Hacker News new | comments | show | ask | jobs | submit login
Firefox Bugzilla: Remove Pocket Integration (bugzilla.mozilla.org)
357 points by toggle on June 5, 2015 | hide | past | web | favorite | 183 comments

It is so unlike Mozilla to introduce something like that, I ran a virus scan and checked what programs had been installed recently -- I assumed it had been put there in the same way that IE users used to get the Ask Toolbar installed.

Exactly how I felt. What the hell were they thinking? I'm generally very supportive of Mozilla, I even supported their initiative to put advertisements on Firefox's start page. But bundling stuff like Pocket and Hello with Firefox is just ridiculous. Why not make it an official extension? That way users can easily disable or remove it.

> Why not make it an official extension?

It says a lot about Mozilla when they decide to bundle fad features like these after spending years stripping existing features[1] out of Firefox. During their effort to dumb-down[2] Firefox, it was common to hear that removing those features didn't matter, as they should be provided by extensions instead. Apparently that cheap excuse is ignored when the feature when it is convenient to do so.

[1] the many options cut from the preferences dialog comes to mind - some that I have had to help a LOT of friends work around. Far too many man-weeks have been wasted ;_;

[2] which was a terrible idea that hurts the enthusiast that actually used those feature, hinders the inexperienced-but-interested users by hiding previously visible features behind the addons.mozilla.org, and doesn't do anything at all for the supposed target audience of non-technical users who by definition don't even use the preferences dialog.

i had memorized the index of my 65535 bookmarks, now have to scroll by +1 which forces me to a 17-bit mental pointer. who thought 17-bits was ok?

This completely captures my response as well. I run on the beta channel, so the day after 38.0 stable hit, this got rolled out the the beta channel. I checked the plugin/addon page and my user profile directory at least a dozen times, assuming that something unwanted had done this behind my back. I probably wasted half an hour looking into this. Finally, I took a (second) look at the release notes before actually realizing that this was something build in. (I missed it the first time because it didn't even register that they would be doing this.) What really shocked me was that it was added by default to standard toolbar, which seemed rather rude and presumptuous. (Maybe they rolled this out differently to the stable channel, I don't know.)

Worst of all, there has been almost no communication on this. I subscribe to Planet Mozilla and read everything that seems interesting to me, and I still didn't know this was coming. There still hasn't been much public discussion on this. On top of that, they did a weird 38.0.5 release cycle that I haven't seen before with the release train. It was almost like someone said: "there is no way we can introduce this to enterprise with an ESR release, so lets tweak the whole release model so we can shove it in everyone else's face once we spin the ESR release."

I've been a huge Mozilla supporter since back in the Pheonix days. I'm even okay with their ad ambitions (so far) and think that they made the right pragmatic decision with regards to DRM support. However, with this move I've now felt it necessary to take a step back and seriously question their motives. It just seems so far out of character. I've been thinking and reading about this for the last 3 weeks and I still have no idea what they are thinking.

Edit: I'd also like to add that I'm a huge Firefox Sync fan. The fact that they took such a user focused approach to encrypting everything client side, and minimizing their server-side exposure to user data seemed like such a principled approach and is probably the only thing that kept me from taking the leap to Chrome at a time when there were noticeable performance benefits to doing so. This integration seems like the exact antithesis.

In my view, they need to reverse course 180 degrees on things like Pocket and Hello, or it will be the beginning of the end for Firefox.

Firefox is a niche product that appeals to the privacy-consciuos. Stuff like Pocket and Telefonica/Hello basically eliminates its reason for being.

I have Firefox as my main browser now, but I won't keep it around for long if I have to swat down new marketing integrations in every new release.

I'm not as concerned with the Hello integration. With both features, I'd like to know more on the technical details.

For Hello, I think Mozilla (but actually unsure who's servers?) is only involved in initial discovery and, if needed, WebRTC NAT traversal. In terms of code bloat, I think Hello is just a bit of extra javascript on top of functionality already built into the web platform.

But I admit I haven't look that much into it. I don't know how or if crypto is used. I haven't used the feature yet either and would want to know more before using it in a corporate or privacy sensitive situation.

I guess the same goes for Pocket, I probably don't need to worry about it if I'm not using it. However, for me personally, it just seems to be such a stark contrast with their position on Sync. On top of that, the browser UI is _mine_! Nobody - not even Mozilla - should be adding something to the primary interface of _my browser_ without a very good reason. And this is where I feel my trust has been betrayed for the first time.

Hello uses Telefonica servers. My guess is that Mozilla's partnership with Telefonica is the reason why Hello was added to Firefox.

Not really. Hello was added in order to offer an alternative to Skype/FaceTime that uses open Web technologies and does not require you to create accounts or upload contacts. The partnership with Telefonica made it more convenient since they host the server side.

What's your beef with Hello, exactly? The whole point of Hello is to offer an alternative to Skype/FaceTime that uses open Web technologies and does not require you to create accounts or upload contacts. How does that not appeal to the privacy-conscious?

Because it doesn't belong within the core browser framework. A browser should not tie to your "internet identity", whether it's an account or a cookie fingerprint. That actually is the business of a service to manage.

Because it wasn't a choice I made to install it, and since it's not something I'll use, it's useless for me. I do use pocket, but I'd much rather use it as an extension vs a special integration with who-knows-what different permissions / sandboxing / control vs an extension.

Both features have near-negligible overhead if you don't use them. But having them in the product makes them accessible to the wide userbase, many of whom don't know what addons are or how to install them.

Therefore it seems reasonable to add them to Firefox.

I'd much prefer them to improve the memory and performance reporting features over adding some features that goes against their core values. right now I have a firefox that uses tons of ram and slows down to a halt very frequently but there are no decent tools to diagnose what addin/plugin/webpage/bug might be causing trouble. it's very, very frustrating.

edit: I am talking about multiple gigs of memory for firefox and multiple gigs of memory in the kernel task allocated for who knows what. stop firefox and it lowers the kernel memory to a reasonable level and (obviously) removes the memory usage of firefox.

I see this argument all the time in the form of "why are they working on the UI instead of the backend?" Well, because UI engineers and backend engineers are different people and don't share one-another's competencies, is why. The people who are adding these things probably don't know how to improve Firefox's performance. They're probably networked-multimedia engineers scratching their own itch.

(And it's not like Firefox's performance has any low-hanging fruit left; there have been years of performance improvements already, and only someone versed in those would know how to take them further.)

The ui for about:memory is bad and not very useful in tracking down where the memory is going or leaking. That's something the ui engineers can do to help Firefox with this.

It's useful to Gecko engineers, ie. the people who actually have to fix it.

There are a lot of people working on performance - it's just less press-worthy than new features, so less noticed I guess. But bugs do exist, of course. Do you see anything odd in about:memory that can help diagnose your specific issue?

Sorry to say that, but about:memory is useless to me. When memory runs low and system starts swapping (slowing down to a crawl) my first priority is to get computer running again, so I have to close firefox. That helps, but about:memory no longer has the data that would lead to the culprit.

Even if I could look at histotic data, the UI of about:memory is just plain awful. Charts anyone? My main question is how the consumption of memory for each tab is changing through time and I haven't found a nice way to see that yet.

Also, browser should protect me from pages which use too many resources. Why should some random page be able to stop my computer from working? I am seriously considering running firefox inside docker container just so I can limit its resources.

Note that I am a huge fan of ff and use it everywhere, but this has been a sore point for me for ages.

I agree that it's a tough problem and they have smart engineers working on it. The about:memory anonymizer makes the output useless to the engineers looking at the bug. A better way would be to anonymize it but still keep it identifiable if you have the key. Say make each page a uuid or something so that the engineer can say, "search for this uuid in your in anonymous report and that's leaking memory"

It seems that the tools to diagnose what has been the most criticized series of bugs in Firefox are still lacking. Ideally it should list the plugins used and the memory of each along with a way to identify the heavy pages etc.

If that's the intention, they failed horribly. Not because the lack of adoption, but because a propietary server is involved. Only the client is open.

You really start to wonder what pot they are smoking over there at Mozilla. Standard things you would expect from a browser, like a way to easily disabling javascript are apparently left to third-party extensions, because oh you don't want to bloat the browser. But hey, video conferencing on the other hand is such an essential part of the browsing experience.

They don't let users easily disable JS because that breaks so many webpages, and they didn't want to deal with supporting users who complained that Firefox wasn't working. http://limi.net/checkboxes-that-kill/

The vast majority of the described problems would be solved if Firefox provided more/better documentation and help text alongside such options. Or better yet, they could be solved by Firefox displaying warnings if pages appear to rely on certain settings.

Javascript disabled and a site relies on it? "Hey, this site would probably work better if you enabled Javascript, but you have it disabled. Would you like to enable Javascript again? Or perhaps just for this page?"

SSL/TLS disabled? "Hey, so TLS is disabled, but I need it in order to show you this web page. You want me to enable it for you?"

The overarching theme here is not that there are too many options, but that there are too many poorly documented options with poorly documented consequences. Fixing that problem would give users the best of both worlds: flexibility and ease-of-use.

This wouldn't work, the majority of users don't read so they would blame Firefox either way. And showing message box every damn time one site has Javascript/SSL (and considering that almost every site nowadays has one or another) would infuriate the users that really want to use this feature. It's a lose-lose option.

I think it's fine to have these options as extensions or even inside about:config, where the user would never disable by accident.

> This wouldn't work, the majority of users don't read

If they don't read, then they wouldn't be using Firefox, since all web pages (barring a few exceptions) would be gibberish to them :)

> And showing message box every damn time one site has Javascript/SSL

That's not what I'm advocating in that particular recommendation. I'm more advocating for some sort of heuristic analysis when Javascript is disabled. There are lots of sites that do silly things like rely entirely on Javascript for rendering text (for example); those should be easy-to-detect as scenarios where a warning would appear.

Also, most similar warnings presented by Firefox already (usually about outdated plugins and such) have a way to permanently dismiss, or to remember a setting for a particular website, or some other way to mitigate the understandable annoyance of always throwing warnings. A "don't ask me again" would immediately resolve the problem you identified.

> I think it's fine to have these options as extensions or even inside about:config, where the user would never disable by accident.

I think that's fine, too. My comment was more about identifying the correct cause of various effects - i.e. that the harmfulness of the checkboxes being criticized is due to their non-obviousness rather than their existence.

> If they don't read, then they wouldn't be using Firefox, since all web pages (barring a few exceptions) would be gibberish to them :)

Not can't read; don't read. See http://blog.codinghorror.com/teaching-users-to-read/, http://www.joelonsoftware.com/uibook/chapters/fog0000000062....

Users don't read material that's put in front of them. Modal dialogs get dismissed without reading, non-modal dialogs (Firefox's doorhangers, Chrome/IE's notification bars) get ignored completely or dismissed.

In this case, though, the resulting page without Javascript would probably be entirely empty. Maybe Firefox could detect that and throw up a full-page-error kind of thing (like e.g. an SSL cert-failure error page) rather than a dialog. "There's nothing here. We detect <script> tags on the page, so you probably need to [enable Javascript]. Don't do this if you don't trust the site, though—you disabled Javascript for a reason!"

Basically, a heuristic browser-chrome view in place of what used to be a site-author's <noscript> view.

This comment makes me strongly believe you don't speak to end users.

You can't get them to read prompts at all, let alone text on a page.

My comment actually comes from lots of speaking to end users. I cut my teeth on help desk and desktop support roles; understanding end-user needs is baked pretty damn hard into my blood.

And from those discussions, and from my observations of those users, 99% of the problems discussed would be resolved if it was clear what options actually did. Users don't know or care what "Javascript" or "TLS" are, but you can bet your ass that if the relevant checkboxes had at least a basic explanation of why they should be checked (i.e. "Don't uncheck this box unless you know what you are doing; doing so will cause a lot of websites to break"), the vast majority of end-users will happily leave that box unchecked until they ask someone more knowledgable about it.

or somebody on a reddit thread tells them to do it.

That's what sensible defaults are for.

But in this case, we're dealing with users who somehow managed to disable JS, but are still surprised by the effects and don't read prompts.

I'm pretty sure such users exist, however instead of directly basing your UI descisions on this scenario, why not trying to investigate where such behavior comes from and how frequent it is?

Imagine a user whose internet isn't working. They go into their web browser's Preferences and start fiddling with things at random "until it works again" (for entirely unrelated reasons.) Then they leave things however they just made them.

Documentation only makes software easier to use if it is read. People don't read it.

By "documentation" I mean actually making the checkboxes better explained in their visible descriptions, or accompanying those descriptions with "a lot of websites rely on this box being checked" or somesuch. By no means am I calling for more things to be buried away in never-read manuals.

And you think people read those descriptions when they follow the latest tutorial (in the syle of http://www.tech-recipes.com/rx/2710/firefox_disable_the_down...) to make their firefox 25000% faster?

What a terrible article. So they have a problem of users who are ignorant about the fancier features in a big app like Firefox. So instead of trying to fix that ignorance with education and a better UI, they punish the people that used to use those features while justify those actions with claims about how important it is to nerf the internet to protect these ignorant users.

Anybody that read my posts in the recent HN thread on building devices for safety (and the Therac-25 discussion) knows that I advocate strongly for spending the time and effort to make sure a design fails safely. It would indeed be a terrible design, for example, to provide a checkbox or radio button that let you disable important TLS/SSL security features. As a potentially serious safety risk, those features should be handled with great care. On the other hand, disabling javascript or image loading is not a safety risk; the worst that can happen to the user is they can't use some webpages. Removing the ability to disable those features isn't doing anything for the benefit of the user, it's Mozilla trying to avoid having to deal with tech support.

Some things in life need to be learned by experience, and by limiting the safer opportunities to lean about how the browser and the internet works, Mozilla is working to keep users ignorant when they should be doing everything they can to give their users the education they obviously need.

As for websites that break without javascript, this i just an excuse for lazy programming. Such sites should break, and Mozilla should loudly send any users complaining back to the websites that wrote broken, incomplete pages. This is yet another example where appeasement only hurts you in the long run.


(there is a difference between reduced functionality (which is perfectly acceptable) and totally breaking)

// here come the down-votes; saying anything bad about javascript is easily one of the faster ways to draw down vote - probably because far too many HN reader's paycheck rely on the user not being able to disable javascript

// don't bother replying if you just want to assert that javascript is necessary, because i have multiple existence proofs to the contrary. This does require finding alternatives for a handful of broken sites. Such is the cost of safety.

Treat users like ignorant entitled idiots, and they'll just continue to act like ignorant entitled idiots. Meanwhile everyone else who does know what those settings are for suffers, and it decreases the chances of future users ever learning they could do that.

If users aren't putting in the effort to read warnings/error messages, or can't put two and two together and correlate why things aren't working on some sites with what they did with the settings (or even better, apply some more critical thinking and possibly Googling to figure out why), I think that's a sign of a deeper problem and trying to patch over it by dumbing down software interfaces is a horrible direction to take.

To become knowledgeable users of Web technologies and not mere consumers, they must be allowed to explore, experiment, and break, then fix things. Taking away these settings discourages that. "The only real mistake is the one from which we learn nothing."

FYI Alex Limi no longer works at Mozilla.

Virtually no one outside the tech world thinks twice about javascript. They have other things to think about. They're still users of the product, and they will never start tweaking it, because their lives are already full of other things.

And thus they should not tweak things they don't understand.

If you don't know what javascript is, don't disable it and complain things aren't working...

Good read, thanks for linking. Some points I'd never considered.

TL;DR: fck power users.

Well, fair game, given that those power users can switch browsers in the blink of an eye (). All my hopes go to the Vivaldi browser now.

The only problem is that these power users promote your browser and installed it on grandma's computer, and who make your precious extensions on occasion, often for free. Don't be surprised if you need partnerships now.

(*) Well, thinking about it normal users can also switch browsers in the blink of an eye, too. All it takes is Flashplayer update that sneakily install Chrome as the default browser. Just sayin'.

Standard things you would expect from a browser, like a way to easily disabling javascript

That is very far from being an expectation of the average user.

Disabling javascript is fairly easy on a page by page basis, right click on the page, inspect element to bring up the console, click on the settings cog, scroll down, disable javascript tickbox.

Could we avoid associating pot smoking with poor decisions? There's no science backing that up. ;)

The "Mozilla Manifesto and Pocket" email thread in the Firefox Dev mailing list gives some insight from the developers. [1]

To paraphrase: it seems they wanted a reading list feature but found it pointless to re-implement an existing solution with many desired features. (Work which was started but appears to have been scrapped.) This rationalized piggy-backing on Pocket. It gives Firefox a reading list for its users without Mozilla having to maintain it.

My personal problem with this has more to do with the anti-competitive nature of integrating services rather than Pocket's closed source.

[1] https://groups.google.com/forum/#!topic/firefox-dev/B3jJq_kU...

It would have been cool to have an API for plugins to hook in their "save this url" logic and UI callbacks. That way Mozilla control the core experience and any plugin can implement it like an interface. They could even ship with Pocket installed by default, just as a plugin implementing the same interfaces everyone else can.

I guess the "list URLs" side of things might be an awkward abstraction, although it'd let you merge multiple services which could be cool too. I use IFTTT to move starred pocket items to Evernote, so that'd be one possible use case if Evernote also implemented it.

It somewhat makes sense. If they want it that badly, though, maybe Mozilla should buy Pocket so that they can put it under the aegis of their license/philosophical charter. "Reading List" is currently right up there with "Web Browser" and "Email Client" as major programs that I would like to be neutrally owned by a public foundation.

I think you are confusing cause and effect. Pocket was not added to Firefox because Firefox users demanded a sophisticated offline reader. If that were all there is to it, Pocket would be an addon.

Pocket was added to Firefox because Mozilla wants the extra revenue from partnering with Pocket.

Pocket is not paying Mozilla, as said already.

Also, anyone implementing a compatible backend can switch to it by changing a pref.

Can we get a public statement from Mozilla describing its deal with Pocket?

I see a comment below from a Mozilla employee stating that "there is limited public information available about this deal", and claiming that the best quote is in an article that contains a paraphrase from an email from another Mozilla employee saying that Pocket didn't pay for placement.

When a non-profit gives prominent placement to a for-profit company, there are many ways for money to change hands beyond straight up payment for placement. I think we are owed a clear explanation of the Mozilla-Pocket deal.

> Can we get a public statement from Mozilla describing its deal with Pocket?

I've been pleading internally for an official public response. Nothing.

The only other source I've seen is an email reply from Mark Mayo at http://www.planet-libre.org/?post_id=18514

I for one don't use Pocket because they have a very poor privacy policy. For me the integration of a 3rd-part service like Pocket goes against everything Firefox says it stands for: free, open, and private internet.

I was enjoying the Firefox reading-list feature because it allowed me to save webpages and sync across my devices without having to put all that information into a proprietary 3rd party service. I thought the reading-list was one of the best features added to Firefox for years, and now they have scraped it. I really can't understand how Mozzilla executives came to the conclusion that this was a good idea.

Was money on the table to integrate Pocket into Firefox? Like with the default search engine payments Mozilla receives.

Almost certainly.

Mozilla employee here: That is incorrect. There is limited public information available about this deal, but the best quote so far is in this article: http://www.pcworld.com/article/2930532/reading-service-pocke...

This makes even less sense... I also assumed the Pocket integration was a paid placement, in which case I was fine having to spend the time removing the button and disabling it in about:config, since I saw it as a cost of actively developed free software (same with having to change my default search engine away from Yahoo all the time).

Integrating a third party API for free when plenty of browser-centric features are left as extensions makes me really question Firefox's goals.

How is elevating an arbitrary third-party service from an extension into native browser code "promoting openness, innovation & opportunity on the Web"?

I also assumed the Pocket integration was a paid placement, in which case I was fine having to spend the time removing the button and disabling it in about:config, since I saw it as a cost of actively developed free software

Apologies for being slightly off-topic, but I'd argue this would be questionable even if it were an openly announced partnership like with Yahoo. Yes, Mozilla is free software and is doing some enormous contributions to the open web. Which is why we should support them with donations and code contributions. (And I'd also fully endorse usage of paid services from them should they develop any).

However, what they are doing now is basically selling their good reputation and their wide user base to force some features on their users that they don't need in return of (presumably) payment. That strikes me as deeply unethical.

But installing stuff users don't want is working so well for SourceForge why would Mozilla not want to follow such a great lead /s.

Works for Google and Apple. They've been doing it for years.

Quote from the article: "There's no monetary benefit to Mozilla from the integration: Pocket didn't pay for placement in the browser."

Maybe not monetary incentive, but perhaps this was a condition to get Pocket to integrate with Firefox Accounts?

Mozilla wanted users to be able to use Pocket without needing to create an additional account.

It also encourages users to create a Firefox account to use Pocket.

I suspect a lot of people are wary of "signing in" to browsers.....

> I suspect a lot of people are wary of "signing in" to browsers.....

Nobody's being held at gunpoint.

Hello is just a thin wrapper around WebRTC. That's why Chrome can receive Hello calls without an extension. There's barely anything to add on in that case.

Not many resources perhaps, but a lot of additional UI surface, which clutters up the menus with irrelevant options.

Click on the hamburger. Click on "Customize". Drag the "Hello" icon off of the tool bar. It is now removed from the UI.

I wouldn't say a lot, it's just one button.

Is there a cost to adding even a button? Yes. But that has to be weighed against the benefit. And a significant amount of users benefit from having the button.

"Just one button" led to Netscape 6 and subsequently Firefox in the first place. It's easy to miss the significant amount of user benefit from not having that one button, since it's a smaller amount of benefit per person across a lager number of users.

That's a fair point and I agree, there is benefit to not having more buttons on the UI. It's hard to know what the right tradeoff is, between the benefits of adding buttons and not adding them. There are good reasons to prefer both more and less.

In this case, data on user behavior indicated that it was worth adding the buttons. It's still possible that the data is imperfect somehow and a more optimal tradeoff could have been chosen. Still, I think there is good reason to believe the current data and decisions make sense.

The problem isn't the size, the problem is that it adds features which are outside the scope of 'a Browser'.

WebRTC is now a web standard and ships in multiple browsers. If you consider such technology to be outside the scope of a browser, then you're going to need to convince a whole lot of people.

The complaint is not about WebRTC, but about Hello.

The comments in this thread are going in loops.

  "Hello shouldn't be bundled with a browser."
    "But it is just a small wrapper around WebRTC."
     "Yeah, but it's out of scope for the browser."
       "WebRTC is a web-standard"

Mozilla's mission is to promote openness, innovation & opportunity on the Web. There's nothing specific about browsers in the mission, though it is used to help further the mission.

If you take that into context when you look at Hello, you can see why the organization might want to leverage the Firefox user base to introduce something with negligible overhead (Hello) that would help to advance that mission.

They bundele it because they get payed for it. Same story with the new suggested site advertising. The alarming thing is that this way Mozilla is loosing it's independency.

As repeatedly said elsewhere in this thread, Pocket is not paying Mozilla for this integration.

This is Mozilla gaining independency. When they were completely reliant on Google they had no independency.

Is there a practical difference between disabling the features and just ignoring them?

Memory and CPU utilization for starters

Firefox makes extensive use of lazy initialization for a lot of its code. You typically don't pay the price for those features unless you actually use them.

A button that does an API call consumes very less resources until clicked.

that hits home. because there was a malware that distributed itself as a mozilla add-on. even sent in patches because it affected a bank i used.

I always get devoted when I support chrome on here but I think history will prove me right.

I really like both Firefox and Pocket, but I can't imagine a good reason for them to be integrated at this level. I searched for what justification has been offered and found [1]. I'd love to read something more informative and convincing.

[1] http://www.planet-libre.org/?post_id=18514

I think the reason is to make them available to users. If they were in an addon, most users would never hear about it, and even if they did, many users don't know how to install addons.

There is data showing that Firefox users like the feature and benefit from it. Given that, adding it to the browser makes sense.

By that logic, why not bundle all the popular addons with Firefox? Why only a chosen few?

Because they're looking for new revenue streams outside of the Google agreement, which stops paying out quite soon. It's a pretty slippery slope, but I don't mind the tradeoff they're making in this case.

Certainly beats them taking Adobe money (or cash equivalents) to bundle Flash, which is exactly what Chrome does (faster security updates blah blah yes I know, but a better extension update mechanism could work just as well)

> Because they're looking for new revenue streams outside of the Google agreement, which stops paying out quite soon.

The Google agreement is already gone. Mozilla partnered with Yahoo in the US starting in December 2014.

And again, Mozilla is not taking money in return for this integration.

Thank you, that link answers a lot of questions.

The Bugzilla ticket has been closed and people are instead being pointed at a corresponding post on the Mozilla Governance mailing list: https://groups.google.com/forum/#!topic/mozilla.governance/2...

That's probably the most productive place to directly contribute to the official conversation.

BUT it also seems that the Pocket integration wasn't previously discussed on that mailing list. At least, that's what my cursory search seems to show: https://groups.google.com/forum/#!searchin/mozilla.governanc...

It makes me wonder whether mozilla.governance is really where these sorts of decisions get made....

(Note: cpeterso already posted the mozilla.governance link but I felt it deserved a top-level entry.)

It was brought up in the Firefox Dev mailing list: https://groups.google.com/forum/#!topic/firefox-dev/B3jJq_kU...

I do agree that the discussion should have been in the Mozilla Governance mailing list though.

Since all of the comments on this page so far seem to be opposed to the integration:

I love Firefox's "Reader View". It's the only way that some pages are readable on my desktop or mobile device, because so many websites try to hijack scrolling, insert modal overlays and ads, or do all sorts of things that make it unbelievably frustrating to just read static text.

On the other hand, Reader View lacks a sync feature. There was one for a few days in Nightly, but it was buggy for the short time it existed, and it was removed.

I was hoping Firefox would improve the sync feature and bring it back eventually, but in all honesty, this is way better. The work that goes into making a seamless, syncing reader view is not trivial[0], and it makes more sense for Mozilla to focus on building a browser than to reinvent the wheel when Pocket already exists and works incredibly well with the same use case.

As for whether this should be "bundled" into the browser vs. an extension: I agree that it would be nicer philosophically if Pocket were a preinstalled extension. On the other hand, Firefox Hello is literally a preinstalled extension with no special integration or privileges (other than being preinstalled), and still some people made the same complaint about it when it launched[1]. So I take that complaint with a grain of salt.

And as for the performance impact of either, I'd have to see some data demonstrating that this actually leads to an appreciable (let alone measurable) increase in memory or CPU usage to be convinced that simply not using it is not an acceptable alternative.

[0] it may look that way, but there are a lot of corner cases

[1] From what I understand, Firefox Hello is simply an extension that leverages WebRTC features already built into the browser to enable video chat (with the assistance of a service provided by Telefonica, which assists in the routing).

Firefox Hello is not the integration of a proprietary 3rd party service.

My problem with pocket is that I can trust Firefox Sync, because its code is open and if I were to doubt its security, I could audit it, either myself or contribute to an official audit.

I can never do that to pocket. Its a black box to me, I have no idea what they are doing with my browsing history, and therefor I can never trust it.

Its a huge sin on Mozilla's part, a company who keeps promising privacy, to sell off some of our most personal data - browser sync data - to a third party proprietary web service.

Uh, no, Pocket's client side code is open.

The most you need to be worried about is Pocket reading the list of sites saved to your Pocket.

Would Pocket be required to secretly turn over my reading list to law enforcement and not let me know? No warrant canaries on their site. I don't know how well a startup could fight the courts in this matter, as even the 'big boys' don't seem able to.

Mozilla could be just as easily compelled to turn over user data as Pocket, they're both US companies bound by US law.

I know, that why I said that the big boys can't seem to fight it, but maybe Mozilla would try, whereas a startup would just get immediately rolled over by the justice department.

But couldn't an alternative be something encrypted which Mozilla has no access to?

>Firefox Hello is literally a preinstalled extension with no special integration or privileges

It is literally not, at least I don't see an entry in the addons or extensions menus on Firefox 38.0.5.

>and it makes more sense for Mozilla to focus on building a browser than to reinvent the wheel when Pocket already exists and works incredibly well with the same use case.

Now they coexist: Firefox for Android has a reading list that does not sync with anything while Pocket is a third-party service without the end-to-end encryption I've come to love from Firefox Sync.

I don't mind using Pocket as the backend, but I want it to work more like Android's Reading List (and the reading list that was available briefly in desktop Nightly).

I want articles to

• be readable (and savable) offline;

• open in Firefox's Reader View, not Pocket's site;

• sync with Android Fx's Reading List, not (just) the Android Pocket app.

Do you know what happened to the reading list that existed in Nightly for a while?

A couple weeks ago I dug searched a bit through Bugzilla and the Mozilla wiki. My understanding is that it was cancelled while in progress in favor of Pocket. They also changed the Reading View styles to match Pocket's (the sepia style was better before, imo).

I want all of those same things too. I imagine that this is just the first step to getting all of those things working, since doing basically any of that well requires sync working. Now that Pocket is providing the sync (which is the hardest part), the rest is much easier to implement.

The built-in Reader view is based on code from Readability http://readability.com/ If you install the actual Readability add-on, it has a "Read Later" feature. This addresses abrowne's first two bullet points.

I can understand how some users are frustrated by that but here's my point of view:

I found this pocket thing to be pretty amazing and I never understood why browsers never integrated such a thing natively. I tried some other solutions before (I can't remember the names) and it never worked for me. They were either badly made or not well integrated in the browser. But this pocket thing. It's just seamless, I save pages here and I read them later on my phone in the subway. That's all I ever wanted from a browser.

Seriously, firefox+pocket+treestyletab is all I wanted.

Maybe integrate the new microsoft browser features where you can draw on a page to share that and that would be perfect.

This trend of Firefox increasingly bundling more services and features is an interesting paradox considering that Firefox started as a quiet project to make a slimmed down, no frills browser in comparison to the main Mozilla browser.

I’ve recently resumed using Firefox as my main browser partly driven by support of the project but also because Chrome was taking too much RAM and causing performance issues. Of course, when Chrome first came out it was a very slimmed down browser that used a lot less RAM compared to Firefox. Everything moves in cycles…

Phoenix/Firefox was Mozilla's own lightweight alternative to SeaMonkey. Then Chrome was the lightweight alternative to a memory-hogging Firefox. Now Chrome is seen as sluggish and a memory hog. Where do we go next?

I suppose, as far as the web platform is concerned, we aren't really going to replace HTML/CSS/JS so increasing the speed and memory management of javascript rendering is the clear way forward, e.g. with Servo https://www.mozilla.org/en-US/research/projects/

Servo, when it's done. And from there, who knows!

btw, browser.html is a Servo experiment with "future UI paradigms":


It says right on the page that it doesn't use Servo.

I would like to switch to servo-shell sooner than later. Though there is no Win32/64 build of Servo.

See Servo github issue "Get Servo working on Windows": https://github.com/servo/servo/issues/1908

Microsoft Edge?

There are a lot of alternative browsers, though almost all of them use Blink.

...back to Seamonkey? :D

I use Firefox because Tree Style Tab[1] is such a useful interface for me that I'm willing to put up with the annoyances. I had the same thought about the new widgets popping up, though. There is really no reason at all that Pocket can't have been shipped as an extension, at worst a pre-installed one (but why exactly was that necessary to begin with?).

I want a browser that does what I want, supports the add-ons I prefer, and stays out of the way. Hopefully Firefox doesn't continue to make me remove "features" with every update.

[1] https://addons.mozilla.org/en-US/firefox/addon/tree-style-ta...

I opted-in on the basis that I thought it was a Mozilla thing. I'm always willing to try new Mozilla things because I trust Mozilla completely. Or, at least, I did trust Mozilla completely.

I didn't know I ever had to read the fine print with anything from Mozilla, and it turns out I was wrong.

Which, I think is why so many people feel so strongly about it. At least, it's why I feel uncomfortable with this decision. It was not at all clear to me that Pocket was a third party service; I'd never heard of it, and the text describing what I was opting-in to didn't (that I recall) explicitly state who ran the service or that it was not a Mozilla service.

I don't want to go overboard about this; this isn't like SourceForge shipping malware. And, I don't want to make it seem like Mozilla isn't a provider and organization that I trust. But, this chips away at my trust. I feel misled, and I never thought I would feel that way about something Mozilla would do, which maybe makes it worse.

A nicely written complaint about the inclusion of Pocket in the Firefox browser. The tone was respectful, but clear about the philosophical and technological flaws in the inclusion of Pocket.

I agree, it was very well written. I wish all requests from users were this respectful.

I am a Firefox user and also a Pocket user. I am on the same lines as the author. Pocket should not be bundled into Firefox. It should be an extension (hint: featured extension).

Fuck yeah. Remove this crap. Never do it again.

Colleague working at mozilla showed me an internal email where the CEO says they checked metrics and Tiles and Pocket did not affect Firefox, and that their survey indicates people are okay with it.

This seems like total bs... I don't know anybody - including fx devs - that think its a good idea. In fact earlier versions of fxnightly had their own, not-pocket version that used sync as a backend.

I keep turning all that stuff off, and wonder if I missed anything. I don't want Firefox "social integration". I don't want "Pocket" in the browser. I don't want "Hello" snooping on my contact information. I don't want Yahoo (Yahoo? They just resell Bing) as the search provider.

Someone may have to fork Firefox. It's still open source, more or less.

Hello snooping on your contact information? Where on earth did you get that idea from?

From the Mozilla web site. It's difficult to find, though.

Mozilla has a Firefox Hello Terms of Service:


which claims to link to the Firefox Hello privacy terms, but actually links to the main Mozilla privacy page:


which, in a sidebar, links to the Firefox Hello privacy policy:


which links to the TokBox privacy policy:


which says:

"We use the information we collect from you in the following ways: ... To organize and carry out TokBox’s marketing or promotional operations/offers, contests, games and similar events."

One of Hello's basic functions, at least in its mobile forms, is to cross-reference your phone contacts and Facebook contacts. See "Review: “Hello” Facebook Dialer, Bye to Your Privacy?"[1]

So, yes, it snoops on your contact information.

[1] http://www.xda-developers.com/review-hello-facebook-dialer-b...

Hello Facebook Dialer is not Firefox Hello, though.

He probably just assumed it did, like all other chat services.

Whether it does or doesn't, if it's not installed, then you don't need to worry about it. I'm quite annoyed that firefox is adding more cruft, more buttons, more features. Just like phones and operating systems, I now first go to the hidden places necessary to turn off apps/buttons/features that aren't needed and needlessly clutter and the interface, slow down the system, and cause unexpected issues. Then I add the extensions required to get the power-user settings/tweaks which actually should be there.

It is VERY FRUSTRATING that the trend is solidly in the direction of removing "scary" relevant settings and adding crap features, and in many areas, there is no longer a good option for people like me who know what the fuck they're doing. Modern "products" waste more and more of my time.

> I don't want Yahoo (Yahoo? They just resell Bing) as the search provider.

I don't want Google as the search provider, and you'll find many people who don't want Bing or DuckDuckGo as the search provider. That doesn't leave many options.

I'm switching to IceCat. It's a GNU maintained fork, but is a few versions behind. I trust GNU more than Mozilla, but you still have to trust Mozilla to some extent if you use any Firefox fork.

Okay, develop a free/open source version. This is how it's been done in the past; you use a proprietary version of something until there's a free software version and then you work on the free software version until it's good enough.

Mozilla is in a heated competition with Google and other proprietary players. It isn't a niche product, it isn't made for a small part of the population. If adding Hello or Pocket to the browser gets more people to use Firefox or stick with it and spurs people to create free/open source replacements then it's alright.

The only thing I dislike is the underhanded way these changes have showed up. As if they knew the loud minority of users/devs wouldn't like it.

why stop there?

- telefonica service for voice chat.

- google scam site checker, phone-home component for every site you visit

- google services (the things responsible for ads no less) just so you can stream videos on android (can't even build firefox without including that SDK)

- adobe binary blob for DRM on netflix. (who even uses netflix on the browser?)

>- google scam site checker, phone-home component for every site you visit

I don't really like it either, but that's not how it works. Firefox downloads an updated list of "non-safe" sites from Google every 30 minutes or so, and check sites against the local copy. A site get sent to Google only if there is a match in the local copy, to check that it's still "blacklisted"


>- google services (the things responsible for ads no less) just so you can stream videos on android (can't even build firefox without including that SDK)

It's for casting videos to a Chromecast, not for streaming videos. It seems to be possible to build Firefox without it, F-Droid does so: https://f-droid.org/repository/browse/?fdfilter=fennec&fdid=...

>- adobe binary blob for DRM on netflix. (who even uses netflix on the browser?)

I don't like it neither, but I think a small blob for DRM is better than a whole closed addon. It's awful that it got pushed to every installation tho, instead of displaying a "download" button on Netflix and similar sites.

As for your question, it seems that tons of people do so.

OK so they advertise some sites you visit to Google, not all as i said.

removing Google services: fdroid goes to great pains to do that. i was actually doing that myself before. have you ever tried? it's hours and hours wasted changing code and scripts that were originally made optional but for some reason they drippe dropped the checks (I'm still to have enough time to track the commits that did this)

drm:agree with you there, no excuse not to be a download.

Add yourself to the CC list to endorse this ticket, without cluttering up the thread with needless "I agree" posts! :-)

Actually the "vote" link should be used for endorsement.

Done, thanks for the tip. I wasn't sure the best way to show that I agree with the bug. I also voted for the bug.

When you add yourself to a bug's CC list, every other person CC'd on the bug is sent a "bugmail" notification that you are now CC'd. If you just vote for the bug, you can receive bugmail notification without spamming all the other CCs. That's what I do. :)

Too bad I'm reading this after commenting.

I saw the CC list, but I assumed this would subscribe me to email notifications about this bug, which I don't want to receive.

I'd like to fix this, but it seems like cutting-edge bugzilla doesn't have a "delete comment" feature...

Yes, the CC list will subscribe you to email notifications about the bug, and does not really indicate support, only interest in receiving email notifications about the bug.

What I don't understand is that Firefox also include its own read later service that sync to Firefox users account. Are they planning to drop its own implementation and partner with Pocket?

They already have the infrastructure and the tech. It'd just be like syncing bookmarks. Only less metadata. I can't think this would take more than a couple of days to implement for someone already on that proyect.

It has a read later service? There's a new Readability button but it doesn't seem to sync anything. Edit: according to chimeracoder, there was one in Nightly for a little while but it was removed.

I want to love Firefox like I used too but shit like this keeps putting me off. It is the little things that are annoying me now. Pocket integration without asking. Lack of a decent EN_GB dictionary (and I have to go and hunt for the damn thing myself).

It is just depressing the state of browsers today. Sure they are more standard compliant but they all suck.

This page http://help.getpocket.com/customer/portal/articles/1999137-h... purports to tell you how to disable Pocket for Firefox, yet all it does is remove the button from the toolbar. Searching "pocket" in about:config reveals numerous preferences that can be edited, including browser.pocket.enabled which remains set to true after following Pocket's instructions.

> Bugzilla is not for discussion of product decisions.

That sounds like a very arbitrary distinction, and an argument of convenience. Every line of code that gets into a software is a product decision one way or another...

What happened to the native Reading List? It was in Nightly for a time, but it appears to have disappeared recently.

I love Pocket, but I was looking forward to migrating to a setup where my data was kept private.

What's the best way to make this more prominent for Mozilla to see?

I made a bugzilla account and added my name to the CC list, but is there anything else I can do to help this get more recognition?

It hasn't even been triaged yet. I'd wait to see what the devs' initial response is before worrying that it's not getting attention.

Edit: ah, here we go https://bugzilla.mozilla.org/show_bug.cgi?id=1172126#c2

I do love the way Mozilla basically say "Bugzilla isn't the place to discuss things like this, you should discuss this down in Usenet, behind the sign that says 'beware the leopard'" for any controversial decision.

The Pocket conversation has moved from Bugzilla to the mozilla.governance list:


Umm, it has always part of the general Bugzilla etiquette guidelines. https://bugzilla.mozilla.org/page.cgi?id=etiquette.html

Mozilla is all about the web, except our governance discussions which use something that isn't the web and hasn't been relevant for about 15 years.

The basic problem for me is that Usenet doesn't usually turn up on a vanilla Google search, websites do. If Mozilla really is open it should really use something more appropriate to the 21st century to decide policy and governance.

Mailing lists are essential forums for a huge number of open source projects. We're not the first to use them and we aren't going to be the last. I agree that it's perhaps not "webby" enough but that's what we've been using since the beginning and it's what we're using right now.

How about a plain old online forum? That would certainly be "webby" enough and not require much in the way of extra resources if you're already hosting mailing list archives.

In fact I'd argue that it would probably save bandwidth as then you don't have to mail everyone every time someone posts something which not everyone wants to read.

This bug report has been closed, we have been told to report this elsewhere. There are already many posts on their feedback forum, I haven't seen one on their governance forum.

I don't like the latest trends at Mozilla at all. I used to use Firefox for privacy. It was small and fast and stable. I don't want to disable all the bloatware like share, sync, Mozilla account, tab ads, pocket, chats whatever. Mozilla is on a big sellout trip. When Mozilla is not different to Google we can equally use Chrome - it's better anyway.

Why couldn't it have been a bundled extension? Heck, add the option to turn it on to the update page.

At the very least it would allow people to remove it easily and entirely.

What is the difference between using Pocket and a bookmark?

Surveillance of the users' reading lists, obviously.

Thats what a very large part of the computer industry means when they talk about "monetizing" all of the "big data" they suddenly have. Go back over the last ~decade of goods and services made by internet-related businesses, and you can see a clear trend towards turning features that used to be stand-alone (browser bookmarks), into "free" services. Often this makes the product mildly worse (latency, uptime), which is then lampshaded with a minor feature like bookmark-syncing (which could be done in other ways that do not betray the contents to a 3rd party).

If you have any doubt about anything I just said, I recommend watching the talk I've been suggesting lately by Aral Balkan ( https://projectbullrun.org/surveillance/2015/video-2015.html... ). If it wasn't obvious why Pocket was being pushed instead of improving bookmarks, then Aral's talk might just terrify you.

A reading list, be it a feature or service, has a workflow suited to easily add and remove articles and view them as a simple list. You can do this with bookmarks — and I do at the moment because it's the best way I've found to sync between Fx on desktop and Android — but there's more friction when managing articles.

Indeed! I've asked this a couple of places and got no answer. If it is functionally equivalent to dragging the address to a bookmark-bar folder called Pocket I become very suspicious of motives.

I was similarly confused, and still kinda am confused. Many people seem to find it valuable beyond bookmarks, but I don't really get it.

What I have been able to glean is that it re-renders the pages you save to your pocket in a more "readable" way, and it looks more like a newspaper or magazine or Medium blog post. Less clutter, more focus on content, at least that's the goal.

I have my doubts about this being valuable enough to make it a standard feature. I did whatever one has to do to opt-in when it showed up in the Developer version...I thought it was a new Mozilla thing, which I'm always willing to check out. I was disappointed, and surprised, that it was not a Mozilla thing. That wasn't made clear, I don't think, in the description of what I was opting into.

I feel a little misled by it, actually, and I don't think it's something I want to use going forward, but I'm not sure how to opt back out. The UI is confusing, to me.

I did my part: https://bugzilla.mozilla.org/show_bug.cgi?id=1172218

Even though it will cost me a buttload of time to rebuild all my cookies: fuck Mozilla, when did they turn into SourceForge?

No one needs Pocket. To save anything for later viewing, simply drag & drop the URL's icon to your desktop. When you are ready to read, click the icon.

A remembrance of Zawinski's law seems apropos here.

This bug report is not really clear. Does the submitter consider it bloat, or a privacy violation, or what? It should be obvious that the way it appears in Developer Edition (two releases ahead of "release") is not the way it will appear in the final version. This report should be about the way the feature is explained to the user, or about how hard it is to disable the feature, so that it can be improved.

"Mozilla's recent integration with Pocket, a proprietary third-party service, is a mistake."

This seems perfectly clear. The obvious improvement is to remove it.

What is wrong with Mozilla at the moment?

> What is wrong with Mozilla at the moment?

I keep asking myself the same question. With so many releases of firefox I seem to have to spend my time searching for a way to remove or disable many of the features they push. I think the problem is this: browsers are quiet mature in terms of features, so now to innovate they need to force features that don't really belong in the browser. Either fix the pitiful state of bookmark management in your browser or let the add-on take the burden.

I guess I'm just missing the point. The recommended action is to move Pocket to an extension that might even be shipped with the browser. I just don't see how it's different from "integrating" with the browser in that case. If the privacy implications were better explained and it was easier to disable, what would the problem be?

An extension can be removed completely. An integrated feature, even if disabled, still adds complexity to the running software.

At least in my opinion, it's unnecessary bloat - just like that video chat thing they added a couple months ago.

Remember when Firefox, the lean, scrappy browser, first came out and ran circles around the bloated Netscape browser/HTML editor/IM client/mail client/newsreader? The Firefox team seems to have forgotten.

If anyone is maintaining a "Firefox: Browser Only Edition" fork, I'd love to know about it so I could use that instead.

Neither Hello nor Pocket will add performance bloat AFAICT. Hello leverages existing web features (webrtc), and Pocket I just an API call.

With the customizable UI you can put these things out of sight too.

Firefox does have bloat, but these two are very minor compared to the bloaty bits.

This is not about bloat. Mozilla was already developing read-it-later functionality for Firefox. In fact it's already on mobile versions. Hello and Pocket have almost no overhead because they are just APi calls to external services. This is about Mozilla endorsing thrid-party proprietary services.

icecat, follows gnu teachings

waterfox, pale moon, also exist


I know for a fact that Pale Moon stripped all test suites from their fork of the code. Any modifications that they have made to the browser are not fully tested. Caveat emptor.

> It should be obvious that the way it appears in Developer Edition (two releases ahead of "release") is not the way it will appear in the final version

It appears that it looks that way in release as well. (Showed up in 38.0.5 on my Mac this morning, not in 38.0.1 on my Fedora desktop)

I do agree with the bug report, it's inclusion in the core product is a bug that should be removed. An extension is the right place to put this.

What's about Developer Edition? I have "regular" edition, and after the recent update it greeted me with a page about Pocket integration being built-in.

While I do use Pocket, I honestly don't like the direction Mozilla took.

It was mentioned in the middle of the bug report. I didn't realize the feature had shipped already.

Before you know it they'll be bundling in Java, ActiveX and Ask toolbar.

mozilla, meet sourceforge.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact