Thank you for writing down your thoughts. I will have to push back on the Firefox bits. :)
We pride ourselves in the security response times we achieved. Last year at pwn2own, we won an award for the fastest vendor to patch. But this was not a stunt for a public competition: We always use the event as an opportunity to test and improve our incidence response such that we can be just as fast when real world exploits hit. In October, when researchers found a zero day bug that was exploited in the wild, we also fixed it in less than 24 hours. We have a world class security team that works to ensure the browser is as robust as possible.
On the privacy side, Firefox has blocked trackers, crypto-miners and known fingerprint ers for many years with our so-called Enhanced Tracking Protection. We partition all party cookies by their first party to prevent 3rd-party-cookie tracking (known as Total Cookie Protection). We have also shipped many new fingerprinting protections. We prevent fingerprinting based on custom installed fonts or floating point math in JavaScript. We especially pride ourselves in shipping privacy protections that work with minimal impact on website functionality. Our core tenet is that privacy should be for everyone and the defaults reflect that. If you are OK with site breakage, you can enable way more protections, like the Tor browser does. We share the same code, Tor just enables more privacy settings that are off by default.
Apologies, I just realized that in an effort while revising this post to not mention EasyList and instead focus on tracker blocklists in general, I accidentally stated incorrect information about your tracker blockers. The intent for that section was to specifically mention that you don’t have an EasyList-based tracker blocker enabled by default. – I have just updated the post to clarify this!
As for the time to patch information, thank you very much! I just substantially updated the security section to incorporate your feedback.
I believe that writing about the lay-offs in the security section is rather misleading. I have provided clear evidence that this is unrelated. The piece about advertising is also not correct, as you can do advertising without tracking people.
I appreciate your continued feedback. I have entirely removed the part about lay-offs in the security section.
I believe that the piece about advertising is correct. I have updated the post to link to a news article that includes this quote from Mozilla regarding the acquisition of Anonym: “While there is no denying behavioral advertising is the underlying business model of the web today, it does not mean that it cannot be reformed to minimize its societal harms. With this acquisition, we have made a huge step forward in moving towards that vision”
lol. On the privacy side, Firefox now collects and sends “telemetry” by default and suggests (by default) websites/services that notoriously violate user privacy. It even defaults to using Google as the search engine (wtf!)! Firefox/Mozilla do not actually care about privacy.
Are you trying to prove the point that civil internet discourse is dead or do you want to troll? I don’t think the wtfs and lols help.
Anyhow, as I mentioned earlier, tracking is limited by browser features that go beyond whatever a website is doing. You are free to use whatever you want in Firefox. The core value that we provide is for the mainstream masses, who are indeed using Google services. The point is to meet people where they are and protect them without breaking websites. Yes, this is a compromise. We have a “strict mode” and the name is well justified.
I understand that likely none of the lobsters users need the mainstream compatible level of support and seamless privacy that we offer by default. Just use strict mode.
I will try to find time to reply to comments that reach a certain level of politeness. Not sure if you can.
Your response makes it seem like Mozilla cares, but anyone who has spent 10 seconds with a new install of firefox will see that this isn’t the case.
So, why does the actual product openly use and tout privacy-destroying features and services? There’s a middle ground between “use strict mode” and promoting these services to the masses, but surely you understand that right?
The ‘lol’ and ‘wtf’ are because I feel like your response is bullshitting us. Mozilla gets paid to promote Google services, for example. The links to Facebook and Twitter on the “new page” tab are there for a reason. At some point a real contender to Chromium and Firefox will show up, who do you think the lobsters-like crowd is going to recommend to their non-techie friends/family? The browser from folks who can’t be honest to us, or the one from the world’s largest ad company?
Not everything is black and white. Privacy is not an absolute. I believe you can use popular web services for social inclusion and belonging while still caring about privacy.
I think you and I disagree here and that’s fine. I am a firm believer in healthy discussions. I don’t believe this kind of conflict is best handled online. If we ever meet in person, come talk to me. :) my tour plan is San Diego next week, Toronto early May, Washington early August and Berlin the rest of my time.
It’s unfortunate you didn’t mention Firefox forks. Those are the best solutions usable today IMO.
The Mullvad browser (basically the Tor browser without Tor), and Librewolf are the main ones I know for desktop.
Brave cannot be trusted and IMO should be treated just like Google. They push cryptocurrency on users, have essentially stolen from content creators by replacing ads with ones from their own network, added affiliate codes when navigating to a domain, and more. If you think Mozilla can’t be trusted because it has partnered with ad companies, just knowing Brave is an ad company itself should be convincing enough.
Please don’t give them the opportunity to continue treating users like shit, it’ll only get worse the bigger they become.
Also, the security section is pretty light. It mentions multi-process as a Chrome advantage but Firefox has had that for close to a decade. Besides that there’s no technical comparison at all before crowning Chrome the winner.
For the arguments against Firefox, the Tor browser link is not convincing: Chrome is the most used browser, surely that’s enticing to attackers too.
And for the smaller team argument, you could look at time between exploit and patch for both to have data (I don’t know how they fare TBH).
I appreciate your feedback. I may try to measure public stats to obtain a stronger grounding for security posture analysis in a future revision to this article. I agree that my current security analysis is a bit sparse.
As for why Firefox forks weren’t mentioned (other than the Tor browser call-out): I wanted to keep this limited to the four most popular and widely-supported browsers.
Only contextually targeted advertising can be ethical. Contextual targeting is the practice of customizing content (e.g. ads) to be relevant to the site being viewed as opposed to the determinable characteristics of the person viewing the site.
Why? If its a privacy thing, then the decision on what ad to show can be made on the client side, as Mozilla has done in the past
Thanks for the feedback. I removed the opinion about the ethical considerations of contextual vs targeted advertising to focus more on the abuse potential.
If its a privacy thing, then the decision on what ad to show can be made on the client side, as Mozilla has done in the past
I think that showing ads using behavioral targeting is inherently privacy related as the ad itself may be personalized based on your behaviors.
Whenever this sort of thing comes up, I’m always reminded of Targeted Advertising Considered Harmful which points out that ad blocking went mainstream in response to targeted advertising, despite it having more technical value when more people were on dial-up Internet, and approaches it from a biological signalling theory angle.
Well, first of all we should promote this claim, because contextual advertisement works for sites to which the users return for a purpose, and tracking advertisement works best for clickbait — based on the tracking on the sites to which users go with a purpose, of course.
Second, it also puts more of the direct incentives for client-side complexity (i.e. barrier to having true user agent browsers) on actual-content sites into a clearly-immoral category.
I wish there were more keyboard-browser options. None of these work for me. Hoping the embeddability of Servo leads to a renaissance for niched browsers.
Servo’s goals appear to be an engine and not a browser, unfortunately. While that’s the biggest part it won’t on its own be a replacement for these full browsers.
There is also detailed comparison list of features on privacytests.org, recently tried zen browser (based on Firefox), interesting alternative, looking forward Ladybird project…
I’ve currently switched to Orion, it’s macOS only, which isn’t a big issue to me at the time, but it’s been very nice. It’s based on Safari, supports Chrome and Firefox extensions and has a vertical and horizontal (classic) tab mode.
My only complaint so far is that it isn’t terribly good with many tabs and windows open, there is some jank. Lots of that fixed in the latest version atleast.
This is why I just gave up and used Vivaldi because it has cool features. The stance of “give up on ethics they are all evil” is a stance I deeply oppose in most cases but I think it may be warranted in browsers. I used Brave for a bit, then tried Pale Moon, and now I guess I’ve given up.
I don’t mean for you to take away “give up on ethics they are all evil” as the conclusion. There is promise in the Ladybird Browser Initiative, and I am hopeful to see those efforts mature.
Other than Chrome, all browsers seem to be around the same baseline. They don’t do anything egregious, support most standards, and generally allow users to make their own decisions, which is great, at least for my own personal decision (it sucks for a lot of people who don’t want to fiddle with settings and extensions, though).
I realized just the other day (as I was trying out Arc) that the single biggest factor for me, at this point, is whether the macOS keychain is supported, and only Safari does this AFAIK. If Firefox supported using the keychain for credentials and credit card numbers and such, I would absolutely switch (I already use it at work since those passwords don’t go in my personal keychain and the company uses 1Password).
No mention of Chromium or any of the de-googled Chromiums :( They score better on privacy and still provide reasonable compatibility for day-to-day use.
I’d prefer a light-weight browser that isn’t trying to be the whole OS, but then I’d loose most of the www.
Brave is the most popular Chromium browser after Chrome and Edge iirc. For this article I wanted to focus on a small sample of popular browsers to keep the comparison light. There may be a follow up article in the future that goes into more detail with various Firefox and Chromium forks/skins.
Thank you for writing down your thoughts. I will have to push back on the Firefox bits. :)
We pride ourselves in the security response times we achieved. Last year at pwn2own, we won an award for the fastest vendor to patch. But this was not a stunt for a public competition: We always use the event as an opportunity to test and improve our incidence response such that we can be just as fast when real world exploits hit. In October, when researchers found a zero day bug that was exploited in the wild, we also fixed it in less than 24 hours. We have a world class security team that works to ensure the browser is as robust as possible.
On the privacy side, Firefox has blocked trackers, crypto-miners and known fingerprint ers for many years with our so-called Enhanced Tracking Protection. We partition all party cookies by their first party to prevent 3rd-party-cookie tracking (known as Total Cookie Protection). We have also shipped many new fingerprinting protections. We prevent fingerprinting based on custom installed fonts or floating point math in JavaScript. We especially pride ourselves in shipping privacy protections that work with minimal impact on website functionality. Our core tenet is that privacy should be for everyone and the defaults reflect that. If you are OK with site breakage, you can enable way more protections, like the Tor browser does. We share the same code, Tor just enables more privacy settings that are off by default.
Apologies, I just realized that in an effort while revising this post to not mention EasyList and instead focus on tracker blocklists in general, I accidentally stated incorrect information about your tracker blockers. The intent for that section was to specifically mention that you don’t have an EasyList-based tracker blocker enabled by default. – I have just updated the post to clarify this!
As for the time to patch information, thank you very much! I just substantially updated the security section to incorporate your feedback.
I believe that writing about the lay-offs in the security section is rather misleading. I have provided clear evidence that this is unrelated. The piece about advertising is also not correct, as you can do advertising without tracking people.
This will be my last comment on this thread.
I appreciate your continued feedback. I have entirely removed the part about lay-offs in the security section.
I believe that the piece about advertising is correct. I have updated the post to link to a news article that includes this quote from Mozilla regarding the acquisition of Anonym: “While there is no denying behavioral advertising is the underlying business model of the web today, it does not mean that it cannot be reformed to minimize its societal harms. With this acquisition, we have made a huge step forward in moving towards that vision”
lol. On the privacy side, Firefox now collects and sends “telemetry” by default and suggests (by default) websites/services that notoriously violate user privacy. It even defaults to using Google as the search engine (wtf!)! Firefox/Mozilla do not actually care about privacy.
Are you trying to prove the point that civil internet discourse is dead or do you want to troll? I don’t think the wtfs and lols help.
Anyhow, as I mentioned earlier, tracking is limited by browser features that go beyond whatever a website is doing. You are free to use whatever you want in Firefox. The core value that we provide is for the mainstream masses, who are indeed using Google services. The point is to meet people where they are and protect them without breaking websites. Yes, this is a compromise. We have a “strict mode” and the name is well justified.
I understand that likely none of the lobsters users need the mainstream compatible level of support and seamless privacy that we offer by default. Just use strict mode.
I will try to find time to reply to comments that reach a certain level of politeness. Not sure if you can.
Your response makes it seem like Mozilla cares, but anyone who has spent 10 seconds with a new install of firefox will see that this isn’t the case.
So, why does the actual product openly use and tout privacy-destroying features and services? There’s a middle ground between “use strict mode” and promoting these services to the masses, but surely you understand that right?
The ‘lol’ and ‘wtf’ are because I feel like your response is bullshitting us. Mozilla gets paid to promote Google services, for example. The links to Facebook and Twitter on the “new page” tab are there for a reason. At some point a real contender to Chromium and Firefox will show up, who do you think the lobsters-like crowd is going to recommend to their non-techie friends/family? The browser from folks who can’t be honest to us, or the one from the world’s largest ad company?
Not everything is black and white. Privacy is not an absolute. I believe you can use popular web services for social inclusion and belonging while still caring about privacy.
I think you and I disagree here and that’s fine. I am a firm believer in healthy discussions. I don’t believe this kind of conflict is best handled online. If we ever meet in person, come talk to me. :) my tour plan is San Diego next week, Toronto early May, Washington early August and Berlin the rest of my time.
It’s unfortunate you didn’t mention Firefox forks. Those are the best solutions usable today IMO.
The Mullvad browser (basically the Tor browser without Tor), and Librewolf are the main ones I know for desktop.
Brave cannot be trusted and IMO should be treated just like Google. They push cryptocurrency on users, have essentially stolen from content creators by replacing ads with ones from their own network, added affiliate codes when navigating to a domain, and more. If you think Mozilla can’t be trusted because it has partnered with ad companies, just knowing Brave is an ad company itself should be convincing enough.
Please don’t give them the opportunity to continue treating users like shit, it’ll only get worse the bigger they become.
Also, the security section is pretty light. It mentions multi-process as a Chrome advantage but Firefox has had that for close to a decade. Besides that there’s no technical comparison at all before crowning Chrome the winner.
For the arguments against Firefox, the Tor browser link is not convincing: Chrome is the most used browser, surely that’s enticing to attackers too.
And for the smaller team argument, you could look at time between exploit and patch for both to have data (I don’t know how they fare TBH).
I appreciate your feedback. I may try to measure public stats to obtain a stronger grounding for security posture analysis in a future revision to this article. I agree that my current security analysis is a bit sparse.
As for why Firefox forks weren’t mentioned (other than the Tor browser call-out): I wanted to keep this limited to the four most popular and widely-supported browsers.
Just seems like a list of opinions?
Why? If its a privacy thing, then the decision on what ad to show can be made on the client side, as Mozilla has done in the past
Thanks for the feedback. I removed the opinion about the ethical considerations of contextual vs targeted advertising to focus more on the abuse potential.
I think that showing ads using behavioral targeting is inherently privacy related as the ad itself may be personalized based on your behaviors.
Whenever this sort of thing comes up, I’m always reminded of Targeted Advertising Considered Harmful which points out that ad blocking went mainstream in response to targeted advertising, despite it having more technical value when more people were on dial-up Internet, and approaches it from a biological signalling theory angle.
Well, first of all we should promote this claim, because contextual advertisement works for sites to which the users return for a purpose, and tracking advertisement works best for clickbait — based on the tracking on the sites to which users go with a purpose, of course.
Second, it also puts more of the direct incentives for client-side complexity (i.e. barrier to having true user agent browsers) on actual-content sites into a clearly-immoral category.
I wish there were more keyboard-browser options. None of these work for me. Hoping the embeddability of Servo leads to a renaissance for niched browsers.
Have you looked into https://qutebrowser.org?
Yes that’s what I currently use, and occasionally contribute to!
It would just be nice with more options. I used to use vimb and Luakit but they seem kind of abandoned, and are not working well any more for me.
Guess everyone forgot about Servo…
Servo’s goals appear to be an engine and not a browser, unfortunately. While that’s the biggest part it won’t on its own be a replacement for these full browsers.
People can build browsers that use servo, verso is one example
There is also detailed comparison list of features on privacytests.org, recently tried zen browser (based on Firefox), interesting alternative, looking forward Ladybird project…
Isn’t that site run by a Brave employee? That would be a conflict of interest.
Been using LibreWolf for a year or two and quiet like it, especially after I got used to the clock being in UTC lol
Good to note. I just added “For a technical comparison of browser privacy behaviors, check out PrivacyTests.org.” to the bottom of the privacy section
I’ve currently switched to Orion, it’s macOS only, which isn’t a big issue to me at the time, but it’s been very nice. It’s based on Safari, supports Chrome and Firefox extensions and has a vertical and horizontal (classic) tab mode.
My only complaint so far is that it isn’t terribly good with many tabs and windows open, there is some jank. Lots of that fixed in the latest version atleast.
This is why I just gave up and used Vivaldi because it has cool features. The stance of “give up on ethics they are all evil” is a stance I deeply oppose in most cases but I think it may be warranted in browsers. I used Brave for a bit, then tried Pale Moon, and now I guess I’ve given up.
I don’t mean for you to take away “give up on ethics they are all evil” as the conclusion. There is promise in the Ladybird Browser Initiative, and I am hopeful to see those efforts mature.
Other than Chrome, all browsers seem to be around the same baseline. They don’t do anything egregious, support most standards, and generally allow users to make their own decisions, which is great, at least for my own personal decision (it sucks for a lot of people who don’t want to fiddle with settings and extensions, though).
I realized just the other day (as I was trying out Arc) that the single biggest factor for me, at this point, is whether the macOS keychain is supported, and only Safari does this AFAIK. If Firefox supported using the keychain for credentials and credit card numbers and such, I would absolutely switch (I already use it at work since those passwords don’t go in my personal keychain and the company uses 1Password).
No mention of Chromium or any of the de-googled Chromiums :( They score better on privacy and still provide reasonable compatibility for day-to-day use.
I’d prefer a light-weight browser that isn’t trying to be the whole OS, but then I’d loose most of the www.
Brave is the most popular Chromium browser after Chrome and Edge iirc. For this article I wanted to focus on a small sample of popular browsers to keep the comparison light. There may be a follow up article in the future that goes into more detail with various Firefox and Chromium forks/skins.