How can you tell?
point your url bar to about:telemetry
It shows you all the data that has been gathered.
(Though IIRC it might still show stuff even when you've disabled telemetry -- in that case the data is being aggregated locally but not sent.)
Go to https://telemetry.mozilla.org
To look at the data on the server side. There are more sophisticated ways of querying it, but obviously not everybody can just be handed access to run arbitrary analysis code.
How you probably think it works in Firefox and how it actually works in Firefox are two different things, by the way:
>A journaling feature has been added for QA purposes.
What exactly does that mean?
It's not this convoluted. Give people their privacy.
I argued with someone about how we shouldn’t expect privacy with a cell phone, I don’t see how a 24/7 location tracking device that reads data telemetry (even if you use a custom privacy rom you connect to the towers and send telemetry) can ever be seen as private. PCs are usually compromised with Intel ME or AMD ST (unless you have a specially modded one or use old government contracted ones with them disabled).
It's really apparent when I socks proxy into a remote site (via limited 2G) to view a few kB worth of HTML admin page and firefox starts autoupdating a bunch of remote resources.
Browsers know much more. Most channels are encrypted nowadays so ISP doesn't know what you talk about on internets.
I just switched the Librewolf, and installed the plugin there. It's working as expected, and I won't be forced (or incessantly nagged) to update the browser as I was with Firefox.
Thank you for your work on a great browser, but if you have any pull at Mozilla please tell them they're losing core users for good with these forced, unannounced, irrevocable changes to how users work in a browser.
That said, on Android, I don't see a single telemetry.mozilla.org entry in my DNS query logs.
Our primary objective is anti-censorship, and so, we make it simple for folks to deploy their own DoH (which means all our code is open source). Today, the serverless DoH stub resolver deploys to cloudflare workers but we plan to support deno.com/deploy and fly.io soon (already have it working in our development branches but the incompatibility between node and deno is causing a bit of pain to merge with mainline). RethinkDNS is the reference serverless DoH deployment, if you will.
We support DNS-based content-blocking too (out of sheer need for it from our users) but believe the right avenue to block content is either in-app where possible (like uBlockOrigin in Firefox) or at the IP-layer (not DNS), and hence we also build a Firewall (due to limited time, the RethinkDNS + Firewall app is Android-only, for the time being ).
That said, we do plan to achieve parity with NextDNS, but that's going to happen over a period of time since our team of 3 is stretched thin between building the firewall (too much complexity!) and the dns (too much work!).
Look at the speedrunning community for example: sometimes it’s not just a tiny group, but a single person that sees something that the devs did not, and that can lead to fixing “wtf” bugs for everyone else.
Should written feedback overrule a bigger data set?
Ignoring the people who actually take the time to communicate problems in favor of interpreted telemetry is exactly why Firefox is losing. Taking direction from technical users, or so-called power users, can give the application improvements in nuanced and technical uses. Taking direction from anonymous "averages" makes development a race to the bottom.
Firefox developments over the last couple years feels like what would happen if you put grandma in charge of trying to make things better. To put it bluntly, fuck grandma, she doesn't know what the hell she's doing anyway. Firefox used to be a Lamborghini, it doesn't need training wheels and balloon bumpers. Lean into technical excellence and drop the obsessive ui/ux nonsense.
Once it was clear that Chrome was destined to cater to the masses, Firefox should have done a hard pivot with an emphasis on privacy and putting the user in control of their browsing experience. The best time to do this was a few years back when all of this was becoming obvious, but now with massive popular distrust of large tech companies like Facebook and Google making daily news, the second best time is now.
There's a reason I run Linux and BSD on every computing device I own, instead of Windows or Mac. It's not because it's easier to use (they are not), it is not because it has more bells and whistles (they do not). It's because at the end of the day, _I_ am the one in control of my computers, not some product manager who needs bullet points on his or her annual review.
There is no universe in which Firefox is going to successfully compete against Google at their own game, especially when Google is _still_ the majority source of their funding. I have no evidence for or against this, but my greatest fear is that the people at Mozilla who were passionate about the same things that I am passionate about have left out of frustration and the only ones left are there for the lifestyle and hipsterness of "working in tech" at a non-profit in a trendy city.
To illustrate what I mean here, if you want a fork with an emphasis on privacy you can just use LibreWolf. It is the entire thread we are responding to, the thing you want exists right now. But I don't see people exactly flocking to use that, your comment seems to not even acknowledge that it exists!
Why do you believe that catering to the masses implies not focusing on privacy and putting the user in control of their browsing experience?
If it isn't customizable by the type of users who care about customization, then what is the reason to use Firefox instead of what ships with your OS or Chrome. Why would "typical users" have chosen Firefox in the first place without some vocal user suggesting it?
I still use Firefox for everything, I'm just sad that the lack of inspiration in the project means that it might not be a viable option in a few years. Maybe they're aiming for making 98% of users happy, and matching 98% of the features of other browsers, but it needs to have some reason to exist. Usability testing without innovation is that different from p-hacking without hypotheses in science.
Anyway, compact density was a non-default option, so it's difficult to understand why the option had to be deprecated. Compare that to MacOS. I didn't upgrade to Big Sur until Apple restored the option `NSWindowShouldDragOnGesture`, which allows you to drag a window from any pixel when you hold down control-option-command. Out of a billion users, I'd be surprised if more than 5,000 users care about this feature. (ie >99.9995% probably don't care) I only use the feature in combination with Karabiner Elements to change the command and Steermouse to recognize mouse button chords, but I invoke the command every couple minutes. Nevertheless it was restored, and it never disappeared in Monterey. Is it the budget alone that allows Apple to be simultaneously opinionated in their UI design and user accommodating, or is it completely different attitudes about users?
You can use nothing but positive data-driven results to drive yourself out of existence, and it's rather easy. Direct, human feedback is absolutely essential.
And it's not like Firefox has no Nightly or Beta branch to test the waters before making a significant change. For example, during the prerelease phase of the so-called Proton UI, there was no shortage of clear feedback about it. A lot of it was legitimate criticism about accessibility (harder to distinguish inactive horizontal tabs because the separators were removed; part of the new palette did not have enough contrast; etc.) and usability (e.g. in cases of low screen estate, some menus were suddenly so huge that they'd not fit within the height of the screen).
Mozilla is slowly fixing some of these issues, which is a good sign IMO, but also sticking to some other "deliberate design decisions" that still remain controversial. I largely do not believe in design-by-committee, by the way. However, I believe that all valid feedback should be evaluated and taken into consideration if it's critical.
Firefox doesn't block ads because they're funded by Google and they have ads in their own browser. Nobody likes ads. Especially not in the browser. This contributes to the decline. Firefox doesn't advertise with security snake oil, and they beg for money a lot, which is the exact opposite of the model proposed by the only browser that's rapidly shot up in market share in the last decade rather than roughly stagnating.
Did anything of the sort ever happened at all or are we only entertaining thought experiments?
This line of reasoning doesn't add anything of value because the same fear mongering applies to LibreWolf and any other project just the same.
I don’t know a lot about how Arch’s AUR works but this seems like something that could be made an AUR package for example with special configuration while still using “base” Firefox to put it together, rather than profiling it as a new product.
Or do extensions not have access to these settings?
For example, you can't change user settings from an extension. Or install other extensions.
It's means people have one less reason for sticking with firefox and means more people will stick with what comes with the OS / what google advertises everywhere / what works better with their favorite websites.
Doing all that on stock Firefox is a lot of work which is why I prefer the developers of LibreWolf to do it for me. Call me lazy if you want.
There is the added benefit of new Firefox features getting stripped in later releases of LibreWolf that otherwise would have gone un-noticed by me. Also: Trimming down the browser traffic and stopping it from being really chatty with Mozilla servers is great (if you don't like Mozilla for whatever reason).
Am very interested in LibreWolf for this reason.
YIKES. Automatic updates are incredibly important for security. Disabling them by default is highly concerning.
Does the browser support (manual) self-updates at all, or has that functionality been disabled entirely?
I understand the argument that my grandmother should probably enable auto-updates, because otherwise she could easily end up months behind on releases.
But I care deeply about my personal computing environment. I notice every minuscule change because I'm on my computer for hours and hours each day. Sometimes I'm in the middle of some important projects and I don't want anything to automatically update. Sometimes I'm really productive during an afternoon and I don't want to waste time and lose momentum on an update (or some bug, or UI change, as a result of that update). Sometimes I've heard about some problem coming down the pipe in the next update and I'd rather wait until there's mitigations to make that change work better with my specific setup.
Automatic updates basically assume that I have the computing proficiency of my grandmother. But I actually manage my computer in a very conscious, thoughtful way. All software should provide the ability to disable automatic updates (and update nagging) out of respect for power users. It's OK to hide it in a developer or advanced menu. Just give me the option.
That being said: automatic updates are a sensible default for the same reason. But let me opt out, and (Mozilla, are you listening?) for the love of god please don't override my preferences back to automatic updates when you decide to change the UI of preferences.
> But let me opt out
It seems to me that you can opt out. You can use the "Check for updates but let you choose to install them" setting in `about:preferences`. Or you can use the exact policy currently under discussion: `DisableAppUpdate`. Or there is another policy called `ManualAppUpdateOnly` .
> (Mozilla, are you listening?)
Why yes, we are listening. We have heard many people request the ability to disable automatic updates, which is why we have the options that I mentioned above. If you feel that these options don't meet your needs, we would really appreciate you filing a bug . We will get to it fastest if you put it in the correct component (which for this issue is `Toolkit::Application Update`).
> for the love of god please don't override my preferences back to automatic updates when you decide to change the UI of preferences.
I'm guessing that you are referring to when we removed the "Never install updates" setting ? This wasn't fundamentally a UI change. We had several good reasons to remove the underlying pref. Naturally, that meant that the UI for that pref went away as well. I won't spend a lot of time getting into our reasoning here, but we would be happy to discuss it with you if you want to chat with us about it. You can find us in the `#install-update:mozilla.org` channel on https://chat.mozilla.org
Perhaps more importantly, companies that offer software that can auto-update itself, can also make it so that the software uninstalls itself. Or worse, installs something you don't want. It also makes for an especially juicy target for supply chain attackers. So you have quite a bit of a double-edged sword there, from a security standpoint.
I wonder when we're going to stop pretending that there shouldn't be at least a fuzzy divide between software and systems intended for technical users and software for non-technical users. (And we should not be afraid to label them as such.) I fully agree with auto-updates for mass-market software but as a technical user, I don't want the system that I rely upon to make a living to constantly be changing out from underneath me.
Browsers run untrusted code 0-24, which get JIT compiled to machine code through a very complex and bug-prone process. Add to that that desktop OSs are quite lacking when it comes to sandboxes, so even with browser sandboxes, the potential for serious damage is quire hard.
So, staying ahead of bugs is a must.
So, stopping to be a junkie is must.
Didn't you get the analogy? If your'e using software equivalent to the mindstate of some longtime crackhead with shrunken brains, there isn't much you can do to get the brain repaired.
You could pretend to do so, but you could also just switch off/disable the dangerous stuff, even if it locks you out from some content. Which could be seen as another addiction. So stop accessing that, too.
Enjoy your fever dreams, where it is considered normal to build skyscrapers on a foundation of a house of cards,
which requires constant maintenance by an army of people equal only to the builders of the pyramids.
Make Work! Make Work!
Even then, there's a difference between "automatic updates aren't enabled by default" and "the application cannot update itself at all, even if you ask it to, so you'll have to download the new version yourself" -- and it sounds like this developer has chosen the latter.
It has been disabled, as per the policy. It looks something like this in the policies.json file:
In terms of security, it kind of sucks having to manually do this, but it's a small price to pay for a hardened stripped down Firefox with all the Mozilla crap (Pocket, Telemetry etc) stripped out.
Even if I do trust the developers, are they really capable of keeping a modern complex browser secure in the hostile environment of todays internet? It has millions of lines of code in multiple languages with a history going back 2 decades. I can't find:
- who is responsible for the project security
- their CVE policies
- policies for back porting Firefox patches etc
- update schedules
They also removed the auto-updater which is critical to ensuring browsers get the latest patches.
I'm really skeptical about the (undocumented) "hundreds of privacy/security/performance settings and patches" they claim to have implemented. What exactly cannot be achieved through settings and addons?
- automatic builds and uploads via GitHub/GitLab CI (or similar) from a well-commented build script
- all the knobs for reproducible builds set up, so anyone can fork the repo, run the CI themselves, and see that it's bit-for-bit the same thing
- an automatic merge or rebase of the latest stable release tag, and the result of that merge being plugged into automatic updates
- an automatic merge or rebase of the latest beta tag (or even nightly), and some form of alerting if the build fails
- perhaps some Selenium + Wireshark automation to see what requests happen and make sure there are no unexpected ones
And, actually, it seems like LibreWolf is on the way there. https://gitlab.com/librewolf-community/browser/common has a decently-well-commented build script that grabs the latest tarball from Mozilla and builds on top of it and even supports building on nightly, and their documentation (https://librewolf-community.gitlab.io/docs/) mentions that as well. But I don't see where it is run / who runs it, and what they do if the build fails.
(Honestly it seems like setting up the release automation and alerting is a substantial project in itself.)
Plus, the build takes several hours on my Ubuntu machine, so unknown what the CI job timeout is or how beefy the runners need to be in order to not OOM a monster C++ linker
I want to be careful with this commentary, because it's just my opinion as an outsider, and ultimately it's their project. But I struggle mightily with the decision tree that lead one to have a home grown build system written in npm that shells out to depot_tools, gclient, a bunch of manual git clones (although there are some git submodules, too), then a ... fascinating ... manual patching system layered on top of it all. I'm glad it works for them, but it makes wading in by the casual user incredibly hard.
Compare that to mozbuild (and its new "mach" friend) that as very best I can tell is python all the way down and since their CI system is also open source, one can very easily crib enough config files to build it locally
Would be nice to have a FF variant that are capable to be equal as Firefox like Chrome, Brave & Vivaldi. For Firefox variant, I couldn't think of variant that could have an equal footing.
Otherwise if it's just on a whim of the lead dev, that often does not scale. And we've seen with lots of projects, that actual regular-user feedback, not power-users, is crucial in taking those decisions. Switching off telemetry is easy, but I suppose you also have concerns about technical issues, and those can be really difficult to compromise on (a lot of people suggested forks when XUL was removed.. but today probably very few people would want XUL back).
To have a successful fork, you need devs with either a business model behind it, or enough motivation to maintain it as a hobby. For a while, it worked for Iceweasel, but it was just branding. Firefox is complex, requires a lot resources to build, distribute binaries, etc.
I'm not affiliated to Mozilla, but I do help maintain another open source project, where, in my opinion, power-users and consultants drove the project in a direction that made the product more difficult to use, and therefore gave it a bad reputation and limited growth. I can say that because I have access to some of the telemetry, and also because I talk to a lot of random users as part of my work.
In general, that's true. But Firefox is an exception to this.
The most important thing to a regular user, is that their websites work. But for websites to work, the developer had to test in Firefox. So, Firefox's alienation of power users has hurt its regular userbase.
There's also the distinction between users vs customers. Most users pay nothing for Firefox. A relatively small number of free-software lovers provide donations. If they want more of those people to give more money, Mozilla would have to cater to power users. This leaves Mozilla's main customer as being Google, who doesn't really want Firefox to be good.
The other exception to this, is if the software you're making is so specialized, that you can get by on a handful of large institutional customers. Obviously this is not where Mozilla is, it's just another case where telemetry is not necessary.
It more read like some marketing FOMO inducing lingo like "use the new feature better now or you will miss out once they're gone".
Do you have a user panel at Mozilla to vet stuff like that? I would love to participate. Being a Moz suite user since 1998.
But reading this and answering for Mozilla staff should get them some feedback:
> What’s next for Firefox colorways?
We’ll see. We’ll go where our customers take us.
Well, I saw and I clicked to skip this BS.
With that said, I don't really like telemetry and will turn it off.
Some of the replies to your question state "money" but there are also more fundamental reasons of choosing Chromium over Gecko: technical functionality and performance (especially on mobile).
You'd think an ex-Firefox programmer and Mozilla co-founder such as Brendan Eich would have chosen Gecko for Brave but he didn't. He explains in a previous comment why he switched from Gecko to Chromium:
So the "hidden" reason people are not comfortable saying (except maybe Brendan Eich) is that Gecko isn't as good as Chromium as a foundation for forking. That's why you get a bunch of companies independently choosing Chromium instead of Gecko such as :
- Github Electron based on Chromium
- Qt QtWebEngine uses Chromium
- Opera Vivaldi switches from Presto to Chromium
- Microsoft Edge switches from Trident to Chromium
- Brave switches from Gecko to Chromium
Some speculate Gecko's MPL license instead of Chromium's BSD might also be a factor.
That said, I work on Gecko and it is indeed an old crufty codebase with numerous issues. From what I've seen of Blink, it seems surprisingly similar (overall; the specific problem areas are different). And Gecko has a surprising willingness to rewrite or revamp core aspects of the codebase -- by some metrics, it appears to be more nimble than Blink (eg, site isolation to separate processes was a massive project for both codebases, and it looks like although Gecko started and finished later, the elapsed time is a couple years less.)
On the other hand, Eich was pretty well in touch with the Gecko codebase, so his opinion should carry some weight. (Somewhat counterbalanced by his seeming enthusiasm for burning some bridges behind him, but that gets into very speculative territory.)
I tend to agree that Gecko isn't as good as Chromium as a foundation for forking, though. I think working with the Mozilla development community is actually quite a bit better than working with Chromium's, but Gecko is pretty unapologetically focused on Mozilla's product needs and Mozilla doesn't have the resources to properly support external embedders or forks.
Your "seeming enthusiasm for burning some bridges behind him" is bunk. On what did you base it?
Again, we started Brave based on Gecko (multiprocess sandboxed embedding via Graphene, which was developed for FirefoxOS). We did not just jump to Chromium upon founding. A startup is a no-BS/little-room-for-error setting with scarce capital. To suggest I did anything uneconomic out of spite is silly.
Perhaps "vague" is too loaded a word? I did not mean it as an insult or complaint, I was just pointing out the fact that the reasons were unclear because they were mentioned but not described. Twitter's character limit is a perfectly valid reason for that. And the literal meaning of the word "vague" applies perfectly.
> Your "seeming enthusiasm for burning some bridges behind him" is bunk. On what did you base it?
> ...To suggest I did anything uneconomic out of spite is silly.
I was not suggesting that.
Sorry, it seems I did not describe myself well. "Burning bridges" was not a reference to making anti-Gecko technical decisions. It's about unrelated public postings that I object to, but I don't think that here is a place to get into it.
I am confident that the bases for your technical choices were well-founded and I have no reason to suspect that they were made out of spite.
and wondered which ones you meant. If I burned a bridge I should try to rebuild, let me know.
If you mean the ones about Mozilla holding back tracking protection while Monica Chew was there, or the ones about Mitchell's ridiculous salary, then we must disagree on "burning bridges". I'm not going back to Mozilla, and even if I hoped to, I see no reason to lie or self-censor about bad things they did after I left.
At some point we compared gecko with a blink port on Gonk, maintaining both while we were doing performance comparison on low end mobile devices. We were looking both at memory usage and page loading speed.
I was expecting to see blink way ahead of gecko, but that was not the case at all. For some content blink was a bit better, for some it was gecko, but never with a large gap either.
Maintenance of the blink product was not easy, with barely documented internals changing a lot (it's very different to build a new product on top of blink compared to just fork an existing one like chromium). I'm not blaming the blink team, that makes sense in the context of what they do, and we were not as familiar with blink code base as with gecko. Finally we stayed on gecko because this was the best choice for us (eg. including team velocity and the amount of non standard apis to rewrite).
In my opinion if you want to start on a new browser product, the main Chromium benefits for a commercial project are:
- web compat, which unfortunately is self sustaining.
- licensing. The MPL vs. BSD doesn't matter for open source projects, but many companies (especially VC funded) are adverse to copyleft licenses. Gecko's xpcom architecture was actually not a bad fit with the MPL, since you can ship new xpcom components without publishing their code if you don't want, but that didn't make much of difference (some chipset vendors used the capability for FirefoxOS to replace the implementation of telephony apis with closed source ones).
But you need to be comfortable being subject to the whims of google (and a little bit MS now). For instance, consider the changes to web extension resource blocking capabilities with the "manifest v3": some forks plan to keep the resource blocking api working, but it's very unclear if they will be able to do so in the long term without a growing complexity of their fork that may become too high.
If you are an open source project, please don't cement Google's dominance of the web by using chromium.
Gecko deserves to have a future - it may just not be Mozilla's corp current leadership that is the best for that to happen.
I'd rather have the ability of ad-blocking and similar extensions to work on a deeper level, instead of crippling them, like on chromium-based browsers.
What about mono-culture and the risk there of?
edit: Availability of working DRM is what it all boils down to.
How do the people working on it get money to cover their bills? If they don’t have this they will work on something that does that.
A financial model is usually the blocker.
Consider this, a lot of the people who work on Linux or many other projects are corporate backed. The companies pay the developers.
Maybe we need more 501c3 and benefit corps providing basic stuff like an internet browser?
They've already adopted some infrastructure software projects into their governmental operations, not only using them, but also participating and maintaining them.
They also have many initiatives mandating the use of open source where applicable, and also suggestions of liability for closed source software by law. Harr! Unheard of! Those naughty Gauls!
Another is that doing so, and sustaining the effort, is a non-trivial amount of work. Throwing up a web page and a single release is one thing. Keeping up with the release cadence of an org like Mozilla, and the demands and expectations of a browser user base is something entirely different.
Also, "Libre" is a terrible moniker.
But that's a symptom of a different pair of issues, namely: (1) it's ambiguous what language the word is in, and (2) neither of those languages are really tech field lingua francas (English, Russian, maybe Hindi, probably in that order).
For me, as a fan of open source, Libre-something means something focused on being open source, than being a good product. And in my humble opinion, open source governance is generally not good at making big sweeping, or even just focused changes when needed, so the "Libre" moniker to me has an aftertaste of "good enough, but could be much better" compared to commercial offerings or products that have paid volunteers and stronger governance.
Something called Libre usually means it will never get nor accept any paid sponsorship, and sometimes it's what is needed to turn a decent open source product into a killer product.
None of these things are rooted in hard facts, that's the "feeling" the libre word gives me. To be honest, the only popular libre products I know of are LibreOffice (just good enough IMO) and LibreSSL, which was born after the OpenSSL fiasco, yet is still living in the shadow of OpenSSL. The "Open" word has similar shortcomings, but is less strict that the definition of libre and thus carries fewer negative connotations in my view.
Even their own developers objected to the policy, but they went ahead anyway.
That's incredibly vague. Can you explain?
How are the many forks/variants of Chromium and WebKit not affected by this "money" factor in the same way
> How are the many forks/variants of Chromium and WebKit not affected by this "money" factor in the same way
They are, but the main Webkit/Chromium forks are either large companies (microsoft) or companies trying to make money off of their forks (Brave, Vivaldi).
This here is trying to do the exact opposite. Vivaldi has ~50 employees, Brave has 150 and tens of millions in investments. Even if not all of them work on the fork management, that's a lot more resources than a dozen peeps doing that in their spare time.
More seriously, is the suggestion that FF is too complex to properly fork without full time devs?
The same is true of Chromium, btw.
>> is the suggestion that FF is too complex to properly fork without full time devs?
How many Chrome forks don't have "full time devs"? A lot of them (Vivaldi, Opera) aren't even open source!
The only one I can think of is ungoogled Chromium which is basically equivalent to this Firefox one in that the actual changes being made are miniscule.
>>>It's 20 million lines of security sensitive code. Of course it's difficult to properly fork.
Did you forget to switch accounts? Which is it? Easy or hard?
No, but nice accusation.
> Which is it? Easy or hard?
Could you spell out what the contradiction is, here? I said it's hard to fork both browsers, and then pointed out that the only real "community" ones are miniscule patchsets which pretty much exclusively delete code - that even then, the list is only one or two forks long for each browser - and the rest all have multiple full-time professional devs behind them.
Company trying to make money off of its fork.
Company trying to ???
Microsoft, who found that maintaining a chrome fork would be less expensive than playing catch-up with their own in-house browser.
Examples of this are the Electron Framework , Vivaldi, Brave, Opera, Yandex, Edge, etc.
Firefox instead is a nightmare to fork.
They used to have something called XulRunner that allowed to create your own XUL application (things like Seamonkey, Thunderbird used it) thus making it fairly easy to fork Firefox.
After the 41 release Mozilla removed it completely. XulRunner's components were intertwined with Firefox code. Mozilla deliberately killed the easiest way to work their product.
Only light forks like Waterfox, LibreWolf are viable. Hard forks fail or struggle every single time Mozilla releases a new version (SeaMonkey, Waterfox Classic, Pale Moon, etc), lagging behind in features and performance.
Even WebKit is easier to integrate with your own UI (Safari, Gnome Web , etc).
The choice between forking Chromium and Firefox is mainly one of business: Chrome has a >70% global marketshare, adding Edge & co even ignoring Safari it's probably around 80. Since Google also keeps pushing their own stuff, that means forking Chromium gives you much better compatibility guarantees.
 though the history of Chromium — and Webkit before that — forks also means there's probably a lot more knowledge floating around about maintaining such a fork, especially since Chromium itself was originally a fork (running concurrently with its source and regularly synch-ing from it, forking a dead codebase or hard-forking with no sync is a different concern)
Firefox forks tend to dislike associating with any of the above.
It's still not comparable for a fairly simple reason: the list of companies in the world that are as big as Microsoft consists of Google, and Apple, both of whom already have their own browsers.
As for why Microsoft chose Chromium, it's probably a combination of marketshare, the fact that it is a bit more cleanly architected as a result of having a decade less history than Gecko does, and the fact that they have ambitions of making a stripped down version of Electron part of the standard Windows userspace.
1. Fork Firefox, people install Chrome anyway
2. Fork Chromium, some people realize that it's essentially the same as Chrome and don't install Chrome and just use Edge
Also, especially on mobile, Firefox is an extremely niche browser engine. The biggest browser forks in therms of global user count are actually not the likes of Edge, Brave, etc, but android Chromium forks popular in asia.
What am i missing if i go to <about:config>, search for "telemetry" and set everything to false?
Are there drawbacks to blocking the hostname incoming.telemetry.mozilla.org in Pi-hole?
One way is to use your firewall to block anything going to mozilla.org or firefox.com, or the subdomains. That probably gets most of it, but possibly not all. For example, Google has a number of non-Google.com subdomains, some of which seem to be used only for telemetry.
Another more involved way is to start WireShark or tcpdump and capture the traffic, then start Firefox and browse some, and then close Firefox and stop the capture. Now you have a list of all the traffic it tries to send, normal and telemetry. Sift out anything that looks suspicious and block the ip/domain via your firewall.
Or https://gist.github.com/davinian/1991bb3486cbf6005b5320e93b3... but it is quite old I think.
In any case, make sure you know what you are disabling, because in the latter it suggests disabling WebSockets which you may not want to do.
Something like this: https://github.com/shawnanastasio/firefox-privacy-restorer
I know you can turn this stuff on manually but it's convenient to have a fork that does it for you and turns off Mozilla's telemetry completely
For what it's worth, some of the startup checks are to see whether the user is on a public wifi with a captive portal, and talk to a Mozilla service rather than Google. Other checks are for upgrades, or Firefox Sync, if enabled.
1. The Mozilla developers who are capturing telemetry, but probably just using it to push ads (at worst, and possibly not even that).
2. Some new devs who may have good intentions, but who are unknown to me, who are not capturing telemetry, but nevertheless have control over my browser.
Telemetry isn't about "pushing ads".
I don’t trust Mozilla not to push ads, but I do trust them not to build in intentional backdoors and steal my personal data, because there’s a whole public organization there, with a reputation and responsibilities and heads that will roll if they are caught doing nefarious things.
You might ask why I trust thousands of other open source community led projects? Largely because they have built rep and get at least a minimal vetting via distro package management.
I’m not saying this fork is malware. But I don’t know it isn’t, and the browser is the #1 critical component that handles all my most sensitive data.
If its manipulating data sent to legitimate sites you'd notice while you used it. These concerns aren't absent in other official browsers either.
There’s no way I would be able to spot the operation of malware-masquerading-as-browser without committing totally to a forensic examination of every system call it makes. Imagine how much attention you’d have to pay to stop it capturing your bank credentials and then making transactions in an invisible tab (the browser doesn’t have to render a site in order to interact with it).
One of the key pieces of open source is the larger a project, the more people will be incentivized to monitor the code for malicious changes. This distributes the burden to a much much larger pool therefore minimizing the burden to single nodes across the board.
Is it perfect? No, absolutely not. Do malicious or unintentional bugs slip through? Sure. But when it comes to scaled out projects, nothing is perfect and never will be. I certainly trust a large open project with years of reputation built up and a large user base significantly more than a large closed source project or large and open with no reputation.
There are of course valid criticisms of this model but I’ve yet to see an alternative put forward that isn’t fraught with its own issues.
I do find it strange how over the past few years we’ve seen a number of people who engage in a whiplash type behavior where they see minor problems with a model so they whiplash away into a far worse model with far more serious problems.
Providing you actually review the code and not just trust it because the code is there. Reviewing (a fork of) Firefox sounds like a big job, if can be done at all. Being a Firefox fanatic does not magically make you a rust programmer
> This is for Debian Unstable only - do not try to install this package on any other branch of Debian or Ubuntu/Mint..
When I see a "Debian based" installer, I would expect it to work on at least some type of OS apart from Debian. That header should really say - Debian Unstable installer, not a "Debian based" installer.
In its original form, free and open is noble. But since then, corporations have figured out how to monetise it. So, IMHO, we need to be very careful about anything free and open coming from corporations because their core objectives are very much orthogonal to the core objectives of the original free and open software movement. Those execs aren't the hackers who built the gnu/Linux tools in the early days.
I use qutebrowser, vivaldi and brave (on mobile) and sometimes console based browsers when I can get away with it. Qutebrowser and Lynx are open source. Vivaldi and I think Brave aren't open source? I'm using them because I read about their team, their business model, their past and hung out in their forums and decided that I'd support them. Doesn't mean anyone else have to. And there's nothing wrong with making money off opensource software and that's how it was intended in the first place. Original open source software authors didn't mean that the software has to be free of charge. For me, I don't want to support an organisation that sacks the researchers of their core product but the execs pay themselves millions of dollars. Most of those dollars come from Google. I'm sorry that that makes no logical sense to you.
I was wondering how they could instantly patch nightly builds and this seems to be the approach. Good idea and nice to have a build pipeline that allows tweaking Firefox to this degree.
While I’m grateful to this project for calling attention to the privacy issues with Firefox, most of the effort spent on this seems like replacing the brand.
People could get nearly all of the benefit by copying the policy.json file.
Get your facts right.
Mozilla Corporate receives 400mil a year from Google, for google search to be the default search engine. The engineering costs of Mozilla in 2020 were about 300mil. 
So in actual fact you could maintain the not-for-profit status, fire all the corporate staff and still sit on a trove of cash every year.
The google money will not dry out because it is the only CYA situation that Google has against an anti-trust case on Chrome.
There is absolutely no reason Mozilla could not maintain the not-for-profit status and tick along, like other foundations such as Linux, Gnome, Apache, etc.
Is the claim that it is economically impossible to create a browser without turning it in to surveillance malware?
To the extent that's true, it is the best argument yet for shutting down the web.
As a categorical statement, this is false. "Not all telemetry is surveillance" is true.
Telemetry is exfiltrated data the user did not ask to send. The line between telemetry and surveillance depends on the use and intent of the data recipient, not (necessarily) the data itself, and that use is opaque to the person whose actions generated the data.
It is interesting to note that telemetry can become surveillance after it is collected. Perhaps a new manager has a different plan, perhaps the cops show up with a subpoena.
When Firefox is first launched, it opens the Privacy Notice page https://www.mozilla.org/en-US/privacy/firefox/, which is totally up-front about data being collected. Nothing surreptitious about it. Data is not "exfiltrated", it's simply "sent". But that doesn't sound nearly as evil, does it?
(honest question) Why is this necessary then: https://github.com/arkenfox/user.js
And those “home calls” are nothing more than calls like whether you are on the public internet, whether a new update is available and other mundane things.
>Searches: Firefox sends Mozilla what you type into the search bar and Mozilla may share that data with its partners.
>Sites you visit: For the Suggestions you click, Firefox sends Mozilla the website URL, and Mozilla may share that data with its partners.
Interesting that turning off "suggestions" is not located in the "privacy" section.
In case it is, really, shut down the web? What would that look like? Why would we do it? How? How can “browsers are expensive” possibly be worth doing something that extreme?
Fancy UIs are made to slow people down in their tasks and draw attention to things that don't matter to what they want to do.
Web developers and creative people like to think the web is their playground but really the most important role of the web should be delivering informations and services efficiently, and get the hell out the way.
Except if you go full-on Neo-Amish/Luddite and use
or the remaining stuff which stays accessible via simple
browsers like  https://en.wikipedia.org/wiki/NetSurf ,
 https://en.wikipedia.org/wiki/Dillo ,
or textmode stuff like Lynx, (E)Links(2), W3M, and similar.
No sane company pours money into unprofitable anything. They pour money into those moats precisely because it pays dividends.
Mozilla doesn't have an ecosystem like Google, Microsoft and Apple do. If they want to stay afloat they have to be profitable with the browser alone. So trying to directly compare that to the "free candy" approach which the others can get away with is unrealistic.
It's like asking why Target and Best Buy can't match the prices of Amazon retail, which has a money fountain named AWS in their backyard that can subsidize their other activities for "ecosystem growth". If Amazon retail had been a separate standalone business which had to succeed on its own for the past decade, it probably would have been run differently.
Though that may be regional, as I speak from Germany.
However, seeing how these forks are just "cosmetic", they still use the same rendering engine, which doesn't increase Google's relative user base. As far as this monopoly is concerned, all these forks are still Firefox.
Not in the website statistics I guess, unless the forks present themselves as Firefox, which I doubt.
`User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0`
Note that I am on Linux, so your line of thinking has some validity.
mozilla is not the kind of entity I'd want to have control over the web either, considering the shit they feel comfortable doing even as an underdog with 3% market share.
Can't answer your other question, but this fork has a chance of helping those who don't want to use Mozilla Firefox avoid switching to Chromium browsers by offering a choice.
Mozilla has continuously and repeatedly fucked up when it comes to defaulting to grab telemetry and shady deals with Google, to asking for money while spending way too much salaries for its execs for a supposed non-profit corporation (that is exempt from Federal income taxation).
Although I'm a Firefox user, it pains me to say that I can't wait for the day where Mozilla and Firefox dies. At least it'll hasten the rise of a new effort. And I'd take anything other than Chrome or the Edges of the world.
I'm still hoping Brave will wake up and properly fork Firefox and give Mozilla the big FUCK YOU.
Edit: a special ps to down voters: Fuck Mozilla and its CEO.
I don't think Mozilla is intentionally helping Google, but they are bleeding a ton of money with community events etc, laying off people while giving this horrible execs increased salaries. Like seriously WTH?
Mozilla need to kill the current leadership, get lean on spenting and most importantly cater to their audience. They don't have much general users. A huge portion are hardcore fans, OpenSource folks, people who value privacy or anti-chrome. Pushing ads to this audience, is only going to accelerate the downfall.
Focus on pleasing power users and devs. Market on shit that matters to power users, sys admins, devs and privacy folks, journalists! Like containers, and dev tools (some of which are already cool). Then these folks will whole heartedly embrace it in their workplaces, recommend to friends and family. Devs will write things more for FF. And don't break extensions again! This is how you got us before. Do it again. Then the general audiences will come.
Currently all these power users an others are themselves not sure about Firefox. They are stuck with it cos neither can they donate directly to Firefox development, nor are they happy with the leadership decisions. They are just waiting till the last day of FF's existence so that they can be a lil more private until they have to move to Chrome based browsers.
When their heart was at the right place their tech sucked. Their tech is better now, but their heart is not in the right place.
"grab telemetery" - that data is really, really useful in making development decisions, and we are hyperparanoid about what we collect. From an armchair, it may seem like you can make the right guess about how to eg adjust garbage collection scheduling priorities, but actual data always surprises you in one way or another. It can make the difference between spending a month on a tough project that ends up making no difference for the vast majority of users, and having a month to spend on something more impactful.
I really don't like to speculate on executive pay, but I'm pretty baffled why this is seen as such a big deal. Your argument sounds valid to me. So does the argument that we're talking about the CEO of a tech company that is competing directly with multiple Big Tech competitors, and perhaps paying comparatively bargain basement prices is not the smartest idea. Which is not to say that I'm happy about the layoffs.
Mozilla has messed up on a number of things, multiple times, including at least one time when it ended up (as in, made a deal to and carried it out) sending a bunch of data to a third party. (It was more nuanced than is generally appreciated, but I won't go there.)
I sincerely apologize that Mozilla isn't up to the pristine standards of the big technology companies. /s
I'm not going to explain the MoCo/MoFo structure here. I'll just say that MoCo most definitely pays taxes, MoFo asks for donations because it's a nonprofit with its own initiatives and direction, and you can get tons of information about the finances involving both because of MoFo's nonprofit status and the resulting annual report. (MoCo = Mozilla Corporation, MoFo = Mozilla Foundation, MoFo owns MoCo.)
The Google deal is, like, how MoCo makes money and is able to exist. What's shady about it? I'd certainly like the funding to be more independent. Maybe Mozilla can try drilling for oil on the land it doesn't own or start selling off the user data it doesn't collect?
The problem is not the exec getting paid this much. It is about getting paid this much when to me and many long time users like me see a sinking ship with ever decreasing user base... while on the brink of no more pay from Google... Trying to push ads to us. < THIS IS WHERE EXEC PAY COMES INTO PLAY >
The context is important. It's like when your house is on fire and you are casually using the fire to light up a cigar.
> I sincerely apologize that Mozilla isn't up to the pristine standards of the big technology companies. /s
In all seriousness, we just need the heart of the old MoCo (Pre quantum) and the tech of the current MoCo. ;)
Firefox users are ideologically invested in the browser. I do feel like Mozilla is trying to push things like you are this big corp (In a way MoCo is.). While I am absolutely happy with the technical progress and direction Firefox taking, MoFo/MoCo should understand the ideological element here. This is why you see more outcry against "how things should be run" against Mozilla and not Google.
They lay off 250+ people - many of whom are the very people needed to make the technical improvements many users desire - while the executives get pay raises. You wonder why it's a 'big deal'?
We understand that, and we're saying no. You can do whatever you want. I will use LibreWolf.
No one is arguing that telemetry can be helpful but forcing users into it while acting holier than though is not just shady, but very much scammy.
The whole structuring difference between the foundation and the corporation sounds a lot like a tactic to push for some things under the non profit front and others under the company front, aka scammy.
All this turns on alarms in people’s heads… in a way I don’t find it weird that you guys still don’t see it, this is a sinking ship, and you’re going to think everything is going well until the last breath.
I will start using Firefox when it leaves Mozilla and I'd pay a subscription for it. For me, the ideal situation is a lean team (hopefully only the devs, because I'm not paying any useless middle or high level managers a penny) start developing it for a fee. Just the browser will do, no password managers, no vpns, no nonsense. I already pay for subscriptions for those.
I've seen many here on hacker news expressing willingness to pay and the only reason that they don't is because they don't want to pay for other Mozilla nonsense but Mozilla doesn't want to open a direct channel for the community to support the Firefox team. I find this outrageous. Clearly, they are using Firefox, its very talented devs and the image of their noble fight for a private internet to fill the pockets of executives who don't know shit about engineering or the ethos of opensource software.
I agree with you on almost everything except Vivaldi. They are closed source and Firefox is 100% much more capable of supporting privacy than Vivaldi.
I have my own problems with Firefox but don't intend to stop using Firefox. They are still great. I will have to see this through I feel. lol.
Also, when you use a browser based on Blink engine (Vivaldi, Opera, Brave, Edge, Chromium) you are giving more leverage to Google at W3C. This makes FLoC kind of stuff more probable from Google.
"You need to change the browser engine as well, NOT JUST THE BROWSER." ;)
Always choose Gecko or Gecko based (like Librewolf) :)