While I’ve always kept Waterfox privacy friendly (and it will remain so) I’ve never tried to have it as a privacy product specifically (that was cherry picked by the author), as I’ve explained in the blog. It’s not something I’ve wanted to go down, so all the outrage towards me for that has been, at least towards me, a little unfair.
Also, this post has led to a lot of (what feels like) harassment from disgruntled privacy users, even though nothing has changed.
System1 are pivoting to focus on more privacy-focused ventures, something I’m sure a lot of HN readers are familiar with.
At the end of the day, they were the right fit and aren’t going to change Waterfox in any of its privacy aspects, and I can finally grow out Waterfox to hopefully be more than it currently is.
What should be IMO a joyful occasion for myself and Waterfox users has ended up into a collection of conspiracy theories and rather unkind words.
Regardless, I hope everyone has a good weekend and am more than happy to try and answer questions :-)
I’m not going to diss you or downvote you here, but this statement (quoted below) reminded me of what the WhatsApp blog said when it was acquired by Facebook. There is no way you can guarantee, even for a few months, that System1 won’t change Waterfox in any of its privacy aspects. Anything can happen after acquisitions. So people who are wary have prior experience and history to rely on and fuel their skepticism.
> At the end of the day, they were the right fit and aren’t going to change Waterfox in any of its privacy aspects, and I can finally grow out Waterfox to hopefully be more than it currently is.
> e is no way you can guarantee, even for a few months, that System1 won’t change Waterfox in any of its privacy aspects.
But if they did, they would legally have to notify the users of those changes (GDPR etc) and would lose all the users, rendering it pointless to have bought Waterfox. Not sure why they would shoot themselves in the foot like that.
This argument is hard to understand, given that this hasn't happened when companies did this in the past. At the end of the day, you can break your word as much as you like as long as there's a year or so between making the promise and breaking it.
I'm not sure I understand the criticism to my previous comment. If System1 would change any privacy aspects (which they won't) and I assume people are going to assume for worst case scenario - users would need to be notified. Then, System1 would lose all trust and no-one would use Waterfox.
> At the end of the day, you can break your word as much as you like as long as there's a year or so between making the promise and breaking it.
But nothing has happened and people are just pointing fingers. Seems rather unreasonable. People had the same criticisms in 2014 when I received investment into Waterfox. The same sort actually and 6 years later...nothing had changed.
What I was saying is that this isn't a factor and that means we don't have any guarantee of good conduct. Because of that, we shouldn't trust that it will happen.
To be clear: I don't actually care all that much - I never expect a browser to be privacy-focused and I respect your right to want money to do the things you enjoy.
I hate to be the one to break this to you, but every company that has ever bought another company always started the sales-pitch with: “we don’t want to change anything. We just want to give you the resources to grow...” — blah blah blah. And they are always lying. It’s like a test to find who’s gullible enough to believe it.
Since your deal is already done, there’s not much you can do, other than to watch out for things they will inevitably try to push on you.
For those for whom an understanding could be reached, no explanation is needed. For those with whom an understanding would not be able to be reached, no explanation will suffice.
There seem to be some that feel that because they use software that is Open Source, it is "theirs". There's no way to help somebody get over the loss of ownership of something they didn't actually posses.
I knew nothing about Waterfox or System1 before reading this submission. So I should not be too biased.
When I browse waterfox's website I see that it is built by an independent developer and that the two first selling points are "No Telemetry" and "Limited Data Collection".
System1 on the otherhand is an advertisement company whose name, I'm guessing, refers to Daniel Kahneman's two subsystems of the brain. The system 1 being the intuitive brain, which according to Kahneman is easy to fool.
Further reading about System1 confirms that they are not very much inclined to preserve people's privacy: E.g.: "Generally we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending you direct marketing communications."
So whatever the reason Waterfox was sold, I think it's understandable that users are disappointed. (Obviously harassing the author is not ok.) I think updating Waterfox's is the proper way to fix users' frustration.
Waterfox is not a mainstream browser, therefore its fair to assume its users come to it in search of something that don't get in the major players.
I'm assuming again, but I don't think is much of a leap, that those needs are privacy related and having control over the software you use. Not having a faceless company behind the software, like Google for Chrome, Microsoft with Edge or even Mozilla with Firefox is a draw for users.
Now having said that reading that its been bought by a company, and one that does business in advertising no less can be quite jarring.
Its like you shopping only in a mom and pop grocery for years that's out of the way and more expensive, but you do it to help local economy. Then one day you get there and and while you load up your cart the owners tells you they work under Walmart now. The very thing you tried to avoid.
Of course such decision is in the waterfox dev, and he has the right to do as he pleases but is understandable that some people might have problem with the sale.
> Those needs are privacy related and having control over the software you use.
That’s fair enough, but I’ve tried to stay away from branding Waterfox as such to try and avoid issues like this. Nothing has even happened to Waterfox, but I understand that people are to be critical, I think it’s fair enough.
> Then one day you get there and and while you load up your cart the owners tells you they work under Walmart now.
I don’t think it’s quite the same though. As much as I’ve done Waterfox for the users, I’ve also done it for myself and how I’d want and expect a web browser to be. That’s not going to change either, but like I said it’s fair for people to be critical of that
People aren't entitled to the continued work of waterfox devs but they are none the less entitled to honestly and respect and when they discover from third parties that a browser that was sold to them on the basis of privacy is now the property of an ad company it smacks of disrespect and dishonesty. They may not have PAID the developers any money by virtue of them not asking for any but they invested their trust by installing their software.
If you don't want people to rely on you, or get frustrated when they feel poorly done by it would be best not to put up ad copy on your own site suggesting that they do so.
Basically you have misidentified reasonable expectations as entitlement. I suggest you reassess.
> browser that was sold to them on the basis of privacy is now the property of an ad company it smacks of disrespect and dishonesty.
I’m sorry but Waterfox has never been touted by a privacy tool in the same vein as something like Tor, as I’ve mentioned in the blog. The expectations were too high for something like that.
Also, from what I know the largest rev streams are search syndication. I think if it was labelled <search syndicator> buys <one of its clients> it wouldn’t have been so negatively received.
> it would be best not to put up ad copy on your own site suggesting that they do so.
The first 2 of your 6 top points are no telemetry and limited data collection. How is that not soliciting users to install based on increased privacy?
* On moral obligations
If you solicit people to use your foo for no money and they come to rely on your foo and then withdraw or change the nature of your foo abruptly you may leave people worse off either perceptively or in actuality than if you never existed.
You are managing to create moral obligations for yourself without actually deriving any benefit. It's common to misjudge the nature of that obligation. Your users may imagine that they are "owed" a timely fix to their free software for example but its as false to imagine no obligation exists at all. You have an obligation not to leave people worse off than you found them or at least make a good faith effort in that regard.
People herein are imagining the extremely likely eventuality that their personal information will be sold and that since you didn't bother to inform them of a situation that would arouse this concern they imagine that you didn't tell them BECAUSE you had something to hide.
They have a piece of software on their machine which they believe could violate their privacy ergo they are worse off than they started. Furthermore they believe that the only reason they aren't MUCH worse off than when they started is because someone spilled the beans on reddit.
It's selling out because it was a nonprofit project, and now the Man owns it, and will try to monetize it. This is textbook selling out.
At some point, MrAlex94 will be made to compromise his principles. It might not be a big deal, it might even be good for users. But buying a product means that the company payed for control -- that's what property is. If System1 were fine with him developing it without their control, they would have just given him some money and said hey, do your own thing. But when you sell out, you give up control to The Man in exchange for that sweet, sweet cash. And, to be fair, cash has a lot of utility.
It honestly shocks me that more private no strings attached funding has not grown out of the trillions of dollar tech money made over the past couple of decades. If I had a billion I would throw money at the umatrix guy and ask nicely for a umatrix/origin browser. Make everyones life a little simpler.
Giving up control isn't easy, particularly when it's your money that's invested. That said, successful investors such as Y-Combinator do invest in people rather than a particular idea.
I imagine VCs want to own the rights so they can pull the plug if something unexpected happens, like a founder has a major life event or something. Whether or not they limit themselves to only pulling strings in the most dire circumstances is another question.
> At some point, MrAlex94 will be made to compromise his principles.
Except that at the point at which System1 crosses the line, MrAlex94 can fork the code (since it's all FOSS), create "Earthfox" (or whatever) and start again.
> But when you sell out, you give up control to The Man in exchange for that sweet, sweet cash.
I have no skin of the game (other than not wanting free software developers who stray even slightly from the perfect ideal, to be stigmatised), but this sounds rather condescending given that:
1. (to the extent that I know) MrAlex94 has spent most of his working life on an open source project, with little financial remuneration,
2. he's (most probably) not personally getting some vast amount of cash from the transaction, just his project receiving enough support to be able to employ one (?) extra person and get "fancy" features like CI builds.
If he had spent the time working on a closed source project at a company he would have almost certainly been far better off financially and he wouldn't have had to put up with such targeted attacks.
I think that there's very much space for criticising the trade-offs of the decision, but IMO your phrasing was excessively harsh.
> Except that at the point at which System1 crosses the line, MrAlex94 can fork the code (since it's all FOSS), create "Earthfox" (or whatever) and start again.
Unless of course theres a noncompete in the sale contract, a common thing when companies acquire startups.
> Except that at the point at which System1 crosses the line, MrAlex94 can fork the code (since it's all FOSS), create "Earthfox" (or whatever) and start again.
You know that's not the whole picture. Most users don't follow MrAlex94 and wouldn't know about the fork, and they won't bother changing. He didn't sell a product, he sold a userbase and a brand.
> It's selling out because it was a nonprofit project, and now the Man owns it, and will try to monetize it. This is textbook selling out.
I don't know if anyone is reading these comments anymore, but I'd like to point out that Waterfox has never been non-profit and even received investment (and similar criticism, which turned out to be unwarranted) in 2014.
> At some point, MrAlex94 will be made to compromise his principles.
People said the same in 2014, and 6 years on I never did. I'd hope that warrants some level of trust.
> At some point, MrAlex94 will be made to compromise his principles.
Did he, though? Reading his post here, it sounds like he never cared much about user privacy and thinks users were mistaken to assume that is the goal of this browser.
If you take that at face value, combined with what I would suggest is wording on the site that at least implies a focus on privacy, I'm not sure there's anything to compromise. As far as we know, he doesn't actually value privacy, selling to an ad company was always his objective, and his principles are directly aligned with theirs.
> Did he, though? Reading his post here, it sounds like he never cared much about user privacy and thinks users were mistaken to assume that is the goal of this browser.
I think that’s a bit harsh. I’ve always been privacy conscious and will remain so, especially with Waterfox.
Saying "sell out" is editorializing. You can't say what will happen in the future. Plenty of for-profit companies provide services people want while keeping founders happy. You only hear about the bad ones.
It's okay for you to trust people when you don't actively hear about them being bad, just as it is okay for other people to take what they see elsewhere and think it informs the behaviour of cases they see as related.
The correct line of action IMO would have be to tell straight the situation (urgent funding needed), then attempt to crowfund the development, and only then in case of failure sell to someone else. That way nobody could have complained.
> The correct line of action IMO would have be to tell straight the situation (urgent funding needed), then attempt to crowfund the development, and only then in case of failure sell to someone else. That way nobody could have complained.
I’ve posted about it throughout the years (linked to one such in the blog) and even had donations set up and asked with every update post for people to help by either donating or to use the default search.
AdTech companies and data brokers often buy privacy-focused products from single developers / small teams and turn them into data collection devices.
I was part of a team that uncovered such a large-scale data collection schema by a data broker company in 2016. They bought popular privacy-focused browser extensions like "Web of Trust" and turned them into spyware, sending every URL users opened in their browsers to their backend. They then slapped some token "anonymization" on the data and sold it to whomever was willing to pay. They even provided a sample consisting of more than two months of browsing data from three million people in Germany to a team of journalists posing as a startup as a freebie. The data contained tons of highly intimate and sensitive information and users where trivial to re-identify in many cases, e.g. via URLs that contained usernames, e-mail addresses or access tokens.
Chrome and Firefox briefly banned the extension from their app stores, but a few weeks after the incident it was suddenly back, happily exfiltrating data from unsuspecting users again.
I then realized that browser vendors often have perverse incentives when it comes to privacy and really don't care so much about it. Even companies like Mozilla allow plenty of shady extensions to exfiltrate really sensitive user data, because those extensions increase the popularity of the browser.
BTW these companies often lie to the original developers / teams that they acquire. "Web of Trust" for example was originally written by a team of students that really cared about user privacy and trust. So I wouldn't give too much about the promises of such companies, their business is selling data and collecting as much data as possible is one of their primary objectives, privacy always takes a backseat.
That is too bad, everyone has their price though so not unexpected.
When Startpage got bought I noticed they immediately changed to doing all the scummy things that click jackers do (tracking, fingerprinting, affilitizing, Etc.)
> That is too bad, everyone has their price though so not unexpected.
I think that’s a little unfair, makes it sounds as if there is malicious intent. I was just thinking of a way I could grow Waterfox with a company that would understand what Waterfox needs. VC for example would’ve definitely been the wrong fit, as they’d want an exit strategy and want it fast.
Okay, I can see that interpretation and I apologize. I was going for a 'next stage of things' which for businesses of this form (single product / modest revenue / digital assets) have a small number of exit routes for the developer.
#1) (and most common in my experience) Is to sell the business to a larger aggregator which allows the acquirer to grow the surface area of what they do (in this case sell ads, but it could be anything like service dentist offices or market business services). This pays the founder some money and let's them move on to different things.
#2) The founder/key contributor takes on a senior role at a larger company and their product becomes either an open source project or briefly a product of the larger company.
#3) The founder moves on to something else and product support goes away, updates don't happen and eventually operating systems have moved on and the product just doesn't work any more.
In all cases the 'intent' is that the founder needs to grow or do something different or their needs have changes (like having a family) and so their priorities shift. Life goes on and things evolve.
And I think you're unable to see or you're plainly ignoring the issue from concerned users perspective - what's more, you managed to insult them here saying there's some conspiracy theory just because users don't like what happened to the browser.
Whatever your plans were from day zero or what had to be done, this is not how you should handle this.
If one man software products can't be sold for money in such a fashion as to reasonably support the dev then it is inevitable that most of them will either be sold or become abandonware. That too, a browser being such a critically important piece of modern software and such a complex undertaking for a single (or few) devs, it is imperative that the user community undertakes to return the favour in terms of money so that such 'deals' are not necessitated. Now while today it is Waterfox we can expect most of the other smaller players to eventually fold too... even folks like Vivaldi/Brave may not be sustainable in the long term. For that matter even Mozilla has a revenue problem that has long been bandaged over by deals with ad companies. It's just that the sharp end of economic reality hits the lone dev much sooner.
Microsoft and Google giving away their browsers for free will essentially undercut every other player out there including Mozilla. And only the users will emerge the poorer for such unhealthy consolidation.
On reddit the developer has stated multiple times that this is a search partnership and not a buyout. The blog indicates that it is a buyout and so does the change in company director. That makes me confused as to what is happening here.
I would go so far as to say that I would never have installed waterfox in the first place as it provides dubious value insofar as privacy and none as far as technical quality.
Probably just bad phrasing on my part. Also, Waterfox is OSS? There are definitely some security patches that have been released that I’d recommend you have; so for your sake at least use an up-to-date browser.
That's probably why during the last 2 weeks Waterfox pestered me every day asking to upgrade it. I didn't know about the acquisition and tried to upgrade, but luckily in hindsight the upgrade failed because it required a new glibc version that isn't even in Debian unstable. I'll probably go back to FF ESR.
Sad news indeeed; I loved Waterfox:(
Also, If he would have asked for help, I'd have happily donated some quid.
Sorry if I was phrasing incorrectly. System1 are a search syndicator and that’s how they’ll be pushing forward with it. A lot of people seem to have extrapolated more than what’s actually happened.
Is there any desire to help pay for software with zero commercial elements? Especially software as complex as a web browser, where it will take a lot more effort and time than other, smaller open source programs.
Not based on Firefox but there's a very customizable browser called Luakit[1], which is afaict built from scratch on top of Webkit+GTK. I haven't had time to try it out yet but it might be worth a look?
I’ve been doing Waterfox for near a decade, I don’t think that’s true.
There were a few, but they ultimately got shut down. I think a few times due to legal issues. If anyone is planning to do something, please be careful of what name you use.
> There were a few, but they ultimately got shut down
One of them was called LibreWolf, so I doubt it was due to trademark issues. Also, the developer of LibreFox didn't explain why development was halted.
Because they both have commercial elements, where the post was asking if there were any alternatives without?
Also, a Pale Moon has start.me (https://start.me/privacy) by default, with this for its privacy policy:
"Among the types of Personal Data that start.me collects, by itself or through third parties, there are: Cookies; Usage Data; first name; last name; email address; phone number."
Rather more egregious than anything Waterfox does.
Nobody likes when a browser is bought using advertising money, just as nobody likes when other people imply they should do work "for the exposure" (or fame, which is really the same thing).
Not saying you have to. People contribute to open source at their own expense all the time. If literally nobody is willing to do it, then may it not exist.
Consider running the applet under `appletviewer`, if possible. Development of the Java NPAPI plugin has essentially ceased (as every major browser has dropped support for NPAPI!), so security and stability updates for the plugin will be limited.
I'd like to go on a slight tangent and notice that Startpage has been dropping 1/3 of my queries the past week, with a message saying that their systems are overtaxed.
I don't have much confidence in it. In my experience technical problems often preclude more serious ones. I realise that I'm in the realm of reading tea leaves, but this heuristic has saved me more than once.
As long as it stays fully open source then I guess it can be forked if it goes bad.
I rarely use it myself but it would be a shame for it to get turned into crap.
The Amiga build of Firefox did exactly that. All the platform specific stuff was in separate files (supposedly) so as to not trigger the per-file disclosure rules.
Now, "modern" Amiga is a horrible dumpster fire of a software development and community. It's a worked example of that saying about how people fight most fiercely over the smallest stakes, with no more than a few thousand users fighting over which of half a dozen ways forward "must" succeed and a long history of scams, etcetera.
System1 describe Waterfox as privacy-friendly, and so on. A few highlights:
>> … our promise to him was that we could provide much-needed resources to further build upon and market Waterfox to a broader audience, while maintaining the aspects that Waterfox is known for. We will honor that promise to him and the Waterfox community, …
– and:
>> … Alex will continue to drive product strategy, only now he has resources to hire a team and build an even better product. By leveraging the System1 engineering resources, Alex will be able to roll out more features, more quickly, while maintaining the Waterfox commitment to its users. …
Waterfox dev here. I’d appreciate if people read the blog announcement here as well:
https://www.waterfox.net/blog/waterfox-has-joined-system1
While I’ve always kept Waterfox privacy friendly (and it will remain so) I’ve never tried to have it as a privacy product specifically (that was cherry picked by the author), as I’ve explained in the blog. It’s not something I’ve wanted to go down, so all the outrage towards me for that has been, at least towards me, a little unfair.
Also, this post has led to a lot of (what feels like) harassment from disgruntled privacy users, even though nothing has changed.
System1 are pivoting to focus on more privacy-focused ventures, something I’m sure a lot of HN readers are familiar with.
At the end of the day, they were the right fit and aren’t going to change Waterfox in any of its privacy aspects, and I can finally grow out Waterfox to hopefully be more than it currently is.
What should be IMO a joyful occasion for myself and Waterfox users has ended up into a collection of conspiracy theories and rather unkind words.
Regardless, I hope everyone has a good weekend and am more than happy to try and answer questions :-)