to it.

I also had a hard time trying to look up info on DDG regarding Google employee benefits. Maybe that's intentional :)

At one point, the top search result for "Google vision plan" was a link to google.fr/maps (DDG actually gives some useful results now, but it didn't when I looked previously)

Another interesting query to compare for me was "subaru outback gate OR garage opener"

DDG just gives links to Lowes, Home Depot, Walmart, and other places to buy garage door/gate openers. The first Google result is a video for how to teach a Subaru Outback how to open a gate/garage (which is what I actually wanted). Maybe I'm just used to the level of vagueness that lets Google give me useful results, which isn't explicit enough for DDG?


I've been using DDG as main search engine for 3 years, results for my queries are usually on par with Google in private mode, but if you're looking for results in any other language than English or non-tech stuff it falls behind big G


That's actually my only beef with DDG.

Searches in German (and probably other languages than English too) are pretty fucking horrible.

But on English searches it's my preferred search engine. It's definitely good enough in 98% of all cases and there's always !g if everything else breaks.

So I definitely accept the language limitation. Especially since I know what to expect. The privacy focus more than balances this out.


What I do is to use multiple search engines and specialize my searches.

I use "smart keywords" [1], which work similarly to DuckDuckGo's !bangs [2] and most of the time I noticed that I know what the source I want is — if I want a Wikipedia article, I search with "@w" in front, if I'm searching for a dictionary definition, I search with a "@define", if I want to search for a location I search with "@maps", if I want a StackOverflow answer I search with "@so", etc, etc.

I have bookmarks for such search engines, neatly being synchronized between my Firefox instances (works on mobile too) and I got quite used to them. I prefer my own bookmarks, b/c I can always add custom stuff and b/c I don't want an extra round trip to DDG anyway.

Also DuckDuckGo is fine for English results, I often find that searches yielding bad results on DDG will often lead bad results on Google too. When not finding what I'm looking for, sometimes I search on Google too ("@g"), in order to double check. But you won't catch me searching for very personal stuff on Google — e.g. I'll never search for health advice on Google and even if DDG's results are bad, it's either that versus nothing at all.

I'm also not super strict — we do use Gmail and Google Docs at work and that's fine, but I do prefer native clients for Gmail too and I prefer text files in my Dropbox for my own notes. I also pay for YouTube Premium, because otherwise my son is getting exposed to ads, plus I watch YouTube anyway and I'd rather have the ads-free experience on every device I own.

[1] https://support.mozilla.org/kb/Smart%20keywords

[2]: https://duckduckgo.com/bang


> I still can't find a good search engine where I don't spend more than 5 mins trying different keywords to get the results google gives me.


Right and the TL;DR of my reply is — if I spend 5 mins on DDG or other websites, then I would have spent 5 mins on Google too, because in my experience Google's search results have degraded too — due to spam, plus I noticed the results further degrading after I toggled off the search history in my profile, but that's another discussion.


I find some programming related things hard to find in DDG. Most recently anything related to Deno. I've found some other esoteric corners of programming that are only surfaced with Google.


If I want to search Wikipedia, I just directly search Wikipedia. I have a browser search bar shortcut “w ” for exactly that. So I type “w firefox” and it takes me to https://en.wikipedia.org/wiki/Firefox directly. Similarly for many other sites I use regularly.

Really there’s no point in asking a middle man to do that for you, whether they claim to track you or not.


On the contrary, my experience is that I prefer the Google results even when I want to search in a site that has an internal search engine, such as Wikipedia, StackOverflow and Reddit. Both the formatting and the quality of the results are better in Google.


I was responding to the DDG bangs (e.g. @w) usage. A custom search shortcut is strictly better by achieving the same effect without a middle man.

When I actually need to search Wikipedia, Reddit etc. I do use Google. I only use shortcuts when I know they will take me directly to relevant result(s), e.g. with many Wikipedia pages for well-known subjects.


> Also DuckDuckGo is fine for English results

German as well with the toggle to search German sites.


Which is very helpful because with Google, in spite of some available settings, it's impossible to know what kind of custom/localized results being served.

In DDG, I turn it on (mine is Germany toggle as well) for finding restaurants and local support sites, and turn it off when I search anything programming related. Works well so far. I used the infamous "!g" rarely in the last few months.


I've found Startpage ( https://startpage.com ) to be a good compromise -- it delivers Google search results but proxies it through their servers for privacy / less-Google-tracking.

Another handy thing is that Duckduckgo has a flag for it so you can search DDG first then just add '!s ' in front of your search terms to have the search done in Startpage instead.

Also useful thing for iPhone is to set the default search engine for Safari to DDG instead of Google -- I can just type '!s' before my search terms to get Google results without the tracking.


You should know that Startpage has been acquired by an advertising company: https://restoreprivacy.com/startpage-system1-privacy-one-gro...


Search is a privacy vulnerability anyhow; the better it is the more information about yourself you must have surrendered.

Before good search was available the use of bookmarks and bookmark sharing was far more widespread, and discovering new content was somewhat of a social experience.


SearX works very well, as good as Google, according to this comparison (which is the reason I went from DDG go SearX).

[1] https://libretechtips.gitlab.io/detailed-tests-of-search-eng...


But which instance? You have to trust the hoster of the instance, but there seems to be little info on that...


Great point. The SearX documentation addresses your concern here [1] I run my own, for myself only (via WireGuard). Its easy to set one up, for example with Docker [2]. However, I recommend to try it out first. A list of public instances is available here [3]. These lists include Tor entries (if you require anonimity, don't enable JS and use e.g. Tor Browser!), and also mention where they are hosted (if on clearweb). You can try it out there. That being said, one which seems safe (because of the people behind it) is [4]. At least safe to test it.

[1] https://asciimoo.github.io/searx/user/own-instance.html

[2] https://github.com/searx/searx-docker

[3] https://searx.space/

[4] https://search.privacytools.io/


Wouldn't running a private instance be the same as directly queryint google? Like, it queries through the same IP you use, and can build a profile just using that.


The sluggishness with video streaming in Firefox on macOS might be because Firefox supports VP9 so those services will use it to save bandwidth but macOS doesn't provide an API for hardware decoding of VP9 so it happens in software. Safari only supports h264 so that's what gets used and goes through hardware decoding. You can try extensions like h264ify on Firefox (and Chrome) to make it use h264 too.


> Firefox for windows is perfect. I actually think it's faster on Windows than on OSX for whatever reason.

I've found that most crossplatform software runs faster on Windows than on macOS, even when comparing to a better Mac hardware.


One evaluation found that Ecosia is 'better' than Google and Duck: https://www.kylepiira.com/2020/02/07/which-search-engine-has...


Strongly agree with your random observations. Something about Firefox on Mac is just incredibly slow at even basic things like switching tabs. This is on a higher end 2019 15" Macbook Pro. Whereas on Windows 10 it feels just as fast as Chrome.


It is good on Debian flavors of Linux too. I think the issues with Mac OS X are well known and have been worked on for a long time. It used to be image rendering in the past, and it is now other problems with rendering (transparent windows).


DuckDuckGo works for me 95%. If I need local search, I flip that switch (below search-field). There's possibility of advanced searches as well.


Leave the search engine as DDG, and then just preface your searches with !g if you want to cross reference Google


Microsoft used to be very big in highlighting how much more privacy-minded they are. This was a massage pushed to policy makers across the world, and very significantly in Europe. This stopped 100% with the launch of Windows 10; I assume this is because of all the metrics it collects (often unknown to or explicitly against users' wishes).

The only option for privacy-minded search seems to be to use one of the bing wrappers, most notably duckduckgo.


If you want literally Google's results with privacy -- use Startpage.com


no issues on macOS. Older mac maybe?


No problem here either, on a 2015 iMac or 2018 MBP.

I've used FF daily for 20 years on Mac/Linux and never been motivated to trade my security/privacy for a little speedup.

Initially it was FF's ability to block video and invasive JS (w/ or w/o plugins) that was a game changer for me.


Some people just don't get the difference between Privacy and Anonymity.


Care to elaborate? Anonymity is part of privacy, which is part of security.

Security is a multi-perspective problem. Often, false dichotomies are drawn to convince people to give up their own security in order to benefit someone else's security - eg saying "privacy versus security" as if they're in opposition, being personally disassembled and molested at the airport, "national security" in general, etc.


I use Firefox because while Microsoft, Google, Facebook and other giants are working hard to take ownership of the Internet, Mozilla works to keep the web open and free.

I have a small SAS project, and I am sad that just 2% of my users use Firefox, while 80% of them uses Google Chrome.


How do you gather those analytics on browser usage? An outstanding number of Firefox users block analytics, so that may introduce a bias into those figures.


Not OP but a statistically significant method of measuring browser marketshare is by looking at User agent on web server logs.


They may block analytics, but how many of them are spoofing their User-Agent string?

You can get a lot of analytics just by looking at the web request. If someone came from Google, the Referrer header will show what their search terms were.


We need to ban the word "creepy" - it's lazy and vague.

I could write an article about how, in order to buy something in a store, you're expected to queue up and present your chosen products to a human who picks them up and scans them - wow, "super creepy", right. An actual human running their hands over your stuff, glancing at your face and probably thinking about who you are, and why you're buying these particular products. The human might even get a look at your bank card. "What a bunch of weird nonsense" is the idea that is probably going through your head (see how I lazily assume you think like me, the article author).


In you example it's obvious what is happening.

On the web, it's not.


Both are kind of creepy though. It's a meaningless and lazy descriptor in the way it's currently being (ab)used.


The real world example would only be creepy if the cashier was keeping detailed notes of what you bought, and suggesting related products the next time you visited the store. It's not creepy because the vast majority of cashiers don't do that. The online example is creepy because almost all vendors are doing this, and even worse, they're sharing the data with each other to build detailed customer profiles so they can sell you more products.

https://www.forbes.com/sites/kashmirhill/2012/02/16/how-targ...


You are basically relying on the cashiers poor memory to stop them from recognizing you. If you live in a small town, or even just an efficient city that sees you going to the same store often, people will recognize you.


This would be creepy if the cashier had an eidetic memory and after only visiting the store once while scanning items said: "Hi nmeofthestate, do you want to process this order on your card that ends with 1234 again?"


But we're aware of the employee's involvement in the transaction process. Imagine the same retail transaction but a manager is spying on the two of you (and every other transaction) from a peephole in the ceiling. That's why "creepy" is an effective word.


Agreed, and see my point above. Used to be creepy required some creep to look through a peephole. Now they've automated it.


"Creepy" is one of those things that's impossible to clearly and objectively define. I know it when I see it.


> I know it when I see it.

I would counter that you often think you know it when you see it, but may be incorrect. Knowing more about the circumstances and why something is done often reduces or eliminated the creepiness, in that what you assumed was the reason behind the behavior wasn't correct.


Creepy is a subjective descriptor. One person's creepy is another person's not-creepy. Things may be both creep and not-creepy at the same time, depending on who is observing it. I don't know that you can say someone's perception of creepiness is incorrect as that implies that there is an objectively correct label for creepiness.


ummm, human interaction is creepy? You have heard that we are a social species, yes?

The notion of "owning" something is a social construct.

The concept of transferring ownership from the store to you is likewise a social construct which requires a social action/interaction.

The stuff isn't your stuff until the transaction is complete. That would be after they "ran their hands all over it".

the concept of lining up imposes a standard of "fairness", another social construct which most apes seem to share. Because you aren't the only person buying stuff.

What is creepy is when a party deviates far from the norms established over roughly 100,000 years of trading/social interactions. Creepy is when one side uses a data collection asymmetry in ways which violate social expectations.

And yes, 100 years ago it was possible for a store clerk to be creepy. But back then, most store clerks weren't. Today, the company automates this data collection so every (large) store is effectively super creepy.


I think you misunderstood nmeofthestate's comment. They're not saying that they think human interaction is creepy. They're using it in an example where where creepy could be used in a sentence, but doesn't make sense if you think about the paragraph as a whole.


I love what Firefox stands for. They are not the only one but for sure they are keeping the balance of the web when it comes to privacy and security. Unfortunately as their market share drops, they have less and less say in the future of the platform.


Given firefox users massively block trackers, way more than chrome which actually links your google account with your browser login, I wonder how accurate are the stats.

Firefox did lose market shares, but it's possible we see lots of chrome users also because they are more visible.

Related, although a different problem, one of the biggest stat providers is Google analytics, and a lot of sites make decisions based on those, but Google has no incentive to check if they are missing some non chrome users.


Mozilla's own public data shows an ongoing decline in usage.

https://data.firefox.com/dashboard/user-activity


Good link. Declining from 880M in Mach 2017 to 805M in December 2019. Declining indeed, but not very fast.


The Monthly Active Users metric is more important, and it has been declining by around 10% each year. That’s very significant. Roughly 25k users lost every day. Mozilla had to lay off almost 10% of its staff this year, and will probably have to keep doing that every year now (unless the decline in users stops). And firing your employees doesn’t usually lead to better products.


On the contrary, the drop is tremendous. Consider that the number of internet users worldwide has grown way up in that timespan!


I think (but I have no idea) that browsers are tracked by their user agent, which they always send.


Many browsers start "freezing" the user agent.

But the user agent isn't that important when we talk about tracking.

https://github.com/w3ctag/design-reviews/issues/467#issuecom...


Indeed, however Firefox often masks its user agent as websites falsely report broken and missing features for non-chrome browsers. User agent is growingly meaningless as a metric.


One of the first things I do on a new Firefox install is add a user-agent switcher and set it up to tell sites I am using chrome for exactly this reason.

Somehow we have gone back to the dark ages of web where sites complain unless you are using one specific browser.

It was the more technical minded people who spread the word and mindshare of browser choice back then to get us out of that mess, and now the same group has gotten us back into it worse than ever.

I'll never understand how this happened.


User agent override is a builtin feature in firefox for ages.


Thanks for that info! I had no idea about this.


A quick (though not very user friendly) method to change Firefox's User-Agent string is to create a new about:config pref (string type) called "general.useragent.override" wit the new User-Agent string.


You can see Firefox's current list of User-Agent overrides in Firefox's "about:compat" page.


The website has the user agent but it cannot send it to the analytics platform because requests are being blocked.


The user agent header is passed to whatever server your browser originally talks to, that server is free to do whatever it wants with the header (including forwarding it or storing it in logs that are analyzed somewhere at some point). Blocking on the client or even client network level has no effect on that. If you receive any content at all, there is a chance the UA header will be looked at.

But as others pointed out, the header will be rather meaningless in the foreseeable future anyway.


Theoretically what you're saying is true, but practically speaking many websites are behind CDNs, like Cloudflare, Cloudfront or Akamai, with static content being cached aggressively to reduce costs and latency and it's pretty cheap and easy to do so nowadays, so most requests aren't even going to hit a backend.

You can work around this by installing a tracking pixel on every page you have, a pixel that always hits your backend, which can then generate a log line that can be analyzed. But this requires extra development and it's much easier to just install Google Analytics.

So I'm pretty sure that most browser stats are not coming from analyzing 1st party data that's logging the user agent.

And speaking from experience in this space, the error margin for such analytics is somewhere around 10% - 20%, which is roughly the percent of people having ad-blockers installed and this number is growing — you can extrapolate of course from those that don't have ad-blockers installed, but then you have a selection bias issue, because you're not talking about the same kind of user; e.g. people that use ad-blockers are the people that are more likely to be computer literate and capable of installing their own browser.


While you in turn are of course correct as well I wasn't trying to imply that every business out there is sitting in front of their server farm and analyzes httpd logs anymore.

With the prevalence of ads being served from the customer domain on larger sites these days I'd just think that enough parties have incentive enough to implement a tracking pixel or put a few lines of measurement protocol code somewhere to make sure that request data ends up in GA. But granted, I'm not in that space, the assumption that this data does not end up in the hands of some interested party for B2C sites just seemed weird, even in modern architectures.

Thanks for the error margin btw, that's far higher than I would have expected.


Tools like GA will be blocked by Firefox in tracking protection mode. They won't register a Firefox user.


But Google Analytics is typically (always?) done through JavaScript in the browser. And if the browser blocks any call to the Google analytics servers, Google won't know the user agent.


Sure, but most people don't analyze their server logs, they rely entirely on analytics, and if not done correctly (noscript tag) won't fire even a tracking pixel. Even then, most blockers will block those requests too.


The server is free to do anything with UA, but it doesn't, because google analyticts already takes care of that.


May also be that a privacy minded person is likely to use the internet less and is also more likely to use Firefox as their primary browser.


I'm not sure whether to agree with your last statement. While historically, Firefox lost troves of market share to Chrome, currently they seem to be fairly stable [1]. While tech boards are definitely a small fraction of users, the general notion around Firefox seems to be more positive recently than say, a few years ago, so I wouldn't be surprised to see them take back at least some of the lost share. While Chrome is currently a very dominant player, it's around the same level of usage that Internet Explorer was historically so market shifts of that scale are definitely possible.

[1] https://gs.statcounter.com/browser-market-share#monthly-2010...


Well your example is kind of perfect.

Around 70% of the Firefox users are blocking trackers. And Statcounter is using trackers for their stats.

So the stats are very misleading.

They might even prove that Firefox is very privacy aware.


It would be good if Cloudflare would publish browser stats.

They collect stats from user agents that are likely to be more accurate and probably cover more of the web than Stat Counter.


Plus Google may want to keep them alive like MSFT with Apple or Intel with AMD to keep the regulators away.


Well, that's true, "may".

Why, though? As far as I can tell the only part of Google that competes with Firefox is Chrome, and Chrome doesn't seem to be profitable, or even intended to be profitable. As far as I can tell Chrome's just a moat to keep people from using the Facebook app instead of a web browser. So... why? Tell me why I'm wrong, teach me something today.


They might face regulation e.g. in the EU (but also the US) based on antitrust or competition laws, as they would effectively be dominating the browser market. That would limit their freedom to operate, so I can believe that it's in their best interest to "allow" competitors like Firefox to capture a small market share. Effectively they could kill them easily as a large percentage of Mozilla's revenue (I think more than 50 %) comes from the Google search deal, and I don't think that deal is really vital to Google. Source: https://en.wikipedia.org/wiki/Mozilla_Corporation


But if Firefox only competes with Chrome, and the regulators are angry because of Chrome, why would Google not simply shut Chrome down? I mean that I don't see any reson why Chrome needs to compete against Firefox.

I can see arguments why Google needs to compete against Facebook: Those two compete for advertising customers. Funding one, two, a few browsers makes sense if the goal is to keep eyeballs on the web rather than letting Facebook tempt them into a walled garden. But why would Google care which of the browsers has most success? And if Google doesn't, why would regulators care?


>Why would Google not simply shut Chrome down?

Because they'd get less tracking info and have a harder time tracking people across the web? That seems the biggest point here.


Google keeps Chrome around because the alternative is just too risky for their core business. If (for example) everyone used IE then Microsoft would be able to shut out Google's ads.


It's not just ads. It's also Microsoft's ecosystem around Windows and Office. From Outlook, Sharepoint, to XBox, to 3rd party automation tools like BluePrism, UIPath, AutomationAnywhere that are tools built around IE and are getting a lot of traction in corporations at the moment. And probably a lot more tools I don't know about.


That's what I thought too (ie. that Google is critically dependent on web browsers that don't discriminate against Google somehow, and is paying for two such browsers). But so many people say that Chrome and Firefox are competitors that I'm curious to hear arguments for that.


Owning a browser is a business as every search engine wants to be the default. I think google is forking several billions a year to be the default on Safari and is probably Firefox’ primary source of revenues.

I don’t know if Microsoft has any other motivation for Edge other than being the front end for Bing.


Chrome is a strategic tool for Google that they use to funnel users to their services, collect data and influence web standards in their favor (among other things).


You are asking why controlling the default search engine and the client infrastructure for tracking users is valuable to Google?


No, not at all.

I am asking why people (appear to) think that Google's own browser is competing against the other browser that Google also funds.


Otherwise it would lose market share and money.


Why?

I may be stupid here. Please excuse if so. But I don't see why Google would lose market share in a market that provides income if Firefox' market share were higher and Chrome's lower.


firefox users are also much more likely to use a search engine other than google too, so more than just the browser is affected. Search is Google's primary money maker so firefox users not using google search would cut into their ad revenue. I would think Google would won't to eliminate firefox, but in doing so they would just prove firefox users' point as far as privacy/openness is concerned.


I had no idea Firefox users are much less likely than others to use Google as search engine. Interesting. How much is much — do you have numbers for it?

EDIT: I'd also like to know whether this is a robust difference, in the sense that someone who has both Firefox and Chrome is more likely to search using Google when running Chrome than when running Firefox. Do you know?


If Firefox keeps being relevant for software developers, by continuing to improve their dev tools and providing an API that yields more potent extensions (like the Tree Style Tabs), then I believe Firefox will continue to be very relevant, because its market share will continue to be made of users with the ability to influence policies, in corporations, public institutions and inside their own family, not to mention compatibility with Firefox will be preserved.

Firefox has nearly lost developers to Chrome, because (1) Chrome was designed for web apps and you can see this in their process per tab model and isolation, features which took a loooong time to be implemented by their competition, (2) Chrome's dev tools have been for a while superior and still are in some areas, (3) Chrome is popular, it makes sense to target the browser that's most popular, so might as well use it as a default and (4) Chrome really had better performance than Firefox, or at least perceived performance, especially when it comes to Google's own apps.

Nowadays Firefox has finally moved to having a permissions system for its add-ons and to using multiple processes for its tabs, while still being better in terms of memory usage, especially with a lot of tabs open, a use-case that was and is still viable on top of the latest Firefox.

I'm now more familiar with its dev tools and they've gotten better. Performance is sometimes on par with Chrome, sometimes better, sometimes worse ¯\_(ツ)_/¯ ... people complain about the performance of Gmail, but truth be told the performance of Gmail is now crap on top of Chrome too and I'd rather use native clients.

And I'm super pleased with many of the privacy changes they've been doing — built-in blocking of trackers, DoH (yes, I think DoH is great), multi-account containers which also allows for sandboxing Facebook or Google, plus I'm pretty sure they'll continue to support uBlock Origin, which isn't something we can say about Google and their deprecations in manifest v3.

They still have a lot to work on — better dev tools, battery life on MacOS could be better, a customizable interface that doesn't rely on "legacy stylesheets" (primarily thinking of hiding main tab bar while using the Tree Style Tabs add-on), etc, but I'm sure they'll get there and I'm happy with how it is right now.

I used to use Firefox because I wanted to keep them relevant, but nowadays I feel like Firefox is simply the better browser and it will continue to be relevant for as long as software developers such as myself keep using it.


NoScript (block by default) is the most potent extension a software developer needs in a browser.


It's also nice that on FF you can disable JS on a page (I use the Disable JavaScript addon) but still have addons run JS on that page. On Chrome, either you allow JS from any source, or you block it from all sources, which is a bummer.


Apple has some good muscle in the privacy war too, if for no other reason than to reduce Google's advantage.

Not sure what Microsoft's game plan is though, apart from preloading Windows with spyware.


DOn't you dare call all these freemium games bloating my default installation spyware! :D


No, it's not the games.

The spyware is on a lower level, linked to the OS in a way that you can not remove.


Don't confuse marketing with how the company actually acts.


Do you want to fill in the details about how you see the company acting? It's a pretty glib statement otherwise.


Them and how going to Chinese market is a fair example.


I will fill in..

Google never "sells" your data to third parties. They keep the data themselves for advertisement purpose. On the contrary, apple shares any collected data with advertisement partners. Apple fanboys don't realize this.

Apart from agressive and deceptive marketing, Apple is a shitty company that asserts patents on rounded corners of phones and optional chaining in programming languages (Swift). They are objectively more evil than Google in my book.

Apparently I am biased. I would not have been in CSE if Google didn't commoditize the market. My first encounter to programming was on an Android terminal. But that's another story.


None of that is true, aside from maybe your first encounter with programming.


Bullshit.

Read Apple privacy policy properly. They share data with "advertising partners".

Apple sued Samsung for billions on a ridiculous patent case on rounded corners in smartphones.

Apple patented optional chaining in Swift. Although there is lot of prior art, and the thing is fucking obvious for any PL designer.

People like to shit on Google. But Apple is just more evil than Google any given day.


You do not need to balance privacy with security. That is in most cases a false dichotomy. On the contrary, real security needs privacy and the other way around. Especially on the web there are nearly no exceptions to this.

Don't think too much of my ranting against the security argument, but I see it as a pure invention of politics from "hard liners" with a solid extroverted inferiority complex and a bad emotion driven risk assessment.

Otherwise I agree that Firefox stands for privacy and security.


For me it’s about the dev experience.

I’ve noticed that Firefox dev tools are getting better over the last year or so.

They’ve got some neat things like their CSS Grid editor and websocket inspector.

I still find it easier to clear application data in Chrome and Google Hangouts echos for me in Firefox but I’m moving towards Firefox by default on every platform.


I love CSS Grid inspector in FF! I also like the "Changes" tab in Inspector that lets me play with CSS in browser and copy-paste it in editor later.

The only thing I miss from Chrome is "emulate focused page" checkbox, it's useful when you're debugging dropdowns, for example.


Some reasons for decreasing market share:

https://news.softpedia.com/news/microsoft-begins-showing-an-...

https://www.zdnet.com/article/former-mozilla-exec-google-has...

This also means decreasing referral revenue from Google, so fewer resources available.

I believe Mozilla should strike back with https://www.linkedin.com/pulse/open-letter-mozilla-please-of...


I am using Firefox as my main browser for almost 7 years now (exclusive for ~3 years). As I see it Firefox is the only reasonable choice if you are looking for a browser respecting its users privacy.

Personally I never had problems with Firefox breaking pages or having noticeable performance issues. Quite the opposite seems to be the case, since it feels faster and better with every update they released. I really can’t understand all the people constantly complaining about Firefox being slow and buggy. 90% of the time I had issues, it was because of poorly written browser extensions or ad-blockers breaking stuff. It feels like most of the people complaining about Firefox are just looking for excuses to justify why they are too lazy to migrate.

The dangerous thing is when another new Chromium based browser, such as Brave or Edge, appears, which often makes it even worse for the user, since they just share your data with another company.


> Personally I never had problems with Firefox breaking pages

My experience has unfortunately been different, but the issues are mostly limited to "modern" over-engineered web apps. 90% I encounter one though, checking the console reveals that it's using non-standard Chromium-specific features (whether a FF counterpart exists or not) or just has a lazy browser == "Chrome" check instead of proper feature detection.


OK, but it's not Firefox's fault if web developers don't stick to standards and use Chromium-specific features. The bad thing is, the less people using Firefox, the harder this problem becomes and Chrome defines the de-facto standards.


Of course not. That was basically my point - that while some pages are broken in FF, it's not actually their fault (although how much that matters is debatable as the end-users don't care).


Chromium has very little to do with whether a browser shares user data - it's just an open-source package for making browsers.

I also primarily use Firefox, but Brave is definitely a more serious effort at a privacy-focused browser.


I never really understood brave. It's basically chromium with some google tracking removed and with some inbuilt "extension".

You get the same with firefox plus ublock origin, while supporting a more open web by not using the monopolistic chrome engine. Also, I doubt brave could fork the project for a long period after the adblocking becomes impossible with chromium


I never used Brave myself. The problem I see with Brave is is their business model being counterproductive for the web. If I understood correct, they block ads placed by the the content creators, just to replace them with their own monetization model... doesn't seem fair to me.


Just out of curiosity, do you primarily use a Windows machine? In my experience people using MacOS run into different types of slowness issues when they use Chrome or Firefox.


If Apple allowed changing default apps on iOS I'd use Firefox everywhere.


Firefox can't really exist on iOS, only a shell on top of apple's browser engine.


For what it's worth, there used to be a "full" Firefox for iOS, about 10 years ago. Apple blocked its release, though.


The rendering engine is largely irrelevant to me as a user on mobile. (Though of course having the actual one would be better.) Firefox sync is the meat of the deal.


> Firefox sync is the meat of the deal.

Firefox sync really is neat, but be aware that for the last several years it has had a security flaw, one which the Firefox team has no interest in fixing (in fact, they consider it a feature!): your passwords and other private data are encrypted with your Firefox Account password. That would be fine so long as a) your Firefox Account password is truly secure and b) Mozilla can never see it. Unfortunately, they can: they serve an HTML page to log in to your Firefox account, which loads JavaScript from their servers. At any point they can start serving JavaScript which sends all passwords to their servers.

What is so very, truly disappointing is that they used to have a great, easy-to-use Sync security system which was immune to this sort of attack, but they removed it.

Anyway, I cannot advise using Firefox Sync for private information anymore.


What is your threat model in which somehow Mozilla's ability to serve you JavaScript is a problem because they might use it to attack you, but Mozilla having written the entire program you're running isn't a problem?


They can almost-indetectably target an individual user or group of users at any point in time in the former case while the latter case would leave traces in e.g. git histories.

I trust Mozilla to write Firefox and I trust Debian to package it. I do not trust Mozilla to be trustworthy on a live and ongoing basis.


Sure if you don't want modern browser features like web worker, addons, and updates.


Agreed, sync is a great feature, but last I checked iOS content blockers only work with Safari, not any other apps that use WKWebView. So stupidly, I have both Focus and Firefox on my iOS phone, but only Safari can use the Focus content blocker. It’s pretty terrible.


I find it super odd that Firefox Focus doesn't let you sign into Firefox Sync. I would just use that browser for everything.


Have to used a local VPN from AdGuard to circumvent it and sometimes it glitches.


AdGaurd looks like a Safari content blocker and not a VPN to me.

https://adguard.com/en/adguard-ios/overview.html


AdGuard Pro, the paid version, uses the VPN interface to block ads.

https://adguard.com/en/adguard-ios-pro/overview.html


Personally, that's enough for me. I've been using Firefox on iOS for at least a year or so, together with Lockwise (their password manager).


Does Lockwise support easy import/export of passwords from/to other password managers? I'd like to use it, but I really don't want to put all eggs in one basket.

Can I associate one login/password pair with multiple domains?


I don't think it supports import or export. One login can indeed be saved and used over multiple subdomains.


Firefox without addons is like pizza without tomato sauce. Sure you can do it, but...


You don't enjoy the occasional white pizza? I'd say it's more like pizza without cheese...but you can do that too. Tomato Pie's are pretty good every now and then. How about pizza without toppings? Some restaurants even call toppings add-ons.


I think of it more like supporting a local pizzeria. Firefox gets me 100% there on my desktop and using it on iOS sends Apple some sort of number that I prefer using it over the stock browser.


I still remember Firefox around its version 1.5, where you literally couldn't use it without extensions, even some basic things like Tab Recovery was only available through them.


A thing that annoys me is that any browser in iOS except Safari doesn’t support getUserMedia to allow camera access to do things like scan qrcodes from the site. I'm wondering if it's an artificial limitation Apple imposed to encourage people to use Safari.


Vote with your wallet?

Anti consumer companies shouldn't get your money.


What's the alternative? Buy an Android device so that not only is Google stalking you but you also pay for it?

I agree that what Apple is doing here is wrong, but the alternative is worse on other fronts like privacy which is much more problematic (to me at least) than App Store restrictions.


Sadly.... this was my conclusion as well. I'd rather have an iPhone(which I do, an iPhone X) than actually get a Android device.

This is the case of going with the lesser evil.... and there's no way in my mind that Apple would be the greater evil than Google when it comes to tracking users and learning all their habits while using Android.

Apple is not perfect and I hate it for being so anti-consumer when it comes to repairing... and I'd love they would fully commit to a privacy-minded iOS if they have the guts to do it.


The real solution is regulation for privacy, so that stalking and tracking becomes illegal no matter who does it. Then, Android would become a viable choice for many.

Anti-trust regulations on Apple would also be very welcome, but irrelevant to the privacy problem.


It is very easy to install a ROM and have full control over your relationship with Google.


Buy an Android device, block the spy traffic or install a different OS on it. You know...stuff you can do with a device that actually belongs to you.


[flagged]


[flagged]


I don't support the parent's use of name calling, but it is not necessarily the case that criticism of another's enthusiasm for a vender implies the critic also has enthusiasm for a vendor. Some of us dislike all of the dominant venders.

(Edit: And having the position that 'mere avoidable advertising' can be avoided is also not necessarily evidence of fanboyism)


The connotation is a thinly-veiled promotion of Google with skewed reasoning; that tracking you so they can advertise to you is benign, and we should submit to constantly being tracked, because that harms us less than patents and lock-in, without giving any reason why patents and lock-in are bad.

Tracking me and spamming me immediately makes my experience worse, with almost no exceptions (I've never seen an ad that was relevant or made me buy anything, but I often experience uncomfortable breaches of privacy), but patents and lock-in are often used to provide me with tangible benefits, with the only downside being that other companies are prevented from easily providing those same benefits.


No, that 'connotation' isn't present in the parent's actual words.


Click on 'parent' until the context of the thread becomes apparent.


Maybe you have a bit different idea of consumers from the real consumers Apple has.


Apparently it's being seriously considered: https://9to5mac.com/2020/02/20/bloomberg-apple-discussing-al...


I use Firefox on iOS. Most third party apps give you the option to switch so things like my rss reader, email client and calendar all open in it. The problem is they don’t really have enough granular control over things so they are missing key features like containers and debugging tools.


My absolutely largest issue with Firefox is how settings revert after updates without any notice. It is good that updates are frequent. It is bad that settings revert and defaults are not safe.

I'll never touch Chrome again.


Out of curiosity, which settings are reverting for you? I can't recall settings reverting but I do occasionally get the "running slow" prompt to blow away my profile and start from scratch.

If anything, I've noticed more and more settings are getting pushed into Sync and automatically propagate across instances or upon new installation. Which is nice.


Recently i was promoted to refresh my ff settings, and upon restarting, all my settings and plugins were set back up 0. Not a pleasant experience rebuilding my ff instance, but i guess it's better now than before.


Yup, it's not pleasant but thankfully, apart from NTLM settings, I've managed to remove most of my custom about:config settings I had used over the years, so apart from dragging Add-On icons into the Overflow Menu I don't have much customization to do.

I had an issue with v73 being incompatible with whatever security software my Work PC was running and the main rendering thread crashing. After trying numerous things including rolling back to v72 and refreshing my profile, I came across a bug indicating it was scheduled to be fixed in an upcoming release which turned out to be v73.0.1 thankfully.

That's the first time I can recall where Firefox did me wrong.


There is a way to get those settings back.


Mozilla depends almost entirely on Google and other advertisement companies for revenue, whatever privacy posturing they put in place is just means to drive people away from extensions whose block lists Mozilla does not control.


Most users are going to use Google regardless. You could say that the user trusts Google, even if we know they shouldn't. Firefox cripples Google's ability to track the user either way, especially with uBlock Origin and Google Container installed.

Even better, it prevents ISPs and other parties that the user doesn't trust from tracking them.


Why does one's use of google services allow you to assume that they trust google but one's use of an ISP services doesn't assume they trust the ISP ?


Because in the US, most ISPs are a monopoly. Google isn't.


Ok let's roll with this, although just between the cellular data carriers there are more choices than between web-scale search engines or smartphone platforms. If you had plenty of ISPs to choose from and all were in the habit of mining and monetizing your browsing data simply because that's legal and profitable should Mozilla recognize you as implicitly trusting the most dominant one that also happens to be paying them ?


It's a false analogy. Not all search engines track or monetize you. A user can choose DuckDuckGo. There is no DuckDuckGo for ISPs.

This hypothetical is even less relevant when you consider that Mozilla protects you from Google using blockers and also from ISPs using DNS over HTTPS.


Meanwhile firefox is the browser that calls home the most (at least on the first run) https://twitter.com/jonathansampson/status/11658588961766604...

On every single release they add new hidden options regarding tracking by mozilla (see Normandy and shield for example, which you have to go to about:config to disable).

In addition to that about:addons uses google analitics and does not allow for it to be blocked by extensions, plus mozilla sites use tracking scripts (googletagmanager etc) that need modifications in about:config to be blocked (extensions.webextensions.restrictedDomains).

Finally mozilla does not seem to be taking any measures to make firefox more resilient to tracking - in fact they support more and more technologies that diminish it. (web fonts, webgl, geolocation, user agent mentioning the version language and OS, etc)

Edit: Sorry, by "web fonts" I meant the ability for sites to read the fonts that you have installed. I do not know if actual web fonts can be used for tracking.


Perfect is the enemy of good. Firefox is pushing the Overton window in the right direction, which is good enough for me. Some of your complaints are legitimate but that doesn't mean Firefox isn't the best option for most people right now.


Certainly, I am using firefox as well right now, but this does not mean that we should give up in our objective to privacy and just trust mozilla.


If your main concern is privacy, Firefox is not the best browser for most people right now:

https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf


Brave's integrated ponzi scheme (magic Brave dollars) and fundamental dependency on Google's Chromium make it a no-go for me.


>Brave's integrated ponzi scheme (magic Brave dollars)

"Ponzi" and "magic" are not descriptors one would use if discussing this [objectively].

Fortunately, BAT is opt in, and you can get all of the superior privacy benefits of Brave without BAT playing any role in your browser experience.


I appreciate your point about BAT being opt-in. Maybe the language is a bit inflammatory for HN standards, but BAT has always seemed crummy to me.


And Chrome tracks individual users by Chrome installation ID. It's sent to certain Google domains like Doubleclick [1]. All browsers are tracking us. It has to do with when, where, and what they do with it.

We're not dealing with a perfect world. Some of this has to do with intents and privacy protections outside of technology (i.e., policy). At least that's Mozilla's stance. For example, the analytics Mozilla collects on Firefox cannot be legally used by the analytics service for other things.

We need to be careful to not let perfect be the enemy of good in the way we praise the the _direction_ we want to go.

[1] https://news.ycombinator.com/item?id=22236106

Note, IANAL.


Correct me if I am wrong but aren't they including built-in tracker blocking with a 'strict' list that can be chosen, plus they are working on site-level isolation that is behind a config flag for now (1st party isolation) and as far as I know, they're the only browser that has multiple anti-fingerprinting measures that can be toggled by the resistFingerprinting config flag? If they default disabled web fonts, geolocation etc., they'd lose whatever little market share they have as those have become important web tech already. You can still disable all of them either by means of about:config toggles or through simple extensions like uMatrix. Not sure if Chrome even allows disabling any/all of them.


> aren't they including built-in tracker blocking with a 'strict' list that can be chosen

This is not in any way better than ublock origin. Anyone who knows to select the strict list also knows how to install an adblocker.

> If they default disabled web fonts, geolocation etc., they'd lose whatever little market share they have as those have become important web tech already

I am not saying that they should disable them by default, but they should at least make it easier for people who care about their privacy to disable them. (Although I do not think that any desktop user is going to miss geolocation)

In addition to that I am annoyed that they keep supporting such technologies that can be used for tracking in the working groups rather than push back on them.


> web fonts

I installed NoScript recently and was surprised to see so many sites linking to typekit or other centralized repos for JS related to rendering fonts. Why do sites using webfonts have JS dependencies? Is it something to do with licensing?

Between products like DTM and typekit, Adobe has been quietly positioning itself to be a tracking/advert power house.


> If they default disabled web fonts, geolocation etc., they'd lose whatever little market share they have as those have become important web tech already.

I doubt people would even notice the font side of things.


They'd notice. Maybe they wouldn't notice that they notice, but they'd get a general feel that things look worse.


Agreed. I used panopticlick and it showed me that web fonts were one of the biggest discriminators. I disabled them and tested on a sample of normal end user type Web sites. The web got real ugly looking real fast. If Mozilla disabled web fonts by default, normal end users would draw the conclusion that Firefox couldn't properly render the web, and would flock back into the arms of Chrome.


They could ship web browser with all common web fonts to render them from disk without fetching. This would allow disabling of fetching of web fonts without breaking websites. Also could eliminate fonts as a fingerprinting vector altogether if system fonts were ignored as well.


What about fonts which are not licensed under an open source compatible license. What about fonts that are not "common" but are used by some popular Web site? Your request is doomed to failure. Like it or not, Web authors have been given the power by Web fonts to have total control of the fonts on their Web pages, and they ARE using that power. Any attempt by a low market share browser to change that fact is doomed to blow back on that browser.


I'm sure they can afford to buy rights to important non open source fonts or fund the design of similarly looking open source fonts to ship as aliases. There is no reason for the madness with fonts to continue.


That’s actually not a bad idea. Lots of sites do have custom fonts, so maybe it would be a good idea to still put some icon in the address bar when the site has web fonts that didn’t come with the browser.


Decentraleyes does exactly that (at least with scripts, I do not know if they do the same with webfonts and css files)


Even google news renders weird without custom fonts if I remember correctly. Lots of sites use font files as icon sets etc.


The only think that they would notice is when buttons break due to the lack of web fonts.


The problem isn't analytics the problem is tracking. Brave is the perfect example. It may have no built in analytics but at the same time it is easier to track than Google Chrome due to fingerprinting. Do you care more about testing which features of a product are actually used (Firefox) or do you care about a company giving out your entire browsing history through a side.channel (Brave).


> The problem isn't analytics the problem is tracking

Both are an issue.

> it is easier to track than Google Chrome due to fingerprinting

> or do you care about a company giving out your entire browsing history through a side.channel (Brave).

I do not use Brave but [citation needed].


When I wanted to quickly add some analytics to my website to see if anyone's reading it and from where, I had a hard time with Google Analytics because neither Firefox nor Safari allowed me to check if it works. Had to open Chrome to ensure it does log viewers.


Pocket too


Indeed. Firefox is not the best browser if your main concern is privacy:

https://news.ycombinator.com/item?id=22419284


I've run a variety of non-Chrome browsers (currently Brave) as my default for most personal usage. But with all of them it seems like I run in to incompatibilities that cause me to fire up Chrome as a workaround. I use 5 SAAS applications to run my business and I run them all from Chrome because at one point or another I ran in to some kind of showstopper and it just wasn't practical to constantly switch to Chrome to unblock.

The issues are often weird and not obvious. Last weekend I stayed at a Hampton Inn and their Wifi authentication page kept refusing to accept my last name and room number. I called the front desk which ended up being a waste of time (I was hoping maybe there was a mix up in the data). I finally ended up hot spotting. Then the next day it occurred to me that maybe it was a browser issue. Sure enough, I was able to reproduce the problem in Brave, then copied to the url to Chrome and it worked fine.

Bottomline, these issues seem like a big impediment to a mainstream migration away from Chrome.


It likely involved us blocking a 3rd party script that the hotel embedded against its 1st party interests. If you click on the lion-icon in right end of address bar and lower shields you should be able to match Chrome's behavior, if such a 3rd party script block caused the symptom.


This is why it is very important that we complain when things don't work. It's the only way to slow non-Chrome browsers from becoming more and more marginalized. Hopefully we can turn the tide and eventually make using alternative browsers a pleasant experience for the non-technical users.


Now we'll see if Thunderbird will make saving sent mail opt-in for each message, for privacy.

How many of your email conversations need to be preserved forever?

We certainly don't walk around with an audio recorder to record every word we speak in person to people in case we want to refer back to them later.

Email defaulted to storing messages years ago because it seemed cheap and valuable. Some value remains, but we no live an era of doxing and data dumps where saved communications can be a liability as well.


> We certainly don't walk around with an audio recorder to record every word we speak in person to people in case we want to refer back to them later.

...not to play devils advocate, but...

No we don't need it, but just like with email...that would be quite useful in many circumstances.


For that to be useful, the recipients on the other end would need to also delete the email. Otherwise, you've completely given control of that email content to everyone but yourself.


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: