Have been using Firefox for a long time, no issues, though long ago when I had little memory, Chrome was using less of it. Firefox also has HTTPS-only mode, encrypted DNS without fallbacks, supports SOCKS and Encrypted Client Hello (although almost no website support it). However, it is better to just buy more memory (unless you are lucky to use Apple products).
Regarding analytics, I believe browsers should take user's side and do not cooperate with marketing companies; even better, they should implement measures to make user tracking and fingerprinting more difficult. There is no need to track user's browsing history; just make a product better than competitors (so that it gets first place in reviews and comparisons) and buy ads from influencers.
It would be great if browsers made fingerprinting more difficult, i.e.: not allowed to read canvas data, not allowed to read GPU name, enumerate audio cards, probe for installed extensions etc. Every new web API should guarantee that it doesn't provide more fingerprinting data or hides the data behind a permission.
Regarding 3rd party cookies: instead of shady lists like RWS browsers should just add a button that allows 3rd party cookies as an exception on a legacy website relying on them (which is probably not very secure). Although, there is a risk that newspaper websites, blog websites and question-answers websites will force users to press the button to see the content.
> Regarding analytics, I believe browsers should take user's side and do not cooperate with marketing companies
Browsers were supposed to act as agents working for the user. User-agents. These days it's getting harder and harder to find a browser that doesn't work for an ad company at the expense of the user.
Chrome's entire reason for existing is data collection. Firefox can, for now at least, be hardened to work for the user (and prevent a lot of fingerprinting), but Mozilla is an ad-tech company too now. They've made their lack of respect for Firefox users clear by making Firefox spy on users by default so that Mozilla can sell that data to marketers.
The recent events related to FF are not that much of a shift, considering that Google pays $20B per annum to its (technically non-ad tech) partners, then 85% of Mozilla's total revenue comes from its partnership with Google. That ship had sailed long time ago.
Firefox really has been going downhill for a long time. Forcing Pocket into the browser, the ad infested new tab page, telemetry, making user accounts a thing, force installing TV show promotions, etc.
What they haven't done before is spend a fortune buying up an ad-tech start up. They barely even bother to maintain a pretense that they care about Firefox users. They basically came right out and said "We know that users don't want this, we can't convince them to, so we were right to force it on them by default and just hope most people don't notice and start complaining" (https://cdn.adtidy.org/blog/new/2wffyscreen_mozilla.png?mw=1...)
Fun fact: by subscribing to Pocket, you're directly contributing to Firefox's development.
Mozilla found itself in a situation of damned if they do, damned if they don't. People scream at them for depending on Google, and then they scream at them for trying to diversify their revenue.
Nobody wants to pay for a browser, browsers are essentially incredibly complex nowadays, and I have yet to hear how in the world are browsers supposed to get funding.
And of course they want to cater to advertisers because it is advertising that maintains the open web, and it is advertising that is paying for all browser development, actually, including Safari. And the open web is also dying, because people have been moving to mobile apps, where all pretence that "the user agent must act on your behalf" is gone. In other words, even if you get what you wish for, in a couple of years it may not matter at all.
> And of course they want to cater to advertisers because it is advertising that maintains the open web
As someone who worked both on advertiser and publisher sides (incl. content monetisation): advertisers like to say that they support publishers and the open web, but in fact, they are keeping it hostage.
We've had the means/tech to support publishers directly for years (I don't mean crypto). It's in the interest of companies like Google to keep users (and publishers, and brands) in the dark. And one of the issues here is that they have so much impact on the discourse. There are only few places, where I saw more people using ad blockers than the adtech businesses I worked with or at.
> Nobody wants to pay for a browser
True, but I don't think people would have an issue with paying for browsers if they understood the value of it. At this stage, I think the only solution would involve:
> As someone who worked both on advertiser and publisher sides (incl. content monetisation): advertisers like to say that they support publishers and the open web, but in fact, they are keeping it hostage.
I know what you're saying, I agree, as I worked (in the past) on advertising platforms as well, but both of those statements can be true at the same time.
The open web was built on advertising, but the perverse incentives in advertising are also poisoning the open web.
I don't think we've ever had a good solution. People like free stuff, and also, micro-transactions are not possible given the huge banking fees. What we're seeing, the alternative, are subscription-based services behind closed hardens, and mobile apps whose ads can no longer be blocked, so here we are.
I also think that Google isn't the greater evil, because Google has an incentive to keep the web going. For instance, what happens with local newspapers, when they die, besides depriving ad networks of revenue, is that the audience of these newspapers moves to walled gardens like Facebook. The failure of advertising on the web right now results in more centralisation.
The problem with micropayments goes beyond the finances.
It's a major friction point.
How do you set up the payment relationship the first time? Maybe you can get it down to one click, at best, with stored credentials.
When you consume content, you still have to track expenditures, whether it's a prepaid credit balance draining or an invoice building up. Every pageview becomes a "is this worth 8 cents?" discussion.
A broad cooperative flat-rate programme-- Patreon on steroids-- seems the best way to manage that. The consumer signs up for the entire universe at $20 per month, and then doesn't have to think about what happens if he visits a new site, or opens 500 articles this month and 5 next month. It's all sorted out with analytics at the content-provider level.
> micro-transactions are not possible given the huge banking fees
Cryptocurrencies like Litecoin have low transaction fees (currently less than a cent). Apple somehow manages to sell apps that cost just several bucks.
Also, in Russia, a Fast Payment System allows transfers up to $1000/months without commission, however these terms are available only to personal transfers and not for business. But it shows that low-cost transfers are possible even in traditional banking system.
Litecoin, as a cryptocurrency, is rife with scams and offers no chargeback mechanism and either requires an end-user to run their own wallet software which can be hellaciously easy to screw up or lock oneself out of or get scammed out of by savvy hackers, or host the wallet through some third party who then has to deduct their own pound of flesh to keep the service running be that through additional fees or through the same anti-consumer "you are the product" practices as ad networks.
Apple (literally the single wealthiest company on the planet) "somehow" manages to sell inexpensive licenses to primarily ad- and surveillance-financed agents that infest end-user hardware through a marketplace that probably acts as a loss-leader for them to sell said hardware to begin with.
And "transfers of up to $1k/mo without commission"? (Why is that quoted in USD instead of Rubles?) Venmo, Zelle, Paypal, and countless other services in the US allow you to transfer $1k/mo and more without fees to other people using the same system and with a lot of friction to get money back out of said system. And the fees are still "only free to friends/family" specifically because you only need chargeback protection when paying to a business.
> micro-transactions are not possible given the huge banking fees
I actually worked on several projects like this and we found a few ways of making this work. A simple example would be having a wallet you can top up, so you can pay per article. The fee was _roughly_ 2x the CPM for a post, and the cost for an average user ca. $5 per month IIRC. There's a bunch of companies doing this stuff, but their usual issue was scale/publisher relationships. After a few years of trying and 3 companies later I ended up in a situation where this wasn't a problem. Apologies for being vague here.
> I also think that Google isn't the greater evil, because Google has an incentive to keep the web going
True, but the web Google wants to "keep going" is _very_ unlikely the same as the one that's good for users. Chrome or Android serve as storefronts, hence consent assumed by default (think Manifest V3, FLOC, etc...).
Example: think of the deal they signed with Conde Nast (and earlier Reddit). Nowadays, Google has exclusive access to search results from Reddit.
> For instance, what happens with local newspapers, when they die, besides depriving ad networks of revenue, is that the audience of these newspapers moves to walled gardens like Facebook. The failure of advertising on the web right now results in more centralisation.
I witnessed it in 2010s when working with publishers (EU, UK, and some US-based). It wasn't much different than what happened during the "cookiegeddon" around '17 '18 (IIRC): moving to new platforms, pushing towards subscriptions, bundles, or focussing on premium/high quality content.
The publishers I spoke with (again, as a vendor working in publishing and then, later, in adtech) generally would be more than happy to drop the ads if we had any other way to let people pay for stuff without using dark patterns (e.g. subscriptions people tend to forget about).
The only people who created pushback were not even their advertising partners, it was _their own sales people_, responsible for pushing their inventory via direct sales. It makes perfect sense, from a people/internal politics point of view. I'd be happy to elaborate on that, but it's getting a bit late!
People like free stuff, but they're also happy to pay for stuff if they understand its value. Imagine walking into a coffee shop and asking for a free americano promising that you'll stare at their ads on your phone for 5 minutes. (This idea only makes sense if you're running an adtech / marketing startup.)
Then, we have more interesting examples like The Guardian, where many of the people supporting them did so because they wanted _other_ people to have access to it.
So yeah, I agree that people like free stuff, and that the current situation is messy to say the least, but I think we need to take a step back and reconsider the things/ideas we take for granted.
> Mozilla found itself in a situation of damned if they do, damned if they don't. People scream at them for depending on Google, and then they scream at them for trying to diversify their revenue.
People didn't like Pocket as a product. It wasn't as if they just didn't like it because Firdfox wanted to make money out of it.
Sure they should diversify, but with something that isn't otherwise (so) objectionable. Like their VPN, or sponsorship, or just let go of all the upper management.
> Fun fact: by subscribing to Pocket, you're directly contributing to Firefox's development.
That's not true. It isn't directly supporting anything except surveillance capitalism. Allowing yourself to be exploited in that way may indirectly support Firefox, but it's not the same thing as direct support.
Firefox users have literally begged Mozilla to let them actually directly support Firefox's development in the form of donations explicitly for that purpose alone, but Mozilla has always refused to allow it.
> Mozilla found itself in a situation of damned if they do, damned if they don't. People scream at them for depending on Google, and then they scream at them for trying to diversify their revenue.
People scream at them when they involve themselves in surveillance capitalism so yeah, spending a ton of money that could have gone into firefox development to instead buy an ad company so they can start spying on us while we use the internet isn't helping.
> Nobody wants to pay for a browser, browsers are essentially incredibly complex nowadays, and I have yet to hear how in the world are browsers supposed to get funding.
Are web browsers more "incredibly complex" than linux? I don't understand how people assume that web browsers are impossible to develop without selling users to the marketing industry while somehow linux and countless other open source projects have never once needed to do that.
Mozilla could at the very least try letting users pay for firefox development like users have been asking them to before they jump to selling firefox users out to the ad industry.
> And of course they want to cater to advertisers because it is advertising that maintains the open web
Advertising doesn't maintain the open web, it poisons it.
> And the open web is also dying, because people have been moving to mobile apps,
That's because many people don't own even computers anymore. Even where computers haven't been entirely replaced by devices that are designed for data collection and mindless content consumption, the cell phone is the computer that people have with them at all times. The dire situation around computing in general wouldn't be so bleak if we could get some decent and affordable mobile devices that weren't designed to spy on us, but I guess you might see it as that spying being what maintains the computer industry.
> Firefox really has been going downhill for a long time. Forcing Pocket into the browser, the ad infested new tab page, telemetry, making user accounts a thing, force installing TV show promotions, etc.
It might be just me, but I find Pocket quite useful and interesting. That, and syncing user accounts across browsers. It's extremely convenient to just stash a link that you can later open while browsing the web on your browser or sitting at home with another laptop.
I guess you can try to make an argument about that being better served with extensions, but that would be missing the forest for the trees. Meaning, extensions are intended to provide third-partied with a convenient way to add custom features and behavior. That is just wasted effort if it's Firefox wanting to add a feature.
Also, you don't need to use any of that if you don't want to. No one forces you to. At most, it takes a couple of clicks to hide the toolbar button. Is that what you call "downhill"?
Frankly, this blend of criticism sounds like grasping at straws. Some people sound like all they want to do is complain about something, and proceed to work backwards to try to find something anything to complain about. This stance is particularly baffling when taking into consideration how god-awful Chrome and Edge are.
With GA4, the tracker code is loaded from www.googletagmanager.com (even if the tag isn't loaded via a GTM container).
The measurement requests can be sent to (region1|www).google-analytics.com or analytics.google.com (to share cookies with Google login better).
> The entire point of DoH is to bypass the ability of the users to prevent browsers from providing browsing habits to their owners.
It is the entire point of DoH indeed, while hiding behind the idea that is somehow prevents the state/ISP from knowing which sites you go to (which it really doesn't).
There only one way to get best of both world:
- force your browser to never ever use DoH / DoT: force good old, in the clear, DNS over port 53
- run your own local DNS resolver (I run *unbound*)
- only ever allow DNS port 53 to/from your machine and your local resolver (I run *unbound* on an old Raspberry Pi)
- have your DNS resolver use DoH
This way you get the imaginary protection that your DNS traffic is "encrypted" between you and your ISP: I mean, it is encrypted... But it's an illusion to believe it prevents your ISP / friendly-state-after-your-well-being from knowing which sites you visit.
But you also get full control over which domains can be resolved or not.
As a sidenote unbound supports "wildcards" when blocking domains, which is sweet (as opposed to your typical OS's hosts files, which doesn't support wildcard).
FWIW I've configured unbound to return 0.0.0.0 for the millions (!) of (wildcarded) domains I'm blocking and then I use dnsmasq, locally, to convert any 0.0.0.0 to transform into NXDOMAIN. It's versatile and I like that way.
It's Linux so you set that up once and it works for years.
No, that is not the entire point of DoH. That’s like saying the entire point of TLS is to prevent users from looking at the traffic being sent to a website.
DNS without DoH, DoT, or DoQ, is wide open to anyone snooping traffic in the raw, that’s not necessarily information you want to share with the world.
Which (for people not handing all of their DNS traffic over to google anyway) usually just means that their ISP can see their DNS traffic which is kind of a moot point because your ISP can see the domains you go to even with DoH.
If somebody is on your local network capturing packets or they've cracked your wifi you've got bigger problems than your DNS leaking a list of domains. They'll also see the IP of every server you visit online anyway
The way DoH is implemented usually means that all of your DNS traffic is collected by some third party for-profit corporation like cloudflare anyway (who admittedly will already know most of the domains you visit anyway because of how often cloudflare's IP space is where DNS will point you).
There really aren't any good options for DNS and privacy, just a lot of compromises. Host your own. Or, if your ISP is trustworthy, you might be better off using what they provide. The DNS traffic between you and your ISP's servers should never leave their network.
ISPs seeing the domains of user traffic is not a given. And DoH is a step toward mitigating that.
People were setting their DNS resolver to custom values before DoH.
I agree that DoH would ideally be enabled at the OS level, or that the browser flow would default to still checking host file before sending out the query.
Unless you are using an VPN, your ISP can see the IPs you are communicating with regardless of the hostnames associated with them and in turn resolve those back to hostnames or at least netblock owners.
True, but n the cloud era, destination IPs don't mean what they used to. If peopel wash their blog with AWS or Cloudflare or Netlify, etc., dest. IP means little.
They're not talking about IP's. They're talking about SNI, which communicates the target hostname in the clear before the https session is established. ECH addresses that problem, but that is only recently starting to see wider use.
DoH is pushed by goggle et al to ensure you continue to provide your data to them.
The browser should respect the OS. The OS should respect the network (dhcp/slacc). If you want to override this then that should be an active choice by the user.
I am quite happy with my OS using normal dns (via WireGuard when out) to my dns server which blocks bad domains before they even reach my firewall, I don’t need DoH, although I have no problem with that as a concept.
What I don’t like is my browser taking away my choice and breaking the model. It should defer to the OS (and I can’t see any time I wouldn’t want it to defer to the OS)
The entire point of DoH is to take away control of DNS from the OS vendor to the browser.
There were other encrypted standards(dnscrypt for example) that didn't require you to do that, but the one that bypasses the OS was forced by adtech monopolist in charge.
No, the point of DoH is to take control of DNS from ISPs (and related middlemen) and give it back to site/service owners (so their settings are not overridden for whatever reason) and the end-user (so their habits are not as easy to disrupt or track at the ISP level).
> but the one that bypasses the OS was forced by adtech monopolist in charge.
Assuming by “adtech monopolist in charge” you mean Google, I don't think taking control from OS would benefit them given they effectively have control of more than two thirds of the mobile market share globally¹ so they are shooting themselves in the foot as much as anyone else – so I assume there are practical reasons², or purely technical ones, for DoH being their preferred choice (assuming that are pushing a preference).
And anyway, there is nothing that says applications have to implement DoH instead of letting the OS do that, Chrom{e|ium} and FF have gone that way in part because base OS support wasn't (isn't?) commonly available/enabled.
----
[1] A less than two thirds if you only count the US, as some published figures do, because Apple does rather better there compared to global averages.
[2] isn't dnscrypt's standard still officially a work-in-progress?
If it was implemented at an OS level and respected standard configuration then fine, DoH, DoT, whatever, I’m happy.
However it wasn’t, and it doesn’t defer to the OS or the network. I can’t set a dhcp option on my network to tell my dozens of clients what dns server to use, I have to manually adjust each browser. I additionally get different reaults depending what I use, my browser will contact a different server than any other application.
That’s broken behaviour which benefits AdTech companies like Google.
> I can’t set a dhcp option on my network to tell my dozens of clients what dns server to use, I have to manually adjust each browser.
But at that point, you are effectively the ISP trying to control how users do DNS, in a way that might enable you to track/block/redirect. You might be trustworthy to your users so that is fine, but that isn't the case for every user's relationship with their service providers.
Is there an arrangement that would stop less trusted networks from tracking/redirecting/blocking DNS requests without (accidentally) helping AdTech by making DNS-based blocking harder?
Completely forgot to take to this a week ago (busy times…) but this more recent (that is touching in the same issues of inconvenience for some and whether it should take precedence over safety concerns of others) reminded me: https://news.ycombinator.com/item?id=41471510#41472889
First, you can disable encrypted DNS, second you can set up your own DNS server and setup browser to use it. And your own DNS server will respect DHCP config.
Personally I would like OS to completely ignore DHCP config (like proxy or DNS server address) because those features can be misused for malicious purposes.
A lot of mobile apps use TLS connections when communicating with their backends.
You can MITM the traffic, and continue to deliver the traffic using a self signed certificate that you’ve trusted on your mobile device, and boom, you can capture the traffic at your proxy point and be happy.
A lot of mobile apps use certificate pinning to ensure that the backend certificate matches what the app expects. Now your self signed certificate, even though it’s trusted at the OS level, no longer matches the certificate that the app is expecting, and no data is exchanged after TLS handshake fails.
A lot of mobile apps use TLS with certificate pinning, so even if the user installs a system-wide root CA, the app doesn't accept it and won't let the user look at what data is being sent to the servers.
DoH and similar technologies don't override /etc/hosts. They're just a different way of making DNS queries. The entire point of these technologies is to prevent your ISP and everyone else along the way from knowing which websites you visit.
DoH means that each application does its own DNS queries, instead of using the OS's functionality. Whether that includes reading /etc/hosts is up to the application, and it looks like high profile applications like Chrome and Firefox don't read /etc/hosts.
> The entire point of these technologies is to prevent your ISP and everyone else along the way from knowing which websites you visit.
More correctly, the point is to shift all that from one organization to another. Maybe you trust Google or Mozilla more than you trust your ISP, but I don't think it's the same for everyone.
You could even argue that your ISP can already see which hosts you connect to, so using it's DNS resolvers doesn't add much information for them. Using DoH means that both your ISP and another party can see that.
Excluding leaks, the ISP does not see the hostnames, what it sees are the IPs you're connecting to. 20% of internet traffic goes through Cloudflare, so at least for those, the IPs are meaningless.
Both privacy and security are layered, and perfect is the enemy of good. Securing the DNS is an obvious first step, forcing the Internet to HTTPS by default was another. Google and Mozilla have contributed to better privacy. People that want more privacy, depending on needs, can also use a VPN or for the more extreme cases, something like Tor.
Not sure what you mean about having to trust Google or Mozilla. I'm not using either Google's or Mozilla's DoH servers. But yes, I would trust them more than my local ISP. Google, at least, proved quite competent in handling whatever data they collect.
In TLS 1.3 server certs are encrypted. And while browsers support ECH (Encrypted Client Hello) to encrypt SNI, almost no server supports it. Cloudflare has ECH disabled globally for some "issues" they do not disclose [1].
> DoH means that each application does its own DNS queries, instead of using the OS's functionality.
HUH?! No! You aren't supposed to implement DNS on the application level! Most modern OSes support some form of DNS over TLS at the system level. You should use that.
You’re not but that’s the point. Google realise they don’t control the OS (in many cases) and thus struggle to monetise it.
I don’t have a problem with doing dns lookups over http, or any other protocol you want to use, if I configure my OS resolver to do that.
When people don’t like DoH they tend to mean they have a problem with bypassing the OS.
Theres then the concept of DoH, network admins have a harder job blocking it without MitMing traffic (and in some cases installing new root certificates and thus reducing security for users).
I’m less concerned about that. The argument for DoH often goes to “I don’t trust my network but I do trust Google” but I can see why some don’t trust their network. Personally I’d tunnel all traffic if I were on an untrusted network.
As someone who doesn’t trust Google (as their income comes from selling my personal data against my will) but does trust my network (as I am the network admin) I lean in the “anti DoH” camp, but regardless of which camp, DNS should be configured at the OS level (whether that’s a manual choice to use Google or cloudflare or whatever, or to accept the network hints)
What you mean is that network admins have a harder time controlling people's devices.
I have a DoH server set in my Chromium browser, installed on my corporate laptop, and I love it, because my DNS queries don't leak to my network admin.
The perspective is significantly different when you're both the user and network admin. From your vantage point, you're picking the lesser of two evils.[1] But there's a third option that keeps you in even greater control, yet it's increasingly becoming more onerous to preserve. It's something like a collective action problem.
[1] Or at least you think you are. If your employer is running provisioning and "security" malware, I wouldn't take any bets on what they're logging or not logging.
I think it's the tone of the site that turns people off. I'm sympathetic to the message, and I love a simple website without JS and trackers, but I have to admit that design wise it's a little reminiscent of some of the websites made by schizophrenics.
Whoever that creator is it looks like they've even missed some things too. I didn't see anything about the Mr Robot fiasco, or that one time they pushed a pop up ad at everyone and then, after the backlash, told the firefox users who were upset about it to add a line to about:config that would only disable the one ad they'd already clicked past: browser.vpn_promo.enabled = true
Keeping the door open for using browser.whatever_else_promo.enabled later on I guess.
He's moved the URL here - the site continues to be updated - https://digdeeper.club/articles/mozilla.xhtml
True, no mention of Mr. Robot though I'd say that was minor compared to whatever else they've been pulling off.
Power balance is how relationships always evolve. Browsers are basically politicians at this point and they are easily swayed by the power of the dollar and have varying degrees of requirements to side with the users.
Google, of course, has rammed chrome into it's primary place.
I'm sorry, this seems egregious. I agree that it should've been off by default but I challenge anyone to read how the implementation works (not just the blog post and the FUD responses to it) before calling it a giveaway to the ad industry: https://github.com/mozilla/explainers/tree/main/ppa-experime...
FF is currently a key tool in the fight to avoid a Google-top-to-bottom future, and before we start the meme that it's gone to shit we should be really really sure that's actually true.
It is ridicoulous. Why do browser developers cooperate with ad companies? They were supposed to protect us from them.
It gives no benefits to end users. Ad companies will not stop using old methods, they will just add one more method.
I hope responsible Linux distributions will patch this out and disable by default.
A fair model would be if this feature was opt-in and if Mozilla paid to the users who enabled it.
> The purpose of this API is to provide a privacy-first design for advertising companies to be able to measure how advertising drives conversions. That is, answering the question of whether advertising effectively achieves its goals, such as increased sales.
Not my problem. I don't earn anything from their sales.
It really is disheartening to see so many technically-inclined people berate the one browser that is preventing Apple/Google hegemony. The expectations set upon Mozilla and Firefox are so unrealistic it's laughable.
Firefox is rock solid, open-source, backed by a great organization (which has recently reinvested additional resources in it) and a joy to use imo. Also, the levels of vitriol that even the slightest bit of anonymous telemetry incurs is unhelpful and I encourage people who hold that viewpoint to really interrogate it.
While Firefox is great, they should not sell their userbase to Facebook with such proposals. If ad companies want to know about ad effectiveness, they must pay the users for collecting the data, not collect it for free without asking the user.
Ultimately, the problem is that entire premise is deeply offensive. I do not want my browsing history being monitored, collected, sent to third parties, and sold to marketers in any form period. I do not want a browser using my data in any way to support surveillance capitalism.
The implementation is just FLoC/Topics API all over again and it's still not compelling. The first kick in the teeth comes right at the start where the entire thing is predicated on data gathered from having an ad shoved in your face.
> At impression time, information about an advertisement is saved by the browser in a write-only store. This includes an identifier for the ad and whether this was an ad view or an ad click.
I do not want ads. Ever. Like many (likely most) firefox users, I go to some lengths to prevent them from showing up in any form. Now that firefox is going to be profiting directly off of firefox users seeing and clicking on ads they will certainly degrade our ability to prevent them.
It then involves sending my data to third parties so that it can be aggregated. Then my browsing has to be monitored to identify conversion events. None of this is acceptable.
Here's what their Cookie Monster paper says:
> User perspective. Ann browses various publisher sites that
provide content she is interested in, such as nytimes.com and
facebook.com. Ann does not mind seeing relevant advertising,
understanding that it funds the free content she enjoys.
I am not Ann. I very much mind seeing advertising, relevant or not. I do not understand that if funds "free content" I enjoy. If I need to be exploited to pay for something, that thing it isn't "free" and if it's infested with ads I do not enjoy it. The entire thing is based on a fantasy where users find this acceptable. We don't and it isn't. If we did, we'd probably all just be using chrome.
> FF is currently a key tool in the fight to avoid a Google-top-to-bottom future
Why should we care if Firefox isn't Google if both are just going to exploit us?
You're preaching to the choir, but even preaching needs to be truthful and I don't think calling Mozilla ad-tech or suggesting that it's just as bad as Google is remotely true. This is where "the perfect is the enemy of the good" comes from.
I mean, what do we have now? Google and a bunch of middle-man ad techs are hoovering up everything they can get, including a crap-ton of stuff that browsers can't affect at all, and wink-wink-promising that they anonymize some of it in some cases even though no one can verify that. A world in which the subset of that data that passes through a browser has been provably anonymized would seem to be strictly better, even if you still don't like it.
> You're preaching to the choir, but even preaching needs to be truthful and I don't think calling Mozilla ad-tech or suggesting that it's just as bad as Google is remotely true.
Mozilla is literally an ad-tech company. They bought and now own an actual ad-tech start up, they are partnering with Facebook to develop and implement protocols like DAP, and they are currently working on turning firefox into an ad platform that will deliver reports of people's browsing history to marketers in exchange for money. In what way are they are not an ad-tech company exactly?
I'll admit that they aren't as bad as Google, but they're heading in that direction and they've also only just gotten into the ad-tech game. It took Google a long time to get as evil as they are now.
Rejecting firefox because of Mozilla's new role as an ad-tech company and their insistence on exploiting firefox users isn't the perfect becoming the enemy of the good. Surveillance capitalism isn't good. Maybe standing up for ourselves and our values by saying no to spying from Firefox will cause Mozilla to look to other options. Even if it doesn't, it will keep us from being exploited and tarnished by our participation in their decline.
I've been a firefox user from the very beginning. My first browser of choice was Netscape. I hate that the enshittification of firefox is here, but I won't ignore it any longer. We still have a few alternatives like librewolf that provide the benefits of firefox without the recent corruption, and there's some hope on the horizon with ladybird too. The internet is only in the sorry state it is now because we've conceded too much to advertisers. We need to start holding ourselves and the software/services we use to a higher standard or it's only going to get worse. If Mozilla suddenly wants to be a part of the problem, I'll leave them behind while I look for a new solution.
Until they pulled this recent spying stuff I was a firefox user, but now I'm testing librewolf, zen browser, and brave. I might give Basilisk a try too. I'm also keeping an eye on ladybird but it looks like it isn't really ready yet.
Ultimately on the desktop I'll need something based on firefox because it can be hardened better than anything else I've seen and my work has me regularly dealing with some nasty websites.
I still have to find some options for mobile though.
Well, I wish you luck then. I still don't think PPA represents capitulation to advertisers in any significant sense, but I can understand why a purist would disagree, and certainly the fact that they get so much of their money from Google makes me fear that the extent to which they constitute a real alternative may dwindle or disappear someday.
Safari does a decent job of that, especially with Apple pushing an increasing number of privacy features by default. Of course, that comes with it being as a feature of an expensive hardware ecosystem, rather than an independent product.
> Every new web API should guarantee that it doesn't provide more fingerprinting data or hides the data behind a permission.
FWIW, it's practically impossible to provide that guarantee because the API necessarily provides at least the data point of, "Did they select an option in the permission notification?" ("If yes, what option was selected?" etc.)
It's often said that the only solution to this is regulation and there seems to be a good case for that perspective.
> FWIW, it's practically impossible to provide that guarantee because the API necessarily provides at least the data point of, "Did they select an option in the permission notification?" ("If yes, what option was selected?" etc.)
Wrong. The status of permissions should not be visible to the page in most cases. Instead, fake data should be returned from them. That would be practical.
It's always better to give no data (aside from leaving them with "we couldn't collect that data") than it is to give fake data because that fake data will be used against you just as often as real data would. Don't hand companies extra ammo to use against you, or think that you're safe just because they've written an incorrect assumption about you on the bullet. You're still going to be taking the hit.
This gives me the idea to add features to target specific types of advertisements and pages for clicks and visits. Actively try to use the data in your favor to convince whatever algorithm that you’re a healthy eater with an active lifestyle.
To your point, unfocused fake data can be harmful to the faker but it seems focused fake data can work against the collectors.
It really might in some ways, but it's risky. Nobody is using the data they collect on us to help us. They use it against us to help themselves. You could limit the harm caused by one system, but expose yourself to new harms by another. It's also a safe bet that faced with conflicting data, companies and their algorithms will favor whatever information they think would make them the most money. It's still worth considering though, especially if you can get privileged information on how a specific system is using people's data.
> I've heard that fake data, like from AdNausium, just becomes noise as the advertisers know the patterns to filter them out.
It's actually much worse. That fake data is dangerous because data brokers don't really care how accurate their data is. Even the fake data AdNausium stuffs into your dossier will be used against you eventually, just like the real data will be. If you get turned down for a job, or your health insurance rates go up, or you have to pay more for something than you would have otherwise, you won't even be told that it was because of data someone collected/sold/bought. You sure won't be told if it was fake or real data and you won't be given any opportunity to correct it.
> Insurers contend that they use the information to spot health issues in their clients — and flag them so they get services they need. And companies like LexisNexis say the data shouldn't be used to set prices. But as a research scientist from one company told me: "I can't say it hasn't happened." source: https://www.propublica.org/article/health-insurers-are-vacuu...
See also:
> Is it legal? As explained by William McGeveran, University of Minnesota professor of law, and Craig Konnoth, University of Colorado associate professor of law, it is — largely because federal law hasn’t kept pace with the modern, technological world in which we live.
source: https://www.chicagotribune.com/2018/08/29/help-squad-health-...
Another important takeaway from that second article is that none of your "protected" HIPAA data is prevented from being sold as long as it's "anonymized" which is a total joke since it's often trivial to re-identify anonymized data.
It's about as secure as requiring companies to ROT13 your data before they sell it. It will be used to identify and target you individually.
> which is a total joke since it's often trivial to re-identify anonymized data
HIPAA doesn't say ROT13 or anything else in particular counts as "anonymized". It's an after-the-fact assessment. If your "encrypted" data is accidentally released, and there's any reasonable suspicion inside or outside the company that it's crack-able, then it's a YOU problem and you need to notify a bajillion people by mail and per-state press release plus large fines.
I think you're being overly pessimistic on the strengths of US regulations on this with regard to preventing deliberate malfeasance, and that most of the stupid we see in stories is really just by accident or individual actors.
> HIPAA doesn't say ROT13 or anything else in particular counts as "anonymized".
ROT13 was only an example of a step that makes data look "protected" in some way when it really isn't, just like the ineffective means used to anonymize data makes it look safe to sell that data when it really isn't.
HIPAA does provide a standard and guidelines for what they call the "de-identification of protected health information" (https://www.hhs.gov/hipaa/for-professionals/special-topics/d...) and it includes, for example, a list of specific identifying information that must be removed from the records before they can be sold or otherwise passed around in order to get safe harbor protections. It also includes an option where an "expert" ("There is no specific professional degree or certification program for designating who is an expert") can just say "Trust me bro, it's anonymized".
If somebody was able to buy their re-identified data from a broker and they could prove that was sold by a health provider bound by HIPAA, they would still have to prove that the provider who sold the data had "actual knowledge" that the broker would be able to re-identify the individual, where:
> actual knowledge means clear and direct knowledge that the remaining information could be used, either alone or in combination with other information, to identify an individual who is a subject of the information.
Which all seems like it would be almost impossible to prove unless the provider left obvious identifying information in the data, or if a whistleblower came forward with records of direct communication between the seller and buyer where the buyer was reassured that the data being sold to them would later be able to be re-identified.
Awareness of the fact that we have mountains of research showing that individuals are easy to re-identify from anonymized data doesn't count as "actual knowledge":
> Much has been written about the capabilities of researchers with certain analytic and quantitative capacities to combine information in particular ways to identify health information.32,33,34,35 A covered entity may be aware of studies about methods to identify remaining information or using de-identified information alone or in combination with other information to identify an individual. However, a covered entity’s mere knowledge of these studies and methods, by itself, does not mean it has “actual knowledge”
Which leaves us with healthcare providers who can use methods to "anonymize" data that have been proven to be vulnerable to re-identification, then freely sell that "anonymized" data to third parties with a nudge and a wink.
I'll admit to being pessimistic. We know that the strength of the regulations we have in the US has done little to slow down the buying and selling of our healthcare data.
> That fake data is dangerous because data brokers don't really care how accurate their data is.
This makes me think that people could make bank by doing nothing at all but generating 100% fabricated data to sell to brokers then. Why bother even collecting it, just have some GPT clone hallucinate some gigabytes of formatted BS. xD
They do ask for location data, and it tends to mostly work - sites like openstreetmap will ask for it when you press the right button for example, which makes sense.
There is a risk that it ends up like cookie banners, and the adtech industry manages to brainwash the world into thinking that the government is the bad guy and they just want some harmless data to share with their 1,345 best friends and they are “forced” to show these. Despite there being no requirement at all to track data, and they break the law with it anyway so why bother.
This is a poorly explored avenue. I think a lot of these more advanced APIs ought to be permitted to "installed" PWAs. Maybe it could even look like permissions menu for apps in phone OSes.
I was a bit dismayed when mozillians in the bugtracker dismissed the idea of requiring consent to initialize WebRTC. F'k it, scan the local network.
> FWIW, it's practically impossible to provide that guarantee because the API necessarily provides at least the data point of, "Did they select an option in the permission notification?" ("If yes, what option was selected?" etc.)
If 99% of users will have permission disabled then it has little value, and only those who enabled it can be tracked. I don't give permissions to sites so this will not apply to me.
Also, the status of permission (1 bit) provides less information than API it protects (for example, list of installed fonts or GPU name) so it is a win.
One solution to this is to have the option to feed the application fake but plausible data. Android (or maybe some Android fork I was using) used to have this option for dealing with apps that insist on asking for location permission for no reason.
In light of that acquisition, this also seems related. Firefox is the best choice but Mozilla is the biggest reason why people aren't using it and shit like this doesn't help.
> Regarding analytics, I believe browsers should take user's side and do not cooperate with marketing companies; even better, they should implement measures to make user tracking and fingerprinting more difficult.
Kinda hard to enact when the leading browser is developed by an ad company. Worse, the same company is contributing to the firefox foundation and drives web "standards." Its all collusion and the simple fact that browsers are more complex than the OS they run on is deliberate in ensuring no scrappy team can disrupt them.
My curmudgeonly solution is to avoid as much of the web as possible and focus on human scale computing.
>It would be great if browsers made fingerprinting more difficult, i.e.: not allowed to read canvas data, not allowed to read GPU name, enumerate audio cards, probe for installed extensions etc. Every new web API should guarantee that it doesn't provide more fingerprinting data or hides the data behind a permission.
This should be what browser maker's #1 focus! Preventing fingerprinting of user's browser.
Seems all this cookies talk the news and for policy makers are just limited hangouts.
BTW I don't understand the anti-tracking absolutism. I don't care about being profiled as long as the profile lands me in a group of thousands of people like me. Yes, I live in ${CITY}, identify as ${GEDNER}, am approximately ${AGE_RANGE} years old, run ${BROWSER} under set to ${LOCALE}. This does not allow to easily harm me. If it allows ad networks to target their ads, so be it, uBlock Origin still works well.
That's a reasonable stance to take, certainly. I also think it's reasonable for others to be even more sensitive about it. I'm an anti-tracking absolutist because I am angered by the strong-arming, the deception, and the hacking around defenses against it.
The tracking is a constant assault, and I'm no longer willing to put up any of it, even if the data being tracked is relatively minor. Screw the bastards, they've burned one too many bridges.
How do you feel about ${INCOME}, ${SEXUAL_PREFERENCE}, ${RACE}, ${WEIGHT}, ${RELIGION}? Those categories are at least as broad as the ones you mentioned and are absolutely profiled.
Now substitute the first one for "gay", and you might get a death sentence in several parts of the world. Why does almost nobody on this site thinks about the wider world bedsides their own extremely privileged position?
I would very much prefer for advertisers to not even be able to determine my city, for personal safety. Throwaway account for obvious reasons.
This is very true. Usually the discussion goes about tracking by commercial entities in rich Westernized countries, which, by no coincidence, are the principal market of the ad industry. (Yes, China exists and is a huge market, but commercial tracking is a minor problem here, compared to other forms of surveillance.)
If you belong to such a category that the mere belonging to it is a death sentence, if revealed, the situation is vastly different. You have to act more like a secret agent or a spy. This means constant, pervasive, fastidious opsec. Any death-sentence-invoking activities should be strictly separated from the normal civil life. Only use the normal browser to visit commerce, official news, and government web sites. Everything that is not openly pious and loyal should belong to ephemeral VMs with a fresh browser install every time (preferably several different), VPNs that are indistinguishable from legitimate web traffic, like XRay, truecrypt-protected media with some plausible deniability data, etc. It all takes quite some technical chops, but is not sufficient. Many other small details, related to technology or not, have to be carefully, well, sanitized, and any small slip can out you.
Such undercover life, while possible, is very tiring, takes a lot of extra time and energy, and noticing this also may mark you as suspicious.
Another browser API that may slightly help track you is a minor problem on this background, unless it pierces any of your layers of protection.
Government and commercial surveillance are intrinsically linked and framing them as some dichotomy is essentially just a coping mechanism. It's quite plausible that someone in a category that is openly accepted in the western world ends up traveling to a country where that category has been criminalized, and then ends up in the sights of the authorities based off surveillance records/analysis bought from consumer surveillance companies in the western world.
Fair enough. The difference is mostly how much the government limits commercial surveillance (eg in EU) or integrates / buys it as part of its own surveillance (not only China or Russia, but also many Western countries to a limited extent).
I don't want any of my data be collected without my permission and without a negotiated monetary compensation and expect that the browser is on my side here.
Also the data about you can be used to charge you a higher price. For example, if a company knows that the user is reading HN, and we know that people using HN (expect for me of course) all are mostly filthy rich Californian software engineers or enterpreneurs so they should have no problem with paying a little more.
> Have been using Firefox for a long time, no issues, though long ago when I had little memory, Chrome was using less of it.
I'd say the only area where I still see Chrome leading a bit is for web development: when I run super-heavy JavaScript in dev mode, Chrome is faster than Firefox at executing all the JavaScript nonsense. Seen that there's no ecosystem with more turds, bloatedness and slowness than that horror that JavaScript-the-piece-of-crap is, having a browser a bit quicker at running JavaScript helps.
Long story short: for Web development, I use Chromium (it ships with Debian). For the rest I use Firefox.
> Firefox also has HTTPS-only mode...
In doubt port 80 is blocked by the firewall too.
> encrypted DNS without fallbacks,
And Firefox has a relatively easy "corporate" setting too where you can force also DNS "in the clear" over port 53 UDP (well, it's 99.9999% of the time going to be UDP so you can even firewall port 53 TCP and things shall keep working: believe me I know: theory vs practice and all that)
It's convenient if you run your own DNS resolver (which, itself, can then be forced to only use encrypted DNS).
> supports SOCKS
I confirm: a SOCKS5 proxy over ssh is always sweet.
I observed Firefox sending ECH extension in ClientHello, maybe I just enabled it in the settings, so Firefox supports ECH (on by default since version 119). However, virtually no servers support ECH now. Not Google, not Hackernews, not Cloudflare etc.
This seems to be a not very good comparison, and it looks like it cherry-picks convenient for a certain browser points and ignores others. Look at "fingerprint protection", for example, and see that it does not include features that provide most fingerprinting data:
- preventing reading GPU name via WebGL debugging extension (does Brave block this?)
- preventing reading back canvas data which is used to fingerprint browser and OS code responsible for rendering graphics and text
- enumerating audio devices
And if you read the issues in Brave github [1], then you'll notice that Brave developers refuse to block features providing important fingerprinting information under compatibility" reasons (including GPU vendor and model), although these features could be made blocked only in high security mode.
So regarding fingerprinting, the comparison you refer to is pretty much worthless: it doesn't mention many important fingerprinting APIs.
Fair points. Ill try to educate myself on this more.
FWIW the about section says this:
"Each privacy test examines whether the browser, on default settings, protects against a specific kind of data leak."
The maintainer is a Brave employee and this is a project they were already doing before joining Brave. I'm hoping that they aren't manipulating it in favor of Brave.
I sent those three options as a feature request. Do you think the site is still useful in some capacity?
As for fingerprinting, there are more APIs that leak data allowing fingerprinting, what I mentioned were the most known APIs. Also, I looked at Brave Github and they seem to have counter-measures for some of those APIs to randomize results. So adding more tests could also be benefitial to Brave.
> Do you think the site is still useful in some capacity?
Well, it is better than nothing although it would be better if there were more tests regarding fingerprinting.
As far as I can tell from some quick searching around, that limit only applies to cookies set through JavaScript code, as opposed to through server headers.
I assume it's because of situations where websites include JavaScript from a third party, and then that JS uses first party cookies as a state-keeping workaround while synchronizing tracking information in some other way.
That seems the obvious result of this sort of thing.
> Related Website Sets (RWS) is a way for a company to declare relationships among sites, so that browsers allow limited third-party cookie access for specific purposes.
So the website itself gets to declare other "blessed" domains that can bypass third party cookie blocks? Big websites are constantly looking for ways to abuse users by bypassing their attempts at protecting themselves. How would anyone think these sites can be trusted not to abuse this?
No, the website itself does not get to declare this. There’s a master list that they have to submit their site to and go through an approval process.
But as the article details, the contents of that preliminary list is already disconcerting. The whole “Google as the arbiter of all things ads” concept is a bust.
But the alternative isn’t great either - today’s system of third party cookies allows for far worse. We need some better ideas.
> How is that not the website declaring it? Approval processes are meaningless.
Submitting your website to a list controlled by some arbitrary website on the Internet is very much different from serving some kind of metadata to visitors that their browsers interpret.
Also the approval process existing does matter. Under a normal situation when you serve some kind of metadata (like what sites you are "related" to) there is no "approval" process to who gets to serve this kind of metadata and who doesn't.
The tools to do this the right way exist in so many different ways.
> There’s a master list that they have to submit their site to and go through an approval process.
Wtf, seriously? I skimmed the post and honestly didn’t think RWS was so bad, assuming that obviously it would be decentralized. A centralized list that Google (or some shell consortium) controls is the biggest no-no. Decades of erosion of web principles have clearly made us complacent.
I don’t know too much about this but I’m curious if what I saw recently on safari is similar? When visiting related Microsoft websites, I got a pop up asking permission to share the cookie for login. I was up to me to approve or reject that request. Seems like a better implementation.
Yes, this can, and will, be abused for tracking users across domains that they don't expect to be related.
But there are also legitimate use cases for this.
For example, consider the stackexchange family of sites. They are clearly related, have a unified branding, etc. but are on separate domains. On Firefox, which blocks third party cookies, I have to log in to each of those domains separately. I can't log in to stackoverflow.com, then go to superuser.com and already be logged in. That is a problem that First party sets would solve.
You can argue that it would be better for those sites to be subdomains of a single unified domain, but when the sites were created there wasn't any compelling reason to need to do that, because third party cookies were still very much alive and kicking. And I can say from experience that migrating an app to a different domain without breaking things for users is a royal pain, and can be very expensive.
I'm not saying that First Party Sets should be accepted as is, but it is attempting to solve real problems. And I think a solution that simultaneously protects users' privacy and maintains a good experience for sites that are legitimately related will be difficult to find, or maybe impossible.
> I can't log in to stackoverflow.com, then go to superuser.com and already be logged in.
I would expect a popup like “This site wants to share cookies with stackexchange.com, press Allow to sign in, press Reject to reject forever or press Ignore to decide later”. Takes a single click to enjoy the benefits of both worlds. The mechanism should make sure that every website has a single “first-party domain” shared across all subsites and that first-party domain must not share cookies with any other site than itself to minimize confusion.
> Also, there is no way to know which related site the user is logged in to, so they would have to prompt for every one of their sites.
This is not how it works. The mechanism is about allowing a cluster of websites to choose a single first party domain and have all of them share cookies together, not sharing arbitrary cookie from arbitrary domain, otherwise it would create loopholes in connected components that bring back the downsides of third-party cookies. What you mentioned should be done using SSO.
After thinking about it a bit more, I have a clearer picture of how it should work in my mind:
* All cookies are double-keyed: the primary key is the origin of the top-level page and the secondary key is the origin of the page that sets the cookie, just like how partitioned cookies work right now.
* stackoverflow.com uses a header, meta tag or script to request changing its primary key domain to “stackexchange.com”
* The browser makes a request to https://stackexchange.com/domains.txt and make sure that “stackoverflow.com” is in the list, authorising this first-party domain change
* When the user agrees to the change, the page is reloaded with stackexchange.com as the primary key, thus stackoverflow.com can obtain login details from stackexchange.com via CORS or cross site cookies.
* A side effect is that all cookies and state are lost when switching the first-party domain. Should stackoverflow.com be acquired by a new owner, say x.com and changes its first-party domain to x.com, all cookies on stackoverflow.com are lost and the user will have to login on x.com again, maybe using credentials from stackexchange.com. It’s unfortunate but it works around the issues mentioned in the post in a clean way, avoiding loopholes that transfer cookies by switching the first-party domain frequently.
> You can argue that it would be better for those sites to be subdomains of a single unified domain, but when the sites were created there wasn't any compelling reason to need to do that
I can also argue that Safari and Firefox have been blocking third party cookies for years now. So stack overflow has had plenty of time to adapt and migrate to the "right" organisation.
To me it look like either they care about allowing unified sign in on their various domaines, and they should have migrated to a subdomain model a long time ago, because users of Firefox, Safari etc have been negatively impacted for a long time. Or they do not care that much (which is fine), but then chrome blocking third-party cookies and the discussion around first party sets should not concern them too much.
Or, they do care, but not enough to spend the significant resources and opportunity costs to do something about it for the minority of users who don't use chrome. Of particular note, changing domains can really hurt SEO.
Stack overflow was founded in 2008. Netscape added a block third party cookie button in 1997 (and the web has mostly worked fine with that feature turned on ever since).
This reminds me how google conveniently made the switch to manifest v3 when there were legitimate use cases like adblockers. Sure, technically speaking v3 is more secure and that may be better for users but your comment just made me think the opposite is in motion here.
Nothing wrong with manifest v3. It's just that ad blocking is so important that it should be an exception to the whole thing. Ad blockers should be literally built into the browsers so that they have full access, only conflicts of interest stops this.
> For example, consider the stackexchange family of sites. They are clearly related, have a unified branding, etc. but are on separate domains. On Firefox, which blocks third party cookies, I have to log in to each of those domains separately. I can't log in to stackoverflow.com, then go to superuser.com and already be logged in. That is a problem that First party sets would solve.
Other sites seem to handle this fine with redirects and cross-origin headers. Sure, at some point you land on "signin.foo.com", but from the user experience you were authenticated without having to sign in again.
OIDC seems like it can reasonably help in a fair number of these cases, maybe? it's iffy because (a) the major providers, are, well, Google and their ilk, (b) SSO solutions trend toward reducing user confusion at the cost of choice--im still out on whether the common "enter your email/account identifier so we can select which IDP we use" login flow is something of an anti-pattern or not
i generally like having the option for "sign in with github" as opposed to the all-encompassing "sign in with google" (ignoring that github is a microsoft account but not quite at this point)
smaller-scope IDPs for a particular field ("ey, you work on code stuff? you probably have either a github or gitlab account to log into our code-adjacent service" or "ey, you use stackoverflow? you can use that same login on superuser") is maybe a decent middle ground, where shared authentication is more explicit than third-party cookies were
Stack Exchange sites have a horrible authentication system so using them as an example is a bad start.
However they could solve this "problem" in a number of ways, the most straightforward being to use subdomains instead of individual domains.
I put "problem" in quotes as it's not even a problem; it's browsers working as intended. When you visit different domain names, you should expect that your browser won't be aware of data (cookies) stored by other domains.
First Party Sets are legitimately terrifying to me, it gives a commercial party (Google) complete control over who is and isn't allowed to set cookies in a third-party context. It's Google using their absolutely dominating market share to force even more control.
> On Firefox, which blocks third party cookies, I have to log in to each of those domains separately. I can't log in to stackoverflow.com, then go to superuser.com and already be logged in. That is a problem that First party sets would solve.
Even the minor browsers, pretending to not be funded by ads at this point (while the VC capital is drying up) depend on one of the 3 browser engines, all of which are funded by ads.
Safari? Unless you're going to say that Apple gets the money for Safari through ads which, y'know, technically correct but disingenuous in this context, surely.
Google is paying Apple 20 billion per year in their search deal, which is 40 times more than what Mozilla takes.
Safari is funded ENTIRELY by Google's ads, also making a profit, and this is a fact. We can entertain a counterfactual, maybe Safari would still be funded without Google funding it with billions, but that's not the world we live in today.
Not the person you're replying to and neither do I fully agree with them, but brave haa had issues with their crypto (BAT) system. Nothing that appears purposely malicious but quite possibly misleading in some cases.
Chrome backtracked on the decision, they won't be blocking third-party cookies. There were a number of articles and a fair bit of discussion about it at the time, see e.g. [0] and [1].
It's complicated. Chrome won't block 3rd party cookies by default. But it will present the users with a choice of whether to block them (with what exactly that means TBD). If most or all users choose to block them then it would have roughly the same effect as blocking third party cookies by default would.
Though regardless of that, Related web sites (or whatever that set is currently called) does present a hole in that logic. It was originally meant to allow sites with different domains to share cookies/storage (like google.com and google.co.uk). From what it sounds like, bad actors are using it in the expected ways. There were supposed to be mechanisms to prevent this, but it seems like they failed in this case.
The list is in a public repository however, so Brave could have filled issues and a pull request to address the issue. Instead they decided to stage a meaningless survey and declare Chrome a threat to people everywhere.
Google wanted to (that's why they created stuff like FLoC) but other advertisers didn't like that and went to the market authority. They demanded the ability to track users, arguing that the system would give Google an unfair advantage.
After years of back and forth, Google abandoned their efforts. You can still disable third party cookies, in fact I don't think there's been a version of Chrome that doesn't let you block them. Go to your settings and set "third part cookies" to always be blocked. By default, grouped sites may be permitted to read each other's cookies, but you can disable that too.
The problem Google faces is changing the default, simply blocking third party cookie has never been an issue.
Authorities in the US, EU and (IIRC) Japan had expressed anti-trust concerns (threats?) about the original plan. The UK CMA is the only one of those that had a formal complaint, and thus ended up with a veto right on the new design.
Easily said, until it's your bank, or a government entity, or the electric company, or any of the thousands of other entities that have started blocking Firefox.
Firefox should really camouflage its user agent, or make it trivial to do so.
> Easily said, until it's your bank, or a government entity, or the electric company
Still easily said, since I don't use the websites for any of those things anyway. If it's really important, or involves very sensitive personal information, I'm not doing it on the web.
This is my approach, as well. And if I absolutely had to use their web service? Well, keep the bank in my Chrome bookmarks bar, and only go there when I'm in Chrome. Head on back to Firefox when I'm done doing whatever it is that I needed to do.
I never claimed it was a majority position. I was only expressing my own stance. Whether or not anyone else shares it with me is irrelevant.
> For the rest of us, "Just stop doing it on the web" would be a pretty substantial lifestyle change
It really isn't, though, at least not for most people I know who aren't into tech. It would certainly mean changing some habits, which is often hard, but (at least in the US) it means giving up a relatively small amount of convenience, not a substantial lifestyle change.
I already need to camouflage my user agent because some websites broke on a Linux host running chromium or Firefox. Switching UA to windows fixed this.
I believe it was an analytic bug in Disney+, where they didn't except Linux to be an acceptable OS.
I use FF on Android and Linux. I've restricted cookies and use an ad-blocker. I browse many popular (and unpopular) websites. I can't remember the last one which refused to work because I was on Firefox.
Unlikely. Love 'em or hate 'em, Apple nudged most organizations to handle third party cookie blocking unless they wanted to completely lose iPhone users.
"If Google limited 3rd party cookies, we'd go out of business!", said the companies who have literally 0 Safari users.
Brave is a Chromium derivative, not Chrome. Can't imagine why any of this would imply they would need to stop deriving Chromium: they can develop and deploy whatever cookie policies and defaults they want.
Not to disagree with you specifically, but this seems a good context to make this point:
Maybe I missed the memo that we stopped hating monopolies? Every browser worth considering, except Firefox and Safari, is based on Chromium. Firefox and Safari make up about 20% global market share, meaning Chromium in about 80% [0]. A bug in Chromium is a bug in all of them. A backdoor in Chromium is a backdoor in all of them. A feature of Chromium, good or __bad__, is a feature in all of them. It baffles me that this isn't a bigger concern to more people.
This is one of those situations where "monopoly" is a very overloaded word in terms of what it means to different people in different situations, causing confusion when it gets broken down into specifics.
Most people were never worried, and probably will never be worried, with the points you're listing there. That's not to say they've stopped hating browser monopolies, just maybe not your definition of what a browser monopoly is or why they're problematic.
In general (not just browsers) most people treat "popularity" and "monopoly" as completely orthogonal concepts. I.e. something unpopular can still be a monopoly, something with 99% usage can still not be a monopoly. There is typically just a tendency for extremely popular things to also happen to be a monopoly.
Chromium can be forked. Minor browsers like Brave or Vivaldi do that, although they have to keep up with upstream, but they are shipping an ads-blocker that are blocking Google's search ads.
Note that Firefox or Safari aren't going after Google's business due to the search deal. At this point, Google is funding all 3 major browser engines, so they have a level of control going beyond just controlling Chromium.
At this point they likely have no choice but to keep building on a chromium base. However the cost of maintaining their changes and additions will likely increase.
I suppose. That is a matter of business model, whereas I was addressing purely technical aspects.
I've been using Brave as primary for years. At this point I'd pay for a license if it were necessary. Frankly that would be an improvement: if it's free, you're the product. Brave just monetizes you differently.
I no longer argue with the legion of Brave haters. I've decided they're a benefit: the more people that don't use Brave the less likely Google et al. will be compelled to destroy it.
> Can't imagine why any of this would imply they would need to stop deriving Chromium: they can develop and deploy whatever cookie policies and defaults they want.
Maintaining a very diverged fork can take even more work than building your own browser. I think they don't want to stop receiving upstream updates when the upstream is one of the biggest software projects in the world.
They have software engineers, I’m sure they plan on just turning off that portion of the code and moving on with life like they do with so much of chrome engine
I know this isn't quite the right place, but can anyone point to some research or writeups on the Chrome ad topics stuff? How does that impact user privacy? What is shared with third parties? I know next to nothing about it at the moment.
I am the main author of 2 papers evaluating the Topics API from Google: [1] and [2] and working on more research in that space.
I have also started compiling different papers and analyses on projects like the Privacy Sandbox initiative from Google (https://privacysandstorm.com/proposals/) as well as releasing other resources (datasets, tools, etc.), contributions welcome if you are interested!
so do they mention if the old system would be better in comparison? cause short of just making you pay to use the products i dont know if it can be any worse.
at the end of the day it seems like 90% of people using google products dont even care. while some even prefer the convivence of some features that directly save your info. not sure what percentage that is compared to the people that practice a lot privacy.
but shown by the chrome market share google really doesnt have to care about this section of users. the fact theyre willing to try things is a good sign imo.
either way in 2024 to be complianing about google is funny to me. literally dont have to interact or use a google product, they already have your information and so does the internet better to not let them occupy any of your mind as well
I've tried brave and Firefox on mobile (android) and I've tried Safari on MacOs. I still just prefer Chrome, it's just a bit better. So I use it with third-party cookies turned off, which is easily (and transparently) done using the settings menu. I can also turn off this "related websites" thing.
So what exactly is the problem? All major browsers have allowed users to turn off 3P cookies for years.
It's a proposed web standard, so ultimately yes, it could affect other browsers in the long run. And it would almost certainly affect other Chromium-based browsers.
Only other chromium web browsers that enable that feature. Safari and Firefox already said they're not implementing the feature, so unless they change their mind it's not going anywhere.
Firefox and Safari have both said "no, we're not doing that". And then chrome decided to move forward with it, regardless of whether it gets standardized.
Firefox is usually great for me, but with Chromium-based browsers having such a massive market share monopoly I do occasionally find a website that doesn't work properly on Firefox. But, I will stick with Firefox as long as possible.
Yeah I keep hearing this but it never pans out, seems like in my experience a lot of people don’t know they might have to turn off an extension or two (ublock, built-in trackers, etc) to get a website to work.
Huh? I use YouTube all the time on Firefox and it's fine. Better than fine, really, thanks to the YouTube improvement extension I have loaded. Never heard of the other two though.
Google is essentially using A/B testing methods to slow it down for one group of FF users while keeping it absolutely fine for another. Funnily enough, I've been placed in this 'slowdown' group even though I am a Premium subscriber ever since it launched (post-Red renaming) and another channel on the same Google account has 0 issues in the same browser on the same PC etc.
Mozilla has a range of different priorities now and most of these do not revolve around the flagship project which Firefox should be.
---
I remember reading news in 2005 saying that Mozilla has established its Corporation subsidiary - and I had a bad feelings about it at that time. And years later we can see the effects - what's the revenue, how browsers market share looks like. Now, every time I'm reading that project, foundation xyz is creating "for profit" branch, subsidiary I know that this most likely won't end well. Profits will go over users needs, wishes each time and those at the project will change as well. It's like a magic wand appears and turns open-minded contributors into some mindless corporate drones with an arrogant attitude.
I want to still like Firefox but in last 14 years Mozilla managed to seriously deteriorate trust in its capabilities of handling their main product. And I also cannot fathom how they managed to screw up promotion of the browser and let Google dominate the market. That didn't happen overnight but Google at some point started to bundle their browser as "additional offer" in almost every software installer for Windows, while Mozilla did nothing similar.
Thanks for the information. I'm the last person who would spread right wing stuff, the link came from a search, however in this case the problem about the overpaid Mozilla CEO and developers being sacked is real and well known outside politically involved sites.
Not your parent commenter but I love Firefox more after discovering that you can't even customize the toolbar buttons in Brave. That's such a basic functionality that I'd taken for granted, until I tried to move out of Firefox for a brief time.
Lack of sufficient customization and lack of extensions I want. The customization is a big deal because I dislike the Chromium UI and want to be able to fix the worst of it. My dislike of the UI is also a source of grumbling from me about modern Firefox, which has picked up a lot of Chromium and which is also less customizable than it used to be, but I can still fix a lot.
I also want to be able to use the same browser at work as at home, and my workplace banned the use of Brave when it started including a VPN.
The fact that it's Chrome is the problem with Brave. What you call "bugs and missing features" I call necessary diversity to avoid Google dominating the standardization process more than they already do.
With the massive tide of browsers converting to Chromium under the hood, I wonder how long Apple can hold out. Fingers crossed they keep allocating budget for it.
Apple can hold out indefinitely. If a website doesn't work on Apple devices, that's not Apple's fault, according to legions of Apple users. And they're kinda right: there really are a lot of them, and they do tend to spend more money than other users, so websites that somehow manage to stupidly not work on Safari (presumably by using Chrome-only functionality and never testing) are potentially losing a lot of users and business.
I'm not normally a fan of Apple at all, and I have no interest in using Safari myself, but here I am glad that they've so far refused to jump on the Chrome bandwagon: it's good for keeping the web standards-based so we don't have a repeat of the IE6 days.
Kind of wondering what you’re talking about here? Firefox still works great for me, did I miss something in the news? Is there some sort of big change coming down the pipeline?
Not OP, but Firefox didn't have to lose nearly all its market share to Chrome. Mozilla could have course corrected and righted the ship, but instead they got distracted on dozens of unrelated and often controversial projects and ended up burning most of their credibility.
Mozilla is a husk of what it could have been, and that's hurt Firefox.
What, specifically, should they have done differently that would have made Firefox not lose most of its market share to Chrome, and how do you know it would have worked?
Keep Firefox in focus instead of losing sight of the browser and getting distracted on a million side projects, most of which had only a tangential relationship to the internet. Raise money to support the browser rather than to support politically divisive causes of the month.
I can't say for sure it would have worked, but I know that what Mozilla actually did do was actively counterproductive.
Firefox is working just fine for me, not sure why people seemed to think that it was a problem.
I think Mozilla is poorly managed and feature may have been slow or "lagging behind". But for me the lack of those shiny new things might as well be a feature than a bug.
I'm concerned that if Google ever stopped paying Mozilla to be the default search engine in Firefox, Mozilla would not be able to afford continued development on Firefox.
brave a lot more shady and just wont say anything or let you opt out. many examples in the past. imagine if they were anywhere near a quarter of googles size it wouldnt be pretty imo.
All settings in Brave with an impact on user privacy are opt-in. They even inform you of their product metrics, when you first start it, despite having a paper on how they anonymize that data. Versus Firefox, which never bothered. Firefox, which also added metrics for ads, similar with Privacy Sandbox, without informing users.
I've never seen a browser with such a strong focus on privacy, the only contender it has being LibreWolf.
The hate against Brave on this forum is completely unjustified and based on falsehoods, as if the issue isn't about Brave itself.
> Brave has received negative press for diverting ad revenue from websites to itself,[30] collecting unsolicited donations for content creators without their consent,[43] suggesting affiliate links in the address bar[49] and installing a paid VPN service without the user's consent.[58]
These are the primary issues I hear about regarding Brave on this forum.
It's also founded by Brendan Eich who was forced out of Mozilla for his strong and vocal opposition of same-sex marriage. I tend to be a bit idealistic, but this is a strong reason for me to avoid Brave, especially when they are injecting content into pages.
Not that it makes him any less opposed to same-sex marriage, but I think 'vocal' is very much not the right word here. The only quotes I can find from him on the subject are him saying he's not going to talk about it.
Basically, we got played, Eich made a private political action, someone used that to get rid of him and then Firefox starting paying 10x as much to their CEO, doing all sorts of anti-user stuff, acting in advertiser's favour (but not too overtly), and ultimately ditching their engineers so they could maintain the CEOs stupid pay. All while begging users for money.
He was opposed to it as a private citizen, not as Mozilla CEO. His beliefs and supported causes as the former are nobody else's concern; had he been discriminating in terms of employment or otherwise making public statements it would be a different story. Or are we now witch hunting people for wrongthink?
I don't think it's "witch hunting people for wrongthink" to suggest that those in a position of power are able to use that power to influence public opinion.
Especially when that position of power is the CEO of a browser that replaces content on web pages.
Mozilla went hardcore political and Chrome copycat long after his time. There was no such controversy there under Eich, and even now as Brave's CEO he isn't doing anything to 'influence public opinion'. Browser CEOs aren't newspaper editors or activists, Mitchell Baker excepted.
This goes both ways for people. I switched from Mozilla to Brave when the latter first released because to me Mozilla's political positions seem at odds with an uncensored and privacy focused browser. I actually support universal marriage equality but don't consider it relevant to why I would choose a browser.
I can't remember all of the details but Mozilla made a blog post regarding 1/6 and their commentary didn't align with a browser that would try and protect users from state, NGO and "just research" edu adversaries.
BAT was what kept me from trying Brave for a very long time, but I eventually tried it nonetheless (I'm back on Firefox now). In fairness to Brave, you can disable the BAT stuff and never have to see it.
In terms of using BAT, yes. But at least when I started using Brave, you had to change things to get rid of the cryptocurrency-related UI elements. That's what I was referring to.
> "collecting unsolicited donations for content creators without their consent"
Those "donations" were from handouts of BAT. What they "collected" was their own BAT that they've donated to users of Brave. And it wasn't long lived. At least they've been trying to create a business model that's privacy preserving and that benefits content creators. Firefox has been selling their users to Google for years.
> "suggesting affiliate links in the address bar"
You mean like what Firefox also did?
> "and installing a paid VPN service without the user's consent."
I've never seen a VPN service installed with Brave. Is this a Windows thing? If you're talking about the VPN functionality in Brave itself, isn't this what Firefox also did?
> "It's also founded by Brendan Eich who was forced out of Mozilla for his strong and vocal opposition of same-sex marriage."
He never talked on the topic. And did you know that, at that time, both Obama and Hillary Clinton were also opposed to same-sex marriage? Times change, people's minds have changed. Whatever beliefs he still has, he keeps private, as he should.
But yes, this confirms my suspicion that this is a US-politics thing, and for non-US citizens, it's getting annoying. While we are on the topic, don't you find it problematic when Mozilla engages in political activism, promoting Marxism? Or when they promote cancel culture?
For me, these were never reasons to avoid Firefox, but seeing that this is how the world works now, maybe they should be. And I'm sorry for pointing at Firefox right now, I used it for years, but I'm sensing a serious double standard. So let's talk of Chrome ... have you surveyed the political beliefs of Chrome's developers? Because it's the big, faceless corporations that benefit from this kind of polarisation the most.
> I've never seen a VPN service installed with Brave. Is this a Windows thing? If you're talking about the VPN functionality in Brave itself, isn't this what Firefox also did?
> For me, these were never reasons to avoid Firefox, but seeing that this is how the world works now, maybe they should be.
Yes, you are absolutely entitled to "vote with your money" (or free usage / market share, as the case may be.) Boycotts are an integral component of free speech and self-expression.
(Smalls does at one point talk about "class struggle". He makes it explicit what he means: he thinks there is an opposition between "99.9% of us" and "the billionaires". This is not Marxism even though it uses one phrase that Marxists also use.)
> Or when they promote cancel culture?
The link you provide in support of this (https://blog.mozilla.org/en/mozilla/we-need-more-than-deplat...) is to a blog post titled "We need more than deplatforming". It mentions deplatforming but doesn't advocate it (though it doesn't condemn it either), and the actual things it calls for are all Not Cancel Culture: "reveal who is paying for advertisements", "commit to meaningful transparency of platform algorithms", "turn on by default the tools to amplify factual voices over disinformation", "work ... to facilitate in-depth studies of the platforms' impact on people and our societies".
You might reasonably disagree with those proposals; for instance, the next-to-last one could be anywhere from "excellent" to "dystopian" depending on what exactly "amplify X over Y" means and how "factual" versus "disinformation" is decided. But none of it is advocating cancel culture.
As for the "deplatforming" in the title: the specific case it's talking about is the idea that a social media platform should ban a particular user who had for some time plainly been breaking the platform's rules, and who (according to some) had used the platform to attempt to organize an antidemocratic coup. "Social media platforms should be encouraged to ban users who blatantly break their rules, even when those users bring them a lot of traffic" and "Social media platforms should not let themselves be tools for antidemocratic insurrection" are positions one can take without being a fan of "cancel culture".
(Not necessarily correct positions. E.g., if you hold that the insurrection in question was not antidemocratic, that it was a response to blatant election-rigging, then you will likely take a quite different view of how a social media platform should respond to it. I don't myself think that's a credible position, and I doubt the good faith of most of the high-profile people who endorse it, but I know it is something many people believe. Anyway, my point isn't that those positions are right, it's that they're positions many reasonable people take, and that getting from those to "Twitter was right to kick Donald Trump off" doesn't require any sort of endorsement of "cancel culture", and that therefore the fact that an article mentions the possibility of doing that in a not-obviously-disapproving way does not amount to "promoting cancel culture".)
I wouldn't count the Privacy Sandbox doublespeak as "telling you". Brave is not my browser, but it seems completely unjustified to just put them on the same (or even lower) level as Chrome.
That doesn't make a bit of sense. There's plenty of browsers, there's chrome, brave, firefox, opera, edge and safari, those are the big ones. There's also a ton of spinoffs like ice weasel or that browser Kagi is developing that I can't remember the name of.
Way more than just two chromium browsers in existence.
i mean theres really only 2 relevant ones and the other one is because its owned by the most popular phone manufacture and is the only option. ofc we can use anything we want but in terms of real world relevance. and i guess the other one is forced by the most popular OS.
> We conducted a user study with 30 Web users, recruited over social media, and presented them each with 20 pairs of websites. Website pairs were randomly selected from both the Related Website Sets list (i.e., sites Google designates as “related”, and so warranting reduced privacy protections), and the Tranco list of popular websites. Each user was presented with different pairs of websites, asked to view the sites, and then decide if they thought the two sites were operated by the same organization. This resulted in 430 determinations of whether unique pairs of websites were related.
> In our study, the large majority of users (~73%) made at least one incorrect determination of whether two sites were related to each other, and almost half (~42%) of the determinations made during the study (i.e., all determinations from all users) were incorrect. Most concerning, of the cases where both sites were related (according to the RWS feature), users guessed that the sites were unrelated ~37% of the time, meaning that users would have thought Chrome was protecting them when it was not.
> ... We conclude from this that the premise underlying RWS is fundamentally incorrect; Web users are (understandably, predictably) not able to accurately determine whether two sites are owned by the same organization. And as a result, RWS is reintroducing exactly the kinds of privacy harms that third-party cookies cause.
> Lest anyone judge the study participants for being uninformed, or not taking the study seriously, consider for yourself: which of the following pairs of sites are related?
1. hindustantimes.com and healthshots.com
2. vwo.com and wingify.com
3. economictimes.com and cricbuzz.com
4. indiatoday.in and timesofindia.com
> (For the above quiz, if you chose “4”, then, unfortunately that is incorrect. That is in fact the only pair of the four that isn’t considered “related” to each other.)
If anything it sounds like "related" is not what they are actually doing. Rather they are looking at ways to uniquely fingerprint users through optimizing how they split "related" sites.
Reminds me of the research that shows that 87% of people in the US can be uniquely identified with only three pieces of information: date of birth, gender, and zip code [1].
Only 50% of the time, but that’s 50% better of a guess than you’d make without knowing gender.
ZIP codes contain maybe 40K residents [0] (many contain fewer) and there have been around 25K days in the last 70 years. Sure births are not evenly distributed, but still...
I think you're making the assumption that all three data points are needed for all 87%. But obviously some people can be uniquely identified based on just {zip, date or birth}, such that gender isn't necessary.
So the distribution could e.g. be 8% same, 8% opposite, 5% both, 79% neither, and explain the original numbers without triggering the paradox.
Really? That's odd.
The typical zip code has a population of about ~9000. Dates of birth are about evenly distributed, so you'd still get about 24 people/birthday, or around 12 men or women per birthday per zip code.. I might be off by a fair amount in either direction, but I don't think I'd be twelve times off.
Also, the difficulty of identifying someone probably looks like a power-law curve, meaning that most of the "total difficulty" is concentrated in a small group, the ~13% that can't be identified.
In other words, even if one person is extraordinarily tricky to find [0], their share of the total un-findable-ness does not diffuse outwards to help anybody else.
Oh, ok, I didn't realize that the data included the year. Never mind, I don't know the US age distribution well enough to have any idea of how plausible it is; I withdraw my comment.
Most people here seem to forget that ads is what pays for the free internet services. The main issue with them is not making the consent more explicit to the user. I think the business model: you either get this for free with ads and targeting, or otherwise you have to pay X, should be more common. I bet most people would pick the free option with ads and targeting.
> Most people here seem to forget that ads is what pays for the free internet services.
Nobody forgets that, and the issue (at least for me) isn't the ads, it's the spying. It's entirely possible to have a financially healthy ad ecosystem without the spying. It used to be the norm, even.
Regarding analytics, I believe browsers should take user's side and do not cooperate with marketing companies; even better, they should implement measures to make user tracking and fingerprinting more difficult. There is no need to track user's browsing history; just make a product better than competitors (so that it gets first place in reviews and comparisons) and buy ads from influencers.
It would be great if browsers made fingerprinting more difficult, i.e.: not allowed to read canvas data, not allowed to read GPU name, enumerate audio cards, probe for installed extensions etc. Every new web API should guarantee that it doesn't provide more fingerprinting data or hides the data behind a permission.
Regarding 3rd party cookies: instead of shady lists like RWS browsers should just add a button that allows 3rd party cookies as an exception on a legacy website relying on them (which is probably not very secure). Although, there is a risk that newspaper websites, blog websites and question-answers websites will force users to press the button to see the content.