the recent firefox privacy policy stuff seems way overblown to me, like you can read the firefox source code and know they aren't shipping your inputs off to google or whatever.
On the other hand, brave has provably run afoul of stealing cryptocurrency donations, and trying to trick users into adding referral codes unintentionally.
https://davidgerard.co.uk/blockchain/2020/06/06/the-brave-we...
https://news.ycombinator.com/item?id=18734999
Firefox hasn't had anything of that magnitude, has it?
Short, we need to ditch chrome, but what is best alternative?
Or there are a bunch of other options that care about privacy (see https://privacytests.org/). Brave, Librewolf, Arc, Zen, Orion (Kagi's thing). I tried Orion for a few days recently, but it started crashing randomly and felt unstable and slowed down after real-world use (3-6 windows, many many tabs, dev tools, etc).
I really wish there was more competition here from the smaller, privacy focused players...but the reality is building a browser is insanely difficult for the modern web.
And thank WHATWG for making it impossible for indie players to remain compliant with modern standards by turning W3C's eminently reasonable and wholly sufficient specifications into a hulking monstrosity that's simultaneously large enough to be used as a stress test for your mobile browser's rendering engine (seriously. go try to load up 'view-source:https://html.spec.whatwg.org/'. At the time of writing, the HTML for that single-page version is over 98,254 lines composing over 15MB of plain HTML) while simultaneously quite literally being defined as a continuously moving target.
They had other options, including not collecting and selling user data. The California law is working as intended.
Businesses like to avoid risk where possible, and Mozilla's lawyers pushed this wording to ensure compliance with the riskiest possible interpretation of California's ambiguous and poorly-worded law.
Explain how that qualifies under California's law. The requirement that data be shared to another business or third party seems pretty explicit.
The Mozilla Corporation sharing user metadata with the Mozilla Foundation to assist with internal decision making may technically meet California's definition of "sale of data" despite constituting absolutely nothing even vaguely resembling what laypeople would consider a "sale of data".
Note that the CCPA's "third party" clause is part of an "OR" set, alongside "another business". Mozilla Foundation and Mozilla Corporation are respectively "another business" relative to each one's self, despite not being unrelated third parties.
The problem is not that Mozilla is actually selling user data (they're not in the sense that any layperson would understand "selling data" to mean), the problem is the way the California law is worded.
As usual, tech-illiterate politicians aren't even competent enough to write laws with the nuance and understanding required to not botch the entirely good and justified intention without pointing a loaded legal gun at the heads of the genuinely innocent. Think along the lines of the CFAA's legal risks to good-faith security researchers¹, or how the DMCA would technically criminalize discussion of how to decode Pig Latin if that was used as a copyrighted media protection technique.
¹ At least up until the Biden administration instructed the DoJ to be more sane and reasonable about this: https://www.justice.gov/archives/opa/pr/department-justice-a...
It appears you are trying to explain why CCPA's does not meet the laypersons definition of "selling data". After reading your explanation I'm none the wiser. Given no one has replied, I suspect that's true for most people. They've just scratched their head and moved on.
I was about to do that too, when it dawned you probably have no idea people don't understand what you are saying. Maybe an example would help. Its needs top be something a layman would not consider to be "selling data" but the CCPA defines that way.
TLDR: The "OR" was a drafting error that Mozilla erroneously quoted. The final text of the CCPA removed the "another business" part.
> The reason we’ve stepped away from making blanket claims that “We never sell your data” is because, in some places, the LEGAL definition of “sale of data” is broad and evolving. As an example, the California Consumer Privacy Act (CCPA) defines “sale” as the “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by [a] business to another business or a third party” in exchange for “monetary” or “other valuable consideration.”
How is the CCPA stupidly-worded when that's what a layman would think "selling data" means?
I do wholeheartedly agree with your sentiments about the WHATWG though, as someone who contributed to Pale Moon's development. That web browser cartel should be investigated by the US government for anti-competitive practices as they did with Google and Microsoft.
Because it is the twisty logic that lawyers can apply which is relevant to mitigate legal risk, not what a layman would think.
Where I work, our lawyers are convinced that running our code in the cloud to run our service counts as "distribution" under the terms of open source licenses. Because a cloud employee might accidentally look at it or something? Who knows. A lawyer sees legal risk in things you or I don't; they should know I guess!
The Mozilla Corporation sharing user metadata with the Mozilla Foundation to assist with internal decision making may technically meet California's definition of "sale of data" despite constituting absolutely nothing even vaguely resembling what laypeople would consider a "sale of data".
Note that the CCPA's "third party" clause is part of an "OR" set, alongside "another business". Mozilla Foundation and Mozilla Corporation are respectively "another business" relative to each one's self, despite not being unrelated third parties.
The problem is not that Mozilla is actually selling user data (they're not in the sense that any layperson would understand "selling data" to mean), the problem is the way the California law is worded.
As usual, tech-illiterate politicians aren't even competent enough to write laws with the nuance and understanding required to not botch the entirely good and justified intention without pointing a loaded legal gun at the heads of the genuinely innocent. Think along the lines of the CFAA's legal risks to good-faith security researchers¹, or how the DMCA would technically criminalize discussion of how to decode Pig Latin if that was used as a copyrighted media protection technique.
¹ At least up until the Biden administration instructed the DoJ to be more sane and reasonable about this: https://www.justice.gov/archives/opa/pr/department-justice-a...
> As an example, the California Consumer Privacy Act (CCPA) defines “sale” as the “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by [a] business to another business or a third party” in exchange for “monetary” or “other valuable consideration.”
Is actually from a draft. The final version of the CCPA removed the "another business" part which was a drafting error as covered by this article from the IAPP: https://iapp.org/news/a/ccpa-cpras-hidden-third-party-busine...
I will cut Mozilla some slack here because they probably have taken the supposed final text of the CCPA from Wikipedia's article of it: https://en.wikipedia.org/w/index.php?title=California_Consum... (and the website in the infobox still links to when it was an Assembly Bill at https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...)
This is the true final definition of "sale" in California's privacy law: https://leginfo.legislature.ca.gov/faces/codes_displaySectio...
Anyway even then I'm not sure if the Foundation would've been considered "another business", since "business" is defined first as any "legal entity that is organized or operated for the profit or financial benefit of its shareholders or other owners", which MoFo clearly doesn't do. There's the second definition might've covered the Foundation (since they control the Corporation which is covered by the first definition), but AFAIK the Corp doesn't share any consumer personal info back into the Foundation (if it does that would be concerning)
Your attention to detail here is exceptional and commendable. I used to feel that Mozilla's decision here was defensible and misunderstood, but it's now looking more like Mozilla and I are guilty of misunderstanding, after reviewing your claims here.
Thank you for having the patience to explain in such detail! Posts like yours here are part of the magic that elevates HN discussions over so many other forums on the web these days :)
You don't think Mozilla ought to have a firm legal opinion on this that doesn't involve just going to Wikipedia and going "yeah that's good"?
Omfg. You fly-scroll it on mobile as fast as you can and the scrollbar barely moves.
I doubt any privacy conscious people use the default settings… not really relevant it seems to me.
Fast, runs light on battery, i've seen zero ads since using Brave. it's baked in you don't even think about it.
they added some kind of weird stuff like ai and wallets but you dont need to use it or invoke the ui
[1] https://en.wikipedia.org/wiki/Brave_(web_browser)#Business_m... [2] https://en.wikipedia.org/wiki/Brendan_Eich#Appointment_to_CE...
While I don't support Prop 8 personally, I don't think we should judge technical products on political opinions of their author. You may think it's funny to advocate for bans and boycotts, until the other side does it too and we get a world split in 2 (or more).
There is nothing funny here at all. I'm so cynical about all of it that, as a many years long Brave user, I'm actively discouraging people from using it, because if Brave ever has enough users to be a problem for adtech, it will be destroyed. So if the crypto stink or ancient crimes against the progressive project can help forestall this for a few years, then at least they're good for something.
As for Eich and JavaScript; technically, I doubt more that 0.1% of working coders are fit to lace his boots. Myself included.
That seems pretty extreme.
Eh. It's one to not knowingly support a bad person, e.g. if they kept their opinions to themselves. But once an individual has made their positions crystal clear, it's a lot harder to morally support their innovations. Someone can do great work in tech, but if they are a known total piece of shit, I may/probably will avoid their products. I find a lot of tech-types try hard to decouple the humanity aspect from the innovation aspect - I presume this is a veiled attempt to get an "be an asshole" pass. Reality is people won't want to be around us if we suck as a humans, no matter how much code any of us put down.
IMO, calling Brendan evil or bad is the kind of moral shortcut that Progressives love taking. A microcosm of the election, really: all the capable moderates were effectively canceled or marginalized by self-righteous radicals, who deemed that the only "good" candidate was someone who couldn't even win a primary.
It's bad politics and lazy morality.
Mozilla has never used the data you upload/send via Firefox to non-Mozilla websites (as it should be), and they shouldn't have that permission just as Epson the company shouldn't have the right to use for any purpose a paper marked as classified just because some fed employee sent a digital copy of it to an Epson printer.
Just read the terms rather than spread misinformation. That data doesn't leave the user's computer.
Do you just not care what happens to Mozilla? How does it help to spread misinformation about them?
> Mozilla processes certain technical and interaction data, such as how many searches you perform, how many sponsored suggestions you see and whether you interact with them. Mozilla's partners receive de-identified information about interactions with the suggestions they've served.
> Depending on your location, Mozilla derives the high level category (e.g., travel, shopping) of your search from keywords in that query, in order to understand the types and number of searches being made.
> Mozilla may also receive location-related keywords from your search (such as when you search for “Boston”) and share this with our partners to provide recommended and sponsored content.
Your claim "That data doesn't leave the user's computer" is simply not true. Mozilla isn't selling empty files to their advertising partners. The only true and valid defense you've put up for Mozilla in the past week is that they're trying to anonymize the data before they sell it, but that's not nearly as strong an argument as you seem to think it is.
You are focused on some concept of perfect confidentiality, which is not how real engineering or confidentiality works.
I'm not interested in your personal comments. Keep them to yourself.
You said "That data doesn't leave the user's computer". It does. You may not consider it personal or valuable and may trust Mozilla's anonymization to be sufficient, but well-written privacy laws rightly do not grant Mozilla (or anyone less trustworthy than Mozilla) that kind of wiggle room.
Ladybird isn't even targeting an alpha release until 2026.[^1]
The Browser Company has basically decided to kill off Arc in favor of...Dia, whatever that is/will be.[^2]
And Brave...oh Brave. Too much controversy there over the years to be interesting, honestly.
Tier 1 is actually just Firefox, maybe Safari if you only care about MacOS/iOS.
Interesting up-and-comers are Orion and Ladybird, but both are far from "tier 1" currently.
[^1]: https://ladybird.org/
[^2]: https://www.diabrowser.com/Arc is kind of promising, but I never really tried it after discovering that it's the only browser I've ever seen that requires (!) you to have an account with them. The obvious next question is 'what for?'
[1] - https://reddit.com/r/browsers/comments/1j1pq7b/list_of_brave...
One massive upside is there's now a less comprehensive mode that doesn't allow the extension to view and edit the complete DOM of every page, which has actually made me comfortable enough to use it for regular browsing as opposed to just turning UBO on for certain sites.
We can finally block ads in our webpages and have ads! Win-win. This couldn’t be ever achieved without the truly titanic coordination efforts from google.
1. Ad blocking on Safari has worked like this for years and none of the major ad networks have chosen to act on that fact.
2. It has always been possible for ads to work around UBO in various ways but no major ad network has even tried (e.g. server-side embedding of randomly obfuscated JS).
It has always been possible for ads to work around UBO in various ways but no major ad network has even tried
Cause arms race with a dynamic blocker is expensive and futile. You are trying to s/UBO/UBO Lite/ in this sentence and convince things will work the same way, they won’t.
In general, uBOL will be less effective at dealing with websites using anti-content blocker or minimizing website breakage because many filters can't be converted into DNR rules (see log of conversion for technical details).
Also note that some of those won't be related to anti-adblock and some sites may use a different method for anti-adblock.
If you can show a site that definitively displays ads in Lite but not uBo, then proide it.
Not really. Not sure why you’re expecting me to dig through the sites and ads networks that don’t use differentiating techniques too often due to basically non-existing ubol userbase to this date. We’ll see how it goes in just a few months, I guess. I’ll be baffled if this fuzz was really about user security and not pushing ads down the throats. I’m also expecting to see more ads on mobile safari for it becoming compatible with the new widespread ad vulnerability.
If you encounter them sufficiently frequently that they are a problem, you should encounter one over the next 14 days while this discussion is open and be able to share the link. If you can't, then either there is no evidence of the problem you assert exists, or the problem occurs so infrequently as to be of negligible concern.
I would assume that once uBlock Origin Lite is highly used it will rapidly become worthless as companies start targeting it
Google made a search engine. They became rich from ads.
Facebook made a social network. They became rich from ads.
OpenAI made a chatbot. They're trying to figure out how to become rich.
The adblock of the future will be buying $12k worth of GPUs in order to run an "ad-free" LLM locally.
[0]: https://addons.mozilla.org/en-US/firefox/addon/umatrix/
[1]: https://news.ycombinator.com/item?id=27602118
[2]: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin...
Edit: Sorry you said Matrix. I don't think so.
But here's some recent discussion:
About Google Chrome's "This extension may soon no longer be supported"
The top comment on that Reddit thread has the answer: "You can still enable it. Not supported is a lie. It still works. On the extensions page you have to select "Keep" and then reconfirm. Then scroll down to the extension and click the slider. Then reconfirm AGAIN and then it will work"
Having "no alternative" is one of the many reasons the open ecosystem we call the web, matters. Why having a single choice, especially one run by an ad agency, is a shite spot to be in. Unless you are willing to do your web browsing on an unpatched version of Chrome, or a fork run by a smaller team that "can totally keep up with Google's pace of development, trust us, those security patches made it in", you're kind of hooped.
There really is no need for an explanation here, its all laid out: https://finance.yahoo.com/quote/GOOG/ and https://www.nasdaq.com/market-activity/stocks/googl/earnings tells you everything you need to know.
They will give you all manner of justification for their actions but when it comes down to it, uBlock interferes with their ability to monetize you and they want it gone.
This abusive relationship people have with Chrome is reminiscent of MAGA folks.
It's like saying a swimmer can still compete with a boat anchor tied around their neck in a new pool that's 12 ft deep.
As soon as this controversy is over and UBO is gone, the arms race against Lite will start and it will lose.
https://extensionworkshop.com/documentation/develop/manifest...
They could be scooping up disgruntled Chrome users, yet all they did was generate a load of negative noise.
Google paid Mozilla $600M in 2022 for making Google the default search engine in Firefox.
Mozilla is directly bribed by Google.
There's no shortage of games you can install through Steam on Linux. You need windows for GTA6 or the latest CoD or whatever, but saying Linux isn't viable at all is silly.
Poor argument.
Nonsense. Their drivers are better and there cards have beaten Nvidia cards depending on the generation.
> Also some games don't even support AMD's equivalent of DLSS. Also AMD sucks at inference, not even close.
I don't think you really know what you're talking about here, and I don't think you would notice the things you think you would in practice. In short, you're making very poor excuses.
It's OK to say you're scared to make the leap and/or don't care about privacy so much as you do being able to play the latest crappy CoD installment.
You assume.
> My operating system is irrelevant.
No, it shows your priorities are screwed.
You seem to care about privacy to the point you risking Firefox selling your data based on a misinterpretation of a badly worded TOS, but have no problem letting random closed source binaries hook into the lowest level of your closed source OS which itself is known to be a privacy nightmare and not at all trustworthy.
> You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox. This does not give Mozilla any ownership in that content.
https://blog.mozilla.org/en/products/firefox/update-on-terms...
I'm not seeing a real issue here, just FUD.
Google is killing the most effective ad blocker for Chrome. That ad blocker still works on Firefox.
Why wouldn't users switch?
The explicit disclaiming of ownership is definitely good (the previous version didn't have that), but it's not enough. Mozilla should just nuke that section completely like they did with the AUP part if they're doing this ToU in good faith.
In 2008, Matt Cuts posted Google does not want rights to things you do using Chrome, which suggests they are not trying to claim or vet what you use Chrome for.
Even if there are privacy violations, that seems much less scary than what Firefox has suddenly decided to do. They're seemingly not only watching, but claiming rights! And or will kick you out suddenly if they decide your activity on the web doesn't meet their standards.
https://news.ycombinator.com/item?id=43217309 https://www.mattcutts.com/blog/google-chrome-license-agreeme...
Did you miss their clarification in the grandparent post?
> includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox. This does not give Mozilla any ownership in that content.
> And or will kick you out suddenly if they decide your activity on the web doesn't meet their standards.
Google literally tried to have parents locked up for using an Android device to seek medical assistance for their child during lockdown.
Google was spying on the photos they took to send to their doctor, and Google's AI, based on a single false positive, decided they were guilty of kiddie porn.
Even after the police cleared them, Google refused to restore access to their account.
> Mark appealed his case to Google again, providing the police report, but to no avail.
https://www.nytimes.com/2022/08/21/technology/google-surveil...
Given that Google's CEO previously testified before Congress that the company wouldn't use information gleaned from your use of Google services to build out your advertising profile, I don't see "broken privacy promises" as a differentiation between Google and Mozilla.
Especially since Mozilla's post, linked above, says that their legal team now interprets selling ads as technicslly selling personal data in some jurisdictions.
They do have ads on new tabs, even if you can turn that off.
Again, I'm not seeing any reason not to switch to a browser where effective ad blocking will still work.
You can just install Firefox
But im scared of their bad privacy policy
But you’re logged into reddit, and you’re… using Chrome?
Why is FF the one app that you’re a privacy policy enthusiast when you couldn’t care less on every other app you’re using
Your mission is not to have invasive and possibly malicious ads then, like, Firefox does that. Its so weird to me why people make all these reasons to stay on Google Chrome when they allegedly hate it and its incredibly trivial to just use firefox
You can just install Firefox.
Others have workflows that may take weeks to migrate from chrom{e,ium-based} and something will be lost in transition anyway. I spent at least a few days, preemptively in 2024, to fully migrate to Firefox from Vivaldi. I haven’t had lower blood sugar levels in a decade. And when the dust over new privacy statement settles, maybe I’ll need to figure out ways to LibreWolf now.
It’s not as easy as “just install” if you are at advanced user/developer level.
Your experience disagrees, that's fine, but could you give some examples? What exactly would take weeks to migrate? Certainly not extensions and settings or bookmarks, so what would? It's not a question of belief when we have empirical evidence to work with.
It took a few days to investigate, google, try and fail, take rest, try again. Sure, I can do this faster now due to experience, but you start with none.
However, the claim in question seems like an objective claim for which empirical evidence would be very possible to provide, so until someone shows some clear examples I remain unconvinced.
This was part of why I moved to Vivaldi from Chrome about a year ago. But the fact that Vivaldi can only do so much (with the Chromium base) to stave off deprecation of the best ad-blocker has me considering a move back to Firefox now.
- Cmd+Shift+P instead of Cmd+Shift+N for new incognito window is objectively wrong and can't be fixed
- Having separate Cmd+Shift+N and Cmd+Shift+T shortcuts for open last closed window/last closed tab instead of Cmd+Shift+T doing both is also objectively worse
- I can't rebind Previous/Next tab, at least on macOS
There's less extensions because Firefox failed on the last 1% of copying Chrome's extension API. Doing it correctly would've meant it's possible to install extensions on Firefox directly from the Chrome Web Store, like you can with the Orion browser.
Mouse scroll physics are too slow on macOS. One "tick" of my scroll wheel scrolls a bit more than half of how much Chrome and Safari scroll
There is no full screen mode that hides the URL bar
Every single time you're searching something, Firefox includes a list of ads for search engines I will never use for as long as I live (Bing and DDG) under a "This time search with..." guise instead of just showing me search results. There are tons of these minor design flaws which add up to making Firefox feel like a worse browser.
Chrome is a faster browser according to every bench mark I've seen and I can feel it.
Switching would log me out of all my websites and clear all localStorage data
Lol this is just a habit/preference, not an objective truth.
Most of your excuses are equally bad, and most are addressable.
It's not comparable to switching from Windows to Linux.
Each to their own, I just disagree that Firefox isn't a real alternative in the same way Linux is to windows.
To be clear, this is to reinstall it if you accidentally uninstalled it. Keeping it enabled is easier but still follows a dark pattern.
because their favorite Youtube influencer told them so. That sadly is the reality of it, we're living in an age where people get their information off social media and clickbait, so some random legalese changes by Mozilla that don't mean anything get more attention than Google's pervasively bad privacy practices for the last 20 years.