1. 13

    One thing is a discussion whether “self-hosting on a VPS is good enough” and then there’s trying to redefine a term that’s been nearly unequivocally used for quite a while - and I don’t think this is a useful discussion. No matter how purist, this ship has sailed, please don’t fight windmlls.

    That said, I also disagree with the original hot take.

    If you don’t trust the hoster’s admins to not somehow remote into your xen instance… surprise, they can open your cabinet and plug an USB drive in. If you rent a physical server it may have a serial attached.

    Where do you draw the line? I don’t claim to be right, but I do think I am not a lot more secure by renting a server at the same hoster versus renting a VPS there.

    So unless you glue all your ports shut and deliver your case with case intrusion on or maybe run your own cabinet (and even then someone might break in).. then I might concede the point.

    Also sure, my self-hosted services at home are better secured from physical access. but also a lot less reliably hosted. No USV, no multihoming, no DC-grade networking equipment. Also 24h disconnects are kinda the norm here, so there’s always 1-5min downtime every day. Everything else besides physical access control is worse. So I’d gladly trade that for the VPS and call it self-hosting.

    1. 4

      With the disclaimer that I’m not personally particularly worried about having a VPS subverted, the threat model is a little different from a physical box. With a physical box, the colo facility can get into it.

      With a VPS, the colo facility can get into it, the hypervisor admins can get into it (often these are the same people as the colo facility, but not always), anyone who finds a privilege escalation bug in the hypervisor can get into it and anyone who breaks into the hypervisor admins’ system for administering the boxes can get into it. Historically, hypervisors have had privilege escalation bugs found in them - didn’t Xen have a lot of bugs related to random stuff like the emulated floppy drivers? And IIRC there was at least one high-profile incident in the news where Linode got broken into by people who used that access to break into VPSes belonging to Linode’s customers.

      edit: to be clear, I don’t consider “subverted by the company I’m paying to host the box” to be something worth worrying about (because they’ll promptly lose all customers and go bankrupt if they do that). I don’t really care about splitting the “does this really count as self-hosted?” hairs. I’m just pointing out that, if you’re paranoid, you may care about the fact that a VPS typically has a couple more layers of stuff which could have security holes in them that give away access to your box by accident.

      1. 2

        You’re absolutely right, I had forgotten about “people on the same physical host who could find their way in through the hypervisor” - but as I said, my main point is that “self-hosting” isn’t 100% about security.

        1. 2

          Physical server providers often use integrated management systems like Dell’s ILO. Those can and do have privilege escalation bugs in them too. :-3

          1. 1

            Now those things genuinely terrify me. It seems most likely that the firmware on all of them is written the same kind of abject negligence normally found in IoT gadget manufacturers or home router vendors.

        2. 2

          Also, there’s always the practical security aspect of opening up your home network to the rest of the world. I’m not too concerned if my VPS gets owned, but I’d be a lot more worried if my home server got owned

        1. 1

          There’s also https://webring.xxiivv.com/#random, though it seems to be targeted towards creative sites.

          1. 1

            speaking of ‘targeted towards creative sites’ - there’s also the classic http://jodi.org

          1. 2

            Pi-hole to the rescue. Outmanoeuvre that Google!

            Also, part of me believe that things like this will actually, eventually, contribute to ending the reign of Google Chrome.

            1. 10

              Outmanoeuvre that Google!

              I believe youtube is able to sidestep host-based solutions because they serve ads from their own domain. also there’s crazy hacks like sending ads over a websocket connection, which ublock somehow is able to defeat

              1. 4

                Resolverless DNS will evade this as the DNS records for 3rd party page assets will be shipped in the HTTP headers.

                Starting to wonder how long before this happens… and when the outrage from security folks will make news. I guess since they didn’t care about the consequences of DoH they won’t care about this either.

                1. 1

                  DoH, which I admit does have actual privacy benefits, also happens to help work around the ad-blocker problem for Google.

                1. 2

                  The new big trend in tech, dark mode

                  How is this new? Haven’t dark themes been a thing for over 20-30 years?

                  1. 3

                    It doesn’t have to be a new thing to be a new trend. Fashion is famously cyclic too.

                    1. 1

                      That’s plausible. I don’t see it as a trend, rather something that the tech overlords have permitted their users to enable, but if you re-interpret this as a kind of “fashion”-thing, it kind of makes sense?

                      1. 2

                        FWIW I think tech is so trend driven it hurts.

                    2. 2

                      Slack and iOS offering it apparently make it “new”

                      1. 1

                        Yeah but you used to have to mess around with widget styles or custom CSS overrides. IOS and android now have a switch that changes styling for all system apps.

                        1. 1

                          I was just saying that the concept doesn’t seem new. Especially on platforms with themes.

                      1. 1
                        1. portable USB hard disk at home
                        2. portable USB hard disk at my workplace, updated monthly-ish
                        3. backups to B2

                        the most important thing I back up is my personal photos, so zipping up each album and throwing them onto a drive is good enough for me.

                        1. 19

                          This seems to break my browser’s back button.

                          1. 6
                            1. 2

                              Yeah, not quite functional.

                              1. 1

                                Yeah this is pretty poor experience, combined with the lack of scroll control (i.e. you can’t scroll to navigate) it’s pretty much unusable IMO.

                              1. 7

                                Self-promotion for fundraising, flagged. Cool project though!

                                1. 4

                                  Why is this any different then people self promoting their blog articles (which they do all the time here). In 99% of cases It ultimateivelly is about end effect, which is money.

                                  1. 4

                                    I highly dispute the 99% numbers. How do you even get this idea? There are so many blogs that don’t have ads, are not trying to promote their authors, etc.pp.

                                    1. 0

                                      Self promotion, not ads - its about better prospects on future jobs by building and influencing community around the stuff you do.

                                      So 99% is from head, but I am sure its even higher. Or you tell me you know bunch of people, who write great technical blogs just for the sake of researching particular topic, are stuffed for life (rich family) or despise materialism and live in a barrel like 1 dude ever, and do it anonymously because they dont need any attention …

                                      1. 12

                                        Or you tell me you know bunch of people, who write great technical blogs just for the sake of researching particular topic, are stuffed for life (rich family) or despise materialism and live in a barrel like 1 dude ever, and do it anonymously because they dont need any attention …

                                        This seems to be an overly cynical perspective. I write blog posts because I want to share my knowledge or some other information with the world, and I’m sure I’m not alone.

                                  2. 3

                                    Thanks!

                                    1. 4

                                      Something on the tagging: note that tags on lobsters are block-if-any.

                                      So, if you have a diehard emacs user that is filtering vim, they won’t see this, nor will a vim user filtering emacs, or anybody filtering web (which is usually kind of a broad tag). So, a smaller supporting set of tags is usually going to help you.

                                      1. 5

                                        That actually defeats the purpose of tags and looks more like categories.

                                        The said problem is internal software thing.

                                        In any case, about that dude filtering out emacs - I could totally live with that :)

                                        1. 2

                                          Thanks, didn’t know that!

                                    1. 3

                                      In retrospect it’s kind of amazing how quickly we moved from an Internet with no “like” counts (the golden age of blogging) to an Internet where it’s very difficult to find any community where “like” counts or upvotes are not a core part of the system. Even indie sites like Lobste.rs or Metafilter that eschew a lot of the apparatus of the modern Internet incorporate this very quantitative approach to community and social interaction.

                                      1. 2

                                        Yes. The quieter, less-evaluative Internet was hijacked by one of addictive narcissism.

                                        1. 2

                                          After writing my earlier comment I realized that there is one type of online community I participate in that is completely free of likes/voting/ranking/quantitative anything: mailing lists.

                                          It’s probably not a coincidence that I love mailing lists, while people whose Internet experience started even a few years later than mine did seem to really, really hate them. I wonder if there is a real generational (or internet-generational) divide here, or if I’m just an outlier.

                                          1. 2

                                            It’s probably not a coincidence that I love mailing lists, while people whose Internet experience started even a few years later than mine did seem to really, really hate them. I wonder if there is a real generational (or internet- generational) divide here, or if I’m just an outlier.

                                            As a guy who first acquired an ISP in 1993, I can honestly say that I generally dislike mailing lists (like most people, I guess). I always think of them as a poor-man’s usenet, I would much rather just hop on tin(1) and read the latest posts in my subscribed groups.

                                            Having said that, I am a member of some mailing lists that I genuinely enjoy. Though they are the exception, not the rule…

                                          2. 1

                                            It would be interesting to see an implementation of an upvote button that didn’t display the count to the users. You still get the “community” aspect of it, without the narcissistic side.

                                            1. 1

                                              HN does this.

                                              1. 2

                                                Right! For the comments. They still show the points for each story, which I think makes sense (or does it…?)

                                            2. 1

                                              Back then we had guestbooks and hit counters to provide the tingle of popularity that is oh so addictive.

                                              I remember when I first added commenting to my blog and getting ten or so meaningfull comments within the first week of publishing a new post was a thrill to see; those were different to likes though, because they were actual meaningful interactions that often spawned discussion.

                                            1. 2

                                              I think that’s a reasonable rational and I wonder if DoH is going to end up being OS supported at some point.

                                              1. 4

                                                Absolutely not! Why the hell would you want to centralise something that was decentralised since before Al Gore invented the internet?

                                                1. 5

                                                  What? How would providing a DoH at an OS level centralize anything more than providing dns over tcp?

                                                  Edit: It occurs to me that perhaps you thought I meant dns over https (DoH) as is implemented by firefox, ie with cloudflare being the defacto resolver. What I meant was that I wonder if DoH might come to be provided as a an alternative to or super set of normal OS DNS support with some sort of resolver discovery.

                                                  1. 2

                                                    Maybe cnst is talking about CAs.

                                                    1. 1

                                                      DoH/DoT don’t inherently require CAs. The OS could offer an interface like “set IP address and expected certificate in resolv.conf”, for example. (but, IMO, concerns about CAs are silly. Everything in userspace WILL use CAs, why would an OS take a hard stance against CAs?)

                                                2. 2

                                                  I’m still not convinced that we need DoH in the OS. What does DoH gives us that DoT doesn’t?

                                                  1. -1

                                                    What does DoH gives us that DoT doesn’t?

                                                    Transport encryption.

                                                    1. 3

                                                      What does the T in dot stand for?

                                                      1. 1

                                                        TCP

                                                        1. 6

                                                          No, it’s TLS.

                                                          1. 1

                                                            Is it? My bad.

                                                              1. 2

                                                                Conventional DNS is a UDP protocol ;)

                                                                1. 5

                                                                  Primarily UDP, but TCP if the response it too large and EDNS is not supported; also for zone transfers.

                                                  1. 7

                                                    The important thing is to show the player the AI. There’s no point having sophisticated AI that the player doesn’t notice.

                                                    This is so true. And there’s also an opposite effect: players may interpret random events and coincidences as AI being clever or mean.

                                                    1. 4

                                                      This even applies to tabletop games! Players have a habit of seeing patterns and intricate plots despite the fact that the DM just picked a random NPC or character trait from a table.

                                                      1. 2

                                                        The thesis of this is something like dwarf fortress, where the “psychology” is somewhat visible to you. It has a rich system and you can see it.

                                                      1. 2

                                                        How can this be spam when I’m not the author of this story?

                                                        1. 20

                                                          It reads like a marketing brag piece, and the product is apparently in “private alpha” so nobody here can test its claims.

                                                          1. 5

                                                            Spam is the closest thing to “this is a bad article”.

                                                            Alternatives:

                                                            • Off-topic -> clearly about IT/Technology/Sciences
                                                            • Already Posted -> not already posted (the link would appear at the bottom)
                                                            • Broken Link -> link works just fine

                                                            So, we are left with “Spam”: a catch all, which includes “Rubbish” but also “Marketing”, “Low Effort”, “Just Absolute Bollocks” and more.

                                                            1. 5

                                                              Spam is the closest thing to “this is a bad article”.

                                                              IMO off-topic is better used for this, e.g. when someone posts something that would fit in better on HN, even if it’s tech-related, it can be off topic for this site.

                                                              1. 0

                                                                Now this is interesting. You felt the need to “downvote” this story because you don’t like it, and you chose the only flag which could possibly be interpreted as “bad content”, under the assumption that on-topic “bad content” is something that you should be able to flag. I feel like you’re abusing the flag in doing so, but I also imagine that this form of abuse is quite common. In any case, it’s quite “low effort” on your part.

                                                                I suggest we would all be better served if you would instead articulate what you dislike about the story.

                                                                1. 2

                                                                  Oi dude, don’t assume things out in the wild and then feel like you should be the one preaching the solution.

                                                                  I just replied to OP’s comment, nothing else.

                                                              2. 5

                                                                I’m used to languages and development/orchestration tools being open source or at least something you can download an play with. Since I can’t do that, then or all practical purposes, as far as I’m concerned this Dark thing does not actually exist. And since it doesn’t exist, then reading about all of its impressive (and likely inflated) claims was a huge waste of my time.

                                                                (I didn’t flag, downvote, or upvote the story, however.)

                                                                1. 1

                                                                  Commenting on a story acts like upvoting it, so you should probably flag it (that’s what I’m doing right now to cancel out my comment).

                                                              1. 9

                                                                I do most stuff in the terminal. File management, email, IM, music, word processing (plaintext vim for simple notes, vim with latex for nice stuff).

                                                                We’re probably all on the same page here so I’m curious as to what people don’t do.

                                                                • I can’t live with terminal web browsing. It sucks.
                                                                • I failed at RSS. Newsboat is great but too many feeds stops it in its tracks, plus no images sucks (although I think it could be implemented).
                                                                • Even simple rescaling or format conversion of images I tend to do in GIMP. I just can never remember the convert command to use.
                                                                1. 6

                                                                  Photo editing and photo organization/tagging are two things that I definitely can’t do in the terminal.

                                                                  1. 1

                                                                    I use some rss to email program to read my feeds the same way I read my emails. I can’t remember what it’s called off the top of my head but it shouldn’t be hard to find. Have you ever tried doing something like that?

                                                                    1. 1

                                                                      Is that something you self-host, or a third-party service?

                                                                      1. 2

                                                                        The one that I use I run on a cron job locally, and it just adds a folder into my main maildir.

                                                                  1. 22

                                                                    suite of productivity apps

                                                                    heh, I’m still used to “Google” meaning “search”, not “productivity apps”. YaCy would be the real “open source Google” if we still remember that Search is the big part :D

                                                                    1. 4

                                                                      I don’t think search is the big part when it comes to replacing google. Most people I talked to about migrating from google products say they can’t because they rely too much on Gmail and Drive. Even though some of them also said search alternatives sucked, they were more willing to deal with that then losing the collaborative power that Google Drive gave them. I advocate against google as well by the way, but damn their Chrome + Gmail + Drive combo is becoming the definition of professional computing for a lot of people, specially since they also offer that in an Enterprise edition as well.

                                                                      1. 4

                                                                        I disagree, search is a biggest part.

                                                                        • Chrome replacable with Firefox 100%
                                                                        • Gmail replacable by something N% (Protonmail?)
                                                                        • Drive replacable by bunch of things - dropbox, one drive, IFS, NextCloud, etc. particularly with some tooling that utilize multiple things. Drive, IMO, has insulting interface and operability for 2019.

                                                                        Search on the other hand, is not easily replaced, especially since ddg, startpage and many others use google in the backend. Bing is retarded with those wallpapers and Yahoo is a mess. No bueno. All should die, perhaps we should return to altavista or do the SETI thing (best option IMO).

                                                                        1. 3

                                                                          DuckDuckGo uses Bing as its backend. Not Google.

                                                                          1. 4

                                                                            Well, it includes results from Bing. And a variety of other search engines.

                                                                          2. 3

                                                                            The pull is the multiple-concurrent-editors spreadsheets and text documents (which I think got rebranded from Docs to fall under Drive) rather than just the ability to share files.

                                                                            There are fewer competing products for the Docs use cases. They are quite hard to implement.

                                                                            1. 4

                                                                              Document collaboration is possible in Next Cloud with Colabora and it works on premise and with open office docs:

                                                                              https://nextcloud.com/collaboraonline/

                                                                              1. 1

                                                                                I did not know that and I am surprised. Interesting, thank you.

                                                                            2. 1

                                                                              We’re discussing different things. I want practical results not theoretical ones.

                                                                            3. 2

                                                                              Whoever down-voted with “incorrect”, can you please explain your reason? I don’t mind the vote count, I’m just genuinely interested in what was “incorrect” in my post?

                                                                              1. -1

                                                                                Down-voting is lame so any interaction with such dudes is meh. Provide comments when downvoting, don’t hide behind the counter.

                                                                              2. 2

                                                                                For me, replacing calendaring is the most difficult, because other than email, calendaring is the system most subject to network effects. I can switch to DDG or OpenStreetMaps on my own and it doesn’t affect those around me, but if I were to switch off Google Calendar, I don’t know how I’d be able to coordinate with others the same way.

                                                                                1. 1

                                                                                  Yeah I have the same issue with Google Calendar. Though Docs is also subject to network effects, specially for professions that do a lot of document editing (journalism, PR, etc).

                                                                                  1. 1

                                                                                    Sure; I’ve pretty much made peace with being stuck with a work-related Google account and have only made efforts to remove it from my personal usage.

                                                                              3. 2

                                                                                That was my first reaction as well actually.

                                                                                1. 1

                                                                                  Is YaCy still alive? I tried using their demo portal and my browser kept timing out.

                                                                                  1. 2

                                                                                    I’ve tried it at home relatively recently, with crawling enabled. Got my IP address temporarily banned from some places / started seeing more captchas everywhere :D Search did work, yes.

                                                                                  2. 0

                                                                                    Also there’s no Gmail replacement, which is probably the second most popular Google product.

                                                                                    1. 4

                                                                                      Gmail was a web-based mail system. It might have embraced and extended the concept of mail in such a way that Gmail is more than just a web-based mail user agent but that does not imply it can not be replaced by another web-based mail user agent, of which there there are many.

                                                                                      1. 1

                                                                                        Right, but there’s nothing in Bloom that replaces any part of Gmail.

                                                                                      2. 3

                                                                                        Think about what would be involved there. Setting up an SMTP server is non trivial for the average user (This is where 90 of you in the audience pop up and say “I set up SMTP servers in my sleep and 5 before breakfast!” :)

                                                                                        Of course a big part of that is all the infra that big mail processors like Google have put in place for spam prevention (and maybe a side order of lock-in :)

                                                                                        You could easily bundle a webmail interface with the assumption that all the guts would be handled elsewhere I guess, but there are already quite a number of those.

                                                                                        1. 2

                                                                                          Spam is a huge part, I think. I use Gmail for accounts and such, and self-host for my FOSS contributions / mailing lists / more personal interactions, and the open source spam filtering capabilities imo are nowhere near what Gmail offers. Don’t get me wrong, rspam has made things a lot better, but I still think self-hosting for most people isn’t feasible because of spam/phishing alone.

                                                                                      3. 0

                                                                                        YaCy is would be, if it proved to be practical, and so far it didn’t. Maybe it would be good to utilize some better strategy then theirs. For example, remember SETI screensavers ? All OS’es could have something like that but for search indexing.

                                                                                      1. 7

                                                                                        The end of controlling what you see on the Web is coming.

                                                                                        1. 27

                                                                                          Not if you switch to Firefox :)

                                                                                          I really hope Google is shooting themselves (and Chrome’s market share) in the foot with this move… but somehow I doubt it.

                                                                                          1. 7

                                                                                            Firefox development is mostly funded by Google. I can’t imagine them doing much to piss Google off.

                                                                                              1. 13

                                                                                                This actually sounds reassuring:

                                                                                                Regardless of what happens with Chrome’s manifest v3 proposals, we want to ensure that ad-blockers and other similarly powerful extensions that contribute to user safety and privacy remain part of Mozilla’s add-ons ecosystem while also making sure that users are not being exposed to extreme risks via malicious use of powerful APIs.

                                                                                                1. 8

                                                                                                  making sure that users are not being exposed to extreme risks via malicious use of powerful APIs.

                                                                                                  This part is scary.

                                                                                                  1. 1

                                                                                                    Yeah, but …

                                                                                                    We have those APIs now isn’t it ? And the world isn’t collapsing.

                                                                                                    1. 4

                                                                                                      The scary part is that Firefox thinks it’s their job to decide how users use their own computers.

                                                                                                      1. 18

                                                                                                        It’s kind of impossible not to if you’re creating consumer facing software, isn’t it?

                                                                                                        1. 4

                                                                                                          It’s one thing to provide safe defaults, and another thing entirely to ensure that those defaults can’t be overridden.

                                                                                                          1. 12

                                                                                                            If it’s about the signed extension thing, please read about the history of that feature It is not based on threat models and predictions. It was done this way to get rid of adware that was auto-installing itself and making real-world people’s lives worse. It has to be hard-coded into the EXE, because it’s only the EXE that Windows performs signature checks on and that Mozilla can sue adware developers for impersonating.

                                                                                                            1. 2

                                                                                                              Alright. If it doesn’t affect people building from source, I guess it doesn’t matter.

                                                                                                              1. 2

                                                                                                                So… block it on Windows?

                                                                                                            2. 3

                                                                                                              It’s one thing to provide safe defaults, and another thing entirely to ensure that those defaults can’t be overridden.

                                                                                                            3. 3

                                                                                                              I never understand this sort of rhetoric.

                                                                                                              I maintain quite a few open-source projects, and contribute to others. They all make choices about what they support and what they don’t. Is it sinister of them to do so? Many of them don’t provide any sort of toggle to make them support things the developers have chosen not to support, which is what you seem to object to. Is that really controlling behavior, or just developers disagreeing about what should be supported?

                                                                                                              1. 1

                                                                                                                My issue is that it’s user-hostile to prevent users from doing what they want with their computers. Firefox runs on my computer; I as an end user — and my grandparents as end-users — should be free to determine which extensions I run within Firefox. It’s not Mozilla’s computer to control. The ability to choose how to use one’s computer shouldn’t be reserved to developers: it should be available to everyone.

                                                                                                                1. 0

                                                                                                                  Mozilla is free to develop the software they want to develop. You’re free to not use it.

                                                                                                                  You don’t have the right to force them to develop something they don’t want to, but you seem to be trying to assert such a right.

                                                                                                      2. 2

                                                                                                        Or, rely on blocklists: https://firebog.net/ I’ve got a little side project to automate it: https://gitlab.com/dacav/myofb

                                                                                                        If you want something more complex, more popular, more user-friendlly: pi-hole

                                                                                                        1. 3

                                                                                                          Until they fully control DNS as well with something like DoH.

                                                                                                          1. 1

                                                                                                            Ah, this cat-and-mouse thing! :) Let’s try. You play adversary :)

                                                                                                            My next move is to use the blacklist to place a filter at firewall level instead of using it at dns level.

                                                                                                            Your move

                                                                                                            1. 1

                                                                                                              Or use /etc/hosts

                                                                                                              1. 1

                                                                                                                That’s actually one of the options of my scripts: populating /etc/hosts. :)

                                                                                                              2. 1

                                                                                                                Proxying ads through the website you want to see, so the ad urls are http://destination.com/double click/ad/1234

                                                                                                                1. 1

                                                                                                                  Definitely. But the website gets a performance penalisation, I think.

                                                                                                                  Plus, I’m wondering, will it be as effective for the trackers to deal with the tracked browser with a proxy server in between? (maybe, maybe not).

                                                                                                                2. 1

                                                                                                                  I place Ads and DoH on the same IP address as the CDN that millions of websites use.

                                                                                                                  1. 1

                                                                                                                    Wait what? I don’t get this one. How many millions of websites are passing through the same IP address? Can you elaborate?

                                                                                                                    1. 1

                                                                                                                      Many of the ones that sit behind CloudFlare and Fastly.

                                                                                                      1. 8

                                                                                                        That super strange mozilla used a googledoc instead of a blogpost for doing such a punmication

                                                                                                        1. 5

                                                                                                          Maybe they want google to read it.

                                                                                                          1. 5

                                                                                                            Mozilla uses Google Apps internally; my guess is that this started as an internal document and they said “well we can just reuse it to share publicly”

                                                                                                            1. 3

                                                                                                              Other than the title of the paper, how do we know this is actually from Mozilla?

                                                                                                                  1. 2

                                                                                                                    Thanks. I’m not really in the habit of trusting random google docs, and wasn’t able to find anything like this.

                                                                                                                1. 2

                                                                                                                  Similar, internal position/planning/architecture documents tend to be written and distributed this way. This one happens to have been made public.

                                                                                                                1. 1

                                                                                                                  Can someone please link a source for this that doesn’t ask my web browser for a location and whatever other nonsense? :-/ I’m on the road and going through lynx or whatever isn’t currently practical.

                                                                                                                  1. 4

                                                                                                                    Here is the link to the actual paper. https://eprint.iacr.org/2019/459.pdf

                                                                                                                    1. 1

                                                                                                                      Thank you! ♥

                                                                                                                    2. 1

                                                                                                                      Loads fine for me on firefox mobile with noscript fyi

                                                                                                                      1. 3

                                                                                                                        works for me.

                                                                                                                      1. 6

                                                                                                                        I have a theory that the real reason this stuff doesn’t take off is because it’s so hard for the average person to run their own instance. In a way it’s not a protocol problem. It’s because the missing killer feature is one click install and run. The missing piece might be making it easy to operate an instance.

                                                                                                                        Centralization happens because a company solves the operating problem.

                                                                                                                        1. 6

                                                                                                                          I think that problem is mostly mitigated (depending on the platform). With Secure Scuttlebutt, for example, the client is the instance. There is no extra work for a user, though that has it’s tradeoffs. Mastodon, or ActivityPub, has enough instances that individuals don’t need to run their own to get on the platform.

                                                                                                                          I think the biggest hurdle is simply inertia. People don’t care enough that a platform is centralized. And once they’ve established themselves on one, it’s very hard to move. It’s like asking someone to drop everything and move to a new country. The language is different, the environment is different, everyone they know is “back home”, and there is no shared interface to continue communicating with those that didn’t follow you to the new place. You’ll need some additional common platform if you don’t stay on the old one.

                                                                                                                          1. 4

                                                                                                                            I found Scuttlebutt to have a very high barrier to entry because as you say the client IS the user identity and I’m on 3 different machines in every day not counting mobile so that model REALLY doesn’t work for me.

                                                                                                                            See above for my thoughts on Mastodon’s problems.

                                                                                                                            1. 1

                                                                                                                              SSB users seem to get around this by having an identity for each machine with related avatars & names, all mutually friending each other (so that they’re within one hop of each other). This doesn’t 100% solve the problem, but since most folks have hops set to 3 by default, visibility is almost the same.

                                                                                                                              The alternative (without some really messy changes to how gossip works underneath – changes folks have been discussing for years at this point) is to use remote access. Because most SSB clients are webtech, this is a problem: they aren’t built to connect to a remote sbot (or they don’t even let you run a separate sbot), so you’re stuck using VNC or X forwarding or something. Not really viable for most current users, let alone a general non-technical audience.

                                                                                                                              1. 1

                                                                                                                                SSB users seem to get around this by having an identity for each machine with related avatars & names, all mutually friending each other (so that they’re within one hop of each other). This doesn’t 100% solve the problem, but since most folks have hops set to 3 by default, visibility is almost the same.

                                                                                                                                The alternative (without some really messy changes to how gossip works underneath – changes folks have been discussing for years at this point) is to use remote access. Because most SSB clients are webtech, this is a problem: they aren’t built to connect to a remote sbot (or they don’t even let you run a separate sbot), so you’re stuck using VNC or X forwarding or something. Not really viable for most current users, let alone a general non-technical audience.

                                                                                                                                1. 3

                                                                                                                                  SSB is such a cool concept but I suspect that incredibly machine focused aspect of its nature will keep it from ever being adopted very broadly.

                                                                                                                                  We live in a world where many of us work on several machines through the day and several more mobile devices, and we expect our social identity to follow us, not be pinned to one particular device.

                                                                                                                              2. 2

                                                                                                                                I think you’re on the right track here.

                                                                                                                                If folks don’t have a very strong reason to leave a platform, Metcalfe’s law means that platform’s monopoly will only grow & its leverage will become only more powerful. It’s not just inertia, but gravity: these platforms gain power through everybody they bring in, and they gain power based on how long they’ve been there.

                                                                                                                                SSB aside (since it’s fairly unconventional in other ways), if Pleroma did the SSB thing and made a straightforward all-in-one turnkey client-and-server install, it wouldn’t move most of twitter or facebook to the fediverse: neither connections nor history would be preserved (and facebook & twitter have an interest in making sure moving your entire history to another service is hard, even if they might be forced to make it possible for legal or PR reasons). If, say, a fediverse instance offered to grab your whole twitter history (which is technically possible but would take a while because of API limits & would probably confuse a lot of other users), it would probably get a lot of pushback (the way that LinkedIn does on the grounds of mining & importing your entire address book by default), even though this would be basically the only way to make a lot of twitter users OK with leaving twitter & moving to the fediverse. (Maybe folks who juggle ten social media accounts are rare.)

                                                                                                                                OP has an interesting idea with displaying an alternate feed alongside twitter (and plugins like this exist – I’ve had my facebook trends replaced with reddit for years, as a side effect of an extension intended to do something unrelated), but installing browser extensions is something a lot of users are circumspect about these days. It’s unclear why we should believe people would be more willing to install a weird extension they have never heard of than sign up for a new social network.

                                                                                                                                1. 1

                                                                                                                                  That’s why the demise of federated chat systems was so sad…

                                                                                                                                  1. 1

                                                                                                                                    Are they actually dead? Would Matrix count?

                                                                                                                                    1. 2

                                                                                                                                      I’m unfortunately not that familiar with Matrix. From its FAQ it does seem to be the solution.

                                                                                                                                      I was thinking about XMPP. For a while there, with Google’s buy-in, it looked as if chatting to someone would be as easy as sending email. It’s possible XMPP couldn’t be extended to handle voice and video though.

                                                                                                                                      1. 1

                                                                                                                                        You should check it out. I think it has much of the promise of Jabber, but has already gained much more traction than Jabber ever did outside of Google, sadly.

                                                                                                                                        It’s not clear to me that it’s good for point to point person to person chat without the concept of groups/rooms like XMPP is though.

                                                                                                                                2. 3

                                                                                                                                  I think this is spot on. Mastodon is amazing, but there’s currently this kind of awkward model where setting up an instance is easy-ish if you have UNIX chops but there are a LOT of moving parts and it’s very easy for something to go hayware and cause your instance to fall on its face.

                                                                                                                                  One particular pain point this awkwardness manifests as is the fact that the instance owner controls the horizontal and the vertical. If your friend Betty pisses off instance admin Bob, Betty’s toast and neither you nor Bob have any say in the matter - this is fine since it’s effectively Bob’s house, but it’s a house with MANY people living there who may not know Bob.

                                                                                                                                  So yeah, the clear solution is to have everyone be able to run their own instance, but that brings up problems of its own. We need MUCH easier / more accessible ways for people to have little blobs of compute they can “own” for various purposes.

                                                                                                                                  Digital Ocean goes some way towards this, but we have a long way to go.

                                                                                                                                  1. 2

                                                                                                                                    Email improved on this a zillion years ago. Regular users can buy a domain, then pay a host (and can always port to another host if they like).

                                                                                                                                    I’m capable of (but not interested in) running a node. I want to forward my records to a host.

                                                                                                                                    I’ve raised issues for this on mastodon and plemora; the former consider it low-priority, the latter don’t want to support it at all.

                                                                                                                                    1. 1

                                                                                                                                      Yes I agree Mastodon has some work to do in this regard. You can export your toot follower list to a CSV file, but actually using that to get your followers back on a new node can be tricky.

                                                                                                                                      Much cleaner would be a way to simply say ’export my identity” and have all the data get saved locally as one stop shopping.

                                                                                                                                      I suspect part of the problem here may be the exceedingly high complexity of Mastodon’s underpinnings, it’s a Postgresql / RoR application under there, and the schema seems complicated to my untrained eye.

                                                                                                                                  2. 2

                                                                                                                                    Centralization also enables easy discovery. For example, it’s not possible to get a comprehensive list of all mastodon instances on the internet. If I say that @whjms I’m on Mastodon, the next question for people is ‘which instance?’. Versus where I can say I’m @whjms on Twitter and everyone knows how to find me.

                                                                                                                                    1. 4

                                                                                                                                      That’s part of the “new language” people would need to learn. “On Twitter” means something specific that we all happen to know. No one says, “Email me at trondd”. We all know the language that emails have to have a domain attached. Same for Mastodon and I don’t see why people couldn’t learn that language like they did for email.

                                                                                                                                      …Unless they don’t want to.

                                                                                                                                      I agree with the discovery benefits of a central service, thought. If I search Mastodon for @user and get 50 results, who is the person I was looking for? Although, I find Facebook with real names to have the same problem anyway.

                                                                                                                                  1. 28

                                                                                                                                    This article isn’t quite at the level of “zomg dihydrogen monoxide is LETHAL” alarmism, but it’s getting close. On one hand, it’s good to have a third-party review of Firefox’s privacy tradeoffs, but jumping up and down yelling “SPYWARE” doesn’t help educate anyone, it just feeds people’s sense of entitlement and injury.

                                                                                                                                    For example, the very first example of “spyware” on the list is that Firefox requests http://detectportal.firefox.com/success.txt at startup. If you’ve ever visited an airport, a coffee shop, or a mall with “free wifi” that automatically redirects you to a sign-in page where you can provide your email address in exchange for an hour of Internet access, you know what this is about: if you turn off this protection, then the next time you open your browser in such an environment, all your open tabs will be redirected to the sign-in page, and your browser state is ruined. Alternatively, if most of the websites you use are HTTPS, the situation’s worse: when you open your browser, websites will mysteriously fail to load with no indication why. And so, at startup Firefox makes an unencrypted request for a file with known, specific content, and if the response contains anything else, Firefox knows it’s behind a portal and needs to present the login page before it tries to restore any other state.

                                                                                                                                    So yeah, there’s a bunch of tradeoffs here:

                                                                                                                                    • do nothing
                                                                                                                                      • pro: privacy friendly!
                                                                                                                                      • con: terrible experience in a common environment
                                                                                                                                    • always make a portal-baiting request
                                                                                                                                      • pro: excellent experience, comparable to competing products
                                                                                                                                      • con: very slight privacy leak
                                                                                                                                    • make request by default, allow it to be disabled
                                                                                                                                      • pro: excellent experience by default, super-privacy-conscious people can still get what they want
                                                                                                                                      • con: very slight privacy leak by default

                                                                                                                                    I think Firefox has definitely made the right choice here, but I appreciate opinions may differ. On the other hand, just putting this behaviour under the heading “Phoning home” (as the OP article does) without any context doesn’t help anyone make an informed decision about this tradeoff.

                                                                                                                                    1. 6

                                                                                                                                      A fourth option might be to only make that request whenever a HTTPS certificate is failing. That way in the normal case where the user is logged into the portal or not using a portal-enabled Internet they won’t be calling out to Mozilla as often.

                                                                                                                                      But yeah, it’s difficult to be privacy-sensitive. It’s more work. Asking Firefox to be better than Chrome while doing more work and flying blind by not collecting any stats… doesn’t seem to be the best option here.

                                                                                                                                      1. 1

                                                                                                                                        Perhaps, but ensuring that the certificate used doesn’t expire and ruin everything sounds hard…

                                                                                                                                      2. 2

                                                                                                                                        if you turn off this protection, then the next time you open your browser in such an environment, all your open tabs will be redirected to the sign-in page, and your browser state is ruined.

                                                                                                                                        is this really what happens? i would expect only the active tab to load, which would be subject to the redirect. i wouldn’t call this a “terrible experience.”

                                                                                                                                        firefox could also ask users whether they want telemetry enabled the first time firefox starts up, like what VLC does. how would you feel about this option?

                                                                                                                                        1. 1

                                                                                                                                          firefox could also ask users whether they want telemetry enabled the first time firefox starts up, like what VLC does.

                                                                                                                                          nitpick: from my memory, this option is just for fetching media metadata from the internet, not for telemetry.

                                                                                                                                          1. 2

                                                                                                                                            what do you mean by telemetry and how do you know VLC’s use doesn’t constitute telemetry?

                                                                                                                                            to me, telemetry means automatic requests to Internet servers. am i using the term wrong?

                                                                                                                                            1. 1

                                                                                                                                              Good point. I’ve mainly heard the term telemetry used in conjunction with analytics and tracking, but I guess it’s not limited to those.

                                                                                                                                              1. 1

                                                                                                                                                it’s also fair to expect that any requests will be tracked and analyzed, even if their primary purpose is to fetch media metadata

                                                                                                                                          2. 1

                                                                                                                                            i would expect only the active tab to load, which would be subject to the redirect. i wouldn’t call this a “terrible experience.”

                                                                                                                                            These days browsers are smarter about lazily restoring tabs at startup, but they’ll still load the active tab in each window, plus however many pinned tabs the user has.

                                                                                                                                            Besides, data loss is data loss. Even if it’s just one tab of hundreds, it can still be a terrible experience for someone.

                                                                                                                                            firefox could also ask users whether they want telemetry enabled the first time firefox starts up, like what VLC does.

                                                                                                                                            I just booted up Firefox 66.0.1 (the latest stable version) with a fresh profile, and the two default tabs it opens are an advertisement for Firefox Sync, and the Firefox Privacy Notice, which is a huge list of all the various kinds of information Firefox may (deliberately or otherwise) collect, and why. Under the very first heading, “Improve performance and stability for users everywhere”, there’s an “opt-out” link which takes you to a support article about opting in or out, and a big “Choose how you want to share this data in Firefox” button which takes you directly to the “Firefox Data Collection and Use” section of the preferences where you can turn things off (including “Studies”).

                                                                                                                                            So Firefox does provide detailed information about telemetry, including how to turn it off, on first startup. It doesn’t provide a simple “telemetry yes/no” banner, because people have learned to click those away subconsciously, and if there’s one thing people like even less than things happening without their consent, it’s when they feel tricked into giving consent.

                                                                                                                                            1. 1

                                                                                                                                              Besides, data loss is data loss. Even if it’s just one tab of hundreds, it can still be a terrible experience for someone.

                                                                                                                                              i must confess i don’t know exactly what properties people expect out of tab restoration. what data is lost? the URL of the tab that gets redirected? would this be available in the history?

                                                                                                                                              So Firefox does provide detailed information about telemetry, including how to turn it off, on first startup. It doesn’t provide a simple “telemetry yes/no” banner, because people have learned to click those away subconsciously, and if there’s one thing people like even less than things happening without their consent, it’s when they feel tricked into giving consent.

                                                                                                                                              how is what firefox currently does better? haven’t people learned to subconsciously close the ads and privacy notice tabs which are open by default? aren’t they already being tricked into giving consent? you think people would be more mad if they were given a telemetry yes/no banner at first startup?

                                                                                                                                              1. 1

                                                                                                                                                what data is lost?

                                                                                                                                                The URL, the page scroll position, form field content… imagine getting five paragraphs into a comment on a site like Lobsters, letting your browser restart to apply a security update, and suddenly your comment is lost to the ether. Sure, maybe people shouldn’t expect that to work 100% reliably, but it does work 95% reliably, which makes the last 5% all the more frustrating.

                                                                                                                                                you think people would be more mad if they were given a telemetry yes/no banner at first startup?

                                                                                                                                                Yes, I do.

                                                                                                                                                If somebody says to me “here’s what I’m going to do”, and then I ignore what they say, and then later I decide I didn’t want them doing that, that’s fundamentally my fault.

                                                                                                                                                If somebody says to me “to-let-me-do-the-thing-say-what” and I blink and say “what?” and they say “thanks!” and run off, I’m going to be annoyed, regardless of what they wanted to do. If it turns out to be something I didn’t want, I’m going to be doubly annoyed if they use my “opt-in” as an excuse, since they fact that they tricked me is already evidence that they knew I wouldn’t have said yes if I knew what was going on.

                                                                                                                                                People hate twenty-page small-print “terms and conditions” documents because they obscure what they’re asking you to agree to, and a “telemetry yes/no” banner would similarly obscure what it wants you to agree to. The Firefox Privacy Notice page really is a great example for how to present a complex set of ideas to a non-expert audience, and really I think that’s as much as anyone could expect Mozilla to do. You can’t force people to form an educated opinion, you can only make education as accessible as possible, and treat the people who blindly trust you anyway with dignity and respect.

                                                                                                                                                1. 1

                                                                                                                                                  The URL, the page scroll position, form field content… imagine getting five paragraphs into a comment on a site like Lobsters, letting your browser restart to apply a security update, and suddenly your comment is lost to the ether. Sure, maybe people shouldn’t expect that to work 100% reliably, but it does work 95% reliably, which makes the last 5% all the more frustrating.

                                                                                                                                                  i wouldn’t want to rely on it if it only works 95% of the time even with the telemetry preventing data loss due to captive portals. but i think this point is exhausted.

                                                                                                                                                  you think people would be more mad if they were given a telemetry yes/no banner at first startup?

                                                                                                                                                  Yes, I do.

                                                                                                                                                  If somebody says to me “here’s what I’m going to do”, and then I ignore what they say, and then later I decide I didn’t want them doing that, that’s fundamentally my fault.

                                                                                                                                                  If somebody says to me “to-let-me-do-the-thing-say-what” and I blink and say “what?” and they say “thanks!” and run off, I’m going to be annoyed, regardless of what they wanted to do. If it turns out to be something I didn’t want, I’m going to be doubly annoyed if they use my “opt-in” as an excuse, since they fact that they tricked me is already evidence that they knew I wouldn’t have said yes if I knew what was going on.

                                                                                                                                                  i don’t follow your analogy. VLC asks users “do you want to allow telemetry,” they select yes or no, then the program runs based on their preference. are either of your scenarios analogous to that?

                                                                                                                                                  People hate twenty-page small-print “terms and conditions” documents because they obscure what they’re asking you to agree to, and a “telemetry yes/no” banner would similarly obscure what it wants you to agree to.

                                                                                                                                                  a sentence takes less time to read and understand than twenty small-print pages. what exactly is obscure about “do you want to allow telemetry for these purposes?” followed by a bulleted list and a yes/no button?

                                                                                                                                                  The Firefox Privacy Notice page really is a great example for how to present a complex set of ideas to a non-expert audience, and really I think that’s as much as anyone could expect Mozilla to do. You can’t force people to form an educated opinion, you can only make education as accessible as possible, and treat the people who blindly trust you anyway with dignity and respect.

                                                                                                                                                  the privacy notice page is longer than the VLC notice and you have to read it and dig through documentation in order to disable telemetry. this is not obscure?

                                                                                                                                                  why can’t we expect mozilla to show us a telemetry yes/no button whenever they implement new telemetry?

                                                                                                                                                  1. 1

                                                                                                                                                    I guess my basic argument is:

                                                                                                                                                    • if Alice wants to do something on Bob’s behalf, and she can obtain Bob’s informed consent first, she should do so
                                                                                                                                                    • if Alice can’t obtain Bob’s informed consent (because Bob can’t be contacted, because Bob is too busy to listen to a properly detailed explanation, or for some other reason) and Alice is say 90% sure that it’s in Bob’s interest, it’s OK to go ahead as long as she describes what she’s doing somewhere Bob can find it, and she’s willing to stop if Bob does express an opinion later
                                                                                                                                                    • if Alice can’t obtain Bob’s informed consent, it’s not OK to ask an oversimplified version of the question and treat the answer as consent, since the consent would not be fully informed
                                                                                                                                                    • it’s also not OK to ask a super-detailed over-complexified version of the question, since we know most people won’t read it, and the consent would still not be fully informed

                                                                                                                                                    VLC’s startup notice falls into the first category - VLC is not too complex, the privacy risks are easy to explain, and so it’s reasonable to present the question directly at first startup.

                                                                                                                                                    Firefox falls into the second category. Firefox is very complex, and its privacy risks are intricate and involve multiple parties. They can’t be easily summarised in a sentence or two, so Firefox just makes the information as accessible as possible without actively getting in people’s way, and does its best.

                                                                                                                                                    The third category is your hypothetical version of Firefox that asks for telemetry consent at first startup. I claim it’s not possible to describe Firefox’s privacy risks more clearly and concisely than the Privacy Notice page already does, so any shorter summary would be misleading and the answer would not ethically count as permission.

                                                                                                                                                    The fourth category is every “I have read and understood the terms and conditions” checkbox, or a hypothetical version of Firefox that pointed people to the Privacy Notice and demanded people read it before giving consent. You can’t force people to read and understand things, so that would still not ethically count as permission.

                                                                                                                                                    As for asking permission about each new kind of telemetry individually, that might be OK, if each kind can be described concisely enough. You couldn’t ask too many questions in a row without fatiguing people, though, and there might be features whose risks are wildly different depending on what other features they’ve consented to. Overall, I suspect it might be problematic for engineering reasons even if it was ethically fine.

                                                                                                                                                    1. 1

                                                                                                                                                      if Alice can’t obtain Bob’s informed consent (because Bob can’t be contacted, because Bob is too busy to listen to a properly detailed explanation, or for some other reason) and Alice is say 90% sure that it’s in Bob’s interest, it’s OK to go ahead as long as she describes what she’s doing somewhere Bob can find it, and she’s willing to stop if Bob does express an opinion later

                                                                                                                                                      how can i express to firefox that i want no automatic requests to remote servers?

                                                                                                                                                      is firefox willing to stop?

                                                                                                                                                      i can go to the privacy notice page, click the “Improve performance and stability for users everywhere,” follow the links to the privacy preferences page, and uncheck the boxes under “firefox data collection and use.”

                                                                                                                                                      but that’s not enough, as explained in the original post. there are many other ways firefox sends automatic requests which can tell a remote server about your browsing. they can’t be disabled through the GUI. even if i set things in about:config or a custom user.js file, firefox will add more telementry features which are buried in a privacy notice page and require digging to figure out how to disable. you really think this is the best we can ask for?

                                                                                                                                                      1. 1

                                                                                                                                                        Firefox is a user agent, a tool for automatically turning a high-level user goal (“show me the front page of https://lobste.rs”) into a collection of requests to remote servers. If somebody really want absolutely zero automatic requests to remote servers (no images, no css, no following HTTP redirects), then their expectations are so far from the normal definition of “web browser” that they’d probably be happier with a completely different product.

                                                                                                                                                        Specifically for telemetry, my understanding is that occasionally Mozilla will add some new measurement that they’re interested in (for example, some statistic about a newly-added feature) but the existing “disable telemetry” option in the GUI is a master switch - if it’s disabled, it disables newly-added measurements too.

                                                                                                                                                        If by “telemetry” you include the various other miscellaneous connections described/slandered in the original article, then yes, sometimes Mozilla does add enabled-by-default features that involve automating requests to remote servers. However, historically Mozilla have worked very hard on minimising the privacy risk of such features (the Safe Browsing feature in particular I think is quite elegant), and I personally trust them to make responsible decisions in future. If they ever mess up, I’m sure it’ll be all over Lobsters and HN.

                                                                                                                                                        No software is infinitely configurable, if you really need to prevent a piece of software from doing something, don’t run it.

                                                                                                                                                        1. 1

                                                                                                                                                          Firefox is a user agent, a tool for automatically turning a high-level user goal (“show me the front page of https://lobste.rs”) into a collection of requests to remote servers. If somebody really want absolutely zero automatic requests to remote servers (no images, no css, no following HTTP redirects), then their expectations are so far from the normal definition of “web browser” that they’d probably be happier with a completely different product.

                                                                                                                                                          i think you understand the distinction between requests made in order to display a web page requested by the user, and requests made without any action or without being necessary to display a page.

                                                                                                                                                          If by “telemetry” you include the various other miscellaneous connections described/slandered in the original article, then yes, sometimes Mozilla does add enabled-by-default features that involve automating requests to remote servers.

                                                                                                                                                          presumably you don’t include these in your definition of “telemetry.” what substantive difference is there?

                                                                                                                                                          1. 1

                                                                                                                                                            The distinction between requests necessary to display a page and requests unnecessary to display a page may be blurry. For example, portal detection is sometimes necessary to display a requested page, and the only way for Firefox to know for sure is to send the request. So is it necessary or not?

                                                                                                                                                            Strictly speaking, “telemetry” means “measurement at a distance”. A feature designed to automatically send local measurements to a remote system is telemetry; a feature that’s not automatic or only accidentally sends local measurements isn’t really telemetry. It might possibly be abused, but these non-telemetry signals should be designed to minimise their usefulness as telemetry.

                                                                                                                                                            For example, your ISP could use portal-detection pings to infer that you use Firefox; but they could also read your user-agent from any unencrypted HTTP request you make, so that’s not a big deal. Mozilla could use it to infer that one of your ISP’s customers uses Firefox, but it’s a much less reliable signal than things like update checks or actual telemetry. Mozilla could use the timing of the ping to infer when your ISP’s customers commonly use Firefox, but they could nearly as reliably determine that by looking at the timezone your ISP’s head office is in.

                                                                                                                                                            1. 1

                                                                                                                                                              The distinction between requests necessary to display a page and requests unnecessary to display a page may be blurry. For example, portal detection is sometimes necessary to display a requested page, and the only way for Firefox to know for sure is to send the request. So is it necessary or not?

                                                                                                                                                              it’s never necessary. it may give clues that a page cannot be reached, but it doesn’t help you reach the page.

                                                                                                                                                              Strictly speaking, “telemetry” means “measurement at a distance”. A feature designed to automatically send local measurements to a remote system is telemetry; a feature that’s not automatic or only accidentally sends local measurements isn’t really telemetry. It might possibly be abused, but these non-telemetry signals should be designed to minimise their usefulness as telemetry.

                                                                                                                                                              so firefox’s “disable telemetry” option disables features which are explicitly designed for measurement, but does not disable other features where telemetry is a side effect.

                                                                                                                                                              should users have control over the telemetry that happens as a side effect?

                                                                                                                                                              1. 1

                                                                                                                                                                Literally any network traffic at all, explicitly requested or otherwise, can be tracked and collated to provide information about the participants. Even the absence of network traffic can be a privacy leak - if there’s only one person on a given subnet that has disabled Firefox’s portal detection, a request that’s not preceded by a portal-detection request almost certainly comes from that person.

                                                                                                                                                                Given that a web-browser has to make some number of network requests to perform its function, I think it’s reasonable for the browser to make any number of extra requests, as long as the extra requests take negligible total extra time, use negligible total extra battery, and add negligible total extra privacy risk. Adding a new request might increase privacy risk (if it’s related to some identifying information) or reduce it (if it makes my network traffic look more like everybody else’s).

                                                                                                                                                                I think it’s reasonable for Mozilla to offer users control over what Mozilla does with their data (and they do, which is good); I think it’s unreasonable for Mozilla to offer users control over what third parties (ISPs, governments, engineers with Wireshark) do with users’ data, since Mozilla can’t enforce or even reliably influence that.

                                                                                                                                                                1. 1

                                                                                                                                                                  I think it’s reasonable for the browser to make any number of extra requests, as long as the extra requests take negligible total extra time, use negligible total extra battery, and add negligible total extra privacy risk.

                                                                                                                                                                  so to clarify, you think mozilla should decide on behalf of users what is a negligible privacy risk? they shouldn’t have control over the telemetry that happens as a side effect of other features?

                                                                                                                                                                  1. 1

                                                                                                                                                                    Not screwtape, but yes.

                                                                                                                                                                    If I wanted to spend my limited time and energy making those decisions, I could do so fairly easily, since the source and build scripts are all available for free.

                                                                                                                                                                    Mozilla provides me with the option of making my own decisions, and also supplies a prebuilt binary that frees me from having to make them myselfves.

                                                                                                                                                                    I choose the prebuilt binary that makes those decisions for me.

                                                                                                                                                                    1. 1

                                                                                                                                                                      it’s easy for you to understand and modify firefox code?

                                                                                                                                                                      1. 1

                                                                                                                                                                        In the scheme of things, sure. The codebase is large and unfamiliar, but grep will get you pretty far.

                                                                                                                                                                    2. 1

                                                                                                                                                                      I’m not saying users shouldn’t have control, I’m saying they don’t have control. I, as a user, have no idea who might be passively observing my network connection, or what patterns of traffic they might be looking for or ignoring. There is no combination of Firefox configuration options I could enable or disable that would guarantee a lower privacy risk than I currently have, even if there were options for every byte of every header of every possible request.

                                                                                                                                                                      If there was a master “absolutely no non-essential network requests” toggle, it would have to carry the label “this may increase or decrease your privacy risk, or increase the risk from some sources while decreasing it from others, or have no practical effect”. That’s not giving users control over their privacy, it’s a dice-roll.

                                                                                                                                                                      The answer to “which changes in this new version of Firefox have possible privacy implications” is always “all of them”. The answer to “which changes are relevant to my privacy” is always “that depends on your individual needs”. If a user doesn’t trust Mozilla’s general-purpose defaults, and doesn’t want the responsibility of figuring out which available options are relevant to their personal concerns, what can Mozilla possibly do for that user?

                                                                                                                                                                      1. 1

                                                                                                                                                                        If a user doesn’t trust Mozilla’s general-purpose defaults, and doesn’t want the responsibility of figuring out which available options are relevant to their personal concerns, what can Mozilla possibly do for that user?

                                                                                                                                                                        a non-essential network requests yes/no button would do

                                                                                                                                          1. 1

                                                                                                                                            Did this effect people with auto updates? I’m getting whatever ubuntu is pushing in their updates so I haven’t been effected, hopefully won’t be.

                                                                                                                                            1. 1

                                                                                                                                              I was hit with the version from Debian stable’s repositories.

                                                                                                                                              1. 1

                                                                                                                                                I got hit by this and I’m running stable on ubuntu. :/