They didn't just screw up once . They've screwed up many times over the years with many projects and attempts that run counter to the core values that Mozilla claims to uphold. Bryan Lunduke articulated this very well: https://www.youtube.com/watch?v=qMALm1VthGY
At this point Mozilla has to prove to us that they are worthy of our usage
I don't really understand this attitude. Mozilla doesn't need to be everything I ever wanted from a browser in order to get my support. It only needs to be better than Google.
Are all these people sticking with Chrome because Mozilla is not holding up to its values really think Google is better at taking care of our freedom?!
Mozilla is fighting an uphill battle, but that doesn't give them a free pass. The Pocket, Cliqz, and Mr. Robot controversies undermine Mozilla's core message. Whether or not they are simply failures of marketing and branding doesn't change the fact that they hurt the company. That being said, a lot of people will never know about these issues so the damage is not catastrophic.
I would also argue that "just being better than X" was shown not to be effective in the last US Presidential election.
Am I the only one looking at this and thinking that the so-called controversies are absurdly tame in comparison with the outcry associated with them?
They're missteps, not trust breakers. Quantum was a massive step in the right direction. The Mr. Robot Easter Egg was non-malicious poor execution. I don't think it's a free pass to just contextualize how small their missteps have been in the grand scheme of things.
I think you are wrong about them not being "trust breakers" and right about them being fairly tame.
The reason the response seems outsized is because of the breach of trust involved, much more so than the technical impacts.
Quantum is great, and I just like a lot of the UX decisions Firefox makes. But a major reason for my support of Mozilla is their stated mission. And regularly making bumbling moves that overtly compromise that stated mission makes you start to question their commitment to it. Is it really their mission, or is it just a thing it is good for them to keep saying? POSIWID and all that.
Of the named examples, you can only somewhat reasonably make the argument that it goes against the mission for Cliqz. The rest did not negatively impact making the internet a global public resource, accessible to all.
I’m afraid that the current environment means outcry is always around the corner. I’m rooting for Mozilla but I’d like it if they could learn to avoid drawing negative attention.
Despite the non-maliciousness of the easter egg, I do think the act of just installing an extension into a browser could be viewed as a trust-breaker. I think the other "controversies" are overblown, but them remotely installing an extension like that doesn't sit right with me.
> Not only are these experiments enabled by default, but updates have been known to re-enable it if you turn it off.
Chrome has some troubling defaults but Google never decided to flip the default search engine or turn on any phone-home feature once it has been turned off. Even though they had/have the power to do so, they know people won't trust Chrome if they ever tried to do that. In my book that's more trustworthy than a vendor that decides to use updates to surreptitiously enable features that users disabled.
While that may be true, defaults matter too. Even as a privacy conscious techie it's possible to forget the X different settings one must change with each new install or device.
And for some dissidents or researchers those defaults could be life or career ending.
Exactly. I ran the beta and when it became the release version, I changed my update channel to "release." It has not reverted any settings I've made.
I also had the Shield stuff turned off (my choice), and it hasn't been reverted, nor did the Mr. Robot extension ever show up. I agree, though, that that was a Bad Idea.
> I don't really understand this attitude. Mozilla doesn't need to be everything I ever wanted from a browser in order to get my support.
Having a Mozilla option is good, but when Mozilla screws up it needs to get a clear indication that it did. I think folks saying "down with Mozilla" do not really mean this 100%; but they do want Mozilla to know that it seriously screwed up in their view. And we should not treat it as a shrinking violet -- it is not a tiny startup; it is a large corporation with funding in hundreds of millions.
> It only needs to be better than Google.
This, IMO, is setting the bar way too low. It should aim to do what the users want and consumer technology easily allows. If there is a big gap between those we should encourage new entrants, not entrench Mozilla as "the" alternative to pick-your-evil. My 2c.
These past episodes show that Mozilla can be tempted by money to go against their core values of user choice and privacy. Only in small ways so far, but trust is easy to lose.
If you don't like Google, you can always use Chromium or Brave. I trust them not to run marketing campaigns inside my browser.
> Google is transparent. I know what they are doing.
You do? Okay, I don't. Please, show me exactly how Google uses data they collect from their users. Every usage. Not just a few. And no "but they say they can use it for whatever they want!" - then we can talk about transparency.
Sure it is - it markets my information to advertisers via its own platform. It is my neighborhood drug dealer, and drug are pretty good - nicely packaged and no one fucks with me when i use its drug delivery service.
Mozilla is pretending to be a health store. But we are starting to see that they are also peddling drugs. Not Google drugs - drugs with security and drugs with delivery system and drugs that we are pretty sure how they work - but some other drugs, from shady producers using shady means.
Can you specify which "shady drugs" are these? Because I'm not seeing it. In this particular case, the addon was written by Mozilla employees, and was completely harmless. I don't think Mozilla did well - and I've said so in the original thread - but calling it shady compared to Google ads? That's laughable. DoubleClick is one of the largest malware distribution platforms in history.
It's a myth that Google literally sells your information to advertisers. It uses your information to show you advertisements which both it and its advertisers hopes are relevant and useful (so you will click on them). If you think about it, that business model essentially requires that the ads not be too annoying, because if they are, people will use ad blockers and the business model dies.
The really annoying ads which auto-play videos, block content, etc., tend to be served by companies who aren't taking the long view --- which is why Chrome is going to be adding adblocking for those ads that are ultra-annyoing early next year.
There's a pretty big difference between "using your information for marketing", and "marketing your information to advertisers". The second implies that your private information is getting divulged for a price, and that's simply not true.
There is less of a difference between those than there seems to be, there are a lot of interesting research papers and experiments regarding methods to create a feedback loop between targeting ads and then identifying those targeted.
If I narrowly target an ad and then I know you saw it, I now know all those things about you.
So, yes, they do not literally sell your information, there is one level of indirection there. And the amount of information that data brokers get their hands on tells me that it is very likely people are exporting this information regularly.
A third party company (funded by venture capital) created something called "Pocket", which allowed you to save any article you were reading to their service. Pocket had an extension that you could choose to download & enable on your Firefox browser.
For apparently no reason at all, in June 2015, Mozilla integrated the proprietary Pocket into their open source browser, not just as an optional extension but as part of the default installation. The only way to disable Pocket was to go into "about:config", as the option was not available in the "Extensions" toolbar. (Later, Mozilla Corporation purchased the company Pocket, though at the time Pocket was introduced as an inextricable part of Firefox, Pocket was a separate company.)
The Mr. Robot addon had some similarities with the Pocket fiasco:
1. it was pushed to users without their knowledge or consent
2. it was integration of a plugin for a private company into an open-source project
3. it was a decision by marketing, and not development
I am not quite sure how or when we can begin to trust Mozilla Firefox, and what they would need to do to regain that trust.
> The only way to disable Pocket was to go into "about:config", as the option was not available in the "Extensions" toolbar.
This isn't exactly correct. The Pocket integration did absolutely nothing at all until and unless you tried to use it. So by "disabling" it from about:config all you did was to remove the icon.
I think you misunderstood me. The Pocket integration in Firefox does literally nothing (not even a single network request) if you don't actively try to use it. So by "remove Pocket" or "disable Pocket" all you really mean is "hide the icon" because there really is no difference.
I get it, but the code is still there. What if Apache httpd came with a commercial module that was disabled by default but bundled with the base package? It’s not THAT bad compared to what some software companies do, but...why do it at all? Is Mozilla getting paid, similar to using !Google as the default search engine? If so, it’s more understandable. If not, what is the justification for not just making it a regular add-on?
Yes, the latest mobile Firefox does make network requests. When Firefox updated, I got a "recommended by Pocket" section full of ads and click bait. I do not want that.
And it's on about:blank just like when Chrome started capping up the blank page. I had to install a script to load an actual blank HTML page because about:blank isn't blank.
I turned on transparent proxying for HTTP and HTTPS the other day to see what requests FF was up to for its highlights on the supposedly blank page etc.
It's very chatty, annoyingly. Captive portal check on all requests that has to be disabled in about:config and a laundry list more. That config is scarily full of remote and telemetry based URLs also, but at least they are co figurable I guess.
An open source browser that just does what you want and no more seems like a dying hope.
they solved the privacy concern in a very awkward manner (via acquisition) but not the user choice concern. it is impossible to believe that pocket is so integrated into the codebase that it cannot live as a removable addon. it was an addonafter all. fwiw, firefox sync should also be a removable addon.
i am fine with mozilla installing these as removable addons at major version upgrades. i am not fine with silently side-loading and permanent non-removable integration. i need my tools to be secure, reliable and predictable.
I actually like the pocket integration: these days more than. >50% of what I read, I read though pocket. Anything interesting is saved to pocket and read there. Pocket really makes the Internet a lot more readable, and I applaud Mozilla for recognising that, and making that as easy as possible.
Regarding the I robot thing, I must be living under a rock, had not heard of it before today. Storm in a glass of water.
Mozilla is in great parts its community, and so far, it has done a great job in keeping it in tow when it appeared to derail. The Mr. Robot thing has been retracted (although it was also largely portrayed as a privacy issue, which it wasn't), Pocket has been acquired, and the rest were mainly diversions that many people deem unnecessary but that aren't necessarily a threat to Mozilla's mission other than potentially distracting them.
So I think the project is relatively healthy, and in any case, still miles and miles ahead in terms of worthiness than every other major browser out there.
If Mozilla was serious about repairing trust, they would make user studies opt-in instead of opt-out. As it stands now, they are performing experiments on users by default.
When people say the Mr. Robot thing was a violation of privacy, I believe this is ultimately where they are coming from.
If your first line is also about the Mr. Robot thing: it was opt-in. Yes, the code was there, and it was listed as an extension (which reasonably caused people to think they caught a virus or something), but no code was actually being executed. You had to explicitly enable that yourself in about:config. (And because that is often not mentioned, it's portrayed as a privacy issue, which is a shame because it's inaccurate and damages trust more than it should.)
I do agree. FWIW, most software companies do A/B test on their users these days. Most people probably don’t notice, and that’s a bit the point; you don’t want test cells to be distracting, you want them to be valid measures.
Pocket and Looking Glass should have been regular add-ons available for people who want them (I’m an avid Pocket user and have had a paid sub with them in the past). Even with the Yahoo search deal, it would have been nice to have the first start go through a wizard that lets you choose Yahoo (as a default option), Google, Bing, or whatever else...though I guess they likely wouldn’t have been able to score as much funding from that arrangement (but that’s just an assumption).
I’m very happy that Mozilla exists and have some friends who have worked there, but I can’t say that 100% of their decisions value users and privacy above all else.
I'm not familiar with Bryan Lunduke but that video was supposed to pass as any form of reporting then it was absolutely cringe-worthy. Lots of inflated controversy and hyperbolic statements.
Its ironic seeing a company making questionable decisions being reported by someone getting paid for questionable reporting.
Mozilla has a very unique problem. It's most ardent and loyal users are technically savvy. They expect a high quality, privacy-respecting, ad-free product.
But, here's the catch, they will not pay for it. How does Mozilla survive?
Google finances Chrome through its Search/Ad business. Safari and IE costs are bundled in the cost of the devices/OS they are on.
How should Mozilla survive? Should they go the shareware route and have a paid copy for 20$ ?
As an outsider it makes me feel like Mozilla has a few people at the top capable of bypassing core company values, QA, QC, and lower management, to force whatever releases or products they want. And that these individuals routinely use this power to the detriment of Mozilla and the Internet at large.
That video ("Mozilla is Not Trustworthy") is remarkably inarticulate and inchoate all in pursuit of something we don't need to do in the first place -- trust Mozilla. And Mozilla certainly doesn't owe us.
Software freedom (the freedom to run, inspect, share, and modify published computer software) means we don't need to trust Mozilla's free software because we have permission to inspect the code to see what the software does, change the code if we don't like what the software does, distribute the improved software (or a verbatim copy at our choice) even commercially, and run the software anytime we wish for any reason. These principles place us in control of our computers to the extent we're willing and able to put in the work. We can even hire other people to do this work if we don't do the work ourselves.
Lunduke complained about incorporation and non-profit status but never articulated an argument explaining how these things are a problem. Around 7m53s he said this "doesn't make them [Mozilla] untrustworthy" leaving me wondering why this was brought up in the first place. He consistently mispronounced the word "Mozilla" as "Motzilla" (there's no "t" in their name), and directly contradicted his own thesis (around 6m30s) in neighboring sentences: "This is not an opinion on my part. I guess that my opinion is that they're not trustworthy based on these facts...". He did that again in his own ignorance of the terms "foundation" and "corporation" around 7m where he seemed to have a problem with the difference between what he read into the terms he didn't define versus what he described to be the case (thus vaguely complaining that Mozilla made money and published free software for hire). I think it comes down to not having a good argument to raise in the first place but feeling a need to say something about a situation he found irksome. But I think his disorganized view built on a non-issue is typical of the published reaction to this situation.
This entire kerfuffle comes off to me as manufacturing a controversy out of very little. The main beneficiaries of this indignance are the software proprietors -- organizations that make nonfree browsers you can't trust because you never really know what they're doing when those programs run.
It's telling that vanishingly little of the commentary on this situation brings people to understand what software freedom is or how its practical consequences read directly on this situation by explaining how the other programs to do the same job (mostly nonfree user-subjugating programs) are not alternatives at all because they don't respect a user's software freedom. It's not clear how this issue with Looking Glass (the Firefox add-on in question) rises to something more serious than a bungled PR effort and poor communication from Mozilla. Source code analysis shows that Looking Glass did nothing unless activated and that add-on was off by default; hardly something to get so worked up over and largely a purposefully-missed opportunity to teach people about software freedom.
There's no reason to limit this examination to web browsers. Justifying use of any nonfree browser in light of security problems hinges on trusting the proprietor (which you should never do) precisely because those programs are nonfree. Users don't have other information on which to make an informed decision and the information they have is inadequate to make an informed decision. These browsers are also published by known NSA partners. There's no good reason to defend switching to any nonfree program to do any job, particularly if you're going to have a discussion centered on privacy and security.
I see the lacking discussion on this topic as a consequence of pushing for "open source" instead of insisting on software freedom. Open source development methodology was founded to separate the ethics-based principles on which the free software movement is based (the free software movement is a social movement) from the practical outcome of software freedom -- lots of useful software -- while talking chiefly to businesses about the gratis programming labor those businesses can use. This approach purposefully skips past an ethical understanding of how to treat people with regard to computers. This approach requires talking at length about this situation without drawing users' attention to what software freedom is or how it matters. But there's no substance in that approach so proponents raise ill-formed non-issues (with a heavy dose of entitlement ("Mozilla has to prove to us that they are worthy of our usage") to make it seem like Mozilla has become a persistent problem instead of seeing a long-time free software publisher make a relatively minor communication mistake that posed no threat to Firefox users. Quite the contrary is the case: we can and should continue to run and build new programs on Mozilla's free software just as we do with any other free software. Thanking them for their work and not taking an entitled attitude is also right and proper.
At this point Mozilla has to prove to us that they are worthy of our usage