1. 43
  1. 22

    This is so sad.

    A lot of the work Mozilla is doing on Firefox is great on a technical level. Each release brings new useful features, better performance, etc. However, their policies seem to be all over the place. All their messaging is about putting the user in control, while most of their decisions gradually takes control away from “regular users” to protect them from themselves. They talk a lot about putting users’ privacy first, but the very first thing a fresh Firefox install will do is to send telemetry to Google. They even acquired Pocket promising to open-source it many years ago, and then went silent on the topic.

    Firefox is obviously way better than Chrome on most or all of these topics, and Firefox (and Safari, assuming it won’t go the way of Edge) is our best chance against a completely Google-controlled web, but I don’t understand why Mozilla makes these decisions.

    1. 7

      They talk a lot about putting users’ privacy first, but the very first thing a fresh Firefox install will do is to send telemetry to Google.

      Re: why, I believe this was an honest mistake, unless you are talking about some other incidents I am not aware of. Once pointed out, it was quickly fixed.

      1. 1

        I think they make these decisions because almost all of their income is direct from Google, via their search integration, that they sell. Mozilla desperately wants to have a more diverse income stream, they just haven’t figured out how yet. So far none of their experiments for more diverse $$$’s have worked out very well.

      2. 20

        OK, that’s deeply upsetting. Mozilla has no moral basis on which to reach out and block extensions that people have intentionally side-loaded.

        (Yes, there’s a workaround of editing the extension, which is just a zip file, and changing a few letters in the UUID down at the bottom of the manifest.json…)

        1. 21

          They seem to be doing an impressive job of failing to reach out to non-technical users while simultaneously screwing over their evangelical technical userbase. Chrome has a monopoly over non-technical Windows (and many Mac) users; there’s nothing encouraging them to switch other than technical friends and relatives. And if they keep doing hostile things to the early adopters, we’re probably not going to want to share it.

          I discussed the Pocket advertising for new users previously, which further makes new users unable to see the supposed “privacy” and “freedom” benefits. (”[$RELATIVE] said that using Firefox would let me use an adblocker that worked better. Why does it put ads on the new tab page then?”)

          I continue to use it out of principle, and because Chrome is doing things that are hostile to all users, but Mozilla’s shooting themselves in the foot here.

          Edit: I should also add that they are desperately in need of a diversification of income away from Google—given that their marketing plays against their primary source of income, it can’t be long until Google wants to cut them off. They’re fighting a losing battle on multiple frontiers, but they’ve mostly bounced back from previous PR scandals (Mr. Robot, anyone?) and have made Firefox a much more competitive product recently with the multi-process architecture.

          I hate to see good technology ruined by poor decision-making.

          1. 2

            Agreed.

            Wouldn’t be surprised if Mozilla’s decision makers’ next job would be at Google. Google is probably pretty grateful considering how much market share they handed them.

        2. 4

          My first thought was that maybe the extension was breaking Google’s terms of service or violated copyright by bundling Microsoft’s library, but it doesn’t seem so.

          I don’t understand Mozilla’s actions here. Why so zealously enforce the policy? The extension is like a single-purpose Tampermonkey, and it only loads official Google/Microsoft libraries via <script>. It doesn’t even load dynamically any code controlled by the extension’s author, so there’s no risk of abuse here.

          1. 3

            If you keep up with other news about Firefox, this shouldn’t be surprising – they’ve been tightening up the add-ons ecosystem, both AMO and “side-loaded”, for a while. And while it’s tempting to make exceptions for a “good” add-on like this one, personally I think that A) it doesn’t scale as a policy, and B) it’s still too much of a risk given how many add-ons/extensions for various browsers have started out “good” and then ended up in the hands of people who did not-so-good things with the large installed base of trusting users they inherited.

            Also, Mozilla is known to be working on in-browser translation features, though with a different approach – they want to do it fully client-side without sending everything you translate through Google/Microsoft.

            1. 11

              Side-loading is the escape hatch that puts the user in control. It’s true that Mozilla has to fight toxic extension and it’s a big problem for them. This is the curation that you get on addons.mozilla.org. But side-loading is crucial too, it allows disagreement and to cater for minorities. Otherwise Firefox is just yet another walled-garden product like iPhone and Google Chrome.

            2. 1

              It’s basically impossible to ‘use judgement’ at scale while remaining cost-competitive with the other browsers.

            3. 2

              This all can only happen because the web got used to monolithic all-inclusive, batteries-included browsers in the 90s.

              They need to be broken up in components, so that one could pick the bookmarks database, a caching solution, a VPN/proxy solution, a webclient/downloard (or choose to omit these components for certain use cases). Web- and content blocking could well be done in a proxy => no conflict of interest like in the current browsers oligopoly Translation could well be done in a proxy, Mozilla would not have leverage to interfere.

              I’ve lately gotten fed up with Mozilla mostly due to the imperative take on DoH.

              Maybe donate some money to the next browser guys?

              1. 8

                What technologies are you envisioning as enabling an alternate universe where such components are composable in a useful way? Keeping in mind that not even operating systems have figured this out after 30 years: we barely have working shells.

                1. 2

                  Sorry for the late answer, I’m offline in lots of waiting rooms at the moment.

                  I want to ask counter questions:

                  • Why are there only two major browsers left? Because “browser” is a huge all-inclusive behemoth. It need to be broken in smaller components (or modules or parts), making it more comprehensible, hackable, changeable, and rightsizesable.
                  • Why is hacking browsers so unattractive to many people? Because of the hard learning curve: even IF you managed to wrap your head around one browser and changed or extended its function, even then you archieved it only in one browser, changing N browsers is N-fold the amount of work.

                  Bookmarks IMO are one thing that does not belong to the application but to the user - it is HIS data. Why should a User have to implant N extensions in N browsers only to be able to export/import/move his bookmarks colletion?

                  Many users chose to rent something like del.icio.us or pinboard, just to have everything in one place.

                  If you were to extend a bookmark manager to possibly regularly ping the URLs, cache sites for offline use, go the zotero route, save HARs or WARs of bookmarked resources or just implement a way better search, you have to do so for each and every browser (and maybe buy even other platforms, because Safaris does not run on BSD or Linux, IE11 does not run on Linux…)

                  Same goes for caching, and cache cleaning. Why does it have to implemented in each and every browser, why does it have to be deleted in each and every browser? A “local disk cache server” could even store google fonts and all mayor frameworks and CDNs for offline use, blocking off requests to the originals and REFERER: leaks.

                  Same goes for browsing history - it’s the users history, not the users history in IE, not the users history in (Chrom(e|ium)|Opera), not the users history in FF. There should be ONE place to look it up and to delete it.

                  Same goes for adblocking, and adblocking rulesets.

                  It is alway a massive vendor-lock-in of a users data in a product.

                  For the interfaces I can only recommend reading Apollo program documentaries.They worked without fixed, predefined interfaces, but were flexible to change it if there was need to change. And it worked out for the project.

                  If for example you had your DOM (and react’s shadow DOM) in a headless browser, and your browser tab was only a “copy-of-DOM-renderer”, you could archive fantastic things:

                  • the DOM in the headless browser could run without adblocker, all of the dandruff fully loaded => all of the “pleeze switch off adblock for our domain” dialogs and blockings are gone. You would nevertheless not see any of it, because YOUR adblocker would run during copying the DOM to your renderer - you get the “improved” copy.
                  • during the same step you could also implement translating the text, as well as OCR on the “[EXIT]”- Button-GIFs and other texts in images.
                  • if you are really good in AI, your DOM-copying middleware could implement an “almost shopper”: automatically clicking on banners, browsing ads, adding things to shopping carts - and never buy them, but reload them every 10 min, the best corporate honey pot possible. Placing ads in the web would be prohibitively expensive for THEM if every browser would do so.
                  1. 1

                    Why are there only two major browsers left? Because “browser” is a huge all-inclusive behemoth. It need to be broken in smaller components

                    Sounds great, but it’s meaningless: everything would be better if everything were just magically better. What you are proposing will add engineering cost to an already complex endeavor, without adequate motivation.

                    My question was: what technologies and methods do you propose. Your “counter questions” only reframe the original premise.

                    Why is hacking browsers so unattractive to many people? Because of the hard learning curve

                    I’m certain that everyone wants their own projects to be well-architected so that humans can reason about them. Anything else is counterproductive, for all parties. There is zero doubt in my mind that everyone working on every software project wants the project to be simpler and better architected.

                    Typically that is defeated by the need to use existing/legacy work. For a radically different approach, see urbit which throws out everything and starts fresh.

                    If you were to extend a bookmark manager …

                    Why would you need a browser for that at all?

                    It is alway a massive vendor-lock-in of a users data in a product.

                    People should not use “lock in” to mean “inconvenient”. There is absolutely no lock-in if you have access to your data. “Lock in” refers to cases where you can’t get your data.

                    If for example you had your DOM (and react’s shadow DOM) in a headless browser, and your browser tab was only a “copy-of-DOM-renderer”, you could archive fantastic things:

                    Headless support exists and is actively improving, because it’s crucial for testing/automation/accessibility. Example: https://chromium.googlesource.com/chromium/src/+/lkgr/headless/README.md

                    The ad-blocker idea is interesting, but will be complicated regardless of the current “browser monopoly”.

                    It’s insane that we have pervasive open source in 2019, yet people find a way to call it a “monopoly” or “lock in” or other hyperbole. This is a better future than we could ever have hoped for in the 90s, when the fate of OSS was not so obvious.

                2. 1

                  What do you envision the benefits being of having a separate bookmarks database (for example) as opposed to just making the browser’s built-in one more configurable somehow? I share @jmk’s concern that that kind of architecture would make everything a little bit slower, with 95% of users not getting any kind of benefit to offset that slowness.

                  I’m also not sure how you could do content blocking as well in a proxy as you can with something like uBlock Origin. That extension lets me block certain elements on certain pages, and it lets me whitelist content from cdn.com when it’s requested from example1.com but not when it’s requested from example2.com. Even if you were able to get all this kind of logic in a proxy, what would the UI look like for the user to configure it? I’m guessing you would want that UI to be in the browser, right?

                  1. 1

                    Sorry for the late answer, I’m offline in lots of waiting rooms at the moment. I gave my answers in the reply to jmk, please read there (and forgive spelling errors, I’m not used to write in bed).

                3. 1

                  Not an ideal work around I agree, but entirely missing from the OP’s description of viable vs. not-viable solutions is using a userscript for this. As far as I know this would be easy to setup via a userscript instead of an addon in a way that would not violate the current policy nor be more than a minor inconvenience for users to enable.

                  1. 1

                    That’s the second translation extension which I use that was “attacked” by Mozilla. The other one was S3.Translator after a request to collect statistics of use.

                    1. 3

                      That’s removal from addons.mozilla.org. Is S3.Translator also blocked for side-loading?

                        1. 3

                          FWIW we have been delisted (wiped from the face of the AMO, automatic updates disabled, but people can install/still use the extension) rather than blocked (forcibly disabled on every users’ machine).

                          1. 2

                            Jesus. If Mozilla prevents me from using tridactyl, then it’s likely that I move back to Chrome. Thank you for dealing with it. It sure looks frustrating.