I'm going to have to try this to see if Firefox's privacy is better. I currently use Chrome on iOS and was very disappointed to discover that it remembers Google searches that you do within incognito mode, completely breaking all expectations on what incognito is for.
Long story short, Google saves all searches in HTML5 local storage and this is shared between regular and incognito windows. Perhaps DuckDuckGo is a configurable Firefox option. (EDIT: yes, it is. Goodbye, Chrome.)
We are a real and unique browser. Not a Safari skin.
There is no such thing as a Safari skin. Instead we use a low level component called the WKWebView, which is a bare-bones minimal API to 'show web pages'. On top of that we have built a browser.
This is exactly what Apple has done with Safari.
The only common component between Firefox and Safari is the WKWebView. Everything on top of that, like the UI, bookmark management, history, sync is unique and implement in different ways by each browser.
Regarding JIT .. the WKWebView exposes the same fast JIT as Safari uses. Run a benchmark. We are as fast as Safari or any other app that uses the WKWebView underneath.
Yes as of a few releases ago (but not originally) iOS allows JIT for WKWebView.
But no, the result of a bit of chrome (historical name for browser controls) around a WKWebView is indeed just a Safari skin. The renderer is not some minor detail like how tcp connections are made, it's practically the whole thing! It handles the http/https/websocket connections, the html, css, js, html5 video and audio, canvas, webgl, webrtc (or lack thereof), pointer events, everything that matters.
- user of firefox on linux and on android, who never "signs in" to his browser chrome, or saves passwords in the browser, or other ill-advised but marketer-loved things
- also developer working on a webrtc application, who has had to explain to users "Chrome on iOS isn't actually Chrome, sorry"
> The renderer is not some minor detail like how tcp connections are made, it's practically the whole thing!
It's totally not.
All the things you list are just components of "showing a web page in this rectangle". That is akin to "how tcp conections are made". The renderer used to be hugely important because many renderers didn't work at all for some sites and features, or were massively slow. That's still true to an extent and why the renderer is still an important point.
But the browser itself is more about application features (and maybe cloud features).
How do you manage windows? How do you manage 10 tabs, or 250 tabs? How does it store your passwords and how do they sync across devices? Can you pull out your phone and easily jump to a web page open on your desktop back at the office? Does the browser crash a lot? Can the browser remember your font zoom settings for each site you visit? Can you override preferences for certain websites conveniently? How can you visualize the current set of websites you are on, or this history of sites you have visited. Can you easily restore a bookmark set of twenty websites? If so, does it restore your window sizes, positions, and tab order? Can you easily identify which window/tab is making annoying sounds? Does it have a 1Password extension? Does it override standard OS features like Print (to PDF) with its own lame-ass UI for the same thing (lookin' at you Chrome)? When you copy text, is it smart about putting the different representations of the copied data on the clipboard so it works optimally whatever app you are then paste into? Does it let you have different profiles to keep e.g. your work cookies separate from your pr0n cookies? Speaking of cookies, how easy is it to inspect and deal with them? How does its extension mechansim work, and what is its defense story against the installer-malware that comes with e.g. Java? Is it fast to launch? Can you easily re-open closed tabs and windows? If so, do they retain their state and Back/Forward history? Can you easily customize things like font and zoom and override bogus sites? Does it have an ad-stripping "reading" mode or does it need an extension? Etc.
In modern times, those things are a lot more important to me than the renderer (unless the renderer is broken).
I love how you're talking about the process from a user point of view. This is truly a difficult time for Mozilla. The rise of iOS means that independent renderers have not as much of a voice as they could have. It is scary because a user will maybe rely on features that exist on Firefox on another os might not work on Firefox on iOS.
The renderer is still very critical for developers. We don't really have a browser without a renderer after all.
WKWebView != Safari. Safari is built on top of WKWebView. Likewise, Firefox is build on top of WKWebView. Firefox is not built on top of Safari, so your Safari skin statement is incorrect. Its called mobile app development, you work with the APIs provided to you by the OS. Attempting to write your own low level networking and rendering libraries that bypass those provided by OS will simply mean your app is not released on the app store. Should Mozilla not release a browser on mobile cause as its not 'true' to your definition?
Indeed, just own up to the fact that Apple does not allow any other browsers on iOS. (nor f.lux nor game emulators etc. Apple sucks.)
Mozilla Corp. has become increasingly frantic these days, trying to maintain market share by making all the compromises it can on its ideals. Is it working? Doesn't look like it to me. I'm the only one I know personally who still uses Firefox instead of Chrome (on Windows/OSX) or Safari (on iOS). Notably, I know a number of web developers (though I'm a systems software engineer).
When hundreds of millions of people keep buying things you believe are awful, perhaps it's time to ask how broadly shared your views are.
For every nerd who complains about not being able to root their iPhone, there are probably a hundred people who think “I/my kids/my parents won't get mal/ransom-ware”. Repeat for almost every other security or reliability issue.
I'm not entirely in love with the effects but I'm not going to say those people are wrong because they value stability and lack the extremely high level of skill needed to operate a general purpose computer safely.
> When hundreds of millions of people keep buying things you believe are awful, perhaps it's time to ask how broadly shared your views are.
It's irrelevant how many people believe in something if they're wrong. A billion people believe the Earth is 60,000 years old and was created in a week by an all-powerful bearded deity. That doesn't make it true and doesn't mean we should throw our hands up and reinforce those beliefs instead of improving education and displacing them.
> It's irrelevant how many people believe in something if they're wrong.
“Wrong” asserts a level of objectivity which has not been established.
My argument is simple: the computer industry has failed to produce general-purpose devices which non-specialists can safely operate. That's security threats like phishing, but also just the ever present fear almost all computer users have of installing something which will break or degrade their computer.
When a high percentage of people choose to buy devices which are more restricted – and thus safer to use – the correct response is not to crank up the smugness and say that they need better education but rather to ask what we should change to make a general purpose computer safer without going all of the way to the app store model. As the most obvious example, strong mandatory sandboxing could be a big improvement while still allowing a knowledgeable user to adjust the sandbox policies or develop their own.
> A billion people believe the Earth is 60,000 years old and was created in a week by an all-powerful bearded deity
I find this comparison apt, but presumably not in the direction which you intended:
We have a preponderance of evidence that people cannot operate computers safely, ranging from the billions of dollars spent on support and data recovery services to e.g. ransomware being an industry with at least 8 figures of annual revenue.
Smugly asserting that people buying safer alternatives is due to poor education seems rather close to the creationists who assert that every hole in their theory is caused by insufficient faith. If that was ever going to work, it would have done so already.
That's not a fair comparison. I can't believe I'm going to defend Apple here, but Apple's "walled garden" is an environment that they designed, that people can choose to use or not. We can tell people that there's a long-term price associated with this, but people that choose to support Apple's model are not in the same boat with people that choose not to believe in carbon dating.
A technical centric view of a browser would focus on the rendering engine. But modern browsers, in their being almost small operating systems, go very far beyond the HTML/CSS/JavaScript rendering engine. I will list a few things that vary between browsers irrespective of the rendering engine: tab handling, incognito mode, extension system/ecosystem, privacy handling, search/url bar/completion, security policies, anti malware strategies, download manager, history management, bookmark management, cross platform syncing, password management. And all these things have a higher impact on the user experience than the rendering engine.
All these things might be completely different between Firefox and Safari on iOS. Saying that Firefox on iOS is not "a real browser" is an understatement.
Don't be ridiculous, the rendering engine is much more complex and many more lines of code than the GUI features. And browsers have had bookmarks, tabs, and password managers for a decade now.
More importantly, the rendering engine is what matters to the "open web", if you care about that. If there's only one rendering engine which "everyone" uses, then websites are designed to the bugs and quirks of that engine, then that engine need not fix any bugs, then those bugs become the de-facto standard. Then users can't use the web from the platform or browser UI of their choice if the only web rendering engine of note doesn't support it.
The engines of a 747 are much more complex and designing them takes many more man-hours of engineering than does designing comfortable and spacious seats.
But assuming the engines don't fail to perform correctly, which one do you think 99.9% of passengers care more about?
Engines aren't just "correct" or "incorrect", they perform differently. Users switched to Chrome from IE because Chrome was well marketed on a website they already used (google) and was way, way faster than IE. Many also switched on OS X because it was a bit faster, more feature-full, and marketed/perceived as way faster. It wasn't because they loved the Chrome UI.
I still regularly have to help "common people" find everything but the new-tab button in Chrome (and every browser).
Finally, it's clear that UI/UX designers always say they're making software "more intuitive" and "a joy to use" but no one (except grumpy engineers like me...) know what to click or where stuff is hidden anyway. It's all just UI churn, around in circles. Show feature prominently because users don't know how to find it, then hide it because the UI is too cluttered. Repeat.
EDIT: and all that's not the main point, sorry ... anyway, the "mass market" or "common" user's ignorance doesn't change the importance of the engine to the "open web". And don't forget how Firefox started, with only particularly savvy users caring to install it.
I agree -- I would totally fly on a plane with uncomfortable seats but an engine that would get me from Tokyo to Seattle 40% faster.
And I am not saying the renderer doesn't matter. My contention is just that the featureset and the UI probably matters more today, for most people. Historically, that wasn't true. (I consider switching from IE "historical". I don't know anybody who uses MSIE today, except for one-off reason like accessing some legacy banking system.)
To my understanding, chrome's incognito mode means everything you did within incognito will not be saved and applied to regular mode. But everything you did within regular mode will be applied to incognito. This works for localstorage and passwords. (Not sure about cookies, since my login session doesn't preserve in incognito, I guess cookie is not shared)
Are you sure it keeps localstorage? I was under the impression that passwords from normal mode were shared because that's a "meta" feature of the browser rather than part of the API web pages use, but localstorage and cookies weren't.
Well, I just checked and it looks like localStorage is not shared. But I recall it was shared when I checked sometime last year, maybe a bug back then.
I was think about the same recently. You put a lot of faith in incognito mode working as you expect it to on the 'edge' cases (e.g. third party plugins, cache, cookies) but this seems like it does not work even for a pretty straightforward case.
[I use edge there pretty liberally, even those cases are pretty far away from the edge]
Perhaps, but Chrome's configurable search engines are all unacceptable. As Firefox has DuckDuckGo as a configurable option and DuckDuckGo doesn't track you (so no HTML5 local storage issues to deal with), it's a great workaround for that limitation.
Yes, due to convenience (and app limitations). I want to be able to open an incognito window, do a search, and close the tab and have all history wiped. In iOS Chrome, because the least unacceptable search engine option is Google, this means history is actually tracked due to the HTML5 local storage issue. I could work around this by opening an incognito window, typing duckduckgo.com, and then doing a search but that's extra effort. In iOS Firefox, DuckDuckGo is a search engine option, so it avoids the issue without requiring extra effort.
IMO, private search shortcuts used to be really cool and then I switched to DuckDuckGo. Their !bang feature has all the search shortcuts I need (and then some), preconfigured :)
I'm not sure what you mean by private search shortcuts. Would this be a search box that you type something, press ENTER, and it does a search in a normal tab or I could do something else to make it search in a private tab? Or something as easy as Chrome's three dots > "New Incognito Tab" and I could immediately search from the URL bar would be fine.
Having played around with Firefox on my iPad, here are some things which are annoying (I mentioned a few of these elsewhere in this thread). I can see that many of these decisions were likely taking into account the limited real estate on an iPhone where I can understand the limitations, but it makes for a poor iPad experience. Safari and Chrome generally get these correct in a single app by adjusting the functionality based on the screen size.
- Adding a tab takes two steps: click the number box then
click "+" to add a tab.
- Closing a tab takes two steps as well. Why no "x" to close?
The "star" icon is exactly where I'd expect the close option
to be. Consider the frequency of someone closing a tab vs.
marking a URL as a favorite and the resulting UI should be
obvious.
- Adding a private tab is three steps: click the number box,
then click the Private Browsing icon, then click "+".
- Swapping between regular and private tabs involves three
steps: click the number box, enable/disable the private
icon, then click on the tab you want to focus on. In Chrome,
this is one step: click the Incognito icon which immediately
swaps between the most recent active tabs in each mode.
- You can only view one tab at a time. Not only does this make
switching between tabs tedious but you also lose context;
not seeing a tab you've opened in the background that you
mean to read later will generally go unread.
- "Settings" available via the tab management interface. This is
a rather unintuitive location to manage application settings.
Why not have app settings available from within the iOS
Settings app?
- Editing the URL of a tab hides the tab's content. Not sure what
the thinking was here, but if I want to access thumbnails,
bookmarks, etc. I'll do this from a new tab, not by manually
editing a URL. Consider the use case of a URL shown in a web page
but it contains tracking info. I might want to manually type it
instead of clicking, so when the page contents vanish it's
difficult to do that.
- Unable to search for text on the page.
That's what I've run into after five minutes of playing with it. I might keep this on my iPhone, but as it stands it's unusable (compared to alternatives) on an iPad. Safari and Chrome generally get the iPad UX right.
@st3fan, riding off biot's comment because he hit a lot of the right points.
First off, congrats, this is amazing and beautiful. I've been a long time Firefox poweruser, and here are some of the things I noticed myself:
- Lack of differentiation between bookmarks, history, open pages, tags, etc. in URL bar.
This is vital for a power user feature I use a lot: browser.url.restrict.* (in about:config), allowing me to quickly get to a page from history, an open tab, or a bookmark. You get the idea :)
- Inability to reorder tabs
- No context of tabs opened/ to switch to
- Unable to specify sync categories
- Unable to disable password saving asks
Overall, biot is right: this is great from a iPhone POV, but from a iPad POV, there are more controls to bring into view to bring it to parity with Safari/ Chrome. As for going beyond what Safari and Chrome offers on iOS, carrying over the spirit of power user features and customization will definitely do it (like the AwesomeBar icon hints, switch to tab, urlbar match, search keywords, and more).
“I could work around this by opening an incognito window, typing duckduckgo.com, and then doing a search but that's extra effort. In iOS Firefox, DuckDuckGo is a search engine option, so it avoids the issue without requiring extra effort.”
Not too long ago I found that you can restore a deleted tab in incognito mode in Firefox. I was pretty shocked at that. Chrome behaves as expected for this particular test.
There were a few annoyances with Safari that I never really liked such as the inability to search for text within the page. In verifying whether this is still an issue, I managed to locate the "Find on Page" option hidden in the "Send to" menu, clearly something I never expected. Safari also used to hide the contents of the page as you edited the URL bar, something which is now fixed and I notice you can use that to find text in the current page as well. And now that I look into Firefox further, I don't see how I can search for text within the page here either and Firefox hides the page contents when you edit the URL.
> I never really liked such as the inability to search for text within the page
You can actually find in page by typing a keyword in the address bar. There will be an "On this page" section at the bottom of the suggestion list, which you can tap in and jump through all matches. If I remembered correctly, this feature has been available since iOS 5 or so (which were a little bit clearer back then, since search box was separate from the address box).
Aren't we supposed to avoid stock Apple options due to concerns about privacy? For example, isn't Safari proprietary, suggesting that we should choose an open-source browser? Are Apple apps actually good for privacy?
I wish people would stop thinking DuckDuckGo cares about your privacy. It's all marketing BS. The founder sold his old startup in 2006 to classmates.com, an incredibly scummy company.
"Incognito mode" is meant to stop data from being stored on your computer, not Google's. This is written in plain English every time you start a process in "incognito mode".
This is a sad but expected capitulation on Mozilla's part. They weren't succeeding in their efforts to ship Firefox devices and they were blocked from shipping Firefox proper on iOS devices. If they didn't ship something, an entire generation of web users wouldn't even know what Firefox was.
Webkit browsers currently account for a 91.6% share [1] of mobile (phone/tablet) browsing. Ironic as it sounds, the only hope right now for mobile web standards is Microsoft. They're the only vendor that stands in the way of the idea that Webkit should simply become the de-facto standard for the web, in place of specs worked out in collaboration with other browser vendors through the W3C.
One thing to keep in mind is that even if we can't use Gecko on iOS, having _something_ on iOS rather than nothing means that people who use Firefox on Desktop or other platforms will be less likely to switch away due to issues like their bookmarks / tabs / etc not syncing between devices.
It's an indirect way of getting more people to use Firefox (which promotes standards) over another option, but it's certainly better than telling iOS users "If you want synced stuff, switch to Chrome or Safari."
I agree with you. I think it's really interesting to think about what a "browser" or "user agent" really is. It's clearly more than just rendering, it's things like bookmarks/syncing/plugins/etc. I just worry that if Mozilla doesn't figure out their mobile-first strategy, having will Firefox on iOS will only serve to slow the bleeding, not really help with getting back to growth.
It's a pretty simplistic view of things, Chrome on iOS isn't that great, even if you use Chrome on all other devices the account sync and all the other Google features might not be worth the performance issues compared to Safari.
FF Account Sync isn't as robust as Google's (not saying it's bad, it's not intended to be as universal and or invasive) so you will get for the most part even less out of it.
FF on Android is a true FF build, you can run most addons on it and it uses Gecko as their rendering engine.
The problem with iOS is that we are going back to a single eco-system when it comes to rendering engines this means that everyone needs to get inline with how Apple thinks that the web should work which we had to suffer through before when Microsoft polluted the web with their own interpretations and "proprietary" standards.
Also from a security POV this is pretty damn awful if there is a vulnerability in WebKit/iOS Webview or however Apple wants to call it, there's a good chance that every browser will be vulnerable this means that until Apple can patch it out there is no alternative non-vulnerable browser for the iOS ecosystem.
This pretty much reminds me of the late 90's early 2000's where there were a billion "alternative" browsers like NeoBrowser and the like that were nothing more than a reskin of Internet Explorer, the fact that you can't push out your own low-level components to one of the most popular mobile platforms in the western world is pretty god damn sad.
I for one would have actually loved it if Mozilla and Google would've make a stand against Apple and say if you don't allow us to build our browsers like we want too we're not going to be on your system. But sadly because Apple users are the more "important" (as they have more money to spend) than alternative platforms it doesn't seem likely to happen.
Blink is a fork of Webkit. So while it may be sufficiently different thank Webkit in the future, I'm not sure how meaningfully different it is today. Especially from the perspective of a web developer or user.
My understanding is that Apple blocks the usage of other rendering engines, so both Chrome and Firefox for iOS are essentially skins over top of Safari.
Kind of – they ban everything which does runtime code generation for security reasons. That has some nasty side-effects but it's at least consistent and more defensible than “no competing browsers”.
I would love it if the FTC, etc. made them open up with, say, the ability to set the security requirements they use and accept anything from companies which make similar commitments.
It's not just runtime code generation. If it were just that, you could have a browser without a JIT.
But they also forbid execution of code that doesn't ship with the app itself. So you can't have a JIT-less browser that runs any JS at all.
But for Servo none of that would matter anyway, because it's written in Rust. And Apple's policies only allow binaries whose source code is C, C++, Objective-C or Swift, last I checked. So Servo, and any other program written in Rust, is not allowed in the app store period, no matter whether it's a web browser or not and what it does with JS.
Not sure what a Microsoft product placement is doing in the context of a story about an open-source browser and being portrayed as the glimpse of hope. But the new IExplorer (sorry, Edge) only runs on Windows 10, being the least supported browser in the history of browsers. And is proprietary too, running on top of Microsoft's iOS-wannabe, with a market share so poor that Microsoft resorts to branding gimmicks and is planning to force upgrades down on people's throats just to make their numbers look good.
The lack of extensions (switch from Gecko -> Webkit means none of the pre-existing extensions will work, but looking at the product page I'm not seeing extensions at all as an option) sorta kills the prime draw of Firefox for me. I mean, the only reason I use it on Android over Chrome is so that I can have uBlock Origin on it.
This is Apple with its silly policies preventing competition again. I have no idea how a lawsuit against these practices has not happened. In the meanwhile you can vote with your wallet and use some other operating system and/or donate to efforts that fight against such practices such as EFF, Mozilla and others.
We can have a better mobile internet than what Apple offers...
you both have good points, but I disagree with the tone of yours.
Apple has a policy that prevents things 'becoming' malware later in life.
There is a fairly rigorous review board (at least for initial application submissions) which check the quality of code but also it's intent. It would undermine that whole process if Apple just allowed you to alter the function of an application after it had been installed by the end user.
Personally, I have used iOS and Android, and I find the play store to be riddled with the CNET/Softpedia style applications that look dubious even if they're not. And as much as I hate online ads I'm definitely not willing to allow laxer rules on my phone than it currently has.
I'm not saying that android can't be secure, I'm just pointing out that because "Android does it" in regards to security, is not a valid reason to go ahead.
My phone runs my life, I don't care if it's a walled garden, just that it's a secure walled garden.
While the OP's tone may have been a bit brash, it is true that this policy smacks of anti-competitive practice. Recall the (often quoted) Ma Bell rhetoric: "You may have any color you like... as long as it's black". The same applies to browsers on iOS: "You may use any browser you want... as long as it's WebkitWebView". When Microsoft did this same exact thing; building IE into the OS, people freaked! And I believe they used the same "It's to protect you" line. You may not care, but that doesn't mean they couldn't have a "run untrusted browser" option.
People freaked at Microsoft because at the time they were essentially a monopoly. Apple has nothing like a monopoly. Do we need to go through this every time someone tries to make this broken comparison?
Supposing this line of reasoning is valid, why don't we have Apple decide what we can and can't do with our laptops as well? If you'd make a distinction, why?
1) Apple is actually doing things that limit what you can do on your laptop. There's issues where you have to disable security policies to install OpenVpn or HomeBrew on El Capitan.
2) Apple sees laptops and iOS devices as serving different purposes. It's no secret that there are things you can't do on iOS. While Apple is trying to make iOS more capable in some ways, in other cases, their view is "go buy a laptop or desktop if you can't do what you need on iOS". It's not a crazy view. I'm giving the new restrictions in Mac OS X a serious side-eye--to the extent that I'm halfway considering going back to Linux on the desktop, even though I dislike Linux desktops. However, I find the restrictions on my iPhone painless. I'll just never even consider making an iPad my primary machine.
I'm not sure about OpenVPN, but the only time you'd need to disable rootless for Homebrew is to create /usr/local if it doesn't exist.
/usr is write-protected, /usr/local isn't. But if /usr/local doesn't exist you can't create it. This only affects upgrades to 10.11 where /usr/local didn't exist, if it's a clean install Apple creates the directory.
That's besides the point. Apple is still restricting what you do on your laptop by having the underlying system preventing you from creating that yourself. The homebrew issue is just a symptom of the restriction.
To be fair, there is a reasonably transparent way to get around it. It's less convenient than typing "sudo" before a command, but it's not the same as having to bypass DRM or some other scheme that's truly designed to prevent you (the person) having access.
What I worry about is my ability to keep up with the details of what I can do when and whether this is a trend that will get worse.
I don't understand the concept of the "buy that other device if your current device doesn't do the thing you want it to do even though it is perfectly capable of doing it but doesn't because we don't allow it" mindset. Especially since Apple is now telling us we should stop considering buying those other devices.
Everything that a device does involves tradeoffs. There are many ways that iPads are simpler and just better than Macs in the areas that they excel. Adding features to the iPad without making it too complicated is hard.
You should buy a Mac if you need what a Mac gives you (or if you just want a better keyboard...). You should buy an iPad if you don't. That's Apple's story. The line of who buys what is a little fuzzy sometimes, but it's a pretty simple story.
But what about the part that Cook, from Apple, doesn't understand why someone would buy something other than a tablet these days. What if those Macs go away? What then? Can our iPads and iPhones be allowed to do things they are perfectly capable of doing but Apple doesn't allow it? If so, why not now?
The assumption that Macs go away is the assumption that people stop needing to do the things you can currently only do on a Mac. So I don't think your hypothetical is possible. Either iOS gets more capable, or Macs don't go away.
Hell, Apple offered an update to the Mac Pro recently, and we know that doesn't sell as many units as the iPad.
they kinda do already, and so does microsoft (application signing?), you can just opt out of it, and that's the key exception.
also, a general purpose computer is exceedingly different from a cell phone and they have notoriously bad security models.
Like I said, my phone runs my life, I don't have a reasonable means to keep it secure (not even on android), a PC, I can attach debuggers to processes and I can lock down my firewall, or I can sniff my network. - I can do none of this on a phone platform reasonably well (AF+ firewall on android requires jailbreak and breaks applications). and I shouldn't have to..
to put it bluntly; I can be responsible for my laptop, I can't be responsible for my phone.
The review board process there is not to the satisfaction of some people. For example, if you create an application and another people want your application but the review board for any reason (real or not) doesn't like it, then you can't distribute it. For example, for some time Apple disallowed applications that duplicated functionality from core apps. So you could not ship a new mail client or a new music player. Yes, those restrictions are gone but for a while they were real. For some months they also restricted the app store for applications developed with their own SDK, if the app was not Obj-C/Cocoa then it could not be accepted. This is also gone but for at least three or four months lots of developers were stranded.
Why am I telling you that? Because this is just to prove that sometimes Apple makes mistakes. Sometimes, their rules are not in the interest of the user. Sometimes, they backpedal and make it right, sometimes they don't. Since you don't have a way to distribute content outside their walled store, you're left without any recourse. The phone is not yours, its theirs.
Now, back to the topic. Browser add-ons also pass through a rigorous review process. Currently, Firefox extensions need to be reviewed and signed before they can be installed on Firefox Stable.
Apple could allow new rendering engines and new javascript engines. Microsoft was sued for similar reasons. Some people are so displeased with Apple WebKit that they are claiming it to be the new IE as can be seen in http://arstechnica.com/information-technology/2015/06/op-ed-...
Having more rendering engines and JS engines would not make iOS less secure. Having add-ons in Browsers would not make iOS less secure since all iOS apps run sandboxed anyway. Also both Chrome and Mozilla have add-on review processess. At Mozilla any open web app or add-on that touches sensitive APIs is reviewed very rigorously. This would not lead to a less secure system but it would probably lead towards more usage of mobile web instead of apps and this goes against Apple strategy and shareholder interest.
The fact they do not allow competition is not good. You should be able to choose what you want to install and from whom.
You are still missing some of the finer points of the controversy.
The JS issue is more complicated than "just let $browser engine in". One complicating factor is JIT Javascript compilation. My understanding is that Apple applies DEP to unblessed applications on iOS, which precludes apps not so blessed from employing JIT compilation/optimization. And, predictably, only Apple apps are blessed.
So, yes, sometimes things Apple does, it does to suppress competition. Some things it does, it does for security. (There are many other reasons for what it does.)
I know this isn't going to change any minds. But claiming Apple is pulling a Microsoft with Safari for competitive reasons, I believe, is rather missing the point. I mean, I suppose you could say Apple wanted a reason to keep other engines off iOS and so came up with DEP as an excuse, but imputing motives that way isn't a terribly great way to go through life.
And… if you don't like the walled garden, just jailbreak your phone. It isn't that hard. Of course, then you're on your own, but that's what you say to want.
But that's true even on the desktop if we talk about browsers, and yet we do use extensions, ironically to augment the browser's security too.
While I do understand your point about rigorous review for a mobile app, I think that browsers should get special treatment in this regard and allow extensions.
For some reason, this surprises me. I have seen countless calls for Apple to be more open in general (do not want), but your suggestion would only open it up to other browsers. I'm intrigued and torn: I feel like Mozilla might have something to contribute there, but I feel like Chrome would follow on by wanting their own App Store.
I think I agree that Mozilla Firefox using its own engine and extensions would be a valuable app. I'm not convinced I would want to let anybody else in.
So, why doesn't everybody get to decide for themselves? It's pretty obvious that opinions differ, so people should be able to modify some simple setting on where their preferences lie in this respect. "locked down", "open for selected classes of apps", "open" or something like that.
For me, "locked down" is a choice I make when I buy an iOS device. It's not something I look for in servers or desktops, but in tablets and phones it is very much something I appreciate. Many people have other philosophies from mine: fortunately, so do many other computer vendors.
Apple doesn't blindly extend trust to app vendors - neither do I, particularly. Apple doesn't trust most folks to decide whether to trust an app vendor - neither do I, particularly.
That's only because you personally don't download it. I can't tell you how many times my uncle has installed a new "search toolbar" for Firefox that I've then had to disable. Luckily, disabling an extension is trivial. For the non-savvy user, though, it's still an issue.
Unless you change a single setting that allows you to do so. Guess how many of those malware toolbars pop-up a message that says "Click here and select this option to allow us to fix the issues with your system"?
I've definitely seen copies of desktop Firefox running malicious extensions. Mozilla somewhat discourages installing extensions that aren't on the official add-ons website (and thus haven't gone through an App-Store-like review process), but people do it anyway.
The actual license agreement (§3.3.2) provides an exception for scripts executed by JavascriptCore or WebKit. (The summary document that was quoted above doesn't appear to mention that exception.)
That said, it can be really fuzzy where the line is between code and data (e.g. spreadsheet formulas).
As far as mobile web browsers go, they're required to use WebKit, so they'd get a pass. (E.g., Chrome uses UIWebKit, but has its own network layer, which made it immune to a bug in iOS's networking layer that cached POST requests.)
“According to Apple, formulas in Numbers and functions in PCalc are OK. So is JavaScript, as many apps embed a Web view or communicate with a server component via JSON. But reading XML files and executing Python code are not OK. Landon Fuller points out the absurdity and wonders about executing Python via JavaScriptCore.”
But after reading chkuendig’s comment (which makes sense), I’m wondering if the above interpretation is completely accurate.
That isn't the case. There are a whole host of tools, like Reactive Native and Appcelerator Titanium that interpret and execute JS on the device outside of UIWebView.
but they are not downloading the JS from the net right? You can interpret python, JS, whatever as long as all the source for these scripts is present in the bundle at build time...
That will probably get removed soon. I believe Apple already made him get rid of a similar feature in an update for Pythonista (I could be remembering wrong though… maybe they made him remove something else?).
“So what was the problem Apple had with the previous version? Turns out, they didn’t like the Open in… menu integration I had added in 1.4 because that would allow you to import executable code from external sources. My theory is that this policy is in place to prevent apps that circumvent the App Store, e.g. by offering downloadable games that don’t go through Apple’s review (and revenue chain via in-app purchases).
[…]
I’m sad to see this feature go. It wasn’t just a convenient way to import scripts, it also enabled some pretty interesting automation workflows that could process the contents of pretty much any kind of file you could access on your iOS device.”
This is why I use iCab on iOS¹. It already has pretty much all the extensions I’d ever need already included (ad blocking, readability, etc.).
(Note: That screenshot on the homepage isn’t really what it looks like on newer versions of iOS. It’s still under very active development; see here². …He should really update the screenshot on the main page though).
The reason for this is so that you can use your Firefox account to synchronize data between your mobile and your desktop browser, so that you can have these features while still using Firefox on the desktop. This is a pretty big deal regardless of rendering engine. Personally, it's what made me switch from Firefox to Chrome years ago: Chrome supported sync, Firefox didn't.
I suppose I'd be more enthused if Firefox syncing had worked from day 1. I've had Firefox as my desktop browser for ten years, and Firefox on my android devices for a couple. My experience was always that the syncing was irregular--i.e. I could have tabs open on my desktop window and see them from across the room, yet they wouldn't show up under the "synced" tabs on my tablet, even after manually triggering a sync on both devices.
So at some point, I stopped relying on that and just installed Pushbullet to bounce stuff around from my desktop to my phone or to my tablet. That has worked flawlessly.
Syncing logins has never really been something I've bothered with. I'm afraid of someone grabbing my tablet and then having access to all of my emails, message boards, payment stores, etc. All of my devices have LastPass installed, which is how I manage that.
So yeah, this would be a bigger deal for me I suppose if I hadn't already found other solutions for Firefox Mobile's old shortcomings.
yes but it was an awful and awkward experience, this feature was hidden and not obvious how to use for regular folks, required long passwords AFAIR, and failed to sync many many times.
Totally off topic, but when you look at the new mobile friendly HN with Firefox for Android is the comment nesting broken? Mine shows no text indentation but the up arrows are indented randomly. Been miffed that apparently nobody is complaining about this.
This movement towards WebExtensions will take some time and new APIs are being developed as they figure out the needs of the developers. WebExtensions are easier to write and make them cross-platform (Firefox OS, Firefox for Android, Chrome...). It might not be ready now but its a good thing to check out.
Apple doesn't allow the rendering engine to be ported. For people who use Firefox on the desktop, being able to have their bookmarks, logins and tabs sync'd is a big deal.
That presumes Apple's Webkit has the necessary support, or even worse, that if Mozilla would improve a competing rendering engine (i.e. Webkit) to support it, then Apple would take these improvements and expose them to non-Safari browsers.
That's just a retarded effort to do with zero guarantee it can be used at all.
Which is actually very fascinating - last I heard Chrome for iOS is still using UIWebView as there were blockers with WKWebView. Wonder how Mozilla got around them?
I think Chrome on iOS has the option of some kind of mobile compression proxy that runs through Google's servers, so perhaps that's been part of the problem?
Now i wonder if they support webrtc even if they have to use webkit to render i have to try it out. The restrictions on browsers on ios could turn the ipad pro into the worlds most expensive paper weight.
That would be awesome. I'm working on a project that requires WebRTC, and iOS is my biggest problem at the moment, if I could point out to a browser and tell people to download it, it would be huge.
Edit: AFAIK, the Ericsson bowser no longer works / isn't supported anymore.
> Only the iOS webview is allowed to render web content.
This is quite shocking. I wonder how a platform with such policies could be universally accepted and praised by the tech community. Microsoft didn't achieve this level of closedness but become universally hated.
There is actually a fair amount of people who do not accept such a policy and use Android instead. Apple's super locked-down ecosystem is why I use Android, despite iOS being (imo) a better OS. You tend not to hear from us because... we don't use iOS.
The sheer number of backlit white apple logos on display at most tech conferences I've ever visited (ones surrounding open source projects!) would seem to imply otherwise.
Mac laptops are useful for web developers as they offer a good blend between open-source development tools (GNU tools, etc...) and commercial tools (Photoshop, etc...).
However, if you've not seen any criticism of Apple in the tech community, then Google for it, it won't take long to find critical voices about Apple (and I'm not referring to trolling, well thought out criticism is easy to find too).
On one of the Debug[1] podcasts (I can't remember which one now), Don Melton[2] claims the decision to not allow other web rendering engines or Javascript implementations is because they don't know how to allow those and keep iOS secure, and that is the reason behind a lot of limitations enforced in iOS.
Apple is certainly more closed than Microsoft ever was. The difference in perception is likely because Apple has never had a monopoly. There are more Android phones than iOS.
I’d guess so. The original Chrome for iOS announcement [1] said:
it’s been challenging to re-use critical Chromium infrastructure components. That said, there is a lot of code we do leverage, such as the network layer, the sync and bookmarks infrastructure, omnibox, metrics and crash reporting, and a growing portion of content.
Precisely the reason I don't care that the other big browser engines can't be ported to iOS. Their concern for battery life/power drain is so low that there's zero chance I'd use them anyway. I don't even use them on the "desktop" (laptop) anymore, for that reason.
> Additionally only Apple's JavaScript engine is allowed to use a JIT compiler.
Can you elaborate? I was under the impression that as of iOS 8, if a developer implements WKWebView in place of UIWebView they would have access to Nitro.
This is true, but what pjmpl was saying is that Mozilla couldn’t port their JITted JS engine to iOS and expect it to get through the app store review – they have to use Apple’s.
All apps on iOS are forced to use the built-in webkit engine. Think of it as if every browser on Windows was forced to use the IE engine and Chrome, Firefox, et al never existed, just a ton of IE skins.
When you think that Microsoft was accused of abusing its monopoly when they shipped IE with Windows. You cannot even install another true browser on iOS, just some sort of chrome around safari/Webkit.
You answered your own question. Microsoft abused their monopoly; since neither Apple nor Google have a monopoly on mobile that set of rules does not apply.
It would require a new set of laws to have anti-trust apply to ecosystems rather than only industrial/sector/field monopolies. At the moment Apple is free to do as they please.
Probably because Apple is very concerned about providing a secure experience for their customers. By requiring that all app developers use Nitro they can rest assured that those apps are at least as secure as mobile safari when it comes to browsing the web. If Google was use their own JIT compiler in Chrome for iOS and there was some serious security exploit that affected users as a result do you think users would blame Apple or Google? As far as most non-technical users are concerned, they would likely blame Apple because that's who they bought the phone from.
There is competition in software, btw. You can buy an Android or Windows phone and get a completely different web browser in them.
That's what the app sandbox is for. As long as the sandbox holds up, it doesn't matter what security vulnerabilities are in the app within. And if the sandbox doesn't hold up, you've probably lost the game regardless. There's plenty of room for security vulnerabilities in an app like Chrome even if they're not using a custom browser engine.
App sandbox is just one layer of the security model that iOS employs, and another is not allowing JIT'd code, in case someone finds a way to drop a payload into W&X memory. There's no reason to increase your attack surface if you don't need to.
Is the restriction on JITs really a security thing? That seems so completely far out there on the list of concerns compared to common stuff like buffer overflows which Apple does pretty much nothing to prevent. It always looked to me to be a technological means of enforcing their rule that you weren't allowed to download new code to run (on purpose).
It's very much a security thing, there've been lots of exploits that work by dropping a payload into a W&X marked area in browsers (usually dropped in by buffer overflows).
Apple also doesn't like unsigned code, and JIT (or self modifying code, or whatever falls into that category) is inherently unsigned code.
Forcing the use of a single rendering engines also minimizes memory usage (the code for the engine can be mapped in shared memory) and thus allows Apple to ship devices with less RAM, slightly decreasing power usage. It also speeds up the launching of applications that use a renderer (the code for the browser, its JavaScript engine, the font renderer, etc. will already be in memory)
I think that effect could be fairly large if Apple would allow applications to contain their own web engine, not because it would mean a second engine, but because it easily could mean a third, fourth, etc. engine, given that not all applications get updates at the same time. Imagine app #1 shipping with Firefox's webview version X, app #2 Firefox version X with bug fix Y, app #3 with Firefox version Y, etc.
Apple allows Unity and Unreal Engine, all of which are just as big if not bigger than WebKit. Leaving the realm of games, they also allow Mono/Xamarin, which is a similarly enormous framework.
The restriction is plainly a business decision, not a technical one.
As significant as Apple is in the mobile market, it doesn't have anything like the control MS had of the desktop market at that time.
Using something else if is a viable option for most people that currently use Apple products, where it wasn't for many in the case of Windows back then.
The thing is Apple doesn't have a monopoly on the mobile market, specially when the worldwide market share is taken into account.
Until then, Apple is free to control 100% what comes into their platform.
The same way any other vendor is free to do (e.g. games consoles), when not covered by monopoly laws.
When they reach a size that falls into what the law considers a monopoly, then the game changes, as they have increased responsibilities towards the market.
I forget where I read it, but someone from Mozilla stated somewhat recently(?) that, ultimately, Firefox is about a set of services shared across platforms, an experience, and a pledge to user privacy. It's not about a specific rendering engine.
That message is more for the Mozilla community than for the outside world. If Firefox for iOS implements WebRTC on top of Webkit, for example, that's a clear win for users. So Mozilla (the company) decided it's worth their money to make a Webkit browser and try to improve the situation on iOS little by little. But Mozilla (the community) is full of people with very strong ideas of the direction they want the organization to take, so the immediate reaction is for them to reject the idea – even core contributors. "Firefox without Gecko is not Firefox!". Instead of arguing whether branding a Webkit shell as Firefox is too big of a compromise, Mozilla (the leaders) redefines what the brand is about.
This might seem silly, but it has a big impact on the community, by making it clear what the goals of the project are, and hopefully eliminating all the bikeshedding on what is and isn't Firefox.
EDIT: I guess I never answered your question: open Web standards are still a priority for Mozilla, it's just that we've decided the little benefit for the user we can create by writing Firefox for iOS is also a priority.
Home was always weird. It wasn't actually a browser but sitll tried to sync your bookmarks, opening up Safari to view them. It was an experimental project, and it was no surprise that it ended.
Firefox for iOS is not just an experimental project. It's part of our core products now.
Firefox Home was an attempt to allow iOS users to access all their Firefox data without producing a browser called "Firefox" on iOS and not having it be a real Firefox browser because it was a UI on top of Mobile Safari. Mozilla has since given up and is producing a Firefox for iOS browser that's Mobile Safari underneath because Apple will not give in from their anti-competitive position of only allowing Mobile Safari as the browser on iOS. Chrome, Opera, Firefox, et al on iOS are all Mobile Safari underneath.
It's part of the WebKit UA. It harkens from the days when IE and Netscape were the only browsers developers thought about when UA sniffing. It made sure WebKit got the Netscape version (which was closer to the standards), not the IE version.
It's the same reason all browser UAs start with "Mozilla" even though only one is actually made by Mozilla.
Mozilla disallows others from using the Firefox trademark for custom compiled versions, which is understandable and agreeable. What I don't get is how they're then willing to put their name on something where they are forced to use webkit. Fear of losing market share? Hope that Apple will allow them to use Gecko or Servo in the future?
There's a lot more to being a browser -- and being Firefox -- than the web rendering engine. We're able to deliver the kinds of Sync features, private browsing, and so on that we think are important.
(I work on Firefox for Android and iOS, and even _I_ don't really care which rendering engine it uses. I care that I can trust it, that the UX is excellent, and that I have my data.)
That is a good point. To me, however, an important part of the appeal of Firefox has always been a belief that having multiple competing rendering engines is fundamentaly good for the open web -- that it keeps the HTML and CSS standards from growing in too much of an implementation specific direction. I had thought, perhaps without grounds, that this view was shared by Mozilla.
This view is shared by many people at Mozilla (but not all, I expect; it's hard to find anything 1000+ people will agree on) and I believe shared by Mozilla overall. I mean, we're not just continuing to develop the rendering engine we already have (Gecko), we're creating another one as well (Servo)...
It's actually a pretty consistent view. You can use Gecko through a reskinned FF clone like Palemoon or Iceweasel, but can't call it Firefox. Firefox is the UI chrome and corresponding stack. Gecko is the engine.
Some would say they're part and parcel, but it's clear now that Mozilla doesn't agree.
It's entirely inconsistent with Mozilla's past actions.
You can compile Firefox source code of which 100% of it came from released Firefox versions in Mozilla's HG tree and they won't let you call that "Firefox". Part of why IceWeasel exists is Debian wanted to backport security patches from Firefox releases into an older version (eg. apply security patches from Firefox 4 to Firefox 3.5) for Debian-stable and Mozilla wouldn't let them use the name Firefox if they did that.
Therefore your claim that
> Firefox is the UI chrome and corresponding stack
doesn't match the reality of what Mozilla has done. It seems now Firefox is anything that Mozilla calls Firefox.
What Mozilla won't let you call "Firefox": a version of Firefox where the only changes are security patches backported from a future version of Firefox (see: the Debian and IceWeasel debacle).
What Mozilla will call "Firefox": a wrapper around WkWebView that uses WebKit.
And I assume it's not using Gecko because of Apple's anti-competitive ban on non Apple browser engines? Apple aren't supposed to get away with such nonsense.
There actually is a search text feature, it's just not that easy to find. Type the text into the url bar, and then scroll down all the way to the bottom after the auto complete suggestions and it will let you view matches on the page. (really shitty location for it)
Safari does include a search text function. Tap on the search bar and type in your text. Don't hit enter, scroll down to the autosuggest results and it says find on page. Tap that.
I use Safari on iPad, but on iPhone it is unusable for many websites, since it doesn't support text reflow (my opinion). So on iPhone I use Mercury, but sometimes it is a bit slow. So on iPhone there is still a room for a better browser, imho.
Agree, a better iOS browser is indeed needed. I tried Mercury, which does what I want (esp. ad blocking), but does it too slowly.
After 2+ years, I'm still using Atomic Browser on iPhone + iPad, even though it hasn't been updated in years and now triggers some websites' warning, "You appear to be using an old unsupported version of Firefox".
You should absolutely try iCab Mobile. See my post here¹.
iCab has been around for a really long time on desktops. Seriously, it existed before even Mac OS X², so it’s no surprise that the dev would carry all that experience over to the iOS version.
I have been testing Firefox for iOS for a couple weeks. I prefer Firefox's tab management over Safari's: a simple 2D view that shows more tabs (instead of a fancy 3D stack) and easy swipe to close tabs (instead of tapping—and often missing—a tiny X button in the corner of the tab).
Did they manage to implement folders for bookmarks in iOS version ? The Android is lacking it, which makes the bookmarks useless if you have some kind of folder management in place.
Eh, what? The Android version perfectly supports bookmarks in folders. Yes, by default your bookmarks end up in ~/Mobile Bookmarks/, but you can change that, too
And I've never met an iOS (or Android for that matter) user that could name if their game was built on top of Unity or Unreal, but what difference does that make to the end user?
The difference between these browsers is not the renderer (which should, ideally, be rendering the same content the same way anyways), but the features on top of the webview. The UI, Password, bookmarks, autofill, and history sync.
So, nothing like leechblock on this then, correct?
I try to use my phone as little as possible because I can't block distractor sites. Currently I default to Safari off using parental restrictions, then I turn it on when I need to search for something, and then turn it off.
But those restrictions won't work for firefox, so it would be in full distraction mode, unless I'm missing a workaround.
(This isn't as restrictive as it sounds. It just makes the web use more conscious and intended)
Is there a reason neither Chrome, Safari, and now Firefox for iOS have a qrcode reader built in? It seems like to me that would be a no brainer. Is there something technical I'm missing?
What would be the point? There are a great many QR apps out there that can call your configured preferred browser when appropriate (assuming Apple allows you to set a preferred browser that isn't their's - I don't have nay iDevices so can't test this personally). QR codes can contain data other than URLs for browsers to follow (though you would be forgiven for thinking otherwise given that in the vast majority of cases this is what they are used to transmit) so it makes more sense to have a QR app that deals with QR codes generally and defers to a browser when a relevant URI is detected.
It should be a camera feature if anything. Just show a small pop-up when camera detects some kind of code in the picture. I don't see why I would need a separate app for that.
Ah, okay. I didn't realize they could contain more data. That would make sense. If it only contained space for URLs, like I assumed, having to open a separate app seems like an extra step, but if they contain more information I guess I can see the reason.
I don't know about the iOS version, but in Firefox for Android a QR code reader can be accessed by tapping on the URL bar and then on the little box icon to the right.
Interesting... I use Firefox as my primary Android browser for various reasons but I've never seen this. Just checked and still don't see the box icon when I tap the URL bar.
People keep saying that but I keep seeing more and more QR codes on cereal boxes, advertisements, billboards, business cards, menus, instruction manuals, and product packaging.
Another thing to consider in regards to Apple allowing third-party web rendering engines on iOS, aside from somebody needing to take responsibility for the litany of vulnerabilities such a thing would introduce is the sheer size of these things. They’re huge. The Mac version of Firefox is 185MB while Chrome is a whopping 250MB.
Apps start getting annoying to download+install at about the 50MB mark… and are people really going to want ~200MB of their device taken up by something as elementary as a web browser? Don’t forget that a large majority of iOS devices in use today are 16GB models.
> are people really going to want ~200MB of their device taken up by something as elementary as a web browser?
s/elementary/fundamental/?
A browser isn't like most other apps -- it's a window into all the things. And don't the stats say that people spend tons of time in their mobile browsers?
Anyway normally this is the kind of trade-off that people get to weigh for themselves. There's nothing wrong with your deciding that it's not worth the 200mb or whatever, but surely you (and Apple) can't speak for everyone who owns an iOS device.
I can't speak for Chrome, but the Mac version of Firefox is a fat binary: it has both a 32-bit and 64-bit version. The 32-bit one is needed mostly for running some plug-ins that will only run 32-bit. On iOS obviously the whole fat binary thing isn't needed.
It's a WebView with a custom GUI over it, so it's the same as Safari and supports/doesn't support all the same features as Safari. Same as Chrome on iOS.
Of note, Firefox accounts are not secure, because one way to log in using them relies on JavaScript served by Mozilla, which means that one's password (which is used to encrypt the keys encrypting all 'secure' data) is potentially exposed to Mozilla.
I can't recommend using a Firefox account to store any private information, to include passwords and browsing history.
By that logic all cloud synced password managers are insecure. They could, after all, just update the software and steal your password(s).
JavaScript or not, you either trust the browser vendor, or you do not. If you do not then you shouldn't be using them regardless of the technologic stack.
This reasoning just doesn't apply at all to open source software like Firefox.
I think the reason OP points this out is because the old Sync system that Firefox had was much more secure (but unusable by the general public). We know this because we could see how it worked!
> This reasoning just doesn't apply at all to open source software like Firefox.
If you're using the automatic updating functionality (which the majority of people are) then it absolutely applies. Firefox's source code is available, but if you aren't verifying the source upon each update then that fact is largely irrelevant.
The whole point of OSS is to allow YOU to verify the software, and only then to build it when you're comfortable. If you are skipping the verify step and definitely if you're skipping the build step then the fact that it is OSS adds little to nothing security wise (since the vendor can splice in anything they want).
So even with OSS you often either trust the vendor or you do not.
> I think the reason OP points this out is because the old Sync system that Firefox had was much more secure (but unusable by the general public). We know this because we could see how it worked!
I suspect we're having this discussion simply because people don't equate the automatic updater with JavaScript in their own mind. The reality is that if you trust Mozilla to provide software updates then you can trust them to provide Javascript, after all the software brought down by the updater has far greater system access and can do far greater damage than JS.
I think Mozilla is trustable (not being biased since I worked briefly there).
But to be fair:
> This reasoning just doesn't apply at all to open source software like Firefox.
This is not true. You can't tell what is actually running on the server side, so the protocol must be able to handle the encryption on the client side and server never able to read the plaintext in the first place, and this is actually problematic for many products out there claiming "oh our code is open source so you can trust us."
For the record, note that Firefox itself -- code shipped by Mozilla -- still saw your Sync credentials in Sync 1.1. There's no way for it to not do so!
In theory we could ship a hotfix that steals those, and still could; we wouldn't need to do it via the FxA content JS, which would only get to see them during account creation.
> By that logic all cloud synced password managers are insecure. They could, after all, just update the software and steal your password(s).
That's not really true: I can verify that a piece of software works and does not expose my information, and I can rely on it forever. Someone else can verify it, and if I trust him once (to verify), then I can rely on the software, forever. I can't do that with Mozilla's JavaScript, because they can change it — or be forced to change it — at any time, for one individual or for everyone.
Which is a huge reason not to use those accounts for truly secure stuff. Firefox used to be (reasonably) secure: on my Debian system, I could be (reasonably) certain Mozilla weren't able to steal my passwords. That's no longer the case, and it's a damn shame.
So, you don't trust the JS served by Mozilla but you would trust their browser? That doesn't make much sense. Firefox could be sending all of your personal data straight to Mozilla, we just tend to trust that they don't (and can verify that they don't since the source is available).
> So, you don't trust the JS served by Mozilla but you would trust their browser?
Mozilla's browser is shipped out to everyone; their JavaScript is served to me every time I use it. A compromised browser could be caught; compromised JavaScript sent one time only to a targeted user is highly unlikely to ever be noticed.
I get my browser via a distribution; it's far less likely than Mozilla and Debian would collaborate to expose all of Debian's users' passwords than that Mozilla would target — or be compelled by law, blackmail or violence to target — a single user or handful of users.
I don't think zeveb was saying the browser was insecure, just the "Firefox account" system which may be used to synchronize/store passwords and other IID.
Apparently this is a two year old bug: http://www.theverge.com/2013/10/3/4797968/chrome-for-ios-inc...
Long story short, Google saves all searches in HTML5 local storage and this is shared between regular and incognito windows. Perhaps DuckDuckGo is a configurable Firefox option. (EDIT: yes, it is. Goodbye, Chrome.)