1. 117
  1. 36

    The core problem is the only entities currently paying for web browser development have mixed motives. The EU should just buy out Mozilla and make Firefox into the browser for the people instead of waiting around for Google to stop breaking their laws.

    1. 12

      No thanks, I’ve had enough cookie popups for one day.

      1. 55

        The GDPR is specific about cookie banners not being obtrusive, and that rejecting tracking is as easy as accepting.

        The only compliant banner I regularly see is from gov.uk, and I find it doesn’t annoy me at all.

        The popups are as obnoxious as possible to make us hate the GDPR. Can’t we oppose the tracking instead of the law telling us when it’s happening?

        1. 8

          And of course the core thing is you don’t need the cookie popups if you’re not doing random tracking of people!

          Every cookie popup is an announcement that the site has some automated trackers set up. If you are just using cookies for things like handling sessions you do not need the cookies.

          1. 8

            Absolutely. The options are either make your tracking opt-in through genuinely informed consent, or don’t track at all.

            Companies found the secret third option, which is just ignore the law and dark pattern your users into agreeing to anything.

            Banners say things like “we need cookies for this site to work” and pretend they need your permission to use them. Ironically they only need permission for the cookies that aren’t essential to make the site work.

            Hiding things away under “legitimate interest” makes things even more confusing. Are the other things illegitimate interests?

            1. 2

              Can someone explain to me what “legitimate interest” actually means?

            2. 2

              …you do not need the cookies.

              Do you mean the cookies or the popups? I’m not familiar with how the GDPR treats non-cookie based things like JWT in local storage and sent with every request.

              1. 2

                The same. You require consent to store any data on user computer. However it do not require some “essential” cookies - for example cookie with preferences for dark/light theme do not require consent if it is direct action on website, cookie containing session ID do not require consent, etc. That applies for local cookies only though.

          2. 11

            Same. I really wish companies would stop choosing to add them to their websites.

            1. 4

              If you already block tracking by any mean, you can get rid of those banners using something like https://addons.mozilla.org/en-GB/firefox/addon/i-dont-care-about-cookies/.

              1. 3

                Yeah, the EU’s heart was in the right place, but implementation has been a disaster. It’s like passing a law that murder is okay as long you say “I am going to murder you” as you take out the knife.

                1. 27

                  What the EU did was basically passing a law that makes murder illegal. Companies/Murderers just ignore it and go around saying “anyone that doesn’t want to be murdered please answer by saying your name within of the next millisecond. Guess no one answered, so you’ve just consented to murder!”

                  GDPR explicitly bans all the annoying dark patterns of cookie banners. A GDPR-compliant cookie banner would ask you once whether you consent to tracking. It’d have one huge no button (but no easily accessible yes button). If you ever click no, it’d have to remember as long as possible and close itself immediately. If you click yes, you’d have to go through a handful of options to specifically choose which tracking methods to allow.

                  1. 10

                    So, basically the polar opposite of many cookie popups today, which have a big “I ACCEPT” button and a “More options” button that you have to click to manually turn off all tracking…

                  2. 3

                    Except large Internet companies are much more powerful and accountable to public pressure than murderers, so they should face at least as much public scorn as the lawmakers.

                    1. 2

                      There’s a saying, that road to hell is paved with good intentions.

                      That often means that if someone’s is not sure how to help, then proceeding with helping can create more problems than resolve anything.

                      1. 2

                        That’s better than having no law against murder. Then we can move away from all the people saying “I am going to murder you.”

                      2. 2

                        Umm… we’ve just today decided to instruct Matomo not to use cookies rather then implement cookie banner for our new Wagtail-based websites. I think it’s working?

                        1. 1

                          Cookie popups on websites linked to by Google?

                        2. 9

                          What’s to buy? It’s open source. They can contribute to it or fork it if Mozilla Corp doesn’t like their changes.

                          1. 21

                            The Mozilla organization, including the expertise necessary to develop and maintain Firefox. It would probably cost more to build an independent organization capable of doing the same thing.

                            1. 3

                              Which Mozilla organization? The non-profit Mozilla Foundation or the for-profit Mozilla Corporation?

                              1. 7

                                I’m not sure, what do you think?

                                1. 5

                                  The Mozilla Corporation is owned in its entirety by the Mozilla Foundation. Even if somehow the Foundation were convinced to sell the Corporation, the Foundation is the one that owns the key intellectual property and is the actual steward of the things people think of as “Mozilla”. The Corporation’s purpose is to be an entity that pays taxes and thus can have types of revenue and business deals that are forbidden to a non-profit.

                                  1. 1

                                    The employees who work on Firefox and everything that encompasses work for the Corporation. It has more of a purpose than “taxes”.

                                    1. 3

                                      I am a former employee of the Mozilla Corporation, so I am aware of what the MoCo employees do.

                                      1. 1

                                        MoCo gets all of the revenue that’s generated by Firefox and employs most of the developers. All but one of the members of the Firefox Technical Leadership team work for Mozilla Corp - the one that doesn’t did until relatively recently: https://wiki.mozilla.org/Modules/Firefox_Technical_Leadership

                                        While the Foundation technically owns the IP the Corporation controls the direction of the product and collects all of the revenue generated by the work of both their employees and contributions from the community.

                              2. 9

                                Declare Firefox a public infrastructure and fund Mozilla or another entity to upkeep and enhance that infrastructure.

                            2. 27

                              When I saw this elsewhere, it was revealed (or at least discussed) that this was not actually created by Scott McCloud, though there is (IMO) a high risk of it being misconstrued that way. The PDF version has the name “Leah Elliot” on it, who is presumably the real author of this work.

                              1. 19

                                Yeah, it’s definitely confusingly presented. I appreciate the way the original Scott McCloud comic has been remixed is clever, but it wasn’t obvious for a few pages that this wasn’t a new comic from McCloud and Google.

                                1. 30

                                  I was totally misled. I thought he had come back around and revisited his earlier work with regret.

                                  1. 4


                                    1. 2

                                      Same. A very well-done remix…

                                2. 14

                                  This is amazing.

                                  The dark pattern around auto browser sign in and auto sync is something everyone needs to be aware of. I have known about it for years but I use Chromium on Linux (when I’m not using Firefox), which makes it less bad. (Or maybe I somehow disabled it.)

                                  I forget what the experience is like for everyone else, and I’m pretty sure all of our friends and family are “falling for it”.

                                  I feel like this will be part of some future lawsuit. If it hasn’t already, it should be. You could call it a kind of “manufactured consent”

                                  1. 11

                                    People get the browsers they deserve.

                                    We’d see more competition in this space, but developers have voted with their feet every time Google or whoever implements a feature and dangles it out. Developers wanted a more complex web and more complicated services–well guess what that means for browser complexity? Webshits played themselves. Don’t complain about browser monocultures enabling spying at the same time you support endless feature creep and evergreen standards.

                                    We’d see better privacy, but consumers flocked to hand over their digital everything to anybody willing to dangle a blinking cat picture or whatever in their face. People who don’t take responsibility for behaviors that, by construction, undermine their freedom and privacy shouldn’t act surprised when they lose either.

                                    1. 8

                                      The domination of Chrome came way before “stuff only works in Chrome” things started becoming the norm. Chrome got popular cuz it was super fast and had a smooth UI.

                                      I do understand that an expensive-to-implement standard plays into the lock-in effect… I do think it’s not super cut and dry, though. Flash existed, plugins existed… maybe the web shouldn’t have any of those either, but lots of people wanted them. And I’m honestly glad I don’t have to download “the netflix application”.

                                      I don’t know how you square the circle of “people want to use interactive applications in a low friction way” with “we should not make web browsers turing machines” , without the gaps being filled by stuff that could be worse. I don’t have a good solution though

                                      1. 6

                                        Do you really think developer preferences played a large role in Chrome’s dominance of the market? Seems to me that Google created their market share through PR and advertising, especially on their own sites, and from their control of the default apps on Android.

                                        1. 4

                                          This is where the glib “nobody actually cares about privacy” rejoinder comes from. When it comes down to it, consumers don’t actually seem to care about privacy. I don’t know if it’s an education thing (“hey look your personal data is being sold to target ads to you”) or maybe people really don’t care and it’s odd folks like us that do. These days I genuinely believe that data privacy is a niche interest and the average user doesn’t care as long as they can connect with their friends and loved ones.

                                          At the very least GDPR style disclosures of what data is being collected can help folks who are willing understand what data they are giving up.

                                          1. 12

                                            This comic tried to address it near the end but I think the big problem is that most consumers don’t really understand what it means to lose something as nebulous as ‘privacy’. If you asked if they want a webcam in their bedroom streaming data to Google / Amazon / Facebook, that’s one thing, but having one of these companies track everything that you do on the web? It’s much harder to understand why that’s bad. As the comic explains, the real harm comes from aggregation and correlation signals. Even then, most of the harm isn’t done directly to the individual who is giving up their privacy.

                                            Bruce Schneier had a nice example attack. If people see ‘I have voted’ badges on their friends social media things, then they are around 5-10% more likely to vote. If you track browsing habits, especially which news sites people visit, then you can get a very good estimate of someone’s voting intention. You can easily correlate that with other signals to get address. In a constituency with a fairly narrow margin (a lot of them in states with effectively two-party systems) then you can identify the people most likely to vote for candidates A and B. If you hide ‘I’ve voted’ badges from the social media UIs for people who lean towards B and show them for people who lean towards A then you have a very good chance of swinging the election.

                                            That said, the fact that a person using Chrome / Facebook / WhatsApp / whatever is giving that company a hundred-millionth of the power that they need to control the government in their country is probably not a compelling reason for most people to switch. Individually, it doesn’t make much of a difference whether you use these services or not.

                                            Unless you’re a member of a minority, of course. Then you have to worry about things like the pizza-voucher attack (demonstrated a few years ago, you can place an ad with Google targeting gay 20-somethings in a particular demographic with a voucher that they can claim for discounted pizza delivery. Now you have the names and addresses of a bunch of victims for your next hate crime spree).

                                            1. 9

                                              I think the 2 main reasons people don’t care about privacy are that

                                              • it simply doesn’t make a huge difference in their lives whether their right to privacy is respected or not. Most people simply have bigger fish to fry and don’t have the cycles to spare on things that may be bad but aren’t actively causing them harm.
                                              • technology companies like Google, Meta, etc. have done a great job of presenting their software as “free”. I think most people think of signing up for Gmail or Instagram like they would getting a driver’s license or library card; they’re just signing up for some public service. These companies do the most to avoid framing this for what it is: an exchange of value, just like any other. You’re paying with your data, and you’re getting access to their service in exchange for that data. As long as using “free” software isn’t understood by consumers as a value exchange, they will never demand protection of their right to privacy and data dignity.

                                              As someone who works in the data privacy and governance space, it’s encouraging to see growing awareness of these issues at the consumer and government regulation level. Hopefully with enough movement from the government and private sector, we can keep fighting “Big Tech’s” deceptive narratives around data and their software.

                                          2. 8

                                            I feel like it’s my obligatory “use Vivaldi” comment. The core functionality of Chromium is really great from a technical perspective. What you don’t want is all the “google phone home” nonsense. So just don’t use it. Vivaldi comes with ads/trackers blockers built-in.

                                            1. 7

                                              Ungoogled Chromium is a much better choice for addressing the concerns expressed in the webcomic.

                                              1. 0

                                                I don’t really think a cryptocurrency scam is the answer here tbh.

                                                1. 15

                                                  I don’t use Vivaldi, but I think you may be thinking of Brave?

                                                  1. 9

                                                    Ah sorry, I usually see people shilling for Brave in these kinds of discussions, so I mixed them up.

                                                    I really don’t think a cryptocurrency scam closed-source proprietary browser is the answer here tbh.

                                                    1. 3

                                                      Chrome and Firefox are open-source on paper only. You have no say in how they’re developed unless you work for a trillion dollar advertising company, can’t contribute code unless it’s your full time job, and can’t ever hope to audit even a tiny fraction of the tens of millions of lines of code even if it’s your full time job.

                                                      1. 2

                                                        Can’t comment on Chrome, but for Firefox I can personally tell you that is not true. I scratched my own itch in the developer tools when I was in high school. Was it easy? No. Was it impossibly difficult? Also no.

                                                        (In fairness though this was easier with the developer tools than with, say, Gecko core.)

                                                      2. 3

                                                        Their explanation of why their UI is not open source. To be perfectly honest, though, you’re clearly not coming from a place of honest exploration or debate.

                                                        1. 14

                                                          I’m coming from a place of dismissing closed-source browsers. I don’t think that’s unwarranted. We have really good open-source browsers.

                                                          When the concern is that Chrome is phoning home and invading your privacy, it seems absolutely bonkers to me to suggest that switching to another closed-source browser is the solution.

                                                        2. 1

                                                          At this point you seem to have an axe to grind. We get it. FOSS is good and crypto is bad here on Lobsters.

                                                          1. 1

                                                            Serious question: aren’t cryptocurrencies subjectively bad? Some waste energy, some things don’t work, a lot of things are scams., the main use is for illegal trades. Is there something amazing somewhere that I am missing?

                                                            1. 3

                                                              We’re going far off-topic from the OP so I don’t think there’s value in starting that discussion here. If you’d like to discuss the topic, I’m always open to DMs discussing stuff, though I get busy and may take time to respond.

                                                      3. 3

                                                        There is nothing crypto-related with Vivaldi. It’s just a browser.

                                                    2. 4

                                                      Why <title></title>? Just sloppiness or does it have some special meaning?

                                                      (this is not the first modern web page where I see missing title)

                                                      1. 2

                                                        What does it mean that when I post this to linkedin, it says that a preview cannot be viewed and the link ends up being “https://www.linkedin.com/redir/general-malware-page?url=https%3A%2F%2Fcontrachrome%2ecom%2F”?

                                                        1. 6

                                                          Sounds like this is related to these comments on that other site: https://news.ycombinator.com/item?id=31040838#31041937

                                                          Here are both comments, for your convenience:

                                                          This site is currently blocked by FortiGuard under the category “Spam URLs”, making it unavailable to some percentage of users on their work devices.

                                                          The domain seems to have been picked up as a false positive for spam/malware in places. They were blocked by Quad9 too due to one of their underlying data sources (I forget which), but they were unblocked after I submitted a false positive report.