> Concerned that web privacy issues were being routinely ignored by many working groups of the W3C, the Privacy Interest Group sought to expand its charter, such that it would have the ability to block any new technical specification that it felt would have negative implications for web privacy.
This wasn't just that Google "vetoed" a new privacy standard, they actually just vetoed the group's ability to "veto" future standards.
Everyone voted for it, except Google. And that was enough to block it.
I'm not a Google engineer, but this doesn't feel like an "Are we the baddies" moment to me: giving a small group within the W3C the ability to block any technical proposal — including from the article what seems to be as far-reaching as all existing IoT proposals — feels like it strips the W3C of what little utility it has left. If the W3C mandates that everyone has to stop making IoT stuff, it seems unlikely that Google (or anyone else) would stop... Presumably the only thing that would stop would be meaningful W3C discussions about the proposals before they get shipped and become de facto standards, leading to an ever more siloed, fractured web.
W3C has repeatedly shot itself in the foot with sweeping mandates that major vendors oppose and which are then ignored; that's the reason we now have the separate WHATWG org and the reason W3C no longer leads much in terms of browser standards. Adding more mandates from tiny players (e.g. Brave) doesn't feel super useful, even if the group is supposedly focused on privacy — although the article even notes that at least part of the desire of the group was for "rivals to limit or handicap the ability of Google to compete against them."
> it strips the W3C of what little utility it has left
You hit on it right there. There is no more such a thing as "web standards" that the W3C can agree on and push forward. There are "web standards" that Google wants and that's it. If the W3C ratifies them, great. But really it doesn't matter at all.
That happened way before google came on the scene. W3C has never been a particularly effective standards body (rip XHTML). WHATWG didn't just appear from the void for no reason.
That said, its a standards body. If you arent standardizing what the majority of the marketshare web browser vendors want, you're not creating standards, just pipe dreams. Consensus is what a standard is. It is not the same thing as regulation.
Back when WHATWG was organized, I thought similarly. But in retrospect, it was a mistake. W3C moved slowly, yes - but the result was an actual standard. Now, it's a target moving so fast, and with so many evolutionary dead ends, that we're back to the days of "this site is best viewed in ...".
Google profits from this in two ways. Because they own the largest browser by market share, the ... is usually that, making other browsers less viable. But in addition to that, this significantly raised the barrier to entry for any competing browsers - remember what happened to Edge?
Was it though? At a minimum i think a "standard" is a document detailing the behaviour of at least two competiting implementations sufficiently that you could use it to make a new implementation that was interopable. I don't think that was true of W3C standards in the pre WHATWG days. Compare it to say the HTTP rfcs, which i think did meet that standard.
Opera would be a good example of a third independent implementation successfully competing with the primary two (IE and NN/Mozilla). I remember switching browsers back and forth several times back then - I was an Opera 6 user, then moved to Firebird/Firefox shortly after it was released, then back to Opera 7/8/9, then to Chrome.
It was a fairly brief period, unfortunately - roughly between IE losing definitive market dominance, and Chrome acquiring the same.
Not quite accurate - Google is not the only party in this. Apple, Mozilla, Microsoft and Google formed their own group (WHATWG) that effectively took over the development of a number of standards - HTML and DOM included [0] - and follow and implement those, with W3 ratifying them ex post facto (or not, who cares?).
Google definitely plays a big role in this, but the others should not be left off the hook.
Exactly. The W3C is an industry standards group, not a regulatory body. Trying to pretend otherwise (as this proposal did) seems not only pointless, but also antithetical to the purpose of the organization.
What possible good would that do? The vendors' opinions are those that matter. You can write whatever you want and call it a web standard. That doesn't mean anyone is going to implement it or obey it.
It is open to the public and there is actually a PING conference call scheduled for tomorrow (link to agenda below).
From the PING Charter:
"Participation
Participation in PING is open to the public. Participants who do not represent a W3C Member should join as Invited Experts. Invited Experts in this group are not granted access to Member-only information.
Anyone may subscribe to the group's public mailing list and engage in discussion. Those who intend to contribute to deliverables will be asked to join the group.
Communication
This group conducts its work on the public mailing list public-privacy and in periodic teleconferences, typically 1-2 times per month. Additionally, the group meets face to face at TPAC. PING is experimenting with using a free Slack workspace - interesting discussions from Slack will be called out to the mailing list, and decisions will not be finalized based solely on Slack discussions.
Information about the group (deliverables, participants, face-to-face meetings, teleconferences, etc.) is available from the PING home page.
Decision Policy
As explained in the Process Document (section 3.3), this group will seek to make decisions by consensus. When the Chairs put a question and observe dissent, after due consideration of different opinions, the Chairs should record a decision (possibly after a formal vote) and any objections, and move on."
The title seems a bit misleading. If I read this right, Google didn't veto a privacy proposal- it veto'd giving an interest group within the WC3 "the ability to block any new technical specification that it felt would have negative implications for web privacy."
It's still probably bad, I'm quite prepared to believe the spirit of the headline (that google is anti-privacy), but it doesn't seem like this is a case of google directly hurting privacy in web standards.
This is probably a more nuanced set of circumstances.
Google is the big shark, and all the other fish have an economic interest to impede Google in addition to philosophical and other business model differences.
So the situation isn’t quite the same as if you would have dozens of members of more similar size, power and influence.
On the web in large parts of the world it’s increasingly becoming Google against everyone else in a war for survival.
When it comes to privacy, you can safely assume whatever side Google is on is the wrong one, and the one everyone else is on is probably costly to Google's web domination plans.
So you're opposed to TLS strengthening measures like certificate transparency? Because i think its pretty good for privacy.
Blind google hate is just as bad as blind google fanboyism. Google does plenty for internet privacy, especially in the parts that don't affect its underlying business model, which is a big part of the privacy space.
Google's interest in PKI is explicitly around it's desire to block competitive advertising interests. Which is to say, if Google is the one decrypting all your TLS traffic on your PC (which it is), it's very happy to push TLS, because it gates out other network providers from analyzing your network activity the way they actively do. Google is extremely financially vested in killing off Comcast and Verizon's advertising businesses.
Furthermore, Google's been utilizing that stewardship of Chrome to set up a situation where they dictate terms to the entire PKI industry, including their ability to unilaterally terminate certificate authorities... while conveniently setting up their own root CA as well.
Which is to say, yes, TLS is just another strategy Google has to take over complete control of the Internet from formerly decentralized approaches, and it should be considered a direct threat to everyone.
> So you're opposed to TLS strengthening measures like certificate transparency? Because i think its pretty good for privacy.
Considering that the cost of getting CT was the removal of RFC 7469 HTTP-based PKP "dynamic pins" (aka HPKP), I am not sure if there was a net benefit to privacy - without hate or love for Google.
I can't fail to notice that intent to removal was to also remove "static pins" (i.e. pins harcoded into the browser) after CT requirement for all certificates was implemented [0], Chrome started checking CT for new certificates [1] and CA Forum has limited the maximum validity of certificates issued to 39 months (2016) -> 825 days (2018) -> 398 days (2020) [2] (which means pretty much all certs from 2017 would have been reissued by now!), yet static pins for certain "favoured" organisations remain in the Chromium code [3].
That list of favoured orgs? Google, Tor project, Twitter, Dropbox, Facebook, Spideroak, Yahoo and Swehack.
CT is great for transparency and tracking rogue certs - but privacy could have used a stronger model than current blind trust in the CAs (and only acting afterwards if the trust proves misplaced).
A standard used by nobody does nothing for privacy. I also dont really see the connection - we could have both if that was desired, they solve similar problems but they don't conflict with each other. HKPK wasn't removed to make way for CT, it was removed because it did not work in practise.
The reasoning on this is a bit circular: it was "used by nobody" because Google did not use it, because it had a static pin in both Chromium-based browsers and in Mozilla [0], resulting in high success rate in tests (they note it in their blog post that very high sucess rate is reported if static pins are on, but very low if they are ignored). There is also the problem that MS and Apple never bothered to implement it.
They had a chance to go forward and implement HPKP protocol in parallel with CT, they didn't. They had a chance to go with other proposals - e.g. checking the CAA records (a proposal they themselves have made in the deprecation post, especially as CA certs are also well-known and pinned), they didn't. They chose an option that works best for Google (and by extension: Facebook, Dropbox, etc), but not so much for everyone else.
This means is there is no way to spot a mis-issued certificate before it has been used - and you need to trust that the specific CA that issues it both adheres to transparency (pinky promise!) and obeys CAA (also, pinky promise - LetsEncrypt got in hot water when it didn't). That is: unless you are Google or Dropbox or Twitter - then your browser will actually save you from connecting to any counterfeit site, as that is what was important for Google.
End result? Privacy is enhanced if you are lucky enough to be on the list of statically pinned sites (see my parent comment, and see the Mozilla version as well), everyone else only gets more transparency, but not stronger privacy.
Depends. When they were struggling with the CCP, eventually getting all their services blocked in Mainland China, I don't think so. There are more examples of situations were Google really does take the other side of the table. It's not helpful to reducing it to these extremes.
If they really wanted to fight for freedoms instead of searching a viable way to have profits in China, they wouldn't secretly start Dragonfly, which was only halted after its employees demanded it. So, they really really did want to operate in China, no matter the human rights situation there, they just did not think it through to concede enough things back then. They were ready later, hence Dragonfly happened.
Not really. They're always evil, it's just occasional their evil coincides with interfering with another evil.
Google's issue with China has never really been human rights. Google's issue with China is that it insists on access to data and algorithms, and while Google does not care about your privacy, Google cares a great deal about it's own privacy.
I think current Google would have made a significantly different decision than past Google. It's been a while since I've seen them make an altruistic choice that has cost them significantly the way losing China did.
So the only argument we have against that proposals is that 96% people/pitchforks voted for it. That's the only argument I found in the post and the comments.
Is there a well written article that describes what PING is and formal specification of this proposal?
Google’s business model is the antithesis of privacy. The less privacy the better for companies like Google. I don’t mean that as hyperbole, but I would be very curious to know when it comes to privacy, what’s in it for Google?
Your continued use of their products - thats why Google remains as much of a theoretical concern as Apple, who will happily tell you they keep track of all of the articles you read, tap in their search results, and purchased in all of their virtual stores, among many many other things, for targeting.
For some reason people treat Apple as if offering grouped ad targeting is the same as being private, but when Google does the same, it's treated as a fundamental sin
The central error is only a first order analysis can lead to the conclusion that Google doesn't care about user privacy - it's probably it's most fundamental value
It vetoed giving a privacy interest group the same veto powers it hypocritically abuses itself... Welcome to 2021, the surveillance capitalism trashfire shows no signs of burning out...
This is precisely why I'm so disappointed in Microsoft for choosing Chromium for Edge. This only gives Google more power to run roughshod over user privacy. I would've much rather seen them adapt WebKit or Gecko for Edge. Chromium doesn't need to be any more powerful.
At least will still have Firefox and WebKit to prevent Google from having total reign over user piracy on the web.
I'm a fan of Microsofts open-source efforts around .NET Core and a former .NET dev (I'm mentioning this to make clear I don't have the standard anti-MS slant found on OSS forums).
Having said that - MS seems exactly the same or worse on privacy issues, they just suck at executing with their services so they don't get as much traffic and aren't in the spotlight. I don't really follow the logic - if I was interested in privacy I would probably avoid Microsoft just as much as Google.
And Microsoft working on Chromium/Blink just gives more credibility to it being an OSS project - they've made substantial contributions and probably have a team working on it - if Google decides to close off the development - Microsoft has the resources to continue development.
The danger from a dearth of independent implementations revolves mostly around programming errors; i.e. if everyone uses Chromium code, and it has a bug with some particular CSS property, it will inevitably become web standard behavior anyway since content will be written to rely upon the bug. (See also: Adobe Flash)
It does not foreclose downstream Chromium users' ability to strip out or restrict features they believe to be harmful to user privacy; as all the code is provided under a variety of Free licenses that are specifically designed to allow removing unwanted functionality.
Privacy is as much about adding features as removing them. Rewriting APIs that no one else have the manpower to reimplement and update for decades is a bigger problem than adding privacy invasive features. Google could easily make changes big enough that it would break for example Brave's ability to add the features it wants. Like a new API that cannot be used by adblockers as effective as the old one..
>Privacy is as much about adding features as removing them
This is a perspective that's often missing from discussions surrounding web APIs. These APIs aren't just about what cool new things legitimate developers can do with them. They're also about what they'll enable bad actors to do. APIs must be designed defensively, otherwise we risk users feeling [even more] unsafe on the web.
This move by Microsoft is kind of like Intel going to TSMC, which from a consumer point of view sounds promising, however, where I have problem is that I cannot download Edge source and compile it myself. I think this way this would mean we could have privacy focused forks that work well with the OS. Other problem I have is that this way Microsoft appropriated huge amount of work without paying a penny to the developers. I would have looked at it differently if they paid salaries and bonuses to contributors for several years. Microsoft wants to have the cool opensource kid badge, without paying fair share. That stinks.
It kind of reminds me of a situation where you want to help community on a hot day and put several 24 packs of bottles of cold water in your front yard with a card "free for everyone", and then watching like a shop owner comes with his truck and grabs all water and then go sell it in his store.
The spirit of open source used to be that enthusiasts built software out of passion to help themselves and others. If a contributor was given a choice - 1. Spend several years using up your free time, sacrificing contact with family, other hobbies to build this software and then have a multi billion company grab your software, badge it with their logo and make billions of off your hard work without giving you anything back, maybe a footnote and pat on the back. You spent your best hours on writing every single line, but you will never get to sip champagne. Or forget about open source and focus your mind on achieving something meaningful for yourself. I feel that many big companies spread this propaganda how great open source is and what an achievement is to contribute, where the main goal is to exploit people and obtain free IP without paying salaries and taxes. The badges on Github remind me of this short movie: https://www.youtube.com/watch?v=nXIdmW4Hau0 picture soldiers as open source developers.
Its a common trend to use permissive licenses on your own code, and its understandable to do so as good will. But given the described problem, one might be better off with copyleft clauses and other restrictions in order to reduce abuse from big corp.
Firefox doesn't care about your privacy. They implemented the same bloated information-leaking APIs like AudioContext that Google did. These APIs are used almost exclusively for tracking.
Coupled with their recent pro-deplatforming stance, Firefox's death will accelerate and it's a good thing. Mozilla has been consumed by greed (Google deal), incompetence (Firefox mobile) and politics ('deplatform our ideological enemies' blogpost).
It's not that black and white. Without APIs people would complain about bad support. Without the Google deal Mozilla would no longer exist. And really, all it is is one little setting you can change once and for all after you install it.
Just to be clear, there is no valid reason for AudioContext to leak audio latency information without the user's permission. It is used almost exclusively for ad tracking and fingerprinting.
On sites that do not ever play audio, the browser leaks sensitive highly personalized audio information to any ad network that wants it. That's not a 'feature', it's a spyware backdoor for ad networks.
Even if Mozilla/Firefox dies I'd like to believe its spirit and rendering engine will live on in forks. Maybe we'll have another successor to Firefox as Firefox was to Netscape.
I do find it rather fitting that Google, of all companies, would take issue with ethical oversignt standing in the way of technical "progress", which was their specious argument for their veto. That essentially describes their entire corporate MO.
Their veto being interpreted as anti-privacy is one thing, but their reasoning for the veto is, in my view, even worse. In attempting to steer the conversation away from their anti-privacy stance, they drove straight into a wall of "any kind of ethics in software should be an afterthought". Not good.
But they can leverage this control and make it legitimate by making their POV the main POV in the web standards working group, and this is what they are doing right now (removing veto powers from other concerns in the group).
There are no vetoes in a consensus system. One or more members may have a "concern". Until those concerns are successfully addressed there can be no consensus. And only with consensus can anything be advanced to policy or law. The Society of Friends makes use of this form of governance:
That is exactly how a veto works. In other words, a consensus-based decision make system is a special case of a decision making system with a veto, in which everyone has equal right to veto.
The Friends are more popularly known as Quakers. My wife is one. We were married almost 20 years ago in a Quaker ceremony.
There's a lot to like about their approach to things but consensus is difficult to deal with. Unreasonable people cause great stress on people who are trying to get simple things done.
There are different flavors of Quakers: my wife attends an "unprogrammed meeting" which means that there's not a minister. Instead, members sit in a circle (pre-COVID) and those who are moved to speak do so. But there's also programmed meetings, which have a minister. There's probably more variations.
Around the time the US was founded the Quakers were seen as good people to do business with, since they strove for honesty and transparency in business. There were many prosperous Quaker merchants. These days they seem to be more anti-capitalist.
There is nothing preventing any member from considering privacy issues as blocking. Since consensus is required, why require another round of review and approvals?
Unless members don't all have people on the PWG and are looking to offload review expenses on the organisations that are?
Meh, from the article, they didnt actually veto any specific privacy proposal, just a change to who can veto something on privacy grounds. I feel like that is pretty different from what the title implied.
They vetoed an otherwise-popular proposal to grant teeth to the privacy working group. That is worse than vetoing a single proposal. It comes off as Google preserving their ability to do whatever they want in the W3C.
I fail to see how this preserves some ability of Google to do whatever they like at the W3C. I see it as highlighting exactly why Google can't do whatever they like at the W3C. Just as their single vote prevented this change any other single voting organization could block whatever Google wants to do at the W3C.
The real problem is that Google, due to ownership of Blink/Chrome, has so much power de facto that the W3C process cannot meaningfully prevent them from doing whatever they like anyway - if W3C doesn't follow, it risks a repeat of WHATWG.
Looks like everyone has the right to veto (hence, this outcome from a year and a half ago), and they vetoed forming a small committee that would thus have an exclusive veto.
Apple's been kneecapping the web for years with the dual argument "you cant have WebUSB/Bluetooth and be private, permission dialogs don't count." After allowing iOS to make the opposite trade-off while confusingly marketing their phones as "what happens on your phone stays on your phone", and making Facebook a central authentication mechanism in iOS 4 and pushing devs to use it to "hurt Google", allowing them to obfuscate their vetoes via an exclusive smaller group seems blinkered.
Or a more privacy-focused and less politics-focused alternative: https://brave.com
EDIT: It's funny how the votes switch between +5 and -5 every minute. I wanted to add that I did not say Firefox is a bad browser. I was just presenting an alternative.
A webbrowser is not something most people can or will switch out easily. Google could any day they want rewrite an API that brave depends on (like one used by adblockers) and it would instantly have caught lots of Barve users with a Bad Browser, many not knowing. Brave lives even more on the whim of Google than Mozilla does. It's like using Windows 10 with telemetry ripped out instead of switching to Linux. Good enough for some, not for all, bad to depend on in the long run for most.
The article is perhaps poorly titled, and the modern age headline-skimmers will take it at face value. The article isn't calling for more extreme action or censorship... It's saying that deplatforming isn't the solution and what we should do is have transparency of advertisers & algorithms and support / fund research into studies on disinformation. I'm not sure how anyone can disagree with the substance of the article.
Ok, so no political issues... Still waiting on the privacy argument.
> It's saying that deplatforming isn't the solution
It's saying deplatforming is not going far enough to be the solution. And it advocates (among other things) "amplifying factual voices", which for a browser platform can mean only one thing - abandoning neutrality and privileging certain type of content - one that the gatekeepers agree with and thus call "factual" - while excluding other types of content, that they disagree with and thus call "misleading". To remove all doubt, they bring Facebook - which exercises clear viewpoint-driven editorial control over the content, even if unconsistently, haphazardly and ineffectually - as an example of what they're looking for. For a browser platform, advocating such approach means they plan to install themselves as the gatekeepers of the Internet, choosing what information you are and aren't allowed to see. While once currently can route easily around Facebook censorship, once browsers join the game, it won't be so easy. And of course, for anybody who values unrestricted access to information as much as privacy, it is the reason to avoid using platforms that advocate such principles.
First of all, I'll say that I _obviously_ don't want to live in some sort of Orwellian, Ministry of Truth, 1984-esque dystopia. However, I think there's an unnecessary amount of fearmongering going on currently about organizations pushing back against disinformation. There certainly is a disinformation problem and from a U.S. perspective it is quite obviously a foreign adversary and malicious actor problem.
It seems that this Mozilla article is too vague, open-ended, and short to be processed correctly. I personally interpreted the article differently than you did, which doesn't mean either of us interpreted it incorrectly.
I'm sure you don't want to have minitrue. Just as I am sure most people who made Russian revolution didn't really intend to have Gulag, Joseph Stalin, Hungary of 1956 and Prague of 1968. These things however have certain logic of its own, and gatekeeping tends to unfold into the direction of minitrue. That's just the internal logic of the things - and we can see it unfolding right now. First it was promoting the rightthinkers, then demoting the wrongthinkers, then banning the wrongthinkers from a platform, then banning the wrongthinkers from all platforms, then banning all mentions of wrongthinkers, then banning services that allow wrongthinkers, then destroying all services that allow wrongthinkers... Pretty soon there's just no place where wrongthink can happen, and how it's different from minitrue? That it's a trillion-dollar corporation that is doing it, not the government? DO I really care? The result is the same.
> "amplifying factual voices", which for a browser platform can mean only one thing - abandoning neutrality and privileging certain type of content
If you equate being factual with abandoning neutrality, you're not being political nor apolitical. That's just anti-intellectualism.
> one that the gatekeepers agree with and thus call "factual"
And the fact you're putting the word factual in scare-quotes only emphasises this further.
Your comment then veers into some vague Facebook comparison which I frankly couldn't parse: I'm not sure if you're making out that Facebook is benign or not?
It's not "being factual". It's you forcing me to accept your definition of "factual". That's the crux of the question - it's no longer my choice, the gatekeeper chooses for me what is "fact" and what is not, and I have no option of applying my own intellect and make my own choice - the choice is made for me, the conclusions are prepared in advance for me and the information is pre-filtered and pre-arranged to push me into accepting whatever vision of the world the gatekeeper privileges. I don't have an option to even know there exists something outside of gatekeeper's filter, let alone build my own filter according to my own preferences.
That's why the quotes are there - because it's literally what the quotes are for, to emphasize it's not my definition and not may decision - it's gatekeeper's, and I have no control and no input on it. If you think eating up pre-filtered and pre-digested information is "intellectualism", you definition of it is very different than mine.
> you're making out that Facebook is benign or not?
That's what using pre-digested information does for you - you become unable to parse things that aren't pre-digested. I will help you to make it clear - Facebook is evil, but the major point is not whether it's evil or not, but the role of information gatekeeper that it performs. Applied to a browser platform, this approach is dangerous and unacceptable to anybody who values their own intellect and is not scared of actually using it once in a while instead of outsourcing this function to a gatekeeper body.
> It's you forcing me to accept your definition of "factual"
Do you have a link to this definition that doesn't match your own? I'd be curious to see varying definitions of "factual"; it might make this issue easier to discuss.
> it's no longer my choice, the gatekeeper chooses for me what is "fact" and what is not, and I have no option of applying my own intellect and make my own choice - the choice is made for me, the conclusions are prepared in advance for me and the information is pre-filtered and pre-arranged to push me into accepting whatever vision of the world the gatekeeper privileges
You use two words here: "pre-filtered" and "pre-arranged"
Pre-filtering is not what's been proposed in the article. We've already covered that above, so lets not reiterate... any implied pre-filtering here is imagined.
Pre-arrangement is the world we live in and the very definition of the modern internet. What's been proposed is to introduce an improvement to how things are pre-arranged. I'd love to live in your utopia where we have the time to read everything in Google's index one-by-one and select which ones we value individually, but here in the real world, things are pre-arranged. This is about trying to find the best way to ensure that that pre-arrangement is not horribly skewed and corrupt.
> I'd be curious to see varying definitions of "factual"
Go to any "fact checking" site, they regularly "fact check" opinions and predictions about the future, which can't be "factual". Ask any of the current gatekeepers, which regularly block people expressing controversial opinions (about things like how to handle the beer bug or riots or any other current issue) for "misinformation" - completely ignoring the idea that opinions and facts are different things. The definition of "fact" in "fact checking" is basically "fact is something you don't get deplatformed for saying", more or less. Of course there's no better definition - why would they commit to any definition if "fact is what we say it is" works so well?
> Pre-filtering is not what's been proposed in the article
It is. That's what "amplifying factual voices" is - that is the only thing it could be - a filter. It doesn't have to be 100% block - but to be of any efficiency, it has to privilege one viewpoint and suppress another, and the choice will be made by the gatekeeper. It's not imagination - it's a basic requirement without which any mechanism like that would be useless. It has to make privileged opinion easy to reach, and excluded opinion hard to reach, otherwise there's no amplification.
> What's been proposed is to introduce an improvement to how things are pre-arranged
"Improvement" is a tricky word. When you define what is better for me, and "improve" things according to your definition, what happens if I disagree about what is better for me? Then your "improvements" are actually obstacles for me. But what if you're so sure you know what is better for me that you are determined to force it on me regardless of my opinion? That makes any such "improver" my enemy - they may think they are helping, but they are not, they are hurting.
> This is about trying to find the best way
When the "best way" is determined unilaterally by the oligarchy of the gatekeepers, it's usually the way that is best for them, not for me. I didn't ask for their help, and yet they are determined to force their "best way" onto me, whether I want it or not, whether I consider it best or not. This is a very common pattern that is repeated in human history again and again. Being on the receiving end of it is never fun, and rarely improves anything for the people being "helped" against their will.
I could not have put it better myself. Once a browser gets political, you can bet for others to join them. And allowing a browser to control what articles/arguments you see is allowing the company behind the browser to control you politically. I think we can all agree this would not end well.
An example for the privacy focused argument is the EFF panopticlick (I think they renamed it recently) test, which shows that, while Firefox is definitely good, Brave seems to be a little bit better in some aspects. And again, I want to repeat that I do not think that Firefox is a bad browser in any way, I just disagree with some of Mozilla's business decisions. The browser itself is great.
I initially responded to this thread with being legitimately "genuinely curious" as to why you think Brave > Firefox, as it seems a lot of people have that same thought. However, every time I get into a dialogue like this there isn't any proof in the pudding. I'm sure Brave is a decent browser, but there doesn't seem to be any real reason to switch. I've been using Firefox for more than a decade, it's open-source, from a non-profit, great community, frequently updated, on-par with Chrome in-terms of performance/speed.
Everything I hear is just hollow words- "I just disagree with some of Mozilla's business decisions" / "it's more privacy-focused than Mozilla Firefox" / "it's less politically focused than Mozilla Firefox" / "Brave seems to be a little bit better in some aspects"
Why don't you count these examples as arguments if I may ask?
Even small things being better in one or another browser are still arguments if both browsers are good.
Also, for me, the company behind the browser matters too, especially since donations to mozilla barely go to the Firefox dev team.
I get that those are not good arguments for everybody, but just dismissing them just because you do not care about them that much seems a little bit harsh.
Well so far you've given me a political article you misinterpreted based on a headline and I did try googling the EFF Panopticlick study on browsers- and there's an article from 2017 but no data or stats I can find? You haven't told me why you disagree with the company / business decisions so I have nothing to go off there...
I'm not being harsh, you just haven't presented anything beyond empty words.
As I said, in my opinion Mozilla does invest too much into side projects, upper-level managers and marketing and too little into the browser development and web development itself (for example the MDN layoffs). That's also why I stopped donating to them.
The panopticlick test (now renamed to coveryourtracks) is not a study, but a test you can actually do yourself with different browsers: https://coveryourtracks.eff.org/
And at this point I don't think it is worth it for me to invest more time arguing anymore, since you seemingly did not read my comments. There are plenty of other comments addressing all the "issues" you were talking about.
Brave beats Firefox on the EFF test because it randomises parts of its fingerprint, which the Tor project seems to reject as a strategy for anonymity [1].
I find the claim that Firefox is less privacy focused than Brave a bit questionable. Brave certainly seems to have good and probably better defaults in that regard, but remember that Firefox is basically developed in collaboration with the Tor project and as a result has various significant (mainly non-default) privacy features architected in such as first party isolation, containers, and Tor-project-approved fingerprint resistance. Easily-disabled telemetry seems like a small hassle compared to such concrete privacy features which do not exist elsewhere.
And for example with something like first party isolation, it is unclear whether Brave would even want or be able to to maintain such a patch set on top of Chromium when it requires quite deep integration with the browser engine.
There’s also the manifest v3 stuff which will presumably end up in Brave at some point.
You hadn't mentioned your first point, so not sure how I would have known that.
I will indeed test both browsers, if Brave is objectively better obviously I want to use it... However, I wish there was just stats on both browsers we could see side by side.
People in the other thread clearly read the article more thoroughly than you read the other thread.
Everyone in that thread knows what the article says. You’re just rehashing arguments here that they’ve already responded to there. And you’re not even addressing any of their points.
I agree that's the worst part about Brave. Browser engine diversity is as important as browser diversity in general, but the modern web seems to be too complicated to achieve this.
Brave is also based on Chromium, which defeats the entire purpose of the suggestion. Using Brave over Firefox only gives Google more power to dictate web standards.
I also find it funny how in every browser related thread there's inevitably someone selling Brave in the comments, usually near a Firefox comment.
I've never personally used Brave -- my only interaction with it was when one of my profs in university invited a guy for a talk who then basically proceeded to shill Brave for half the talk. It left an awful taste in my mouth and continues to do so.
I don't think it is advertising focused as much as it tries to give a path for monetization. You can use Brave's currency to pay content providers (website owners) to reward them for their creation. To me, that's the opposite of being focused on advertising, since it gives people a way to operate without relying on advertising as the sole monetization strategy. More at https://www.pcmag.com/how-to/how-to-earn-and-use-cryptocurre...
However, you must keep in mind that BAT is brave’s profit motive. Google only rejected the proposal because of money, you can’t expect brave to stay angelic in behavior forever.
Sadly, browser engines have become complicated enough, that an unfunded open source project is unsustainable after some time. In my opinion, Brave offers a new attempt to solve this (and other) problems with the modern web. I understand that not everybody likes this business model, but I think everybody has to decide on its own, which browser they want to use. After all, browser diversity is important.
If browser diversity is important to you I can't see how you would want to support Brave? No matter how good it is still Chrome you support. If we ended up without Firefox, how do you think Brave users would protest and try to force a bug in standard compliance of CSS to be fixed for example? The answer is they wouldn't as for them and everyone else using Chrome it would be invisible. Chrome is cancer like Internet Explorer, except it has now metastasized.
Supporting Brave is supporting a future monoculture of the web with fancy browser reskins and no matter how good Braves added features are it doesn't change the fundamental problem but becomes a part of it, working for instead of against the good of users.
Yes they are using sponsored images on their new tab page, but at least these are privacy focused, and you can easily disable them. After all, even open source projects need sponsoring.
I'd much rather have some sponsored images than have my data being sold or turned into advertisements.
I read big discussions on Brave on HN yesterday and immediately tried switching to it. Uninstalled within an hour, it was too bloated and performed unironically slower on my computer.
They have the same browser market share as ‘Samsung Internet’ and have been consistently declining - it’s completely lost on me why people here get so uptight about their sacred cow Firefox. Is it nostalgia? I have no clue.
It's literally the only reasonable [0] non-chromium browser left. Everything else builds upon Google's Chromium, including Brave and Edge. If Firefox dies, the Chromium implementation, which is controlled by Google, becomes the web standard, even more than it already is, with all the drawbacks. Of course, you could fork it, but given that all except one competitor have left the scene and the insane amount required to maintain a browser engine, this is not going to happen. We're lucky Mozilla has already sunk that cost.
[0] Yes, there's Lynx and some hobby browsers and yes, there are people who use them as dailys. But you can not reasonably expect anyone to work with them or get a non-technical person to live with those.
Forks of Chromium are not controlled by Google. Google gave up the legal right to restrict what other parties can do with Chromium when they released it under a liberal open-source license. Google has a little influence over Chromium in that the people that designed and implemented Chromium mostly still work for Google.
Google has more control over Mozilla than they do over organizations that have forked Chromium because about 90% of Mozilla's revenue comes from Google.
Technically there is WebKit which powers safari and gnome web. The good thing is that iOS app store basically forces you to use WebKit for websites so it won't die. Bad news is that Apple does not really like the new web standards and in the name of privacy simply doesn't implement standards that can give web apps an edge over native iOS apps. And Gnome Web currently has licencing issues with webrtc and media support is poor(gstreamer). Also Chromium is a WebKit fork pre 2013 so it shares several quirks with Safari(prob some of the old standards) which is a prob in itself
> If Firefox dies, the Chromium implementation, which is controlled by Google, becomes the web standard
But this just isn’t true - just like Linux (which dominates the web server space) there are multiple parties working on and forking chromium - if google introduced something someone didn’t like they can maintain their own fork and plenty of people are.
Additionally there are other alternatives that enjoy 5x+ the market share of Firefox, most notably, safari/WebKit.
Maintaining a fork becomes progressively harder as upstream adds features or does code cleanup. And with the pace of modern standard development, this happens sooner rather than later. So in practice, all major Blink-based browsers seem to use codebase that closely tracks upstream, if not upstream itself.
Because without Firefox we only have the new version of Internet Explorer, now with fancy skins. How Google defines the web standards are how every chromium variant defines it. I get it, not everyone cares about having a web not defined by advertising companies but those that do only have Firefox, like it or not.
>The majority of Mozilla Corporation's revenue is from royalties earned through Firefox web browser search partnerships and distribution deals. Precisely 94% of Mozilla revenues came through royalties received by search engines to be featured on its Mozilla Firefox browser.
Don't let the virtue signaling of one random who has access to blog on Mozilla's website put you off. Keep believing in whatever that is, we'll eventually get out of this echo chamber.
Reveal who is paying for advertisements, how much they are paying and who is being targeted.
Commit to meaningful transparency of platform algorithms so we know how and what content is being amplified, to whom, and the associated impact.
Turn on by default the tools to amplify factual voices over disinformation.
Work with independent researchers to facilitate in-depth studies of the platforms’ impact on people and our societies, and what we can do to improve things.
> Turn on by default the tools to amplify factual voices over disinformation.
Considering that, in the Firefox article, this links to an article [1] by The New York Times lamenting with no self-awareness whatsoever that Facebook reversed its temporary signal-boosting of The New York Times... I'm really not comfortable with how "factual" is being defined.
Like, I'm all for researching new ways to share and promote information and fact-checking.
I just don't want them to stop at "We should all listen to what the mainstream center-left media says".
Why should that political view affect your technical decision? You choose and use browsers to browse the internet, not to show or reject support to some political alignment.
I've seen a few people on HN objecting to it too but they didn't seem to have read the actual post.
There's nothing in the post that condones (or condemns) deplatforming. TL;DR of the article is: "Deplatforming happened, but here are 4 additional/different things that are needed that would be more impactful than deplatforming"
> warning that an eliminated of ubiquitous ad-tracking cookies would mean the end of the web as we know it
Much of my paycheck ultimately depends on ad-tracking cookies. My employer might well not survive their elimination. Still, this sounds to me more like an enticement than a warning. Yes, please, let's rebuild the web with only opt-in tracking.
Yeah, I wouldn't want to give a group optimizing for one dimension veto power over my n-dimensional effort either. Single-issue voters can really gum up the works in a lot of different ways.
The irony is that Google have the power the block any new technical specification thanks to their monopoly over the browser market. They can just not implement a spec and it's dead.
Never mind. I was able to get the info from comments here. It makes sense to No this. Creation of these But First We Must Stamp things on proposals always stalls technical proposals. I'm on Google's side here.
Heads up - googles browser, despite not being packaged with Windows or Mac, absolutely dominates market share. They, not these other companies, developed a web browser that people want.
The point I'm making - GOOGLE, not these standards bodies decides what is a standard.
Back when NN and IE were still in heavy competition, users did choose IE - partly because it was better at standards in some respects (ironically), but mostly because it was free. Once that happened, IE-only websites proliferated, effectively locking the users into the ecosystem.
We're now seeing the same process play out with Chrome. I agree that Chrome became dominant for better reasons than IE, but the outcome is harmful either way.
Keep in mind Google is the default browser on Android. Many corporates load Chrome as the default browser as part of their setup process for new machines. For many naive people Chrome is the default browser. It's been a long time since I've seen a a windows machine provisioned by a corporate with Edge as the default browser. Many corporates also warn people away from Edge, Safari, Firefox and other "undesirable" browsers. So IMHO it's not demand from people but really for many the decision has been imposed on them by others.
I don't know why you are downvoted - this is absolutely true. Again, this is not because Chrome ships by default for Mac's or PC's, but because it's a great development target for corp environment and there is a feeling there that security is better on chrome than it was for IE (corps are slow / but have longer memories and IE has had some miserable bugs). Where I work the switch to gsuite and chrome seemed to knock down spam / malware amazingly (if you turn on the delayed delivery / strong malware protection) This does result in I think chrome uploading code or hashes of code you download to google or something as part of advanced monitoring.
Web standards were great solution to break the undocumented IE6 monopoly, but now Apple can just do whatever it wants to compete with Google on privacy. Also the fun stuff is that it took over Chrome in the web speed race using better hardware.
Can someone elaborate on what was actually vetoed? Article mentions `charter change for the Privacy Interest Group (PING)` not clear for me what it means
Looks like they veto'd giving PING (an interest group within the W3C) veto power.
"Google was the only member of the W3C to vote “No” to a proposed charter change for the Privacy Interest Group (PING), a working group of the W3C dedicated to web privacy matters. Concerned that web privacy issues were being routinely ignored by many working groups of the W3C, the Privacy Interest Group sought to expand its charter, such that it would have the ability to block any new technical specification that it felt would have negative implications for web privacy. "
Here's what I got from sniffing through the group's posts.
The proposed charter is at [0]. Google raised an objection to the charter in [1]. Chris Wilson posted some clarifications in [2] and Daniel Glazmen posted a response/comment in [3].
As far as I can tell, an objection was raised in a consensus-based discussion. I didn't see any evidence of support from the "other 23" or of any actual vote taking place. I'd assume that others would know more about any such details.
If they were, google and FB could have colluded so that only one org needs to take the PR fallout. Does anyone have more information on where to find the text of the standard in question? There are no outside links on this page that show what exactly the proposal was.
Ah, I was confused because it sounded like this was on a proposed privacy standard. Are the votes private, or is there a public webpage about the vote outcome?
> Throughout much of 2019, Internet tech giant Google has attempted to portray itself as a public champion of web privacy
Wait did anyone in the world actually believe this? Their primary business model relies on the opposite. The only privacy aspect they would naturally care about is keeping user data private from competitors.
Rough Consensus is easier than Consensus. Rough consensus is good enough for the IETF.
I'm not saying "Veto is evil" but I am unsure this was a wise decision for a policy forum to take. Arguably it is, only fully mutually agreed positions should emerge, but that really is a defence of the status quo, in almost all cases.
Ohh Please, W3C was taken over years ago by Google, this is clear showing of that
The fact that it requires unanimous consent to get anything moved forward shows the problem with the organization, and it is something that Google Enjoys
They have their market dominance, if w3c does what they want great, if not Google will do it anyway and if w3c takes up something Google dislikes they will block if even if every other members wants it done.
I am still shocked by the number of Google Defenders there are ... 2021 Google's mantra may as well be "Always do evil"
For many of the basic standards including HTML, WHATWG has already taken over in relevance (thanks, in no small part, on the strong desire by W3C to actually have two interoperable implementations).
WHATWG is a cooperation between Apple, Google, Mozilla, Microsoft as far as control goes.
W3C is already irrelevant some people just have not realized it yet
The Web is controlled by Google, Full Stop.
There is no "standards" there is Google. This has been shown more than a few times with things that Google Wanted, others opposes but some how the w3c always sides with google... hmmmm I wonder why that is
Nothing will replace it because 85ish Percent of the Browser Market is Chrome or Chromium Based. Chrome, Edge, Brave, <<insert name of your fav chrome clone here>>
I fully expect to see FireFox become chromium based with in the next 5 years.
While everyone was beating IE and Microsoft we surrendered the web to Google and Chrome
it will take a generation to win that back, if ever
These are fair points, and touches on what I was getting at, even if you arrive at a different conclusion - W3C is a standards body, but implementation is up to clients.
Why do you expect Firefox to go Chromium-based? It seems a large part of Firefox's success is that it is an alternative to Google code.
Second:
> Concerned that web privacy issues were being routinely ignored by many working groups of the W3C, the Privacy Interest Group sought to expand its charter, such that it would have the ability to block any new technical specification that it felt would have negative implications for web privacy.
This wasn't just that Google "vetoed" a new privacy standard, they actually just vetoed the group's ability to "veto" future standards.
Everyone voted for it, except Google. And that was enough to block it.
To Google engineers: https://www.youtube.com/watch?v=VImnpErdDzA